Russian Ministry of Internal Affairs along with the help of Group-IB forensic specialists arrested the two hackers who compromised customer accounts of popular online stores, payment systems, and bookmakers.
According to Group-IB, the hackers compromised about 700,00 in total and they put 2,000 accounts on sales for $5, they admitted that they earned 500,000 rubles and the real amount was not determined by the investigators.
How the two hackers gained access to accounts
The hackers collected the credentials from online sources such as hacker forums and perform brute attacks to gain access for the online stores. They took advantage of the culture of password reuse which is most common practice on the internet today.
They also sold the compromised account credentials for $5 or 20-30% of the nominal balance in the account. It was also found they offered multiple services such as breaching and hijacking the account.
The Ministry of Internal Affairs of the Russian Federation and Group-IB have detained hackers who broke into the accounts of 700,000 customers of popular Internet stores https://t.co/YIDMl8Ad7I
— Group-IB (@GroupIB_GIB) June 27, 2018
The investigation began in November 2015 after a massive cyber attack on a large online store and the attackers compromised more than 120,000 accounts. To ensure their anonymity the attackers launched attacks from various IP address and changes the browser user-agent. In total, they have used 35,000 unique IP addresses.
After the massive attack’s on large online stores they switched their focus to lesser-known online stores.
Russian police arrested the two hackers, “the 19-year-old leader of the group who possesses the necessary knowledge in the field of computer information, and his 18-year-old accomplice who made illegal access to databases.”