Button Up

CyberVor Possesses One-Sixth of the World’s Internet User Data

Pavel Korobov
Pavel Korobov
31 Oct 2014

The first time I heard about Russian group of hackers it was in summer. Journalists call them CyberVor (Vor is a thief in Russian) because of their Russian roots. News and reports about their new cybercrimes appear in mass media rather often but we know practically nothing about the members of the group including their real personalities. And I must admit that it looks logical. Still there are some facts to consider.

Cybercrime is highly profitable business

Cybercrime is a large and profitable business. According to the report published by the Center for Strategic and International Studies and McAfee in June 2014, the annual economic cost of cybercrime is $475 billion and growing. The growth must be connected the increasing productivity of cybercriminals.

Now let’s talk about the asset of this business. In August there was information that CyberVor had created a database of 4.5 billion stolen Internet credentials. For now it is the largest base of this kind. It includes 1.2 billion login and password combinations and more than 542 million e-mail addresses.

What do you think about these figures? It turned out that that the stolen Internet credentials are one-sixth of the world’s Internet credentials. But the most interesting part is how CyberVor could obtain this data and what it means for global cyber security.

Black market to sell information

The scale of CyberVor’s activity made the society think about the following:

  1. There is informational black market and its opportunities are unlimited. You can buy stolen credentials, software that helps to steal data or hire hackers that do the job instead you to obtain the necessary information.
  2. One cannot ignore the vulnerabilities of networks, websites and corporate servers that store confidential information.
  3. It is necessary to develop and maintain strategic alliances to combat cyber terrorists.

The authorities suspect that CyberVor consists at least of 12 Russians aged from 20. They started to work in 2011 as spammers-amateurs. The build of the base started with credentials purchased on the black market. In April 2014 the group had all the necessary tools and established alliances with other hackers.

One of the tools to help to steal data was a botnet. A botnet consists of hundreds or thousands computers infected with virus. Usually the owners of infected computers do not even suspect that they have caught malware. Once infected a computer becomes a bot and executes the botmaster's tasks. The botmaster is a person who supports the net and gives tasks. So we don’t know exactly if it was CyberVor itself or a third party botmaster who gave a task for the botnet to study all the visited sited for vulnerability to Structured Query Language (SQL) injections, a well-known hacking technique used to obtain the contents of a database.

There is no information on the size of the botnet but it has examined and marked about 400k vulnerable sites. They say that CyberVor has executed the largest internet audit ever.

This year RAND Corporation has published a report where they explain that the cyber black market has the same mechanisms as a traditional black market. For example the participants of both markets use various communication channels to place orders and get products.

According to the report the cyber black market earns more money than traffic in drugs. There are no borders for entry into these communities. So cybercriminals earn more and more and the black market is constantly growing.

Security is in top priority

In a report released this year, Kaspersky Laboratories shares that only 19% companies with a staff less than 25 people care about their information security. The top management hopes that they are too small to become a hacker’s target. But as we know now CyberVor did not differentiate between small or large sites. They hacked every site that the infected computers visited.

And even after CyberVor is arrested there is no guarantee that some other gang will not replace it.

So how the problem of information stealing can be solved?

Companies need to know what their weaknesses are. This concerns not only the technical equipment and the software in use, but the accuracy of employees working with sensitive data.

It is necessary cooperate with competitors, external consultants, as well as with the state. Such interaction will help to analyze existing threats, identify possible critical events and keep abreast of modern methods to combat cyber terrorism. It is important to build a relationship that will help to respond quickly to emerging threats and prevent any hacker actions.

The more you sweat in times of peace the less you bleed in war

The lesson of CyberVor is invaluable. It taught us to keep an eye on the security of the company's information system or someone does it for you.

In today's world, where cyber groups arise one after another and endlessly trying to identify vulnerabilities and steal important information, it is important to remember that it is better to invest in the establishment of a solid infrastructure that will provide protection against information theft, than to calculate the losses after hacker attacks.

It is necessary to perform simple steps to protect your data in the internet:

  • change the password for important websites that contain sensitive data periodically;
  • use reliable software that is not suspicious;
  • update the antivirus database from time to time;
  • do not visit sites that are teeming with sponsored links and free offers;
  • be careful each time when you connect to public Internet networks, including WiFi;
  • use a secure email service Sfletter.com for personal and business correspondence.

And remember: who learns wins

This post  based on the article «Marcus Christian on CyberVor and protecting against computer crime»


Back to the list