Friday, December 06, 2013
Blog Co-Author
.jpg)
Does the password 123456 sound familiar? How about 1234, or maybe just ‘password’? If any of those ring a bell, then think about changing them.
Tucked away on a blog entry at Trustwave, a Chicago-based cybersecurity group, a couple days ago was the news that 2 million Internet accounts have been compromised via the so-called Pony botnet controller virus. That’s a type of spy and keylogging malware that was maliciously installed on computers globally.
Last June, SpiderLabs — Trustwave’s “elite team of ethical hackers” — revealed in a blog that some 650,000 website credentials had been stolen via Pony, version 1.9. The latest theft, described as much and less of a “hit-and-run” operation and more of a “stable and consistent operation”, was laid out by SpiderLabs in a Tuesday blog posting.
Among the stats,1,580,000 website login credentials and 320,000 email credentials were stolen from a server they tracked to the Netherlands. They first detected that server on November 24. Here are some more numbers that show the domains and number of passwords stolen from each:
- Facebook FB +0.37%318,121
- Yahoo y YHOO +0.39%59,549
- Google GOOG +0.36%54,437
- Twitter TWTR +0.26%21,708
- odnoklassniku.ru (Russian social network) 9,321
- LinkedIn LNKD +2.25%8,490
- ADP payroll service provider 7,798
As for the inclusion of ADP on that list, the Trustwave blog had this to say:
“It is only natural to have such domains in the mix, but it is surprising to see it ranked #9 on the top domains list. Facebook accounts are a nice catch for cyber criminals, but payroll service accounts could actually have direct financial repercussions,” said the blog.
Trustwave notified companies of the breach and ADP, Facebook, LinkedIn and Twitter told CNNMoney they notified and reset passwords for compromised users. Google declined to comment to CNN and Yahoo didn’t respond.
John Miller, a security research manager at Trustwave, told CNN that there’s “no evidence” that that hackers logged into accounts, “but they probably did.”
By location, the most compromised accounts appeared to be in the Netherlands — 1,828,452 passwords were stolen — followed by Thailand, Germany, Singapore, Indonesia and the United States — 1,943 passwords were stolen. But, (h/t to reader John Wentworth for outpointing) SpiderLabs said most of the entries from the Netherlands are “a single IP address that seems to have functioned as a gateway or reverse proxy between the infected machines and the Command-and-Control server, which resides in the Netherlands as well. ” This type of action makes it tough to learn about the targeted countries in the attack, said SpiderLabs.
CNNMoney said the hackers started collecting passwords on Oct. 21 and while Trustwave has located the Netherlands proxy server, Miller said several other servers that are similar haven’t been shut down yet.
The lesson here really is to task your brain with a tougher password. Trustwave also compiled a list of commonly the most compromised passwords on this particular hack attack.
- 123456
- 123456789
- 1234
- password
- 12345
- 12345678
- admin
- 124
- 1
- 111111
Separately, the experts at SpiderLabs said that back in 2006, 1.9% of passwords were five characters or small, and today that number has tripled to 6.6%, though most are within 6 to 9 characters. They were also encouraged to see that when compared with 2006, when only 17% had a password of 10 characters or longer, that percentage is all the way up to 46% for 2013.
Author Thoughts: " Getting money is not all a man's business. To cultivate kindness is a valuable part of the business life"
Posted in: 
0 comments: