Cybercrime Market Traded Banking and Payment Credentials
The U.S. Justice Department has shut down the Slilpp cybercrime marketplace, which sold stolen credentials related to bank accounts and other payment mechanisms, in a multinational operation.
The joint operation, conducted in conjunction with law enforcement agencies in Germany, the Netherlands and Romania, also identified and disrupted multiple Slilpp servers that hosted the marketplace’s infrastructure and its various domain names, according to the Justice Department’s statement.
To date, U.S law enforcement agencies have charged more than a dozen individuals in connection with the Slilpp marketplace, the agency statement says, though it does not specify how many, if any, were arrested in the latest action.
Slilpp, which began operations in 2012, primarily sold stolen banking credentials, such as usernames and passwords related to retailer accounts, mobile banking and other online accounts, the statement notes, citing a seizure warrant affidavit that was unsealed on Thursday.
The affidavit also notes that Slilpp listed stolen login credentials of more than 1,400 account holders for sale at the time of disruption. The platform is estimated to have caused a loss of over $200 million in the U.S. alone, according to the U.S. Justice Department.
“The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims,” Nicholas L. McQuaid, acting assistant attorney general of the Justice Department’s criminal division, says.
The department, he adds, “will not tolerate an underground economy for stolen identities, and will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces.”
Impact of Action
The latest disruption may not have any impact on more sophisticated threat actors, as they are less likely to use services such as Slilpp, which is mostly populated by beginner gangs and hackers, Ilia Kolochenko, founder of security firm ImmuniWeb and a member of the Europol Data Protection Experts Network, notes.
“Professional cyber mercenaries are rarely seen on such forums or marketplaces. Nation-state hackers and sophisticated APT groups enjoy multi-layered protection: They can afford physical security, the best lawyers and offshore bankers to launder their illicit income. They don’t need to advertise their services. They have a well-established base of wealthy customers spanning from organized crime to governments,” she says.
Since such actors host their communication servers on AWS or Azure, both of which use strong encryption, they are less likely to leave any trace that could help to identify them, Kolochenko adds.
The U.S. and other foreign federal agencies have taken several steps to tackle global cybercrime rings in the recent past.
For instance, on June 1, the Justice Department seized two domains that were used during a recent phishing campaign that targeted a marketing firm used by the U.S. Agency for International Development to send malicious messages to thousands of potential victims (See: DOJ Seizes 2 Domains Linked to USAID Phishing Campaign).
The same month, it was revealed that the activities of thousands of global cybercriminals had been tracked by the Federal Bureau of Investigation, along with Europol and other law enforcement agencies in Europe. They had been tricked into using a fake encrypted communications platform called Anom which was developed by the FBI and used as a honeypot to monitor every message and image sent using the service (See: Encrypted Communications Network ‘Anom’ Was Sting Operation).
In May, the FBI arrested several users of the now-defunct EncroChat, an encrypted messaging service, to seize drugs hoarded by criminals (See: Encrypted EncroChat Network: Police Arrest More Suspects).
In March, law enforcement officials disrupted Sky ECC, another encrypted messaging service, which led to multiple arrests after the investigators unlocked 3 million daily messages of the 170,000 users of the service.