In a Joint Operation, the US and Portuguese authorities seized a cybercrime marketplace named WT1SHOP that made sellers of stolen personal information (PII) millions of dollars over the years.
WT1SHOP was one of the largest cybercriminal marketplaces of PII data commonly used by threat actors to buy credentials for account takeovers, credit cards used for online purchases, and government I.D. cards for identity theft.
The representatives of WT1SHOP commonly promoted the marketplace on Russian hacking forums and Reddits that catered to online criminal activity.
It was seized by Portuguese authorities yesterday, while their counterparts in the US shuttered four associated domains: “wt1shop.net,” “wt1store.cc,” “wt1store.com,” and “wt1store.net.”
The website operating as a marketplace for over 5.85 million records of personally identifying information (PII) was seized now.
Other domains used by the WT1SHOP are wt1store.biz, wt1store.me, wt1store.xyz, and wt1store.org, which do not appear to be seized now.
But as the main website and hosting are seized, visiting any of these domains no longer allows access to the store.
WT1SHOP marketplaces offer 25,000 scanned driver’s licenses and passports, 1.7 million login credentials for e-commerce stores, 108,000 bank accounts, and 21,800 credit cards, the DoJ said in a statement.
“Law enforcement’s review of WT1SHOP in December 2021 showed that the number of users and sellers on the website had increased to approximately 106,273 users and 94 sellers with a total of approximately 5.85 million credentials available for sale”.
The alleged site administrator, Nicolai Colesnicov, 36, of Moldova was charged with conspiracy and with trafficking in unauthorized access devices, in a complaint filed in April and unsealed yesterday.
Nicolai Colesnicov also faces a maximum sentence of 10 years in federal prison if found guilty.
Law enforcement agencies traced Bitcoin sales on the site and Based on this intelligence, they deduced that he was the operator and main administrator of WT1SHOP.