Long-Running Russian Cybercrime Ring Allegedly Steals 1.2 Billion Internet Records

A Russian cybercrime ring known to have been running underground operations since 2004 allegedly stole 1.2 billion Internet usernames and passwords from 420,000 websites, including Fortune 500 companies.

Details of how long it took for the Russian cybercriminal group to amass the records linked to about 500 million unique e-mail addresses are yet to be determined.

Russian cybercrime underground forum selling stolen credit card credentials to registered members

However, Trend Micro vice-president for technology and solutions JD Sherry says that the plausible single-syndicate operation could have “cornered the market and compromised over a billion credentials over an extended period of time.” The sites were likely to have been compromised via the SQL injection method, which can open information in the servers to probable theft.

The stolen Internet credentials reportedly stolen by the cybercrime ring are expected to end up in the Russian underground market, which has been running on a supply-and-demand economic model for years now.

MORE: Get an in-depth look inside the cybercriminal underground economy 

Stolen Internet credentials are typically peddled in Russian underground forums where cybercriminals exchange information and malicious wares using the same trading principles as legitimate exchanges. The number of these forums has been growing each year, with the most popular ones such as verified.su and ploy.org having 20,000 to several hundreds of unique members.

View research paper: Russian Underground Revisited View research paper: Russian Underground Revisited

“The Russian shadow economy is an economy of scale, one that is service-oriented and that has become a kleptocracy wherein crony capitalism has obtained a new lease on life in cyberspace,” says Trend Micro forward-looking threat researcher Max Goncharov. The amount of credentials put up for sale or used for other causes can be a source of power for the underground cybercrime ring.

MORE: A summary of the Russian cybercriminal underground

Trend Micro researchers continue to look into the facts of this case. Meanwhile, it is reasonable for companies and Internet consumers to exercise caution given the probable impact this can have to your daily Internet usage or operations.

What Can You Do

Here are a few basic Internet security practices that are doable in a few minutes but can go a long way:

  • Change your passwords. Do it now to avoid the dangers of someone accessing your accounts given the alleged massive breach; then change your passwords regularly, as a precautionary measure against future breaches.
  • Refrain from clicking links embedded in emails or text messages as this is the most common way cybercriminals get people to visit their malicious sites.
  • Update your software, on all your personal and company devices. Make sure you're always patched to avoid known vulnerabilities.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.