Administrator of Major Dark Web Cybercrime Forum Arrested In Ukraine

alternative_right shares a report from France 24: A suspected administrator of a top Russian-language cybercrime forum, XSS.is, has been arrested in Ukraine with the help of French police and Europol, French prosecutors said on Wednesday. Industry experts describe XSS.is as one of the longest-running dark web forums. "On Tuesday July 22, a person suspected of being the administrator of the Russian-language cybercrime forum XSS.is was arrested as part of a criminal investigation opened by the Paris public prosecutor's office," Paris prosecutor Laure Beccuau said in a statement. "Active since 2013, this forum was one of the main hubs for global cybercrime. The forum also operated an encrypted Jabber messaging server, facilitating anonymous exchanges between cybercriminals."

"A judicial investigation was opened on November 9, 2021 on charges of complicity in attacks on an automated data processing system, organised extortion, and criminal conspiracy," Beccuau said. "The intercepted messages revealed numerous illicit activities related to cybercrime and ransomware, and established that they generated at least $7 million in profits."

Russian Hacker In Ukraine?

[Anonymous Coward]

Its interesting that the administrator of a hacking network widely identified as pro-Russian was arrested in Ukraine.

Re: Russian Hacker In Ukraine?

[shm]

How is it interesting? Most Ukrainians speak Russian. Even Zelenskyy had to learn Ukrainian after he became president.

Itâ(TM)s like being surprised that most Scottish people speak English.

Re: Russian Hacker In Ukraine?

[newcastlejon]

It's like being surprised that most Scottish people speak English.

Most Americans speak English too, but you don't see us trying to annex the USA.

Re:

[Sean Clifford]

LMFAO!!! What?

Re:

[_merlin]

Russia talks about "liberating" the Russian-speaking people in eastern Ukraine. The OP is joking about the possibility of England "liberating" the English-speakers in the USA.

Re: Russian Hacker In Ukraine?

[FilatovEV]

"Most Americans speak English too, but you don't see us trying to annex the USA." It's easy for you to abstain from a fight, because the U.S. does not ban public education in English.

Re:

[quonset]

"Most Americans speak English too, but you don't see us trying to annex the USA."

It's easy for you to abstain from a fight, because the U.S. does not ban public education in English.

Such as Russia teaching only Russian [themoscowtimes.com] to Ukrainian children they've kidnapped? Or trying to eradicate [yale.edu] anything Ukrainian through indoctrination of children [bbc.co.uk] they've kidnapped?

Re: Russian Hacker In Ukraine?

[FilatovEV]

Unfortunately, the two Governments failed to reach an agreement that would protect rights of Russian citizens in Ukraine while protecting rights of Ukrainian citizens in Russia.

Like in family therapy, the problem involves both countries and cannot be solved by changes in any one country. Only in both countries at once.

That's why reaching peace is so complicated.

The first step is to make both countries talk to each other. How would you achieve that?

Re: Russian Hacker In Ukraine?

[drinkypoo]

"The first step is to make both countries talk to each other. How would you achieve that?"

Can't happen while Puto is in office. So the question really is how do you remove him?

Re: Russian Hacker In Ukraine?

[FilatovEV]

"Can't happen while Puto is in office. So the question really is how do you remove him?"

Why do you consider a Russian citizen as being indebted to you? I don't owe anything to you. I don't need anything from you, either.

Where did I mention that I was asking for a favor? I fail to memorize that part, sir.

Re:

[drinkypoo]

ok orc

Re: Russian Hacker In Ukraine?

[FilatovEV]

You do realize that you are impolite now?

Re:

[drinkypoo]

Don't rush to Puto's defense next time, no problem

Re:

[r1348]

The US literally went at war to get rid of you...

Re:

[eneville]

Then went out of their way to not speak English?

Re:

[eneville]

Isn't that the reason Americans speak English?

Re:

[Geoffrey.landis]

Its not interesting that he speaks Russian. Its interesting that he was operating in Ukraine as the administrator for what has been widely reported as a Russian hacking group with links to the Kremlin.

A lot of the links to Russia have been severed; it may be easier to get to the internet surreptitiously from Ukraine.

Re:

[cusco]

Well, since even before the 2014 coup Ukraine was far and away the most corrupt country in Europe, I doubt anything more than a modest bribe was required to operate there.

Re:

[dfghjk]

Russia is European, your facts aren't straight. Ukraine probably isn't even second, Russia has allies in Europe. In fact, isn't the source of this reported Ukrainian corruption Russia? And Trump? And the basis for the claimed corruption dating back to when Ukraine was aligned with Russia?

"...since even before the 2014 coup..."

LOL yeah, since when Ukraine was a corrupt pro-Russian satellite, could have possibly changed since, eh comrade?

Re:

[_merlin]

He's referring to reports like this: https://www.transparency.org/e... [transparency.org]

But they were supposedly improving the situation until last year: https://newsukraine.rbc.ua/new... [newsukraine.rbc.ua]

And now it looks like they're heading back in the opposite direction: https://www.bbc.com/news/artic... [bbc.com]

Re:

[cusco]

Yes, it's changed, it's gotten worse. According to the anti-corruption groups, which just got put under control of the presidential office instead of being independent like they were, Zelinskyy alone has stolen about $10 billion (yes, with a B) per year.

