[BreachExchange] InfinityBlack Dismantled After Selling Millions of Credentials

Fri May 8 10:48:10 EDT 2020

https://threatpost.com/infinityblack-dismantled-millions-credentials/155525/

In the Europol-led takedown, police shut down databases with more than
170 million entries.

The InfinityBlack hacking group, which is responsible for selling
millions of stolen credentials, has been dismantled.

Polish and Swiss law-enforcement authorities, supported by Europol,
arrested five individuals in Poland believed to be members of
InfinityBlack, on April 29. According to Europol, police also seized
electronic equipment, external hard drives and hardware cryptocurrency
wallets worth about $108,000. And, police shut down two platforms,
containing databases with more than 170 million entries.

“A number of investigation measures by specialists from the Cyber
Investigation Division (DEC) of the Vaud Cantonal Police made it
possible to dismantle the InfinityBlack hackers’ network, set up to
exploit this data to the detriment of businesses,” according to
Europol’s Tuesday announcement. “Between 30 April and 2 May 2019, five
arrests were made in the canton of Vaud, Switzerland.”

According to ZDNet, InfinityBlack was formed in late 2018 and operated
the infinity[.]black website. The threat group used this online
platform to sell login usernames and credentials, stolen or leaked
through previous data breaches, to other cybercriminals.

Europol said the group comprised of three teams: Developers who
created tools to test the quality of stolen databases, testers who
analyzed the data and project managers who distributed subscriptions
for cryptocurrency payments. In addition to selling compromised
credentials, Europol said the group is also responsible for creating
malware and hacking tools, and carrying out fraud.

InfinityBlack’s main source of revenue came through collecting stolen
or leaked loyalty rewards credentials. They would sell these to other
hackers, who could then exchange the loyalty points to buy expensive
electronic gifts.

“The hackers created a sophisticated script to gain access to a large
number of Swiss customer accounts,” said Europol. “Although the losses
are estimated at €50,000 [$54,000], hackers had access to accounts
with potential losses of more than €610,000 [$660,000].”

The takedown started with the unmasking of several fraudsters and
hackers, many of them minors and young adults, who were attempting to
cash out loyalty points in shops in Switzerland. Police then exchanged
criminal intelligence and uncovered links to members of the hacking
group in Poland.

“Transmitting the data on searched computers between the Swiss and
Polish authorities led to the arrest of the hackers in Poland,” said
Europol.

Europol has worked to successfully dismantle various cybercriminal
gangs over the years. Last year, the organization brought down the
cybercrime network behind the GozNym malware, used to siphon $100
million out of its victims. And in December 2019, the developers
behind Imminent Monitor RAT, a commodity remote-access tool RAT that
allows full control of a victim’s computer, were taken down by Europol
and global authorities.