In a recent announcement by the U.S. Department of Justice (DoJ) and the FBI, three domains were seized. It is believed that these domains are being utilized by cybercriminals to sell stolen personal information or to provide DDoS attack services in connection with data breaches.
The seizure is the result of an investigation carried out by U.S. authorities into the sale and purchase of illicit services via websites and domains.
Domains Seized
The seizure includes the following three domains:-
- weleakinfo[.]to
- ipstress[.]in
- ovh-booter[.]com
After a joint operation, all these above-mentioned domains were seized. And this operation was jointly coordinated with the following agencies:-
- National Police Corps of the Netherlands.
- The Federal Police of Belgium
Apart from this, as a result of this action, a suspect was arrested, server infrastructure was seized, and a number of locations were searched.
Data Available for Trading
There was a website called WeLeakInfo[.]to sell subscriptions that allowed users to search for data stolen in over 10,000 data breach incidents. An estimated 7 billion records contained a variety of personally identifiable information (PII):-
- Names
- Usernames
- Phone numbers
- Passwords
Moreover, the threat actors also used another two domains for the provision of booter services or stressor services, respectively.
Clients can ask for these types of services to be performed in order to have a website or web platform that they think might be vulnerable to large-scale DDoS attacks taken down.
Here’s what FBI Special Agent in Charge, Wayne A. Jacobs, stated:-
“These seizures are prime examples of the ongoing actions the FBI and our international partners are undertaking to disrupt malicious cyber activity. Disrupting malicious DDoS operations and dismantling websites that facilitate the theft and sale of stolen personal information is a priority for the FBI.”
Furthermore, the federal agencies have issued an advisory stating that anybody who has a theoretical knowledge of these portals and their operators should immediately report to the FBI.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
