Operation Talent: FBI Takes Down Cracked.io and Nulled.to
The tentacular Cracked.io and Nulled.to, harboring millions of cybercriminals, dismantled by FBI, Europol and the French police
On these forums, which were seen as symbols of the uberization of cybercrime, hackers exchanged stolen data, AI software specialized in scams, and ransomware.
A major blow to international cybercrime. Several online piracy hotbeds have been dismantled and seized by the authorities, the European police agency Europol announced on Thursday. Among these platforms, the two largest cybercriminal forums in the world, namely Cracked.io and Nulled.to. The two chat rooms alone were frequented by more than 10 million people, and for good reason: they were freely accessible, without having to go through the dark web, unlike most black markets online.
Other related sites, such as Starkrdp.io, Mysellix.io and Sellix.io, which were used in particular as payment platforms, were also targeted by the operation called “Talent”, in which eight police agencies around the world participated, including the FBI, the Italian State Police, and the French Anti-Cybercrime Office. Between 28 and 30 January, the large-scale operation, carried out in all corners of the world, led to the arrest of two people suspected of managing the sites, the search of seven properties, and the seizure of 17 servers, 50 devices and 300,000 euros in cash and cryptocurrencies. Further inquiries may be forthcoming.
Crime uberization
With this net, the international authorities have targeted a criminal trend that has been on the rise for some years: the uberization of cybercrime or, in English, «cybercrime as a service». Whereas online attacks previously required high technology expertise, and were therefore conducted by large hierarchically structured organizations, where all roles were assigned to experienced and specialized criminals, They are now much more regularly conducted by external actors, who offer their services on online forums - such as Cracked.io and Nulled.to. Now, budding cybercriminals need only a rudimentary understanding of cybersecurity, access to the internet and a few dollars to launch an attack (...) they act as service providers, offering their clients a range of illicit services in exchange for payment,' the Thalès group said in a post on the phenomenon.So, ransomware developers (programs that allow to encrypt the data of their targets before demanding a ransom), computer dealers «zombies» (infected PCs in order to make them undetectable) and data thieves were discussing Cracked.io and Nulled.to, in order to offer their services to the highest bidders. Both forums also offered AI-based tools and scripts to automatically analyse security vulnerabilities and optimise attacks,' Europol said in a statement. Advanced phishing techniques were frequently developed and shared, sometimes using AI to create more personalized and compelling messages,' it also says.
It is estimated that the hackers behind the site were earning up to one million euros per year. On Telegram, administrators of Cracked.io have confirmed the closure of the site by the authorities: “Cracked.io was seized as part of Operation Talent, although the exact reasons were not disclosed”. They state that “we will wait for the official legal documentation from the data centre and domain host”. It’s a «sad day» for the pirate community, says the message, reported by .