In a wake of the Liberty Reserve shutdown, Hold Security has received credible evidence derived from recent and on-going cyber attacks, that Liberty Reserve customers’ data have been used to compromise their other financial accounts.
Based on the evidence, at very least, e-mail addresses and passwords that belonged to Liberty Reserve users have been used in attacks against other financial institutions. Cyber attacks using Chinese CAPTCHA-breaking services began as early as May 27, 2013, targeting financial institutions where Liberty Reserve customers may have accounts.
Hackers relied on the fact that many individuals use same login credentials across multiple financial accounts and targeted organizations with a similar profile. The attack patterns observed appeared to have a moderate level of sophistication, and, at this time, are only aiming to verify if a compromised account data is valid at the targeted financial organizations.
It appears that the hackers have passwords in encrypted format and that they are able to decrypt less complex passwords. However, it is probable that cracking passwords is on-going and eventually more complicated passwords will be compromised.
Hold Security is working to identify the hackers but, at this time, there is no definite data or attribution. While the password-guessing attacks are coming from China, there is no conclusive evidence that the hackers are from there.
At this time, Hold Security urges any past Liberty Reserve customers to ensure that any password they used with Liberty Reserve is not used on any of their existing accounts, financial or otherwise. It is a standard best practice to use separate passwords for each on-line financial account.
Hold Security also urges financial organizations that may have a large number of Liberty Reserve customers to examine their systems for possible unauthorized access or transactions.
We also encourage any financial institutions or security organizations to contact us with information about this breach so that we can better identify the attackers and warn victims.
Hold Security, LLC is an Information Security and Cyber Investigation company that specializes in Information Security Auditing, Penetration Testing, Incident Response and Remediation.
Disclaimer: Hold Security, LLC is releasing this advisory as a part of our on-going investigation into related breaches. The information above is based on the malicious behavior and patterns observed during our investigation. Other information may surface that will cause this advisory to be altered.