Security news that informs and inspires

Hacker Allegedly Connected to Collection 1 Credential Dump Arrested


Authorities in Ukraine have arrested a man they allege to be the hacker named Sanix, who is responsible for putting a massive database of 773 million email addresses and 21 million passwords up for sale last year.

The data was not the haul from a single intrusion at a huge retailer or bank, but was kind of a hodgepodge collected from various other breaches over the course of the last few years and munged together. Known as Collection 1, the database was posted for sale in January 2019 and researchers quickly dug into the database and discovered that much of the information came from known data breaches and was in fact legitimate. The data was soo removed from the forum where it had been posted originally, but it continued to circulate in other places.

This week, the Security Service of Ukraine said it had gotten information that Sanix was a Ukrainian citizen and the service had monitored sales of portions of the database. The service arrested a suspect it alleges is Sanix this week.

“Experts have found that the 87 gigabyte database put up for sale by the hacker is only a small part of the total amount of data he has seized. The hacker had at least seven similar databases of stolen and broken passwords, the total amount of which reached almost terabytes. These included personal, including financial, data from residents of the European Union and North America,” the service said in a statement.

“SBU cyber specialists recorded the sale of databases with logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, information about computers hacked for further use in botnets and for organizing DDoS attacks.”

The security service said it seized computers and other equipment with two terabytes of allegedly stolen data, along with phones and cash.

The arrest comes two weeks after authorities in Poland and Switzerland arrested a number of people who also were allegedly selling access to large collections of stolen credentials. That group, known as InifinityBlack, was also known to develop and sell hacking tools, and was involved in fraud schemes tied to loyalty programs. Five people were arrested in several locations in Poland as part of the operation.

“The hacking group’s main source of revenue came from stealing loyalty scheme login credentials and selling them on to other, less technical criminal gangs. These gangs would then exchange the loyalty points for expensive electronic devices,” the statement from Europol, which assisted in the InfinityBlack investigation, says.

“The hackers created a sophisticated script to gain access to a large number of Swiss customer accounts. Although the losses are estimated at €50 000, hackers had access to accounts with potential losses of more than €610 000. The fraudsters and hackers, among them minors and young adults, were unmasked when using the stolen data in shops in Switzerland.”