Jan. 31 (UPI) — An international law enforcement operation has taken down Cracked and Nulled, two of the largest cybercrime marketplaces where bad actors bought and sold illegal goods, including hacking tools.
The operation — led by German authorities and supported by Europol and the U.S. Justice Department, among other federal law enforcement agencies — was conducted between Tuesday and Thursday, resulting in the arrest of two people.
Seven properties were also searched, leading to the seizure of 17 servers and 67 devices, Germany’s Federal Criminal Police Office said in a statement. Europol added in a statement that more than $300,000 in cash and cryptocurrencies was also confiscated.
Twelve accounts and two domains used by the two cybercrime forums in 10 countries were also shut down, along with a payment service provider and a hosting service, which were part of the economic network supporting the illegal sites.
Europol published a video online showing several people detained during the searches.
According to Europol, Cracked and Nulled had more than 10 million combined users and were “one-stop shops” for cybercriminals to buy illegal goods and what is called cybercrime-as-a-service products, such as stolen data, malware and hacking tools.
The U.S. Justice Department said in a statement that Cracked sold stolen login credentials, hacking tools and services for hosting malware and stolen data, among other services, since March 2018. It had more than 4 million users and 28 million posts advertising the cybercrime goods.
Federal prosecutors said it earned about $4 million and was involved in the victimization of at least 17 million people in the United States.
Nulled sold similar illegal goods services since 2016 and had more than five million users and more than 43 million advertising posts. It made about $1 million a year.
The Justice Department on Thursday announced charges against Argentine national and Spain resident Lucas Sohn, 28.
According to the federal prosecutors, Sohn is alleged to have been one of Nulled’s administrators and performed what is called “escrow functions” on the website.
If convicted, he faces up to 15 years in prison for identity fraud, 10 years for access device fraud and five years for conspiracy to traffic in passwords.
Australia, France, Greece, Italy, Romania and Spain were also involved in the operation.