The Milwaukee firm Hold Security made a huge bust. Itdiscovered what the New York Timescalls “a Russian crime ring [that] has amassed the largest known collection ofstolen Internet credentials, including 1.2 billion username and passwordcombinations and more than 500 million email addresses.”
This is massive.Bigger than the data breach that Target weathered late last year.
And a Milwaukeecompany figured it out, even had contact with the spammers in Russia. According to the Times, AlexHolden of Hold Security said the gang had ramped up its activity this spring,possibly because it was working with others and started using botnets:
Since then, theRussian hackers have been able to capture credentials on a mass scale usingbotnets—networks of zombie computers that have been infected with a computervirus—to do their bidding. Any time an infected user visits a website,criminals command the botnet to test that website to see if it is vulnerable toa well-known hacking technique known as a SQL injection, in which a hackerenters commands that cause a database to produce its contents. If the websiteproves vulnerable, criminals flag the site and return later to extract the fullcontents of the database.
This is a huge coupfor Hold Security—and hopefully they or someone else will figure out how we canprotect ourselves from hackers. Until then, be careful out there!
