Law enforcement has been busy. As reported yesterday, Cracked and Nulled forums were seized along with services associated with them financially. Two suspects were arrested in Spain. Today, DOJ issued two press releases. The first was about yesterday’s seizures:
Cracked and Nulled Marketplaces Disrupted in International Cyber Operation
The Justice Department today announced its participation in a multinational operation involving actions in the United States, Romania, Australia, France, Germany, Spain, Italy, and Greece to disrupt and take down the infrastructure of the online cybercrime marketplaces known as Cracked and Nulled. The operation was announced in conjunction with Operation Talent, a multinational law enforcement operation supported by Europol to investigate Cracked and Nulled.
… According to seizure warrants unsealed today, the Cracked marketplace has been selling stolen login credentials, hacking tools, and servers for hosting malware and stolen data — as well as other tools for carrying out cybercrime and fraud — since March 2018. Cracked had over four million users, listed over 28 million posts advertising cybercrime tools and stolen information, generated approximately $4 million in revenue, and impacted at least 17 million victims from the United States.
… The Justice Department announced the seizure of the Nulled website domain and unsealed charges against one of Nulled’s administrators, Lucas Sohn, 29, an Argentinian national residing in Spain. According to the unsealed complaint affidavit, the Nulled marketplace has been selling stolen login credentials, stolen identification documents, hacking tools, as well as other tools for carrying out cybercrime and fraud, since 2016. Nulled had over five million users, listed over 43 million posts advertising cybercrime tools and stolen information, and generated approximately $1 million in yearly revenue. One product advertised on Nulled purported to contain the names and social security numbers of 500,000 American citizens.
Read more from DOJ.
The second press release related to a Pakistani-based network selling hacking and fraud-related tools:
Justice Department Announces Seizure of Cybercrime Websites Selling Hacking Tools to Transnational Organized Crime Groups
The Justice Department today announced the coordinated seizure of 39 domains and their associated servers in an international disruption of a Pakistan-based network of online marketplaces selling hacking and fraud-enabling tools operated by a group known as Saim Raza (also known as HeartSender). The seizures were conducted in coordination with the Dutch National Police.
According to the affidavit filed in support of these seizures, Saim Raza has used these cybercrime websites since at least 2020 to sell phishing toolkits and other fraud-enabling tools to transnational organized crime groups, who used them to target numerous victims in the United States, resulting in over $3 million in victim losses.
The Saim Raza-run websites operated as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages, and email extractors, often used to build and maintain fraud operations. Not only did Saim Raza make these tools widely available on the open internet, it also trained end users on how to use the tools against victims by linking to instructional YouTube videos on how to execute schemes using these malicious programs, making them accessible to criminal actors that lacked this technical criminal expertise. The group also advertised its tools as “fully undetectable” by antispam software.
Read more at DOJ.