Europol Dismantles Combo Sellers InfinityBlack

Europol has announced the dismantling of an infamous hacking group accused of stealing and selling user account credentials to other cyber-criminals.

Polish police swooped on six locations around the country, arresting five suspected members of the InfinityBlack group.

They seized electronic equipment, external hard drives and cryptocurrency wallets worth €100,000, and shut down two platforms featuring databases containing over 170 million entries, Europol explained.

The group apparently stole mainly loyalty program log-in “combos” and sold them to other gangs, who cashed in the loyalty points to buy expensive electronics.

Police in Switzerland are said to have intervened when some of these individuals tried to use the stolen data in shops. An estimated €50,000 in loyalty points was lost after InfinityBlack created a specialized script to access the accounts of Swiss consumers, according to Europol.

Five people were arrested in the canton of Vaud, Switzerland, with cross-border cooperation between law enforcement following the trail back to the cybercrime group in Poland.

“The group was efficiently organized into three defined teams,” explained Europol. “Developers created tools to test the quality of the stolen databases, while testers analyzed the suitability of authorization data. Project managers then distributed subscriptions against cryptocurrency payments.”

As well as selling breached credentials, InfinityBlack is said to have created and distributed malware and hacking tools.

Yesterday’s announcement from Europol comes just weeks after it announced a major crackdown on the sale of counterfeit medical and pharmaceutical supplies following surging demand due to COVID-19.

It claimed that 37 organized crime groups had been dismantled as part of the operation, €13m ($14m) in potentially dangerous pharmaceuticals was seized, 121 arrests were made and a total of 4.4 million units were taken by police.

What’s Hot on Infosecurity Magazine?