WeLeakInfo.com is shutdown and 21 arrests made in UK nationwide cyber crackdown

The FBI has seized the domain for WeLeakInfo.com, a site that sold breached data records, after a multinational effort by law enforcement.

Authorities have arrested two 22-year-old men alleged to have operated the site. Based in Fintona, Northern Ireland, and Arnhem in the Netherlands, they are believed to have made over £200,000 (about $260,000) between them from the site.

21 people have been arrested across the UK as part of an operation targeting customers of the online criminal marketplace that advertised stolen personal credentials.

The operation, which ran over the past five weeks, was coordinated by the National Crime Agency and involved cybercrime teams from across the Team Cyber UK network.

Those targeted were customers of WeLeakInfo, a site that hosted 12 billion stolen credentials from over 10,000 data breaches before it was taken down in January 2020 following an NCA investigation.

Cyber criminals paid for access to the site in order to download personal data for use in further criminality, including cyber attacks and fraud offences.

NCA investigators identified UK-based customers of WeLeakInfo and shared the intelligence with partners ahead of the coordinated period of activity launching on 16 November.

Of those 21 arrested – all men aged between 18-38 – nine were detained on suspicion of Computer Misuse Act offences, nine for Fraud offences and three are under investigation for both.

NCA officers conducted 11 of the arrests and seized over £41,000 in bitcoin.

As well as being customers of WeLeakInfo, evidence suggests that some had also purchased other cybercrime tools such as remote access Trojans (RATs) and crypters.

Additionally, three subjects have been found to be in possession of, or involved with, indecent images of children.

A further 69 individuals in England, Wales and Northern Ireland aged between 16-40 were visited by Cyber Prevent officers, warning them of their potentially criminal activity. 60 of those were served with cease and desist notices.

Many more of these visits are due to take place over the coming months.

Paul Creffield, from the NCA’s National Cyber Crime Unit, said: “Through the identification of UK customers of WeLeakInfo, we were able to locate and arrest those who we believe have used stolen personal credentials to commit further cyber and fraud offences.

“The NCA and UK law enforcement take such offences extremely seriously and they can result in huge financial loss to victims.

“We were also able to pin point those on the verge of breaking the law and warn them that should they continue, they could face a criminal conviction. Cyber skills are in huge demand and there are great prospects in the tech industry for those who choose to use their skills legally.

“Cyber criminals rely on the fact that people duplicate passwords on multiple sites and data breaches create the opportunity for fraudsters to exploit that.

“Password hygiene is therefore extremely important. Advice on this and guidance on how to mitigate against cyber attacks can be found on the National Cyber Security Centre’s website – www.ncsc.gov.uk”

The NCA and UK policing’s Cyber Choices programme aims to prevent young people inadvertently slipping into cyber crime and divert them to more positive pathways in tech.