The Ukrainian Cyber Police, in collaboration with the national police, have apprehended three individuals. These individuals stand accused of hacking and illicitly selling a colossal number of email and Instagram accounts, totaling 100 million, on the dark web.
The alleged criminals are believed to have employed a brute-force attack strategy. This method involves relentlessly testing numerous password combinations until the correct login credentials are discovered. The compromised accounts were subsequently compiled into a database and listed for sale on various dark web marketplaces and hacking forums.
Where Does the Stolen Data End Up?
Currently, some of the most frequented hacker and cybercrime forums include Breach Forums and a Russian language platform known as XSS. Cybercriminals exploit these platforms to peddle stolen data via escrow deals, while others choose to leak it without charge. Telegram also serves as a significant platform for criminals to announce data breaches and either leak or sell data.
The Aftermath of Data Breaches
According to a press release by the Cyber Police, the stolen accounts were used to perpetrate various scams. One such notorious scam is the “Friend Asks for a Loan” scheme, where compromised accounts are used to target the victim’s friends and family with fraudulent requests for money.
Law Enforcement Strikes Back
Law enforcement officers conducted seven searches at the residences and registered addresses of the accused individuals in Kyiv, Odesa, Vinnytsia, Ivano-Frankivsk, and the regions of Kyiv, Donetsk, and Kirovohrad. During these searches, over 70 pieces of computer equipment, 14 phones, bank cards, and cash, amounting to more than $3,000, were seized. A petition has been submitted to the court for the seizure of the confiscated property.
The Suspects and the Charges
The suspects, whose ages range from 20 to 40, are now facing charges of unauthorized interference in information systems and networks. This is a criminal offense in Ukraine, carrying a penalty of up to 15 years in prison.
The investigation is far from over. Authorities are exploring the possibility that the group may have collaborated with foreign entities, particularly those with interests aligned with Russia. The suspicion is that some of the stolen accounts were used specifically to benefit Russian interests. However, the exact nature of this potential collaboration remains unclear at this point.
Jamie Akhtar, CEO and Co-Founder at CyberSmart commented on the situation: “Following the takedown of LockBit in February, this is another heartening story. It demonstrates that cybercriminals can be caught and brought to justice. However, we shouldn’t rest on our laurels, for each of these groups that is shut down another will spring up in its place and those still at large will learn from how their peers were caught.”
The Importance of Cybersecurity Measures
This arrest underscores the importance of implementing cybersecurity measures. Using strong and unique passwords for all online accounts is crucial, and enabling multi-factor authentication (MFA) whenever possible adds an extra layer of security. The Ukrainian cyber police also recommend these practices to help protect yourself from falling victim to similar account hijacking schemes.