Pierluigi Paganini May 06, 2020

Europol arrested five members of the Infinity Black hacker group that were selling stolen user credentials and hacking tools.

Europol announced another success in the fight against cybercrime, today it has arrested five Polish hackers who were members of the Infinity Black hacking group.

The joint operation coordinated by the Europol, saw the participation of the Polish and Swiss law enforcement authorities, and Eurojust.

The crime gang was formed in 2018, it was involved in distributing stolen user credentials, developing and distributing malware and hacking tools, and fraud. 

The stolen credentials were available for sale on a website set up by the criminal organization.

“Polish and Swiss law enforcement authorities, supported by Europol and Eurojust, dismantled InfinityBlack, a hacking group involved in distributing stolen user credentials, creating and distributing malware and hacking tools, and fraud.” reads the press release published by Europol.

“On 29 April 2020, the Polish National Police (Policja) searched six locations in five Polish regions and arrested five individuals believed to be members of the hacking group InfinityBlack.”

Data amassed by the hackers were obtained from third-party data breaches, they were offered on several hacking forums.

On 29 April 2020, the Polish National Police (Policja) raided six locations in five Polish regions and arrested the five alleged members of the hacking group InfinityBlack. The agents seized electronic equipment, external hard drives and hardware cryptocurrency wallets, all worth around €100 000. The authorities shut down two platforms containing databases with over 170 million entries.

The online platforms created by the group to sell user stolen login credentials are known as ‘combos’. The authorities reported that the crime crew was efficiently organised into the following defined teams:

• Developers, who were tacked of creating tools to test the quality of the stolen databases;
• Testers, who analysed the suitability of authorisation data;
• Project managers that were distributing subscriptions against cryptocurrency payments.

Infinity Black also used the hacking tools that was offering for sale. They used stolen credentials to gain access to other online accounts that shared the same username and passwords.

The group focused on online services running loyalty programs with the intent to compromise the accounts and exchange the loyalty points from each account for expensive electronic devices.

Swiss authorities investigated the group’s activity after it hacked a large number of accounts belonging to Swiss users, then the Infinity Black hackers sold access to other cybercriminals.

“The hackers created a sophisticated script to gain access to a large number of Swiss customer accounts. Although the losses are estimated at €50 000, hackers had access to accounts with potential losses of more than €610 000.” continues the press release. “The fraudsters and hackers, among them minors and young adults, were unmasked when using the stolen data in shops in Switzerland.”

Swiss police shared the results of its investigation with Europol and Eurojust, which were able to identify and arrest the five individuals at the end of April.

“Once the criminal gang cashing out the loyalty points was identified in Switzerland, police exchanged criminal intelligence and uncovered links to members of the separate hacking group in Poland. Transmitting the data on searched computers between the Swiss and Polish authorities led to the arrest of the hackers in Poland.” concludes the Europol.

Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform

Pierluigi Paganini

(SecurityAffairs – Infinity Black, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]