FBI seizes domains used to sell stolen data, DDoS services

The Federal Bureau of Investigation (FBI) and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and provide DDoS attack services.

WeLeakInfo.to was selling subscriptions allowing its users to search a database containing information stolen in more than 10,000 data breaches.

The roughly 7 billion records contained various personally identifiable information (PII), including names, email addresses, usernames, phone numbers, and passwords for online accounts.

Two other domains, ipstress.in and ovh-booter.com, were used to provide booter or stressor attack services where clients could ask for a website or web platform of their choice to be taken down in large-scale Distributed Denial of Service (DDoS) attacks.

"Today, the FBI and the Department stopped two distressingly common threats: websites trafficking in stolen personal information and sites which attack and disrupt legitimate internet businesses," U.S. Attorney Matthew M. Graves said.

"Cyber crime often crosses national borders. Using strong working relationships with our international law enforcement partners, we will address crimes like these that threaten privacy, security, and commerce around the globe."

The domains were seized following a joint law enforcement operation in coordination with the National Police Corps of the Netherlands and the Federal Police of Belgium.

This international law enforcement action also resulted in the arrest of a suspect, seizures of server infrastructure, and searches at several locations.

WeLeakInfo.com seized in 2020

The FBI and the US DOJ also announced the seizure of the WeLeakInfo.com domain in January 2020, used in similar cybercrime activity.

Just as WeLeakInfo.to, it also offered subscriptions, allowing customers to search 12 billion indexed records for specific information exposed in thousands of data breaches.

As part of the 2020 WeLeakInfo seizure, two suspects believed to have made £200,000 from its operation were arrested in Ireland and Netherlands.

"These seizures are prime examples of the ongoing actions the FBI and our international partners are undertaking to disrupt malicious cyber activity," FBI Special Agent in Charge Wayne A. Jacobs added.

"Disrupting malicious DDoS operations and dismantling websites that facilitate the theft and sale of stolen personal information is a priority for the FBI."