Worldwide network selling ‘stolen credentials’ shut down in Portugal

Worldwide network selling ‘stolen credentials’ shut down in Portugal

PJ police “disconnect” IT pirate, in coordination with FBI

PJ police have been responsible for ‘disconnecting’ a website in Portugal that controlled access to an elaborate virtual market, buying and selling personal data obtained through piracy.

Working in coordination with the American FBI (Federal Bureau of Investigation), the PJ pulled the switch on the criminal network last Tuesday (September 6), writes Correio da Manhã.

The alleged head of operations is a 36-year-old Moldavian who now faces up to 10 years in jail if found guilty of charges of conspiracy and trafficking in unauthorized access devices.

From CM’s report, it is unclear if the Moldavian was running the network in Portugal. What is certain is that the IT ‘server’ was based here.

The server controlled access to this criminal market which has seen around €4 million worth of business – mainly in digital currencies – conducted over the last two years.

The network used various ‘domains’: wt1shop.net; wt1store.cc, wt1store.com and wt1store.net. The main page was the one with the server in Portugal, and there were at least 106,000 people using it, and 94 ‘sellers’.

Says CM, the market had an archive of 5.8 million stolen identities in the form of  approximately 25,000 scanned driver’s licenses/passports, 1.7 million login credentials for various online shops, 108,000 bank accounts, 21,800 credit cards, and quite a bit else.

Details of people who may have been ‘affected’/ scammed by this network have not yet been released. But they must exist: online Bitdefender referred to the marketplace last week as “infamous”.

“Criminals used the illicit platform to acquire stolen ID cards, login credentials, credit cards and other personally identifiable information (PII). Perpetrators would then use those purchases for account takeovers, fraudulent online purchases, credit card fraud, and identity theft”, it claims.

Bitdefender suggests the marketplace was advertised on “cybercrime-focused subreddits and Russian hacking forums”.

natasha.donn@portugalresident.com