Hacking forum Cracked[.]io was seized on Wednesday for helping cybercriminals target at least 17 million US victims, according to the Justice Department.
On Thursday, federal and European investigators provided more details about their effort to shut down Cracked[.]io and another hacking forum, Nulled[.]to. The day before, the FBI seized the domains for both sites, forcing them offline.
The crackdown was initiated to disrupt cybercrime and the proliferation of hacking tools. “Both of these underground economy forums offered a quick entry point into the cybercrime scene,” said Europol, which also took part in shutting down both sites.
For example, Cracked[.]to “impacted at least 17 million victims from the United States,” through its sales of stolen logins, hacked databases, and malicious software tools since 2018, federal investigators said. The site also sold access to a tool to search for stolen and leaked logins indexed from billions of websites.
“This product was recently allegedly used to sextort and harass a woman in the Western District of New York,” the Justice Department said. “Specifically, a cybercriminal entered the victim’s username into the tool and obtained the victim’s credentials for an online account. Using the victim’s credentials, the subject then cyberstalked the victim and sent sexually demeaning and threatening messages to the victim.”
Nulled[.]to operated in a similar fashion since 2016, selling stolen logins and ID information, including a hacking tool that contained the names and Social Security numbers of 500,000 US citizens. Both sites had up to 5 million users. “These two forums also offered AI-based tools and scripts to automatically scan for security vulnerabilities and optimize attacks,” Europol added.
In response, international law enforcement identified and seized servers for the two sites and their affiliated domains, including Sellix[.]io, which focused on accepting digital payments, and the hosting service Starkrdp[.]io. Europol adds that two suspects were arrested and seven properties were raided in connection with the sites. Meanwhile, the US unsealed charges against a 29-year-old Argentinian national in Spain named Lucas Sohn for allegedly administrating Nulled[.]to.
Recommended by Our Editors
“If convicted, Sohn faces a maximum penalty of five years in prison for conspiracy to traffic in passwords, 10 years in prison for access device fraud, and 15 years in prison for identity fraud,” the Justice Department added.
It’s unclear if Sohn was arrested. In the meantime, the seizure noticed place on both the Cracked and Nulled domains indicates that investigators also confiscated details on anyone who ever used the marketplaces.
Like What You’re Reading?
This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.
About Michael Kan
Senior Reporter
