FBI and Europol take down major data leak forum

The FBI and Europol have taken down LeakBase, one of the largest underground data leak forums, and a "central hub in the cybercrime ecosystem", according to Europol.

LeakBase was available on the open web and in English, and had more than 142,000 members. It had, said Europol, a huge and continuously-updated archive of hacked databases, including many from high-profile attacks, with hundreds of millions of account credentials.

Set up in 2021, LeakBase published a total of around 32,000 posts and saw the exchange of more than 215,000 private messages. It allowed forum users to buy and sell data from stolen databases, with credit and debit card numbers, banking account and routing information, usernames and associated passwords – although the sale or publication of any data related to Russia was banned.

"The takedown of this cyber forum disrupts a major international platform that cybercriminals use to obtain and profit from the theft of sensitive personal, banking and account credentials," said assistant attorney general A. Tysen Duva of the US Justice Department's Criminal Division.

Europol's analysts mapped the forum's infrastructure and user activity, cross-matching data with ongoing investigations across Europe and beyond. They seized the forum's database, allowing many users who believed they were operating anonymously to be deanonymized.

Law enforcement officers also engaged directly with several suspects through the same online channels that they'd been using for their criminal activity.

And then, earlier this week, the US and more than a dozen other countries shut LeakBase down. They seized its data and two of the domains used by the forum, posted seizure banners on the LeakBase sites, sent prevention messages to LeakBase members, and collected additional evidence.

Things kicked off on Tuesday, with law enforcement authorities carrying out around 100 coordinated enforcement actions, including executing search warrants, making arrests, and conducting interviews in the US, Australia, Belgium, Poland, Portugal, Romania, Spain, and the UK.

There's no information on how many people were arrested or where, although Europol said it had taken measures against 37 of the most active users of the platforms.

The next day, law enforcement moved to the technical disruption phase, seizing the forum's domain and replacing it with their own splash page. The operation will now, said Europol, enter a "prevention phase" aimed at deterring further criminal activity and raising awareness of the consequences of engaging in cybercrime.

"This operation shows that no corner of the internet is beyond the reach of international law enforcement. What began as a shadowy forum for stolen data has now been dismantled, and those who believed they could hide behind anonymity are being identified and held accountable," said Edvardas Šileris, head of Europol's European Cybercrime Centre.

"This is a clear message to cybercriminals everywhere: if you traffic in other people's stolen information, law enforcement will find you and bring you to justice."