[BreachExchange] U.S. Authorities Shut Down Slilpp—Largest Marketplace for Stolen Logins
Sophia Kingsbury
sophia.kingsbury at riskbasedsecurity.com
Fri Jun 11 11:30:50 EDT 2021
https://thehackernews.com/2021/06/us-authorities-shut-down-slilpplargest.html
The U.S. Department of Justice (DoJ) Thursday said it disrupted and took
down the infrastructure of an underground marketplace known as "Slilpp"
that specialized in trading stolen login credentials as part of an
international law enforcement operation.
Over a dozen individuals have been charged or arrested in connection with
the illegal marketplace. The cyber crackdown, which involved the joint
efforts of the U.S., Germany, the Netherlands, and Romania, also
commandeered a set of servers hosting its infrastructure as well as the
multiple domains the group operated.
Operational since 2012, Slilpp was a marketplace for allegedly stolen
online account login credentials belonging to 1,400 companies worldwide,
offering for sale more than 80 million plundered usernames and passwords
for bank accounts, online payment accounts, mobile phone accounts, retailer
accounts, and other online accounts, which were abused to conduct
unauthorized transactions, such as wire transfers, from the related
accounts.
Based on existing victim reports, the DoJ said the pilfered login
credentials sold over Slilpp have been used to siphon no less than $200
million in the U.S.
"The Slilpp marketplace allegedly caused hundreds of millions of dollars in
losses to victims worldwide, including by enabling buyers to steal the
identities of American victims," said Acting Assistant Attorney General
Nicholas L. McQuaid of the DoJ's Criminal Division. "The department will
not tolerate an underground economy for stolen identities, and we will
continue to collaborate with our law enforcement partners worldwide to
disrupt criminal marketplaces wherever they are located."
The development comes amid a flurry of law enforcement actions against
cybercrime groups in recent months, including that of TrickBot, Emotet, and
ANoM. Slilpp is also the third marketplace to be taken down by the DoJ
after xDedic (January 2019) and DEER.IO (January 2021), both of which
catered to harvesting and selling login credentials.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210611/2c7401f8/attachment.html>
More information about the BreachExchange
mailing list