The UK NCA, the FBI and the German Bundeskriminalamt have coordinated to take ownership of WeLeakInfo.com, a domain for selling subscriptions to data exposed in breaches. We Leak Info claimed to have compiled almost 12.5 billion records stolen from data breaches and allowed users to pay to access it. To access this data, visitors could subscribe to various plans ranging from a $2 trial to a $70 three-month unlimited access account. These plans would then allow a user to perform searches that retrieve information exposed in these data breaches.
Weird stuff over on @weleakinfo’s domain (saying it’s was seized, etc.. is now down: https://t.co/ubsa1cOhdH). Here’s hoping the team is ok, and services are restored soon. Can’t seize a legal service, after all. 🙂 pic.twitter.com/28uy82ZoQj
— uɐpʇou@ ✸ (@notdan) January 16, 2020
This is an important reminder that cyber attackers, by virtue of the advanced tools and techniques they use, typically have the upper hand when looking for weaknesses they can compromise. They use cheap, automated, and widely available scanning and exploitation capabilities to amass massive troves of data that can be monetized.
Security professionals deal every day with the fact that attackers need just a single blind spot for entry, while defenders have to guard everything, all the time. Attackers seek the ‘weakest zebra in the herd’ so to speak, and extract resources they can monetize before a victim organization knows it’s under attack. That is why it\’s imperative for organizations to fully map their attack surface – including assets that are used by third parties – and expose their shadow risk. Security-minded organizations are increasingly taking this next step, and eliminating their most critical attack vectors before attackers leverage them.
Weleakinfo.com was a useful resource for threat actors. Hackers could perform unlimited searches for exposed data for as little as $2 a day. Hence, providing them with all the information they would need, such as exposed usernames and passwords, to be able to perform credential stuffing attacks and phishing attacks.
The internet is far-reaching; therefore, cybercrime and its impact on businesses and individuals is rarely contained within one nation. So, collaboration between the US, UK and other nations law enforcement organisations is a critical step towards effectively tackling cybercrime.
From a legal perspective, the commerce of stolen property is criminally punishable in most Western jurisdictions. The prosecution will likely argue that the admins were deliberately profiteering from the unlawful sale of stolen property, recklessly allowing third-parties to access victims\’ sensitive data.
Given the purely commercial nature of the project, malicious intent would be easy to prove, forming an irrefutable indictment with severe prison terms on the horizon. The admins would be advised to take experienced criminal defence lawyers and consider negotiating a guilty plea. In any case, this incident serves an unambiguous “tolerance zero” notice to all grey marketplaces.
Cyber criminals can do a lot of damage with a large list from a breach, even when it simply contains names and emails. The big risk comes from brute force attacks, where criminals use leaked common password combinations against emails to try and break into personal accounts.
An incredibly large amount of people still use predictable or simple passwords. Together with previous and even recent high profile breaches, many people\’s passwords are also readily available on the dark web, so it quickly and simply becomes an exercise in joining the dots for the cyber criminals. This risk is then increased due to the fact that many people use the same passwords across multiple accounts.
My advice is to use a password manager to store your uniquely different passwords robustly online, so that you don’t have to remember them all. Implementing 2FA will also help mitigate this risk.