The Ukrainian Cyber Police, working alongside investigators from the national police, have pulled off a major win in the fight against cybercrime. They successfully arrested three individuals accused of hacking and selling a staggering 100 million email and Instagram accounts on the dark web.
Authorities believe the group used a brute-force attack technique, essentially bombarding accounts with numerous password combinations until they cracked the login credentials. These stolen accounts were then compiled into a database and offered for sale on dark web marketplaces and hacking forums, where malicious hackers could purchase them for fraudulent activities.
It is worth mentioning that currently, some of the most active and popular hacker and cybercrime forums include Breach Forums and a Russian language platform called XSS. Cybercriminals utilize these forums to sell stolen data through escrow deals, while others opt to leak it for free. Additionally, Telegram serves as a significant platform for criminals to announce data breaches and either leak or sell data.
According to Cyber Police’s press release, the buyers used the stolen accounts to launch various scams, including the notorious “Friend Asks for a Loan” scheme where compromised accounts are used to target the victim’s friends and family with fabricated requests for money.
Additionally, law enforcement officers conducted 7 searches at the residences and registered addresses of individuals involved in Kyiv, Odesa, Vinnytsia, and Ivano-Frankivsk, as well as in the regions of Kyiv, Donetsk, and Kirovohrad. During these searches, over 70 pieces of computer equipment, 14 phones, bank cards, and cash, totalling more than $3,000, were seized. A petition has been submitted to the court to request the seizure of the confiscated property.
The ages of the arrested suspects range from 20 to 40. They now face charges of unauthorized interference in information systems and networks, a serious offence in Ukraine punishable by up to 15 years in prison.
The investigation isn’t over yet, however. Authorities suspect the group may have collaborated with foreign entities, particularly those with interests aligned with Russia. Investigators are looking into the possibility that some of the stolen accounts were used specifically to benefit Russian interests, though the exact nature of this potential collaboration remains unclear.
Commenting on this, Jamie Akhtar, CEO and Co-Founder at CyberSmart said: “Following the takedown of LockBit in February, this is another heartening story. It demonstrates that cybercriminals can be caught and brought to justice. However, we shouldn’t rest on our laurels, for each of these groups that is shut down another will spring up in its place and those still at large will learn from how their peers were caught.”
This arrest goes on to show the importance of taking cybersecurity measures. Using strong and unique passwords for all online accounts is crucial, and enabling multi-factor authentication (MFA) whenever possible adds an extra layer of security. The Ukrainian cyber police also recommend these practices to help protect yourself from falling victim to similar account hijacking schemes.
While the full extent of the data breach remains under investigation, it’s a significant development and a win for law enforcement. The stolen accounts could have been used for a wide range of malicious activities, and their seizure disrupts a major operation within the cybercriminal underworld.