- 21 paying users of “WeLeakInfo” were arrested and charged in the UK.
- Another 69 were warned not to continue their actions in the illegal field.
- More cease and desist notices are to be delivered in person in the following months.
Buying stolen data from online marketplaces is very risky, as you are taking part in a cyber-criminal operation by actually funding it. In this context, the NCA (National Crime Agency) has announced the arrest of 21 individuals across the UK over the duration of the five last weeks. These people are suspected of being customers of “WeLeakInfo”, a platform that hosts billions of user credentials coming from over 10,000 data breaches.
‘WeLeakInfo.com’ was sized by the authorities back in January 2020, but the law enforcement agencies around the world continued to analyze the information they got to access in the process to find who was using the platform. Obviously, many of the people who bought data leaks didn’t do it for the dissemination of warning emails but for malicious purposes like running phishing and extortion campaigns.
Nine of the arrestees face Computer Misuse Act offenses, nine were arrested for Fraud, and three for both. Also, £41,000 in Bitcoin was seized on the spot. All 21 are men aged between 18 and 38. The NCA reports that its investigators have already found evidence that many of these people had also purchased trojans, RATs (remote access tools), and crypters, so their intentions were clearly malevolent.
But the NCA didn’t stop there. The investigators identified a further 69 individuals across the UK, aged between 16 and 40, who had ambiguous participation in cybercrime operations. These people were served a cease and desist notice and were officially warned. The NCA says more visits of this kind are due to take place over the coming months, so it is possible that these 69 were only the first wave. As Paul Creffield, head of the NCA’s Cyber Crime Unit, stated:
We were able to pinpoint those on the verge of breaking the law and warn them that should they continue, they could face a criminal conviction. Cyber skills are in huge demand and there are great prospects in the tech industry for those who choose to use their skills legally.
This is a good reminder that data leaks become shared, sold, re-purposed, and exploited by a large number of individuals out there. For this reason, if your credentials have been compromised by a security lapse, you should move quickly to reset your passwords and use something strong and unique.