Major Cybercrime Forum Administrator Arrested in Ukraine
Overview of the Arrest
In a significant development for international cybersecurity, Ukrainian authorities have apprehended an individual believed to be managing XSS.is, a notorious Russian-speaking cybercrime forum operating on the dark web. This arrest was facilitated by cooperation between French cybercrime investigators and Europol, as confirmed by a statement from France’s prosecutor’s office on Wednesday.
Background on XSS.is
XSS.is, which has been in existence since at least 2013, has built a reputation as one of the leading platforms for cybercriminal activity. On this forum, hackers can engage in various illicit transactions, including the buying and selling of malware, accessing stolen data, and offering ransomware services. Additionally, the platform operated an encrypted Jabber messaging server, providing a secure communication channel for users to conduct their criminal communications without detection.
Investigative Timeline
The investigation into XSS.is began in July 2021 and involved extensive surveillance of the Jabber server through court-ordered measures. This surveillance revealed a wealth of information about ongoing criminal activities, notably ransomware attacks that prosecutors estimate generated illicit profits exceeding €7 million (approximately $8.2 million). The depth of these investigations highlights the scale of the operations led by the forum and its users.
Role of the Suspected Administrator
Authorities have determined that the arrested individual served not only as a technical administrator but also played a crucial role in facilitating various criminal enterprises. They are accused of mediating disputes among cybercriminals, overseeing the execution of illegal transactions, and participating in organized extortion efforts. This multifaceted engagement indicates a well-organized operational framework behind the forum.
Reputation and User Base
Previously known as DaMaGeLab before its rebranding in 2018, XSS.is is among the longest-standing forums on the dark web, especially popular with Russian-speaking hackers. With over 50,000 registered users, the forum has been instrumental in enabling various forms of cybercrime, showcasing the ongoing challenge to law enforcement globally.
Implications of the Arrest
While French authorities have not disclosed the suspect’s identity or provided details on the possibility of extradition, this arrest is part of a broader effort to dismantle forums that facilitate cybercrime. This latest action aligns with prior arrests of key figures involved in different cybercrime communities, including reports in June of several individuals being taken into custody in connection with BreachForums, another significant online marketplace for stolen data.
Ongoing Law Enforcement Actions
The arrest of the individual linked to XSS.is is not an isolated incident but part of a larger trend in which law enforcement has been targeting online platforms and their operators. Recent operations have seen the shutdown of various well-known forums, including Cracked and Nulled, PopeyeTools, Incognito, Nemesis, Bohemia, and Kingdom Market. These concerted efforts signal a growing recognition of the need to address cybercrime holistically and the determination of authorities to combat illegal activities that exploit technological infrastructures.
The apprehension of the XSS.is administrator serves as an important milestone in the ongoing fight against cybercrime, reflecting the commitment of international law enforcement agencies to dismantle such networks and protect the cybersecurity landscape.
