Millions US government email addresses in the hands of the cybercrime

It has repeatedly reiterated the need for a cyber strategy to reduce risks related to cyber threats from various sources, military, cyber crime or hacktivism. Cyber ​​threats expose our intelligence agencies, our critical infrastructures and our companies to significant risks causing untold perfidious finance. In the area of ​​cyber warfare governments have made considerable strides, gained awareness of the threat each nation is organizing a garrison of more or less vigilant cyber space.

Too many people mistakenly believe that attacks on government institutions can only come from hacker groups sponsored by hostile governments, but do not forget that we live in an information age and information is money. Groups of cyber criminals are aware of the huge demand for information about military sectors, for this reason they continuously try to acquire and sell information about each country’s militia and intelligence agencies through several techniques, espionage, phishing, extortions, cyber attacks, hacking of major government contractors.

To demonstrate how much interest there is on sensible information in military I report the presence on underground market of millions of harvested U.S government and U.S military harvested emails addresses that cyber criminals are trying to sell. The criminal business is offering  2.462.935 U.S government email addresses, and another 2.178.000 U.S military email addresses.

The risks are really serious, this information could be used by hostiles government in cyber attacks and cyber espionage activities in the short term.

We are facing with efficient organization that continuously collect info from various sources trying to sell them using several channels like social network, chat rooms, specific web sites and Internet directories. Many organizzation have set up growing community where they sold any kind of service, from the malware development to information need to attack a specific target. Specific social network offer advice for the development of new modules to use in conjunction with well known malware (e.g. Zeus, SpyEye). This open communities are really dangerous and hard to monitor, we must consider them malware factories.

Cyber criminals have used several cyber options to gather personal data and financial information of representatives of the U.S. military. The scams schemes provide phishing attacks and malware diffusion to steal precious data.  Really interesting another aspect, spammers and virus creators are also launching massive attacks on anti-spam organizations with the intent to thwart their defense and operate unchallenged.

The knowledge of this email addressed could be used in targeted cyber attacks with the purpose to gain access to critical information related to military operation in which the victim is involved.

U.S government and U.S military users whose emails have been exposed have been alerted on the risks, they have been informed that they could be targeted by malware attacks, they are all invited to avoid downloading and executing a malicious attachment, or clicking on link found in the suspicious emails.

The news of the availability of large amount of email on the black market came meanwhile U.S. military declare their strong engage in to fight against cyber threats with a very offensive strategy. The Pentagon has just sent a report to Congress where it says that it has the right to retaliate with military force against a cyber attack.

Air Force General Robert Kehler said

“I do not believe that we need new explicit authorities to conduct offensive operations of any kind”,

it’s clear the approach to the new emergency.

US security agencies are also training team of cyber forensics experts and group of hackers to identify, prevent and fight and cyber threats. I believe that the U.S. response represents the proper way to approach the threat and efforts should be taken as an example.

Pierluigi Paganini


Pierluigi Paganini: Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This website uses cookies.