Sites Had Sold Access to
Hacked Personal
Information And
Supported Distributed
Denial of Service
Attacks
The FBI and the U.S.
Department of Justice
announced today that
they have seized the
internet domain name
weleakinfo.to and two
related domain names,
ipstress.in and
ovh-booter.com,
following an
international
investigation into
websites allowing users
to buy access to stolen
personal information or
to perform attacks on
victim networks.
The announcement was
made by U.S. Attorney
Matthew M. Graves of the
District of Columbia and
Special Agent in Charge
Wayne A. Jacobs of the
FBI Washington Field
Office’s Criminal and
Cyber Division.
“Today, the FBI and the
Department stopped two
distressingly common
threats: websites
trafficking in stolen
personal information and
sites which attack and
disrupt legitimate
internet businesses,”
said U.S. Attorney
Graves. “Cyber crime
often crosses national
borders. Using strong
working relationships
with our international
law enforcement
partners, we will
address crimes like
these that threaten
privacy, security, and
commerce around the
globe.”
“These seizures are
prime examples of the
ongoing actions the FBI
and our international
partners are undertaking
to disrupt malicious
cyber activity,” said
Special Agent in Charge
Jacobs. “Disrupting
malicious DDoS
operations and
dismantling websites
that facilitate the
theft and sale of stolen
personal information is
a priority for the FBI.”
The WeLeakInfo.to
website had claimed to
provide its users a
search engine to review
and obtain the personal
information illegally
obtained in over 10,000
data breaches containing
seven billion indexed
records – including, for
example, names, email
addresses, usernames,
phone numbers, and
passwords for online
accounts. The website
sold subscriptions so
that any user could
access the results of
these data breaches,
with subscriptions
providing unlimited
searches and access
during the subscription
period (one day, one
week, one month, three
months, or lifetime). In
January 2020, the FBI
and the U.S. Department
of Justice also
announced that they had
seized the internet
domain name
weleakinfo.com, shutting
down a similar service
then provided at that
site.
The ipstress.in and
ovh-booter.com domains
were also seized. Those
sites publicly offered
to conduct “Distributed
Denial of Service”
attacks, or “DDoS”
attacks for clients –
specifically, a format
called booter or
stressor attacks. DDoS
attacks are a type of
network attack in which
multiple
internet-enabled devices
are used to attack
computers hosting a
website – usually by
flooding the site with
internet traffic – for
the purpose of rendering
it inaccessible to
legitimate users or
unable to communicate
with the internet.
With execution of the
warrant, the seized
domain names –
weleakinfo.to and the
related domains – are
now in the custody of
the federal government,
effectively suspending
the website’s operation.
Visitors to the site
will now find a seizure
banner that notifies
them that the domain
name has been seized by
federal authorities. The
U.S. District Court for
the District of Columbia
issued the seizure
warrant.
The
seizures of these
domains were part of a
coordinated law
enforcement action with
the National Police
Corps of the Netherlands
and the Federal Police
of Belgium. The actions
executed by our
international partners
included the arrest of a
main subject, searches
of several locations,
and seizures of the
webserver’s
infrastructure.
Any persons having
information concerning
weleakinfo.to or its
owners and operators are
encouraged to provide
that information by
filing a complaint
(referencing #weleakinfo
in the “Description of
Incident” field) with
the FBI’s Internet Crime
Complaint Center (IC3)
at
https://www.ic3.gov/complaint/default.aspx.
These seizures are a
part of a comprehensive
law enforcement action
taken by the FBI, the
U.S. Attorney’s Office
for the District of
Columbia, and the
Department of Justice’s
Computer Crime and
Intellectual Property
Section, along with
international law
enforcement, including
the Netherlands National
Police Corps and the
Belgium Federal Police.
