Hackers in Russia are still busy and nastier than ever
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!
June 23, 2017
In case you haven't been paying too much attention lately, hackers in Russia are still at it, and are still finding all kinds of methods to be nasty and cause havoc at the expense of their victims.
Lately, those same hackers have been trading the email addresses and passwords of top British politicians and diplomats, among other things.
For example, the login credentials of thousands of politicians in the United Kingdom, ambassadors and other top officials are getting traded on the dark net, The London Times reports.
And even though the information in question is old and in some ways past its sell-by date, it still presents a potentiallly huge security issue to the nation.
An investigation by the newspaper revealed no less than two massive lists of stolen user credentials that were put up for sale or traded on Russian-speaking hacking sites.
The stolen cache included the log-in details of 1,000 British MPs and parliamentary staff, 7,000 police agents and staff and over 1,000 top-ranking foreign office officials.
The various details include key members of Parliament such as education secretary Justine Greening and business secretary Greg Clark.
Noted password security expert Troy Hunt, the security researcher behind the haveibeenpwned site, cringed at the trade in the hacked credentials. "Business as usual on the internet," he said...
Pete Banham, cyber resilience expert at Mimecast, commented-- "This latest password cache appears to be recycled from previous security breaches. It is however a prime example of how critical it is for various individuals, especially those in a position of political power right now, to take more responsibility for password strength and reuse between consumer and business services.
"Once user credentials are compromised, cybercriminals can implement highly targeted spear-phishing and social engineering attacks, putting confidential data at risk of being stolen," he added.
Even though the data is old, meaning that passwords have likely been changed and accounts closed, it hold clues however in the data that could allow hackers to profile targets and launch phishing attacks designed to steal even more up-to-date login credentials.
Mark James, internet security specialist at ESET, asserted that a "small amount of information could be the next part of the jigsaw puzzle in your online profile".
"Once that profile is large enough to be useful, it may be offered for sale on the internet. This data could then be used to access other accounts if you reuse passwords, or if it's accessible to email accounts then they now have an excellent baseline to initiate a targeted phishing attack that would seem to come from someone you know or already do business with," he concluded.
Rashmi Knowles, EMEA field CTO at RSA, commented-- "This story shows just how important it is that people change all their passwords in the wake of a security breach. People often use the same password for multiple sites, even for accessing work-essential applications and services, and do not change them for several years. This means that when those credentials are harvested, as we can see in this instance, it can have serious and negative repercussions for everyone affected."
Source: The London Times.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.