InfinityBlack hacking group busted by European law enforcement agencies

'Well organised' cyber criminals were focused on loyalty card schemes

Law enforcement agencies in Poland and Switzerland have dismantled the InfinityBlack hacking group that was involved in the sale of stolen user credentials and cross-border cyber fraud.

In a press release, Europol said that five members of the group were arrested in Poland last week following a year-long probe by investigative agencies. Polish National Police (Policja) searched six locations in Poland and seized electronic equipment as well as cryptocurrency wallets from the cyber criminals. The items recovered from the hackers are valued at around €100,000, according to Europol.

The arrests helped the authorities to close down databases containing more than 170 million entries.

According to Europol, the members of the group were operating the Infinity[.]black website to sell access to stolen user credentials.

The group specifically focused on loyalty scheme login credentials, which generated majority of revenue for the group. The members sold credentials to other cyber criminals, who would later exchange the loyalty points from each account in exchange of expensive items.

The InfinityBlack gang was very well organised. Different members of the group focused on different activities, like development, testing and management of hacking tools.

Some members were responsible for creating hacking tools, while another team analysed the viability of credentials. Managers distributed access to credentials in exchange for cryptocurrency payments.

The gang also created a sophisticated script which enabled them to gain access to the accounts of Swiss customers. The access was sold to other cyber criminals, causing financial losses to Swiss citizens.

Following multiple complaints of online frauds, Swiss authorities initiated a probe into the group's operations, which eventually led to the arrest of five fraudsters between 30 April and 02 May last year. The arrests were made in the canton of Vaud, Switzerland.

While losses to Swiss customers were estimated at €50,000, Europol said that fraudsters had access to accounts with potential losses of more than €610,000.

Swiss authorities also shared the criminal intelligence with Europol and Eurojust, enabling Policja to arrest five hackers in Poland last week.

"Europol enabled close cooperation between cyber units in Poland and Switzerland through the dedicated network of cyber liaison officers (J-CAT) hosted at Europol's headquarters," the European agency said.

"Eurojust also facilitated the transmission of information between the Public Prosecutor's Offices in Switzerland and Poland."