The US Department of Justice (DoJ) has seized three web domains used by threat actors to facilitate distributed denial-of-service (DDoS) attacks and trade stolen personal data, the department said in a press release on Wednesday.
“Today, the FBI and the Department stopped two distressingly common threats: websites trafficking in stolen personal information and sites which attack and disrupt legitimate internet businesses,” according to the announcement, citing US Attorney Matthew M Graves.
“Cyber crime often crosses national borders. Using strong working relationships with our international law enforcement partners, we will address crimes like these that threaten privacy, security, and commerce around the globe,” Graves added.
According to the announcement, the seized domains are:
The first one on the list was a cybercrime marketplace that let users advertise and trade stolen personal information. It featured a searchable database of information stolen in over 10,000 breaches.
The website’s database consisted of 7 billion records of personally identifiable information (PII), including full names, usernames, phone numbers, email addresses, and online account credentials (usernames and passwords). Users could access these stolen records through varying subscription tiers.
In January 2020, authorities confiscated a domain bearing an almost identical name (weleakinfo[.]com) and made 21 arrests tied to the illicit operation. Last year, one of the related domain’s operators received a two-year prison sentence.
While the other two domains on the list didn’t deal in marketing stolen data, they acted as cybercrime hubs. Ipstress[.]in and ovh-booter[.]com hosted DDoS-as-a-service operations, where clients could execute DDoS attacks on their desired targets by proxy by simply paying a sum of money.
DDoS attacks are cyberattacks designed to make targeted machines, resources or networks unavailable by overloading them with excessive traffic. During a successful DDoS attack, the targeted device can no longer handle legitimate requests and often goes offline until the attack ceases.
As their names suggest, the DDoS-associated domains offered booter, or IP stresser attacks to its customers.