Gilmore Girls fans nabbed as Eurocops dismantle two major cybercrime forums
Nulled and Cracked had a Lorelai-cal rise - until Operation Talent stepped in
Law enforcement officers across Europe assembled again to collectively disrupt major facilitators of cybercrime, with at least one of those cuffed apparently a fan of the dramedy series The Gilmore Girls.
Two crime forums, Cracked and Nulled, were pulled offline.
Together, the platforms amassed more than 9 million users and were often budding e-miscreants' first foray into pursuing a life of cybercrime.
Similar to BreachForums, which was briefly taken down by law enforcement last year, Cracked and Nulled offered users a platform to discuss all things devious and a marketplace to sell their tools and ill-gotten wares.
The collective takedown action was led by German authorities in a campaign dubbed Operation Talent and took place between January 28-30.
It led to two arrests following the search of seven properties. Law enforcement seized 17 servers, 12 domains, 50 devices, and around €300,000 ($311,279) worth of cash and cryptocurrency tokens. Given that Cracked and Nulled generated millions in revenue, the amount seized is just a fraction - but still a notable disruption to their operations.
Lucas Sohn, a 29-year-old Argentine, was the only named suspect. A video released by Europol showed Sohn, who resides in Spain, being arrested and his devices combed through by the Guardia Civil. The video also showed the arrest of a second, unnamed individual.
It's not known whether the pair were complicit in running the services taken down by the police, although the video, which showed glimpses of their living quarters, showed two desks situated next to each other in a room decorated with various merchandise such as Pop figures, anime art, and TV show posters including one depicting the fictional town of Stars Hollow where the Gilmore Girls series is set.
According to the US Justice Department, Sohn is being linked to the administration of Nulled – a platform used to sell login credentials, stolen identity documents, and various tools used for cybercrime and fraud. The platform has been in operation since 2016, has 5 million registered users, and is estimated to generate $1 million in annual revenue.
"According to the complaint, Sohn was an active administrator of Nulled and performed escrow functions on the website," said the Justice Department.
"Nulled's customers would use Sohn's services to complete transactions involving stolen credentials and other information."
Sohn faces three charges in the US related to conspiracy to traffic in passwords, access device fraud, and identity fraud, which carry maximum possible sentences of five, ten, and 15 years respectively.
The Justice Department said Cracked had been on the scene since 2018 and raked in $4 million in the process. Its primary offering was a marketplace that offered access to stolen credentials, hacking tools, and servers to host malware and stolen data.
It added that around 17 million people from the US were victimized by the activity that took place on Cracked, citing a specific case from New York where a woman was cyber-stalked and sextorted.
The alleged criminal behind this campaign used a product advertised on Cracked that purportedly offered access to "billions of leaked websites," allowing users to search for stolen login credentials, including the New York woman's.
Eight of Cracked's domains were seized and in doing so, investigators also found details of the site's payment processor, Sellix, and the StarkRDP bulletproof hosting provider, both of which were scuppered.
No named individual was arrested in connection to Cracked.
- BreachForums returns just weeks after FBI-led takedown
- Will passkeys ever replace passwords? Can they?
- American cops are using AI to draft police reports, and the ACLU isn't happy
- Cybercrooks crafting solo careers in wake of ransomware takedowns
Saim Raza down
Meanwhile, in a separate crackdown, the US and Dutch Politie jointly announced the disruption of a Pakistan-based fraud network.
The network was comprised of websites devoted to selling products like phishing kits, which were later used to carry out Business Email Compromise (BEC) schemes – the most economically damaging cybercrime in the US, the FBI reckons.
Run by a group known as Saim Raza, aka HeartSender, a total of 39 domains and their associated servers were seized by the US and Netherlands.
Authorities didn't specify victim numbers, only that 'numerous' US-based cases resulted in over $3 million in losses.
"The seizure of these domains is intended to disrupt the ongoing activity of these groups and stop the proliferation of these tools within the cybercriminal community," the Justice Department said. ®