Cyber Security I: What is CyberVor?

Part I in an ongoing series of cyber threats and capabilities emanating from Russia and Eurasia.

Cyber security has turned into a buzzword in the US, particularly with regard to state-centered threats. In the recent revelations about the purported independent cyber hacker-group, CyberVor, the source and degree of risks appear inflated and unsubstantiated.



CyberVor (“Cyber-thief” in English), is a Russian hacker-group credited with accumulating over 1.2 billion unique user credentials from more than 420, 000 web services. Alex Holden, founder of Hold Security first revealed the existence of the group during the 2014 Black Hat Security Conference in Las Vegas, NV.  Holden’s background remains obscure, with many veterans of the Cyber-Security community are reportedly unfamiliar with his work. According to Holden, the group consists of approximately a dozen hackers from “south central Russia” who previously specialized in black-market data thefts.


Suspected Activities

The compromised data, 1.2 billion usernames and passwords, were amassed from approximately 500 email addresses associated with various email service providers. According to Holden, “Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites … and most of these sites are still vulnerable.” Virtually every economic industry was affected by the attacks.


Skepticism to Holden’s Claim

Doubts as to whether or not 1.2 billion passwords could actually have been stolen have been expressed by numerous Cyber Security professionals. Further, Hold Security has been criticized for publically announcing the purported breach without first notifying those companies and systems affected by CyberVor. It is unclear how many passwords were active and whether or not each password had a unique owner (many people use the same password for multiple sites). Given that the worst of the damage to date is an increase of spam email, the risk of the breach may have been over-exaggerated.


Initial Conclusions

  • Should the group exist and have carried out the attack in the manner claimed by Holden, CyberVor is only operating opportunistically, not targeting any specific country, industry, or economic sector.
  • There are no indications of state-sponsorship of the group by the Kremlin or another foreign government.
  • Independent Russian hackers have a history of successfully penetrating the security of American and European countries, even stock-exchange networks.
  • Hold Security stands to gain financially from the breach and they will charge customers to reveal the status of their security without offering remedial safety measures.
  • No significant damage has been directly tied to the CyberVor attacks at this time.