WT1SHOP Marketplace Seized For Trading Stolen Credentials, Operator Faces Charges
Authorities seized four WT1SHOP domains, viz., wt1shop.net, wt1store.cc, wt1store.com, and wt1store.net, which collectively had 5.85 million stolen PII records and credentials for sale.
A coordinated operation by law enforcement has taken down WT1SHOP, an online marketplace dealing in the illicit trade of personally identifiable information (PII), credentials, and other sensitive data. No arrests have been made so far.
Authorities seized four WT1SHOP domains, viz., wt1shop.net, wt1store.cc, wt1store.com, and wt1store.net, the U.S. Department of Justice notified users. The on-ground operation was conducted by Portuguese law enforcement, with involvement from the Republic of Moldova, the Republic of Estonia, the United Kingdom, and the Netherlands.
Julia O’Toole, CEO of MyCena Security Solutions, told Spiceworks, “The WT1SHOP site is a notorious cybercrime platform, so it’s good news that law enforcement has taken it down. But, in reality, it’s just one marketplace out of many that still exist on the dark web that specialize in selling stolen credentials.”
WT1SHOP was operated by one Nicolai Colesnicov, a Moldovan national against whom the DoJ filed a federal crime complaint in April 2022. According to the complaint unsealed this week, Colesnicov-operated WT1SHOP dealt 5.85 million records of stolen PIIs, including approximately 25,000 scanned driver’s licenses and passports, 108,000 bank accounts, and 21,800 credit cards.
WT1SHOP also sold 2.4 million login credentials for various online shops, retailers and financial institutions, email accounts, PayPal accounts, identification cards, computers, servers, and network devices. According to the Dutch authorities, the marketplace’s 91 sellers and two administrators cumulatively earned $4 million by June 2022 by selling to the platform’s 60,823 users.
WT1SHOP Promotion Post on Russian Cybercriminal Forum | Source: Privacy Ninja
See More: Hacker Selling 1B Chinese Citizens’ Data for 10 Bitcoin On Dark Web Forum
By December 2021, the number of sellers and users had grown to 94 and ~106,273, while PII records available for sale increased to 5.85 million. O’Toole emphasized that organizations need to beef up their data protection practices.
“Organizations need to find a better way to protect their access credentials to stop them ending up on these marketplaces in the first place. Organizations must begin to realize that they are responsible for their data and have a duty to keep it safe. However, by allowing employees to create their own passwords and passkeys to access critical data, organizations are losing that control,” O’Toole added.
“No organization ever allows employees to make their own keys to access a physical office, yet they allow employees to create their digital keys to access their data, which is undoubtedly their most valuable asset today. This needs to change.” Authorities didn’t clarify where sellers sourced/stole the data sold on WT1SHOP.
The illegal transactions between sellers and users were settled through Bitcoin, DoJ said. Law enforcement was able to track Bitcoin settlements made on the WT1SHOP webhost and associated email addresses.
Colesnicov faces conspiracy and trafficking charges for which he could be sentenced to up to 10 years in federal prison if convicted.
“One way to protect against the threat is by deploying access encryption where employee passwords are encrypted from end to end, so they never know them. This means credentials can no longer be stolen or phished from users,” O’Toole continued.
“Using encryption also places control back in the hands of enterprises. For the first time since digitization started, they can control their network access rather than let employees make their own passwords, over which they have no control.”
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
MORE ON ILLEGAL ONLINE MARKETPLACES
