WASHINGTON – The FBI and the U.S. Department of Justice announced today that they have seized the internet domain name weleakinfo.to and two related domain names, ipstress.in and ovh-booter.com, following an international investigation into websites allowing users to buy access to stolen personal information or to perform attacks on victim networks.
The announcement was made by U.S. Attorney Matthew M. Graves of the District of Columbia and Special Agent in Charge Wayne A. Jacobs of the FBI Washington Field Office’s Criminal and Cyber Division.
“Today, the FBI and the Department stopped two distressingly common threats: websites trafficking in stolen personal information and sites which attack and disrupt legitimate internet businesses,” said U.S. Attorney Graves. “Cyber crime often crosses national borders. Using strong working relationships with our international law enforcement partners, we will address crimes like these that threaten privacy, security, and commerce around the globe.”
“These seizures are prime examples of the ongoing actions the FBI and our international partners are undertaking to disrupt malicious cyber activity,” said Special Agent in Charge Jacobs. “Disrupting malicious DDoS operations and dismantling websites that facilitate the theft and sale of stolen personal information is a priority for the FBI.”
The WeLeakInfo.to website had claimed to provide its users a search engine to review and obtain the personal information illegally obtained in over 10,000 data breaches containing seven billion indexed records – including, for example, names, email addresses, usernames, phone numbers, and passwords for online accounts. The website sold subscriptions so that any user could access the results of these data breaches, with subscriptions providing unlimited searches and access during the subscription period (one day, one week, one month, three months, or lifetime). In January 2020, the FBI and the U.S. Department of Justice also announced that they had seized the internet domain name weleakinfo.com, shutting down a similar service then provided at that site.
The ipstress.in and ovh-booter.com domains were also seized. Those sites publicly offered to conduct “Distributed Denial of Service” attacks, or “DDoS” attacks for clients – specifically, a format called booter or stressor attacks. DDoS attacks are a type of network attack in which multiple internet-enabled devices are used to attack computers hosting a website – usually by flooding the site with internet traffic – for the purpose of rendering it inaccessible to legitimate users or unable to communicate with the internet.
With execution of the warrant, the seized domain names – weleakinfo.to and the related domains – are now in the custody of the federal government, effectively suspending the website’s operation. Visitors to the site will now find a seizure banner that notifies them that the domain name has been seized by federal authorities. The U.S. District Court for the District of Columbia issued the seizure warrant.
The seizures of these domains were part of a coordinated law enforcement action with the National Police Corps of the Netherlands and the Federal Police of Belgium. The actions executed by our international partners included the arrest of a main subject, searches of several locations, and seizures of the webserver’s infrastructure.
Any persons having information concerning weleakinfo.to or its owners and operators are encouraged to provide that information by filing a complaint (referencing #weleakinfo in the “Description of Incident” field) with the FBI’s Internet Crime Complaint Center (IC3) at https://www.ic3.gov/complaint/default.aspx.
These seizures are a part of a comprehensive law enforcement action taken by the FBI, the U.S. Attorney’s Office for the District of Columbia, and the Department of Justice’s Computer Crime and Intellectual Property Section, along with international law enforcement, including the Netherlands National Police Corps and the Belgium Federal Police.