Cracked and Nulled Marketplaces Disrupted in International Cyber Operation

The Justice Department today announced its participation in a multinational operation involving actions in the United States, Romania, Australia, France, Germany, Spain, Italy, and Greece to disrupt and take down the infrastructure of the online cybercrime marketplaces known as Cracked and Nulled. The operation was announced in conjunction with Operation Talent, a multinational law enforcement operation supported by Europol to investigate Cracked and Nulled.

Supervisory Official Antoinette T. Bacon of the Justice Department’s Criminal Division, U.S. Attorney Trini E. Ross for the Western District of New York, U.S. Attorney Jaime Esparza for the Western District of Texas, Assistant Director Brian A. Vorndran of the FBI’s Cyber Division, Special Agent in Charge Matthew Miraglia of the FBI Buffalo Field Office, and Special Agent in Charge Aaron Tapp for the FBI San Antonio Field Office made the announcement.

Cracked

According to seizure warrants unsealed today, the Cracked marketplace has been selling stolen login credentials, hacking tools, and servers for hosting malware and stolen data — as well as other tools for carrying out cybercrime and fraud — since March 2018. Cracked had over four million users, listed over 28 million posts advertising cybercrime tools and stolen information, generated approximately $4 million in revenue, and impacted at least 17 million victims from the United States. One product advertised on Cracked offered access to “billions of leaked websites” allowing users to search for stolen login credentials. This product was recently allegedly used to sextort and harass a woman in the Western District of New York. Specifically, a cybercriminal entered the victim’s username into the tool and obtained the victim’s credentials for an online account. Using the victim’s credentials, the subject then cyberstalked the victim and sent sexually demeaning and threatening messages to the victim. The seizure of these marketplaces is intended to disrupt this type of cybercrime and the proliferation of these tools in the cybercrime community.

The FBI, working in coordination with foreign law enforcement partners, identified a series of servers that hosted the Cracked marketplace infrastructure and eight domain names used to operate Cracked. They also identified servers and domain names for Cracked’s payment processor, Sellix, and the server and domain name for a related bulletproof hosting service. All of these servers and domain names have been seized pursuant to domestic and international legal process. Anyone visiting any of these seized domains will now see a seizure banner that notifies them that the domain has been seized by law enforcement authorities.

The FBI Buffalo Field Office is investigating the case.

Senior Counsel Thomas Dougherty of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Charles Kruly for the Western District of New York are prosecuting the case.

Nulled

The Justice Department announced the seizure of the Nulled website domain and unsealed charges against one of Nulled’s administrators, Lucas Sohn, 29, an Argentinian national residing in Spain. According to the unsealed complaint affidavit, the Nulled marketplace has been selling stolen login credentials, stolen identification documents, hacking tools, as well as other tools for carrying out cybercrime and fraud, since 2016. Nulled had over five million users, listed over 43 million posts advertising cybercrime tools and stolen information, and generated approximately $1 million in yearly revenue. One product advertised on Nulled purported to contain the names and social security numbers of 500,000 American citizens.

The FBI, working in coordination with foreign law enforcement partners, identified the servers that hosted the Nulled marketplace infrastructure, and the domain used to operate Nulled. The servers and domain have been seized pursuant to domestic and international legal process. Anyone visiting the Nulled domain will now see a seizure banner that notifies them that the domain has been seized by law enforcement authorities.

According to the complaint, Sohn was an active administrator of Nulled and performed escrow functions on the website. Nulled’s customers would use Sohn’s services to complete transactions involving stolen credentials and other information. For his actions, Sohn has been charged with conspiracy to traffic in passwords and similar information through which computers may be accessed without authorization; conspiracy to solicit another person for the purpose of offering an access device or selling information regarding an access device; and conspiracy to possess, transfer, or use a means of identification of another person with the intent to commit or to aid and abet or in connection with any unlawful activity that is a violation of federal law.

If convicted, Sohn faces a maximum penalty of five years in prison for conspiracy to traffic in passwords, 10 years in prison for access device fraud, and 15 years in prison for identity fraud.

The FBI Austin Cyber Task Force is investigating the case. The Task Force participants include the Naval Criminal Investigative Service, IRS Criminal Investigation, Defense Criminal Investigative Service, and the Department of the Army Criminal Investigation Division, among other agencies.

Assistant U.S. Attorneys G. Karthik Srinivasan and Christopher Mangels for the Western District of Texas are prosecuting the case, with Assistant U.S. Attorney Mark Tindall for the Western District of Texas handling the forfeiture component.

The Justice Department worked in close cooperation with investigators and prosecutors from several jurisdictions on the takedown of both the Cracked and Nulled marketplaces, including the Australian Federal Police, Europol, France’s Anti-Cybercrime Office (Office Anti-cybercriminalité) and Cyber Division of the Paris Prosecution Office, Germany’s Federal Criminal Police Office (Bundeskriminalamt) and Prosecutor General’s Office Frankfurt am Main – Cyber Crime Center (Generalstaatsanwaltschaft Frankfurt am Main – ZIT), the Spanish National Police (Policía Nacional) and Guardia Civil, the Hellenic Police (Ελληνική Αστυνομία), Italy’s Polizia di Stato and the General Inspectorate of Romanian Police (Inspectoratul General al Poliției Romane). The Justice Department’s Office of International Affairs provided significant assistance.

A complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.