The U.S. Department of Justice (DOJ) announced on Thursday that a multinational operation has led to the seizure of Slilpp, a well-known marketplace for selling stolen online logins that offered more than 80 million sets of credentials for sale.
Since 2012, Slilpp has been an underground market to buy and sell logins for bank accounts, online payment accounts, mobile phone accounts, retailer accounts and more, according to the DOJ. Those who purchased the login credentials used them to conduct unauthorized transactions, such as wire transfers. The DOJ said in a statement that so far, more than a dozen individuals have been charged or arrested by US law enforcement in connection with the Slilpp marketplace.
According to the affidavit, the FBI, working in coordination with foreign law enforcement partners, identified a series of servers that hosted the Slilpp marketplace infrastructure and its various domain names. Authorities in the U.S., Germany, the Netherlands and Romania worked together to seize the servers and the domains and to thereby disrupt the buying and selling of identities.
There were more than 1,400 account providers represented in the vast marketplace’s offerings. According to the affidavit, a fraction of the victimized account providers have calculated losses so far, but just based on the limited number of victim reports, the stolen login credentials sold over Slilpp have been used to cause over $200 million in losses in the U.S. alone. “The full impact of Slilpp is not yet known,” according to the DOJ’s statement.
“The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims,” according to Acting Assistant Attorney General Nicholas L. McQuaid of the DOJ’s Criminal Division.
A Flooded Market for Credentials?
Surely it must be a buyer’s market for stolen credentials, given their mind-boggling proliferation. Case in point: Earlier this week, researchers announced that they’d uncovered a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware. Included in the heist were, among other valuable data, 26 million credentials.
International coordination to stop data thievery and other types of crime, be it cybercrime or the law’s use of cybertools to fight it, has been turning up the heat on the crooks. Earlier this week, the FBI and the Australian Federal Police (AFP) announced that, along with the help of other countries, set up an encrypted chat service called Anom/An0m, and ran it for over 3 years, seizing weapons, drugs and over $48m in cash and arresting over 800 individuals.
Another multinational win came in January with the Emotet takedown by an international law-enforcement consortium. Hundreds of servers and 1 million infections of the virulent malware were dismantled globally, and authorities also took NetWalker’s Dark Web leaks site offline and charged one suspect.
The DOJ itself jumped into the cybercrook-fighting game in April, when it sicced the FBI onto ProxyLogon Microsoft Exchange vulnerabilities. In a court-authorized action, the FBI removed malicious code that attackers had installed on hundreds of U.S. computers using a vulnerability affecting Microsoft Exchange.
International cooperation comes in handy when you try to keep citizens’ identities off the auction block, authorities said. “American identities are not for sale,” according to Assistant Director in Charge Steven M. D’Antuono of the FBI Washington Field Office, as quoted in the DOJ’s statement. “The FBI remains committed to working with our international partners to dismantle global cyber threats.”
Download our exclusive FREE Threatpost Insider eBook, “2021: The Evolution of Ransomware,” to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what’s next for ransomware and the related emerging risks. Get the whole story and DOWNLOAD the eBook now – on us!