The US Department of Justice announced to have seized the infrastructure of SlilPP, a popular marketplace used by cybercriminals to buy and sell stolen login credentials.
The seizure is the result of a multinational operation involving law enforcement agencies in the United States, Germany, the Netherlands, and Romania.
The marketplace had been active since 2012, it was allowing sellers to offer stolen login credentials, including usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts.
“According to the affidavit, the Slilpp marketplace allowed vendors to sell, and customers to buy, stolen login credentials by providing the forum and payment mechanism for such transactions;” reads the Press release published by DoJ. “Slilpp buyers subsequently used those login credentials to conduct unauthorized transactions (such as wire transfers) from the related accounts. To date, over a dozen individuals have been charged or arrested by U.S. law enforcement in connection with the Slilpp marketplace.“
According to the DOJ, more than 80 million login credentials from more than 1,400 companies were sold through the SlilPP portal.
It has been estimated that the stolen login credentials sold through the Slilpp marketplace have been used to conduct multiple malicious activities and have been used to cause over $200 million in losses in the United States.
The authorities identified a series of servers that were hosting the Slilpp marketplace and several domain names used by its operators. The authorities seized servers and domain names.
“The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located.”
“With today’s coordinated disruption of the Slilpp marketplace, the FBI and our international partners sent a clear message to those who, as alleged, would steal and traffic in stolen identities: we will not allow cyber threats to go unchecked,” said Acting U.S. Attorney Channing D. Phillips of the District of Columbia. “We applaud the efforts of the FBI and our international partners who contributed to the effort to mitigate this global threat.”
US authorites announced that they will not tolerate the trade of stolen identities, and we will continue to collaborate with other law enforcement agencies worldwide to disrupt criminal marketplaces.
(SecurityAffairs – hacking, SlilPP marketplace)