Account hacking: Ukrainian criminal group arrested

Ukrainian Police Arrest Three Men Suspected of Hijacking Accounts of Over 100 Million Internet Users

Ukrainian police, in cooperation with the regional prosecutor’s office, have arrested three men aged 20 to 40 in the Kharkiv region. The suspects operated as part of a criminal group, specializing in hacking email and Instagram accounts.

Methods Employed by the Criminal Group

The men used easily guessable passwords to take control of victims’ accounts. Employing the brute-force technique, which involves automatically testing various login combinations, enabled them to acquire a massive number of compromised accounts in a short period.

Roles and Actions of Individual Group Members

Despite residing in different parts of the country, each of the apprehended individuals had a specific role. The group’s organizer divided responsibilities between two other members, who were tasked with creating databases of hacked accounts. These databases were then sold on the dark web, mostly to fraudster groups who used them for further criminal activities.

Searches and Evidence Seizures

As part of the investigative efforts, officers conducted seven searches at the suspects’ residences located in the Kyiv, Odessa, Vinnytsia, Ivano-Frankivsk, Donetsk, and Kropyvnytskyi regions. They seized over 70 pieces of computer equipment, 14 phones, bank cards, and over $3000 in cash.

Charges and Potential Penalties

The three men are currently in custody under Part 3 of Article 28 and Part 5 of Article 361 of the Ukrainian Criminal Code. If convicted, they could face up to 15 years of imprisonment.

Popularity of Brute-Force Techniques

Brute-force techniques continue to be a popular method for hijacking online accounts. In January, the threat research firm Mandiant revealed that their own social media account was hacked in a similar manner. Criminals attempted to deceive followers and redirect them to a phishing site aimed at stealing cryptocurrencies.