Yesterday, Ukrainian authorities arrested the suspected administrator of a notorious Russian-language crime forum, XSS.is.
In an X post, the Paris Prosecutor's Office announced that Ukrainian authorities detained the suspect after an investigation conducted with French authorities' and Europol's help that began almost exactly four years ago.
XSS has been "one of the main hubs of global cybercrime" since 2013, French authorities said, allowing "the sale of malware, access to compromised systems, stolen data, and ransomware-related services."
Used by criminals globally to cover up illicit activity, the forum was shut down soon after the admin's arrest.
The suspected admin has so far not been named. But police said the suspect was identified after authorities began intercepting encrypted chats sent on a Jabber messaging server that members used, "thesecure.biz."
Surveilling chats between forum users, the government eventually intercepted a message that tipped authorities off to the alleged admin's identity back in September. Soon after, they deployed agents to find the admin, and ultimately, it took months for Ukrainian authorities to make the arrest, with both French and Europol authorities present.
"The intercepted messages revealed numerous illicit activities related to cybercrime and ransomware, and established that they generated at least $7 million in profits," a translation of the press release said.
According to Bleeping Computer, in the moments before XSS went dark, members started to panic that law enforcement had seized the site "after being unable to reply to existing threads."
It now seems likely that cops may have access to the backend, possibly already uncovering other incriminating evidence to build cases against other forum members, some of whom may be unlikely suspects otherwise.
Just last week, a former US Army soldier, Cameron John Wagenius, pleaded guilty to "conspiring to hack into telecommunications companies’ databases, access sensitive records, and extort the telecommunications companies by threatening to release the stolen data unless ransoms were paid." All his crimes were conducted while on active duty, and his extortion attempts included "threats to post the stolen data on cybercrime forums" including XSS, the US Department of Justice said. Scheduled to be sentenced in October, Wagenius faces up to 20 years in prison.
Bleeping Computer noted that the suspected admin's arrest "is likely to have a chilling effect on the activity at XSS," with members probably scouring for an alternative forum that perhaps won't be as likely to be targeted by global authorities next.
French authorities seem particularly intent on cracking down on cybercrime, arresting five operators of another major cybercrime hub, BreachForums, last month, Bleeping Computer reported. Among operators arrested was an alleged notorious hacker and data broker known as "IntelBroker," a British national named Kai West who, the US has alleged, caused $25 million in damages to victims "around the world."
“I don’t know what planet I’m on”: Remembering Ozzy Osbourne’s defining moments on the internet