Hacker forums Cracked, Nulled and others, seized under FBI's 'Operation Talent'


Hacker forums Cracked[.]io, Nulled[.]to, MySellIX[.]io, and StarkRDP[.]io on Wednesday are seized by the FBI, Europol, and international law enforcement as part of ‘Operation Talent.’

A large ‘‘Operation Talent’ seizure poster was splashed across most of the shady websites by Wednesday afternoon.

“This website, as well as the information on the customers and victims of the website, has been seized by international law enforcement partners,” the warning said.

ADVERTISEMENT

The FBI, Europol, and multiple other international forces took part in the joint operation, including Australia, France, Greece, Germany, Italy, Romania, and Spain, as well as the US Department of Justice (DoJ) and the US Treasury’s Office of Foreign Assets Control (OFAC).

“Today the United States Federal Bureau of Investigation seized several more prominent Threat Actor forums, vx-underground posted on X, listing the four sites and their domain addresses.

Nine million users and over 70 million posts and listings

Cracked and Nulled are known hacker forums/marketplaces where cybercriminals often go to exchange cracking tutorials, buy and sell leaked data, hacking tools, stolen login credentials, servers for hosting malware, and to discuss what hackers discuss.

The Cracked marketplace, which had been operating since 2018, had over four million users, over 28 million listings for cybercrime tools and stolen information, and generated approximately $4 million in revenue, according to the DoJ.

An alleged 17 million victims from the US alone have been impacted, the agency said.

ADVERTISEMENT

In one instance, the DoD said a recent sextortion and harassment case involving a female victim in Western New York was allegedly traced back to an advertised listing on the marketplace for login access to “billions of leaked websites.”

The DoD said that using the list of stolen credentials, the perpetrator was able to find the victim’s credentials for an online account, using it to cyberstalk her with sexually demeaning and threatening messages.

Meantime, one of Nulled’s administrators and finance operators, 29-year-old Lucas Sohn, an Argentinian national residing in Spain, has been charged with running the hacker marketplace website since 2016.

“Nulled had over five million users, listed over 43 million posts advertising cybercrime tools and stolen information, and generated approximately $1 million in yearly revenue, the DoJ said, adding that investigators allegedly found one listing contained “the names and social security numbers of 500,000 American citizens.”

Sohn, who faces a total maximum of 30 years in prison if convicted, faces charges of conspiracy to traffic in passwords, access device fraud, and identity fraud.

'A sad day indeed for our community'

Cracked[.]io was the first to announce the bust, taking to its Telegram channel ‘Cracked Announcements’ to inform users and followers.

At first, Cracked administrators believed the website outage was related to a tech issue, posting that there was “an active issue in our data centre which the staff is working on.”

ADVERTISEMENT

“Services remain offline till the issue is resolved. We will get detailed report later. We can only hope it is resolved without further issue. No estimated time at this moment, they posted around 5:00 a.m. Eastern Time.

But by Wednesday afternoon, the jig was up, and the website admin admitted to the FBI seizure.

“Now that everyone has more clarity on the situation, Cracked.io has been seized under operation talent with specific reasons being undisclosed,” they wrote.

“We are still waiting for the official court documentation from the data centre and the domain host. We will inform you guys further on those details once we have it,” they said, concluding that it was “a sad day indeed for our community.”

Operation Talent CRACKED Telegram channel

The interwebs weigh in

The seized MySellIX is an e-commerce platform where threat actors set up online stores to offer, sell, and buy nefarious “goods and services,’ while StarkRDP allows cybercriminals to remote host using Windows RDPs and virtual machines (VM).

Some on the web further mentioned SellIX.io, another cross-border e-commerce site, also being seized, as well as RDP.sh, all of which are “allegedly operated by a group of Germans,” one blogger noted. Cracked was alleged to have used SellIX for its payment processing, according to the DoJ.

Operation Talent CRACKED seized 750
Image by Cybernews.

Still, not everyone was thrilled with the take-down. Some users who found out about the news on Reddit touted the legitimacy of the hacker forums and, in one thread, questioned why the feds even bothered going after the sites.

ADVERTISEMENT

“You think a forum that has been up for more than 10 years is a "scam’?” questioned Reddit user Neon Prime.

But, even with some dissent, it seemed most Reddit users agreed it was good riddance to the scammer sites.

User FilthyDoinks, who claimed they’d been visiting these and similar hacking forums since 2007, posted in response, “There’s a lot more to show it was a huge scam…Cracked is full of viruses. Most posts are a honey pot to get other hackers ratted …Trying to catch what they call “script kiddies.”

FilthyDoinks went on to explain how they were personally hacked after buying something off an advertisement for CrazyRDP, an anonymous offshore hosting site.

“Big on there. Huge adverts. Months later the owner hacked everyone and black mailed them. This includes me. Tho it wasn’t my info I’m a hacker I’m not an idiot lol.” they said.

Other users lamented over the more recently busted hacker markets, RaidForums in March 2022, and the more recent take-down of its unofficial replacement, BreachForums, the following spring, although the site has again been reincarnated numerous times since.

Gintaras Radauskas vilius Konstancija Gasaityte profile jurgita
Get our latest stories today on Google News

Another user mentioned the irony that one of the industry's more well-known and active hackers, IntelBroker, who was allegedly running Breached before the FBI took it down again last year and was allegedly responsible for the recent January breach of Hewlett Packard had just moved to one of the forums.

"Kinda ironic IntelBroker also just moved to cracked if I recall, and they're seized now," Reddit user T0mKatt said.

IntelBroker is also infamous for previous high-profile attacks against Cisco, Europol, Apple, AMD, GE, and US Cellular.

ADVERTISEMENT