It’s very rare for Russian law enforcement to go after a Russia-based cybercriminal forum that doesn’t trade in local data – but that’s what just happened. The alleged administrator of LeakBase has been arrested in the city of Taganrog.

Indeed, LeakBase, a cybercrime forum created in 2021 and dismantled just this month, had a well-publicized rule against sharing “any data related to Russia.”

This seemed to be some kind of insurance against the possibility that the Russian authorities would go after people behind the underground marketplace.

“Look, we’re only targeting folks in unfriendly states, so there’s no need to touch us,” LeakBase seemed to suggest.

The forum – one of the largest cybercriminal marketplaces in the world – might have crossed the line, though, because this week, the Russian Interior Ministry announced an arrest of a suspect who allegedly created and managed LeakBase, a site where stolen personal databases were bought and sold by its 147,000 registered users.

The ministry even shared a video of the moment of the arrest in the city of Taganrog. The 33-year-old detainee’s identity has not been disclosed so far.

“The platform hosted hundreds of millions of user accounts, bank details, usernames, and passwords, as well as corporate documents obtained through hacking,” said Irina Volk, an official spokesperson for the ministry, according to TASS, a news agency.

“More than 147,000 users registered on the forum could buy and sell this data, as well as use it to commit fraudulent acts against citizens.”

Just three weeks ago, European and US law enforcement shut down LeakBase’s database, with prosecutors stating that the platform combined elements of a forum and discussion board, enabling criminals to buy, sell, and exchange compromised data.

LeakBase is reportedly the work of a threat actor who goes by the online aliases Chucky, beakdaz, Chuckies, and Sqlrip.

After the takedown of the forum, several investigations linked Chucky to a 33-year-old individual from Taganrog. The authors of this Telegram channel said that the suspect seemed to actually have no regard for his own anonymity.

Days after the LeakBase website was seized, the database returned online on the domain “leakbase[.]bz” with protection provided by DDoS-Guard, a Russian provider of bulletproof hosting services.

But now, a message claims: “During a special operation by the Russian Ministry of Internal Affairs’ Security Service, the LeakBase forum was permanently closed.”

Amateur investigators claim that the suspect has never traveled abroad. Of course, he might be extradited now as he’s wanted in the West, but Russia will almost certainly keep the hacker close and may force him to work for the state.

---

Unlock more exclusive Cybernews content on YouTube.