Re:

[cusco]

Actually the Once Great Z grew up speaking Russian at home, Ukrainian is his second language. (OK, it's a dialect, but Ukrainians pretend it's a different language.) English is his third.

Re:

[dunkelfalke]

Well, my little know-nothing-know-it-all russian bot, Ukrainian is a real language and not a dialect by every definition of the word "language" except the ones you dumbass bots are using. It even has 7 grammatical cases instead of 6 in Russian that lost its vocative centuries ago.

WTF was he doing In Ukraine?

[0xG]

Why would he be in 'enemy/nazi' territory anyways?

Re:

[cusco]

Don't you know? Anything seen as bad is required to be linked to Russia or China, or maybe North Korea. Ukraine is all sweetness and light, even their openly neo-Nazi units are now good guys.

Re:

[dfghjk]

Shame you are paid in rubles for all this quality work.

Re: Russian Hacker In Ukraine?

[drinkypoo]

Low-quality is technically quality, but not deserving of real pay.

OPSEC

[Sean Clifford]

It won't take long to convince her - or him - to be debriefed then cooperate. There are a few needs for an individual and huge dividends to the Ukraine...well, at least until this prisoner...er, perhaps an asset...comes down with a fatal case of Vx, leaping from a 15th floor balcony in despair, or shooting themselves in the back of the head a few times.

***/rant on/***

Why can't people STFU and keep information like this out of the news? GI Joes, Crayon eaters, Squids, Coasties, Space Cadets, and Chair Force folks understand. Their dependent families understand. Veterans, spouses, and certain other professionals understand.

If you're some dipshit Air Force Sergeant, who sends his brother a photo via Apple Messenger, embedded with GPS data, saying where you (and your unit, etc.) are located, you're a fucknut who needs to be investigated-interrogated by the OSI.

***/rant off/***

Re:

[cmseagle]

Why can't people STFU and keep information like this out of the news?

You mean, keep the arrest itself out of the news?

I don't particularly want to live in a society where the authorities can whisk someone away without a trace.

Re:

[gweihir]

I don't particularly want to live in a society where the authorities can whisk someone away without a trace.

Yep, same here. Obviously the person you answered too is not very smart.

The intercepted messages were encrypted

[Big Hairy Gorilla]

I read the article .. the summary is the whole article. According to the article:
LEO intercepted encrypted jabber messages.

Sooo... how did they decrypt?
Is this the same story as one last week where someone got control of DNS records in Germany and did a MITM on a jabber server?

Unwritten, yet implied is, a cloud or service provider changed the DNS records at the behest of LEO... that is believable ... but... ... it's a stretch to believe anyone read OMEMO or PGP encrypted messages ... without the key, which,

Re: The intercepted messages were encrypted

[drinkypoo]

They could have just got them from a compromised device. People good at exploiting bad security aren't necessarily good at security. Not to mention this guy might just be a glorified forum admin.

Re:

[Big Hairy Gorilla]

The article is thin on the details, and glossy to the point of not believable on the finer points. I don't find it informative.
Ironically, though, for me, nothing seems to point to microsoft or cisco or vmware as the broken link... I find that interesting, as they are "the usual suspects", imho.

Doesn't' OMEMO use the double ratchet? i.e if keys on devices were compromised, isn't that only good for ... a short period of time? The ratchet generates new keys for every new message or packet? So criminals aren't

Re:

[gweihir]

They could have just got them from a compromised device. People good at exploiting bad security aren't necessarily good at security.

Indeed. Defending IT is far, far harder than attacking it. That is the whole reason why we see so many attacks. A major part is that insecure and immature software is in widespread use.

As to Jabber, that comes apparently from ever insecure Cisco. The authorities may just have used a bug a few days before it became public.

Re:

[drinkypoo]

The authorities may just have used a bug a few days before it became public.

You misspelled "government back door" ;)

Re:

[gweihir]

In the case of Cisco, I was under the impression that the general consensus was that they have been doing "error seeding" to create government backdoors for a long time and that this does not need to be mentioned anymore at this time.

Re: The intercepted messages were encrypted

[Big Hairy Gorilla]

Hold on there. Jabber protocol itself is insecure, that is true. But it says the Law intercepted encrypted messages. Jabber clients I use support OMEMO. You know OMEMO is e2ee. I have to assume that if you are planning crimes, you're going to use encryption. I don't see anything about devices in the article. It's implied that it was the servers that were compromised by The Law. That was my read. Actually there is so much missing that we have to make assumptions just to make sense of it .

For once I do not se

Re:

[gweihir]

I have followed cryptography research for about 40 years and I have never heard of "OMEMO". Cannot be a significant thing.

Re:

[Big Hairy Gorilla]

Seriously?
https://en.wikipedia.org/wiki/OMEMO

OMEMO is an extension to the Extensible Messaging and Presence Protocol (XMPP) for multi-client end-to-end encryption developed by Andreas Straub. According to Straub, OMEMO uses the Double Ratchet Algorithm "to provide multi-end to multi-end encryption, allowing messages to be synchronized securely across multiple clients, even if some of them are offline".[1] The name "OMEMO" is a recursive acronym for "OMEMO Multi-End Message and Object Encryption". It is an o

I see many confused

[x1di]

That admin has started his âoecareerâ in late 90ties, and at those times there was no conflict between russians and ukrainians. there was just one agreement in hacker community - to target anyone except an area of ex-ussr. he was rich, and thatâ(TM)s why it took so long to arrest him