The FBI has seized the domains for the notorious Cracked.io and Nulled.to hacking boards, that are recognized for his or her concentrate on cybercrime, password theft, cracking, and credential stuffing assaults.
Whereas a few of their members additionally engaged in moral hacking discussions, the websites had been extensively considered a hub for cybercriminal exercise.
Additionally they hosted content material associated to software program cracks, hacking instruments like “configs” utilized by credential stuffing assault instruments (e.g., OpenBullet and SilverBullet), and different illicit actions, together with a “combo lists” market with stolen credentials or databases.
When attempting to open the websites, internet browsers show “Error 1000. DNS points to prohibited IP” and Error 1016. Origin DNS error” messages.
At present, the FBI seized the boards’ domains and modified their identify servers to ns1.fbi.seized.com and ns2.fbi.seized.com from their earlier Cloudflare identify servers.
Cracked.io’s workers printed an announcement on their Telegram channel earlier right this moment, blaming an information middle situation for the continued entry issues.
“There is an active issue in our data centre which the staff is working on. Hence services remain offline till the issue is resolved. We will get detailed report later,” they stated.
“We can only hope it is resolved without further issue. No estimated time at this moment. The current status from data centre is that it may take up to 1 day.”
At present, the FBI additionally seized the domains utilized by:
- MySellIX (mysellix.io), a platform that enables customers to create their very own on-line shops, however which was additionally utilized by menace actors to promote stolen information, software program keys, and compromised accounts, and
- StarkRDP (starkrdp.io), a Home windows RDP digital internet hosting supplier that some menace actors allegedly used for credential stuffing assaults.
An FBI spokesperson was not instantly obtainable for remark when contacted by BleepingComputer earlier right this moment.
Whereas the regulation enforcement company has but to share extra details about this wave of seizures, all indicators level to a crackdown on platforms concerned in credential stuffing and stolen account credentials.
