Cybercrime as-a-service , Fraud Management & Cybercrime , Legislation & Litigation

'WeLeakInfo' Site: UK Police Arrest 21 Alleged Users

Now-Shuttered Site Sold Access to 12 Billion Personal Records, Authorities Say
'WeLeakInfo' Site: UK Police Arrest 21 Alleged Users
The WeLeakInfo domain was seized by police in January. (Source: U.S. Justice Department)

Britain's National Crime Agency says 21 individuals have been arrested on suspicion of purchasing personally identifiable information from the WeLeakInfo website. Authorities say the site provided access to more than 12 billion personal records culled from 10,000 data breaches.

See Also: Live Webinar | Improve Cloud Threat Detection and Response using the MITRE ATT&CK Framework

The arrests, which took place over a five-week period starting in November, are part of an ongoing investigation that stems from the seizure of the WeLeakInfo website in January by law enforcement agencies from the U.S., the U.K. and EU (see: 'WeLeakInfo' Website Shut Down).

During its time in operation, the WeLeakInfo domain developed a reputation for selling names, email addresses, usernames, phone numbers and passwords for online accounts to criminals, who could purchase a subscription to the site for as little as $2 a day, according to the U.S. Justice Department, which helped facilitate the January seizure of the site.

WeLeakInfo functioned as both a database and a search engine, indexing stolen data to make it easy for customers to search through the stolen data, the DOJ says.

Experts say the databases too often helped criminals engage in so-called credential stuffing attacks, in which credentials leaked from the breach of one site can be used to gain access to another. "Cybercriminals rely on the fact that people duplicate passwords on multiple sites, and data breaches create the opportunity for fraudsters to exploit that," says Paul Creffield, head of the NCA's National Cyber Crime Unit.

The 21 individuals arrested in the U.K. allegedly used the WeLeakInfo website for a variety of purposes, including the buying and selling of malicious cyber tools such as remote access Trojans, aka RATs, as well as to buy "cryptors," which can be used to obfuscate code in malware, according to the NCA.

Ongoing Investigation

While Britain's NCA and other law enforcement agencies did not name any of the 21 individuals arrested as part of the ongoing WeLeakInfo investigation, it has said that all are men, ranging in age from 18 to 38.

Of those arrested during the past five weeks, nine were detained on suspicion of violating Britain's Computer Misuse Act; nine face fraud charges; and three of the men have been arrested on suspicion of both, the NCA says. Law enforcement officials also seized bitcoins worth about 41,000 British pounds ($55,000) during the investigation.

Beyond the 21 people arrested by police, another 69 individuals in England, Wales and Northern Ireland have received warnings from the NCA or other domestic law enforcement agencies, saying they may have engaged in criminal activity tied to the investigation. Sixty of those individuals also received cease-and-desist notices from police.

When, U.S., U.K. and EU law enforcement agencies first shuttered the WeLeakInfo site in January, police in Northern Ireland and the Netherlands announced the arrest of two men, both 22 years old, on suspicion of having run the domain as well as profited from the sale of personally identifiable information, malware and other malicious tools. Neither suspect has been named.

Police say they were able to identify the two men by tracing online payments made to WeLeakInfo, back to each suspect's IP address. Authorities say that infrastructure being used to support the domain was being hosted in Germany and New Zealand.

Other Sites Seized

Over the past two years, police across Europe and the U.S. have seized numerous domains that allegedly supported online crime. In February 2019, for example, the DOJ led an international effort to shut down the notorious Russian-language xDedic marketplace and forum (see: Stolen RDP Credentials Live On After xDedic Takedown).

Earlier this year, the FBI seized the domain of Deer.io, which federal prosecutors say served as a clearinghouse for buying and selling personal data and other goods (see: FBI Shutters Alleged Russian Cybercriminal Forum).

In September, an international coalition of police agencies made 179 arrests and seized virtual currency, cash and drugs based on intelligence gathered from the earlier takedowns of the Wall Street and AlphaBay darknet marketplaces, according to Europol and the U.S. Justice Department (see: 179 Arrested in Darknet Market Crackdown).


About the Author

Prajeet Nair

Prajeet Nair

Principal Correspondent

Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.