Five suspected members of a hacking group “InfinityBlack” were arrested on April 29, 2020, in a special operation carried out by the Polish National Police (Policja) in coordination with Europol, Eurojust, and Swiss law enforcement authorities.
InfinityBlack was behind several cybercrime activities including, stealing online credentials and loyalty reward points. The group is known to sell stolen credentials to other cybercriminal gangs on the darknet. According to Europol press release, the Police seized hackers’ electronic equipment, hard drives, and physical cryptocurrency wallets worth around €100,000 (US$108,479). The group maintained two cybercrime platforms to offer their services – one for stolen databases and other for login credentials known to many as combos.
“The hacking group created online platforms to sell user login credentials known as combos. The group was efficiently organized into three defined teams. Developers created tools to test the quality of the stolen databases, while testers analyzed the suitability of authorization data. Project managers then distributed subscriptions against cryptocurrency payments. The hacking group’s main source of revenue came from stealing loyalty scheme login credentials and selling them on to other, less technical criminal gangs. These gangs would then exchange the loyalty points for expensive electronic devices,” Europol said in the release.
InfinityBlack’s Swiss Connection
The authorities stated that hackers created a sophisticated script to gain access to a large number of Swiss customer accounts. It was found that InfinityBlack members accessed more than €600,000 (US$650,580) in loyalty points and sold them to other criminal groups. The investigation by the Cyber Investigation Division (DEC) of the Vaud Cantonal Police in Switzerland identified the connection between buyers in Switzerland and sellers in Poland. The fraudsters and hackers were unmasked while using the stolen data in retail stores in Switzerland.
“A number of investigation measures by specialists from the Cyber Investigation Division (DEC) of the Vaud Cantonal Police made it possible to dismantle the InfinityBlack hackers network set up to exploit this data to the detriment of businesses. Between April 30 and May 2, 2019, five arrests were made in the canton of Vaud, Switzerland,” the authorities said.