'WeLeakInfo' Website Shut DownSite Provided Access to 12 Billion Personal Records, Police Allege
Law enforcement agencies in five countries have shut down WeLeakInfo.com, which provided cybercriminals with access to over 12 billion personal records culled from 10,000 data breaches, the U.S. Justice Department announced Thursday.
In addition, police in Northern Ireland and the Netherlands arrested two 22-year-old men Wednesday who are suspected of running the WeLeakInfo site and profiting from the sale of personally identifiable information as well as malware and other malicious tools, according the U.K. National Crime Agency. The names of the two suspects, along with possible criminal charges, were not released.
It's not clear how long the WeLeakInfo domain was in operation, but the website developed a reputation for selling names, email addresses, usernames, phone numbers and passwords for online accounts to cybercriminals who would buy a subscription for as little as $2 a day to access the data, according to the Justice Department.
The site operated as a database and search engine, with the stolen data indexed so that users could search the files and information, the Justice Department says.
In July, the WeLeakInfo website and its Twitter feed began advertising that 23 million personal records that were taken from CafePress were available to subscribers (see: Hacked Off: Lawsuit Alleges CafePress Used Poor Security).
As of Friday, however, WeLeakInfo visitors were greeted with a sign that the domain had been seized.
"With execution of the warrant, the seized domain name - weleakinfo.com - is now in the custody of the federal government, effectively suspending the website’s operation," according to the Justice Department. "Visitors to the site will now find a seizure banner that notifies them that the domain name has been seized by federal authorities. The U.S. District Court for the District of Columbia issued the seizure warrant."
The investigation into WeLeakInfo, which started in August, identified the two men who allegedly operated the site, according to the National Crime Agency.
By tracing online payments through IP addresses, police say, investigators were able to trace the day-to-day operations of the site back to the two suspects. Police also found that the infrastructure supporting the domain was being hosted in Germany and New Zealand.
The two men collected about $260,000 in profits from the site, authorities allege. Investigators found that WeLeakInfo not only sold stolen data, but malicious tools, such as remote access Trojans. Some of the malware, such as the Imminent Monitor RAT, sold for as little as $25, authorities say.
A website hosting stolen credentials has been taken down following an NCA-led investigation, in collaboration with international law enforcement partners @PoliceServiceNI, @Politie & @FBI.— National Crime Agency (NCA) (@NCA_UK) January 17, 2020
Full story ➡️ https://t.co/FQbi2Dy4M7 pic.twitter.com/nrjQaYaZdp
“We know that weleakinfo.com formed an extremely valuable part of a cybercriminal's toolkit. However, this significant criminal website has now been shut down as a result of an international investigation involving law enforcement agencies from five countries," says Andrew Shorrock, senior investigating officer with the National Crime Agency.
In addition to the U.S. Justice Department and FBI, police in the U.K., Germany, the Netherlands and Northern Ireland investigated the site and jointly seized the domain this week. While investigators closed down the WeLeakInfo website, its Twitter feed was still working Friday.
Other Domain Seizures
Over the last two years, police in the U.K., Europe and the U.S. have been seizing domains that support cybercriminal activity. In February 2019, for instance, the Justice Department led an international effort to shut down the notorious Russian language cybercrime marketplace and forum xDedic Marketplace (see: Stolen RDP Credentials Live On After xDedic Takedown).
In 2017, the FBI and Europol announced a joint seizure of two darknet marketplaces - AlphaBay and Hansa. In all these cases, however, information security experts warned that customers of these sites would quickly move their business elsewhere.