Police nab InfinityBlack hackers

Five alleged members of hacking group InfinityBlack got some unexpected visitors last week when Polish law enforcement arrested them.

InfinityBlack was a hacking group that specialised in stealing and distributing sets of online credentials known as combos, especially for loyalty rewards points accounts. It would sell them to other gangs who would then exchange the points for products, said a Europol press release announcing the arrests.

The hackers ran the operation like a business, with different teams handling individual functions. The whole thing was fronted by an online service selling subscriptions to access stolen data. The development team created tools to test the quality of the stolen data, and a testing team analysed its suitability for distribution, said Europol. A project management team handled the business end, distributing subscriptions for cryptocurrency payments and converting the data into digital cash.

Someone in the group – we’re guessing the developers – wrote a script that compromised customer accounts in Switzerland. They sold the data on to Swiss users, some of whom were minors, who then tried to use them in shops. Swiss police collared them in five arrests in between 30 April and 2 May. After searching seized computers, they obtained enough data to trace the sale back to the Polish hackers. They passed on the information to Polish police, who made the arrests on their side.

The police seized over €100,000 in assets during raids across five regions in the country. That included electronic equipment, external hard drives and hardware cryptocurrency wallets. Police also closed down two platforms with over 170 million records.

The stolen data hadn’t all been used. Europol estimates that €50,000 in loyalty points had been lost (presumably spent) already, but the compromised accounts contained around €610,000 in points overall, it said.

Some of the combos sold by Infinity Black seem to have turned up in #Collection 1, an 87Gb collection of 1.16bn combos that surfaced online in January 2019. One online criminal claimed to have leaked the data after seeing it for sale elsewhere. He reportedly said:

I leaked whole of it because seller shared my infinity black combos in that storage[sic]

The arrests are a palpable hit for the European police, who are fighting a Sisyphean battle against online crooks. In its October 2019 report on internet organised crime, Europol recommended improved coordination of undercover online investigations to help track down dark market sellers, who it said are becoming increasingly fragmented and difficult to follow.

Latest Naked Security podcast


Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.