Article Details
Scrape Timestamp (UTC): 2024-03-19 18:19:01.597
Original Article Text
Click to Toggle View
Ukraine arrests hackers trying to sell 100 million stolen accounts. The Ukrainian cyber police, in collaboration with investigators from the national police (ГУНП), have arrested three individuals who are accused of hijacking over 100 million emails and Instagram accounts worldwide. The three suspects, aged between 20 and 40, used specialized software to brute-force account passwords and then steal them. Brute force is the means of guessing account passwords through an automated trial-and-error process that has computers try many possible combinations until the correct one is found. This method's success relies on the available computational power in relation to the password length and complexity of the targeted account. The arrested cybercriminals monetized their illicit activities by selling access to compromised accounts to various fraud groups on the darknet. The buyers then used their access to these accounts to message the victims' contacts, requesting them to transfer money under false pretenses. The police announcement says the threat group was spread in various regions of Ukraine and operated under an organized structure in which the leader distributed work tasks to other members. The law enforcement operatives executed seven searches in multiple cities, during which they seized 70 computers and IT equipment, 14 mobile phones, bank cards, and cash. The three apprehended individuals are charged with unauthorized interference in information systems and networks, which is punishable by up to 15 years in prison under Ukrainian law. In addition to this, the police have launched a parallel investigation into the potential collaboration of the cybercrime group with foreign entities, specifically for using select stolen accounts to the benefit of Russian interests. Apart from using unique and strong/long passwords to secure your online accounts from hijacking, it is also recommended to activate multi-factor authentication (MFA) whenever the option is available. MFA adds another defense layer that prevents account takeovers even when attackers possess the correct credentials for the target's account.
Daily Brief Summary
Ukrainian cyber police have arrested three individuals linked to the theft of over 100 million email and Instagram accounts.
The suspects used brute-force attacks to hijack accounts, involving automated guessing of passwords until the correct one was found.
Compromised accounts were sold on the darknet, allowing fraud groups to scam contacts of the victims by requesting money transfers.
An organized criminal structure was revealed, with the leader assigning roles and infrastructure spread across multiple Ukrainian regions.
Law enforcement conducted seven searches, seizing computers, phones, and financial instruments as part of the crackdown.
Those arrested face charges that include unauthorized interference in computer systems, carrying penalties of up to 15 years in prison.
A separate investigation has been opened to explore the hackers' potential ties with foreign entities, particularly concerning Russian interests.
The police recommend the use of strong, unique passwords and multi-factor authentication (MFA) to enhance online account security.