The US Federal Bureau of Investigation (FBI) is investigating the criminal hacking forum BreachForums after taking down its website last week. This follows the announcement in February of the seizure of the LockBit ransomware gang’s extortion website.
“From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services,” says an FBI advisory.
However, when it comes to taking down organized cybercriminal groups, the authorities’ success has so far been limited. Like the Hydra, a monster of Ancient Greek mythology that grew another two heads when one was cut off, criminal websites have a habit of reappearing very quickly after they have been taken down if the crooks behind them are still at large. When the LockBit ransomware website was busted in February, for example, LockBit posted messages on an encrypted messaging app saying its backup servers were unaffected. Less than a week later, the ransomware gang resurfaced with a new website on the dark web.
Mining back-end data could lead to more arrests
This is also the second time the FBI has shut down the BreachForums criminal marketplace. Breach Forums originally took over from RaidForums after a joint international operation by law enforcement agencies took that site down in 2022. But if the FBI can mine the back-end data they claim to have captured from last week’s bust of BreachForums, it could also enable arrests of other criminal networks that have been doing business on the site.
Only by destroying the credibility of criminal websites such as LockBit and BreachForums can law enforcement truly start to tackle the problem of corporate cybercrime. As long as criminally minded users of these websites believe they are permanently protected by a cloak of anonymity, new Dark Web marketplaces will continue to thrive. If, however, criminals begin to discover that their illicit dealings can be examined by law enforcement retrospectively, a major battle will have been won in the war on cybercrime.
When the FBI and the US Department of Justice took down the BreachForums website, they replaced its landing page with a seizure notice crediting international partners, including the Cyber Police of Ukraine, Kantonspolizei Zürich, the Australian Federal Police, New Zealand Police, Icelandic Police, and UK National Crime Agency.
The FBI advisory on the seizure also states that the authorities are now reviewing the busted BreachForums’ website’s back-end data and encourages BreachForums’ victims to come forward.
