A major breakthrough in the fight against global cyber crime has come after details of more than 18,000 members of the ‘Verified' Eastern European cyber crime forum were leaked by a rival gang.
The information, held on a stolen database uploaded to Sendspace, includes the identities, passwords and IP addresses of 18,894 suspected criminals, as well as their private messages discussing crimes, which supposedly include online fraud attacks against British, American and Australian banks.
Experts say this is the first time such a goldmine of information has come into the hands of police and intelligence agencies, giving them the chance to catch some of the world's most notorious cyber criminals. It also could allow them to infiltrate other cyber crime forums by using shared passwords.
US security research firm IntelCrawler discovered the leak on 8 January after monitoring underground crime forums and immediately informed global law enforcement agencies.
“The most valuable and sensitive information is in private messages between the bad actors there” IntelCrawler CEO Andrew Komarov told SCMagazineUK.com. “There are lots of interesting facts - details of thefts, committed crime and so on.”
One alleged hacker from Veriﬁed, known only as “4.4”, was arrested in early January by Ukrainian police according to Komarov, though it is not clear whether this was as a result of the leak.
Komarov said that a hacker called ‘bitcoin-future' was responsible for the betrayal, according to information on one underground forum, and suggested that this may have been a result of a dispute. “They probably had a conflict and tried to make a problem for each other.”
Adrian Culley, a global security consultant with Damballa and ex-detective in the Scotland Yard Computer Crime Unit, told SCMagazineUK.com that the leak will help with future cyber crime detection.
“What's fascinating is at the very least this is a massive amount of criminal intelligence,” he said. “It's very clear that the information created by this hack will significantly advance a number of criminal and intelligence operations.”
Culley also said this was a first for law enforcement. “I don't know of this having occurred in this way before,” he told SCMagazineUK.com, “so it's going to be fascinating for us all to find out what exactly they have released.
“Because there's been so few arrests and prosecutions of these large gangs, particularly those attacking financial institutions, a lot of what we have to say is conjecture and what this is going to do for the first time is to either confirm that conjecture or show that we're wide of the mark.”
He added: “It's clear from an initial look at those messages that this has been a forum where they felt it was safe and trusted and their guard was down - so I think they're holed beneath the waterline.”
Andrew Komarov said current members of Verified include ‘Zoomer', a notorious criminal who runs an online shop selling stolen credit card details and whose exploits were highlighted by the New York Times back in 2005.
The forum also includes SEVERA, a spammer who worked with the well-known American fraudster, Alan Ralsky, who was convicted in 2009.
One previous member of Verified is ‘Paunch', author of the Blackhole exploit kit, who advertised his product on the forum.