The FBI believes it’s on the heels of a Russian hacker thought to be involved with a cybercrime ring responsible for amassing the largest ever collection of stolen usernames and passwords.
Court documents made public by the FBI last week allege a connection between an individual known only as “mr.grey” and a sophisticated heist that allowed hackers to accumulate a trove of personalized log-in credentials, Reuters reported on Tuesday.
Allegations that a Russian crime ring had stolen roughly 1.2 billion credentials and more than 500 million email addresses surfaced last year following the release of a report by Hold Security, a Milwaukee-based cybersecurity firm that laid out the proof then to The New York Times.
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” CEO Alex Holden told the paper in August 2014. “And most of these sites are still vulnerable.”
Fourteen months later, Reuters reported this week that federal prosecutors used Hold Security’s investigative work to narrow in on a hacker who may be involved: Upon scouring lists of domain names that authorities believed were being used to send spam, the FBI stumbled upon an email address pertaining to a “mistergrey,” court documents seen by the newswire suggest.
“A search of Russian hacking forums by the FBI found posts by a ’mr.grey,’ who in November 2011 wrote that if anyone wanted account information for users of Facebook, Twitter and Russian-based social network VK, he could locate the records,” Nate Raymond wrote for Reuters.
Mr. Holden told Reuters that the unidentified hacker was likely involved with the operation that allowed criminals to compromise more than a billion credentials — the largest ever heist of its kind.
Last week’s court filing was made in the Eastern District of Wisconsin and in support of a search warrant the FBI sought last December that has since been executed, Reuters reported.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.