National Crime Agency
Weleakinfo.com: Site hosting stolen credentials taken down after international operation
A website which provided access to more than 12 billion personal credentials to cyber criminals for as little as $2 per day has been taken down following an investigation led by the National Crime Agency (NCA), in collaboration with international law enforcement partners.
The NCA began investigating weleakinfo.com, which is believed to host credentials taken from around 10,000 data breaches, in August 2019. The credentials are known to have been used in further cyber attacks in the UK, Germany and the US.
Two individuals were identified during the course of the operation who officers believe have made total profits in excess of £200,000 from the site; one based in Northern Ireland and one in The Netherlands.
NCA investigators passed this information to the Police Service of Northern Ireland (PSNI) and the East Netherland Cyber Crime Unit (Politie), who launched their own operations. The suspects, both 22-year-old men, were arrested on Wednesday 15 January in Fintona and Vriendin respectively.
Parallel investigations into weleakinfo.com were also being run by the German BKA and the FBI, who seized the domain and effected the takedown of the site at 11.30pm on the same day.
Online payments tracing back to IP address believed to have been used by the two men point them being heavily involved in the running of the site. NCA officers found evidence of payments being made from these accounts to infrastructure companies in Germany and New Zealand to host its data.
Law enforcement activity in the UK last year established links between the purchase of cyber crime tools, such as remote access Trojans (RATs) and cryptors, and weleakinfo.com.
In November 2019, NCA and North West Regional Organised Crime Unit officers executed 21 warrants across the UK as part of an international operation targeting those who had purchased the IM RAT. Several of the suspects identified had also paid for access to weleakinfo.com.
Andrew Shorrock, Senior Investigating Officer at the NCA, said:
“We know that weleakinfo.com formed an extremely valuable part of a cyber criminals toolkit. However, this significant criminal website has now been shut down as a result of an international investigation involving law enforcement agencies from five countries.
“Cyber crime is a threat that crosses borders and so close international collaboration is crucial to tackling it. These arrests have resulted in the seizure of the site’s data which included 12 billion personal credentials and so work is continuing by law enforcement to mitigate these and notify the sites that were breached.
“The data behind the site is a collaboration of more than 10,000 data breaches. Criminals rely on the fact that people duplicate passwords on multiple sites and data breaches such as these create the opportunity for fraudsters to exploit that.
“Password hygiene is therefore extremely important. Advice on this, and further guidance on how to mitigate against cyber attacks, can be found on the National Cyber Security Centre’s website.”
Detective Superintendent Richard Campbell, Head of PSNI’s Cyber Crime Centre said:
“This significant operation involving PSNI, the NCA and the Dutch and German Police has disrupted a major organised crime gang who were selling people’s personal details for profit.
“We were pleased to play our part by arresting a 22-year-old man in Fintona on suspicion of Fraud and for encouraging or assisting contrary to S46 of the Serious Crime Act 2015. He has since been released on bail pending further enquiries.
“This NCA-led investigation in partnership with PSNI and Dutch authorities demonstrates how law enforcement agencies can work together successfully to disrupt major crime taking place anywhere in the world. Let this be a clear warning there is no hiding place for cyber criminals.”
Latest News from
National Crime Agency
NCA statement on Professor Dame Carol Black review of drugs28/02/2020 11:15:00
Dame Carol Black has published a review into the challenges posed by drug supply and demand, and what more can be done to tackle the harm that drugs cause.
Career criminal caught smuggling people is jailed after 28 years on the run27/02/2020 11:15:00
A career criminal who used a web of more than 40 aliases to stay on the run after absconding from prison in the early 1990s has been jailed for three years and eight months for attempting to smuggle eight illegal migrants into the UK on a yacht.
Lorry driver hid £1.4 million of cocaine in his bed26/02/2020 11:15:00
A lorry driver has been jailed for 12 years after trying to import cocaine worth almost £1.4 million into the UK.
Corrupt lorry driver jailed for bringing £1.7 million cocaine into UK24/02/2020 11:15:00
A lorry driver stopped at the Port of Hull with cocaine worth £1.7 million has been jailed for 8 years and 8 months.
Fugitive drug smuggler ‘Dobbo’ arrested in Spain21/02/2020 12:15:00
A convicted drug smuggler who went on the run after absconding from prison has been arrested in Spain.
European police chiefs back NCA demands for tech companies to do more to prevent child sex abuse17/02/2020 09:15:00
Police chiefs across Europe have backed a National Crime Agency demand for tech companies to transform their work to prevent child sexual abuse.
One of “Europe’s most wanted” extradited back to Romania after NCA operation14/02/2020 16:15:00
The suspected head of a major organised crime network has been extradited back to Romania to face trial, following an operation by the National Crime Agency.
NCA secures freezing order over Leeds businessman’s £10.5m property portfolio14/02/2020 11:15:00
The NCA has obtained a freezing order stopping the sale of 17 addresses as part of an ongoing investigation into a Leeds businessman with suspected links to serious organised criminals.