A hacker who once advertised having access to user information for websites such as Facebook and Twitter has been linked to the theft of a record 1.2 billion Internet credentials, the FBI wrote in court documents.
The hacker, known as “mr.grey,” was identified based on data from Milwaukee-based cybersecurity firm Hold Security, the documents said.
The papers, made public last week by a federal court in Milwaukee, provide a window into the FBI’s investigation of what would amount to the largest collection of stolen user names and passwords.
The court papers were filed in support of a search warrant the FBI sought in December. That warrant, related to email records, was executed a month later.
The FBI began investigating when Hold Security announced last year that it had information on a Russian hacker group it dubbed CyberVor, which the firm said had stolen the 1.2 billion credentials and more than 500 million email addresses.
The FBI subsequently found lists of domain names and utilities that investigators believe were used to send spam, the documents said. Amid the spam utilities, the FBI discovered an email address registered in 2010 for “mistergrey,” documents show.
A search of Russian hacking forums by the FBI uncovered posts by a “mr.grey,” who in November 2011 wrote that if anyone wanted account information for users of Facebook, Twitter or Russian-based social network VK, he could locate the records.
Alex Holden, Hold Security’s chief information security officer, said that message indicated mr.grey likely operated or had access to a database that amassed stolen data from computers using malware and viruses.
Facebook, Twitter and the FBI declined to comment. The Justice Department had no immediate comment.
The investigation appears to be distinct from one linked to Hold Security’s reported discovery that 420,000 websites, including one for a JPMorgan Chase & Co. corporate event, were targeted by Russian hackers.
In a case resulting from the discovery of the JPMorgan breach, U.S. prosecutors this month charged three men with engaging in a cyber-criminal enterprise in which personal information was stolen from more than 100 million people.
Prosecutors accused two Israelis, Gery Shalon and Ziv Orenstein, and one American, Joshua Samuel Aaron, of being involved in a variety of schemes fueled by hacking JPMorgan and 11 other companies.
An indictment in Atlanta federal court against Shalon and Aaron names as a defendant an unidentified hacker believed to be in Russia.