A hacker who once advertised having access to user account information
for websites like Facebook and Twitter has been linked through a Russian
email address to the theft of a record 1.2 billion Internet
credentials, the FBI said in court documents.
That hacker,
known as "mr.grey," was identified based on data from a cybsecurity firm
that announced in August 2014 that it had determined an alleged Russian
crime ring was responsible for stealing information from more than
420,000 websites, the documents said.
The papers, made public
last week by a federal court in Milwaukee, Wisconsin, provide a window
into the Federal Bureau of Investigation's probe of what would amount to
the largest collection of stolen user names and passwords.
The
court papers were filed in support of a search warrant the FBI sought
in December 2014 and that was executed a month later related to email
records.
The FBI investigation was prompted by last year's
announcement by Milwaukee-based cybersecurity firm Hold Security that it
obtained information that a Russian hacker group it dubbed CyberVor had
stolen the 1.2 billion credentials and more than 500 million email
addresses.
The FBI subsequently found lists of domain names and
utilities that investigators believe were used to send spam, the
documents said.
The FBI also discovered an email address
registered in 2010 contained in the spam utilities for a "mistergrey,"
documents show.
A search of Russian hacking forums by the FBI
found posts by a "mr.grey," who in November 2011 wrote that if anyone
wanted account information for users of Facebook, Twitter and
Russian-based social network VK, he could locate the records.
Alex Holden, Hold Security's chief information security officer, told
Reuters this message indicated mr.grey likely operated or had access to a
database that amassed stolen data from computers via malware and
viruses.
Facebook and Twitter declined comment. The FBI declined to comment, and U.S. Justice Department had no immediate comment.
The probe appears to be distinct from another investigation linked to
Hold Security's reported discovery that 420,000 websites, including one
for a JPMorgan Chase & Co (JPM.N) corporate event, were targeted by
the Russian hackers.
In a case spilling out of the discovery of the JPMorgan breach, U.S.
prosecutors this month charged three men with engaging in a
cyber-criminal enterprise that stole personal information from more than
100 million people.
Prosecutors accused two Israelis, Gery Shalon and Ziv Orenstein, and
one American, Joshua Samuel Aaron, of being involved in a variety of
schemes fueled by hacking JPMorgan and 11 other companies.
An indictment in Atlanta federal court against Shalon and Aaron names
as a defendant an unidentified hacker believed to be in Russia.
0 comments:
Post a Comment