21 UK-based customers of WeLeakInfo have been arrested by the UK National Crime Agency (NCA). The arrests were the culmination of a five-week operation against those buying stolen credentials from the WeLeakInfo website. Those credentials were used to attack individuals and companies to steal data and commit fraud.
Paul Creffield, from the NCA’s National Cyber Crime Unit, said: “Through the identification of UK customers of WeLeakInfo, we were able to locate and arrest those who we believe have used stolen personal credentials to commit further cyber and fraud offences.
“The NCA and UK law enforcement take such offences extremely seriously and they can result in huge financial loss to victims.”
Those arrested have been charged with a number of crimes. These include:
Nine charged under the Computer Misuse Act
Nine charged with Fraud
Three charged with both offences
Three charged with possession of, or involvement with, indecent images of crime
Several had also purchased access to Remote Access Tools (RATs), Trojans and crypters
The police also seized £41,00 in Bitcoin.
What was WeLeakInfo?
WeLeakInfo advertised that it had access to over 12 billion stolen credentials from over 10,000 data breaches. Users who subscribed to the site were able to search and access the stolen info across the site. Much of the data contained online credentials that cybercriminals could use to gain access to other sites. One of the things that made it useful was that it allowed criminals to group user login credentials to exploit password reuse over multiple sites.
It was shut down in January 2020 when the domain name was seized. The operation involved the NCA, FBI, the Netherlands National Police Corps, the German Bundeskriminalamt (the Federal Criminal Police Office of Germany), and the Police Service of Northern Ireland. Since then, authorities have been working through the data gathered to identify cybercriminals.
NCA not just bringing criminal charges
One of the programmes run by the NCA is its Cyber Choices programme. It is aimed at stopping young people getting involved in cybercrime. As part of this latest operation, 69 individuals, aged between 16 and 40, were approached by the NCA.
They were told that their details had been identified from the records of WeLeakInfo. The NCA warned them that their activities could lead to criminal charges if they continued. 60 of those visited were served with cease and desist notices the cybercrime equivalent of an Anti-Social Behaviour Order (ASBO). If they are detected again, they are likely to face charges.
The NCA has also said that it plans to “visit a number of other people in coming months.”
Enterprise Times: What does this mean?
It is a year since WeLeakInfo was taken down. Many of its customers will have been hoping that it meant they could move on with no risk of being detected. As this shows, fat chance. The authorities have taken their time to analyse user data and track online accounts back to the source. While those being dealt with here, represent a tiny fraction of WeLeakInfo’s customer base, the message is loud and clear – we will find you.
It is also good to see the NCA making good use of its Cyber Choices programme, rather than prosecuting everyone. What would be better is to get some idea of how many people, over time, have been issued a warning and cease and desist letter and then reoffended. That would give a good idea of how well the programme is working.