Police take two fraudulent sites offline
Together with the Belgian police and the FBI, the cybercrime team East Netherlands has taken down two illegal websites. The sites carried out DDoS attacks for a fee and facilitated the sale of stolen credentials. A Belgian suspect has been arrested and data carriers have been seized during the search. Those who visit the sites will see a so-called splash page: a page stating that the domain name has been seized.
The police wrote this in a press release.
Buy Stolen Credentials and Order DDoS Attack
The investigation into the sites began in January 2020. At the time, the police arrested a 22-year-old resident of Arnhem on suspicion of offering billions of usernames and associated passwords online. On the weleakinfo.com site, visitors could view and download this data for a fee. The site was immediately taken off the air by the FBI.
During the investigation, the police came across a domain name that resembled the original like two drops of water. It was about the site weleakinfo.to. The cybercrime team then launched a new investigation. That led to a 20-year-old man from the Belgian town of Namur.
The police suspect that the Belgian also manages another site in addition to weleakinfo.to: ipstress.in. Hackers and cyber criminals could order a DDoS attack here. Servers are then flooded with data and connection requests. It then takes a very long time before a page loads, or in the worst case is no longer accessible.
FBI takes illegal websites offline
With the arrest of the Belgian suspect, some web and payment servers have been taken off the air in the Netherlands and Lithuania. The FBI has seized the domain names weleakinfo.to and ipstresss.in. The American service has also taken over control of an account with which twenty comparable domain names have been registered.
The police emphasize that there is no connection between the Dutch and Belgian suspect. The [Belgian] suspect probably wanted to take advantage of the familiarity within the hacker community of the brand name weleakinfo with a similar website and an alternative internet domain.
The investigation into the case is still ongoing. The Dutch police will look into who the recipients of the stolen login data are. The police are also looking at who used the services of weleakinfo.to and who is responsible for carrying out the DDoS attacks.
“Cyber criminals often operate across borders and regularly switch server(s). The police, therefore, works together with many parties at home and abroad when tackling cybercrime,” the police said. It revolves around tracing the perpetrators, disrupting the infrastructure and the revenue model, supporting victims and cooperation with (international) partners.
This week, the police cybercrime team took all the IT infrastructure of the FlutBot malware offline .
Catch up on more articles here
Follow us on Twitter here