The bust of the illegal Cracked and Nulled crime forums evidences the global nature of cybercrime and the impossibility of seeing it as a threat that has no regard for national boundaries.
Although at least 17 million US citizens were victims of the crime forums. law enforcement agencies in the United States, Romania, Australia, France, Germany, Spain, Italy, and Greece were all involved in the bust, according to the US Department of Justice.
The only arrest so far, that of 29-year-old Lucas Sohn, also demonstrates the international nature of cyber law enforcement. In an operation co-ordinated by Europol, Sohn, an Argentinian national living in Spain, was arrested by the Guardia Civil. Nulled marketplace has been selling stolen login credentials, stolen identification documents, hacking tools, as well as other tools for carrying out cybercrime and fraud, since 2016. Nulled had over five million users, listed over 43 million posts advertising cybercrime tools and stolen information, and generated approximately $1 million in yearly revenue.
“Billions of leaked websites”
One product advertised on Nulled purported to contain the names and social security numbers of 500,000 American citizens. Cracked also offered illegal products designed to enable crimes to be committed across national borders. One product advertised on Cracked offered access to “billions of leaked websites” allowing users to search for stolen login credentials.
According to the US Department of Justice: “This product was recently allegedly used to sextort and harass a woman in the Western District of New York. Specifically, a cybercriminal entered the victim’s username into the tool and obtained the victim’s credentials for an online account. Using the victim’s credentials, the subject then cyberstalked the victim and sent sexually demeaning and threatening messages to the victim.”
The Cracked marketplace has also been selling stolen login credentials, hacking tools, and servers for hosting malware and stolen data since March 2018. Cracked had over four million users, listed over 28 million posts advertising cybercrime tools and stolen information, generated approximately $4 million in revenue, and impacted at least 17 million victims from the United States.
The Justice Department worked in close cooperation with investigators and prosecutors from several jurisdictions on the takedown of both the Cracked and Nulled marketplaces, including the Australian Federal Police, Europol, France’s Anti-Cybercrime Office (Office Anti-cybercriminalité), and Cyber Division of the Paris Prosecution Office, Germany’s Federal Criminal Police Office (Bundeskriminalamt) and Prosecutor General’s Office Frankfurt am Main – Cyber Crime Center (Generalstaatsanwaltschaft Frankfurt am Main – ZIT), the Spanish National Police (Policía Nacional) and Guardia Civil, the Hellenic Police (Ελληνική Αστυνομία), Italy’s Polizia di Stato and the General Inspectorate of Romanian Police (Inspectoratul General al Poliției Romane).
