The FBI has seized the domains for the notorious Cracked.io and Nulled.to hacking boards, that are recognized for his or her give attention to cybercrime, password theft, cracking, and credential stuffing assaults.
Whereas a few of their members additionally engaged in moral hacking discussions, the websites have been broadly considered a hub for cybercriminal exercise.
Additionally they hosted content material associated to software program cracks, hacking instruments like “configs” utilized by credential stuffing assault instruments (e.g., OpenBullet and SilverBullet), and different illicit actions, together with a “combo lists” market with stolen credentials or databases.
When attempting to open the websites, net browsers show “Error 1000. DNS factors to prohibited IP” and Error 1016. Origin DNS error” messages.
Immediately, the FBI seized the boards’ domains and modified their identify servers to ns1.fbi.seized.gov and ns2.fbi.seized.gov from their earlier Cloudflare identify servers.
Cracked.io’s workers printed an announcement on their Telegram channel earlier right now, blaming a knowledge middle challenge for the continued entry issues.
“There’s an lively challenge in our information centre which the workers is engaged on. Therefore companies stay offline until the problem is resolved. We are going to get detailed report later,” they mentioned.
“We are able to solely hope it’s resolved with out additional challenge. No estimated time at this second. The present standing from information centre is that it might take as much as 1 day.”
Immediately, the FBI additionally seized the domains utilized by:
- MySellIX (mysellix.io) and SellIX (sellix.io), two platforms that allowed customers to create their very own on-line shops, which risk actors additionally used to promote stolen information, software program keys, and compromised accounts, and
- StarkRDP (starkrdp.io), a Home windows RDP digital internet hosting supplier that some risk actors allegedly used for credential stuffing assaults.
An FBI spokesperson was not instantly accessible for remark when contacted by BleepingComputer earlier right now.
Whereas the legislation enforcement company has but to share extra details about this wave of seizures, all indicators level to a crackdown on platforms concerned in credential stuffing and stolen account credentials.