Cross-border hacking group turned login credentials into cold, hard cash

Authorities have taken down the InfinityBlack cybercrime group

Authorities in Poland and Switzerland have taken down the InfinityBlack hacking group that was involved in the sale of stolen user credentials, creating and distributing malware, and cross-border fraud, Europol confirmed today (May 5).

On April 29, the Polish National Police (Policja) arrested five individuals in the country who were believed to be members of InfinityBlack.

According to a statement from Europol, which supported the international operation, police seized electronic equipment, external hard drives, and cryptocurrency wallets valued at around €100,000 ($109,000).

Two “platforms” with databases containing over 170 million entries were closed down by the police.


InfinityBlack was involved in the sale of loyalty scheme login credentialsInfinityBlack was involved in the sale of stolen user credentials (Image credit: Europol)

Six-figure losses

According to Europol, InfinityBlack’s primary revenue stream came from the theft and resale of loyalty scheme login credentials to other criminal gangs.

These gangs would then exchange the loyalty points for electronic devices.

“The hackers created a sophisticated script to gain access to a large number of Swiss customer accounts,” said Europol, which facilitated the operation through its J-CAT cybercrime taskforce.

“Although the losses are estimated at €50,000, hackers had access to accounts with potential losses of more than €610,000.”

Swiss sting

The arrests in Poland follow the unmasking of five individuals in Switzerland last year.

“Once the criminal gang cashing out the loyalty points was identified in Switzerland, police exchanged criminal intelligence and uncovered links to members of the separate hacking group in Poland,” said Europol.

“Transmitting the data on searched computers between the Swiss and Polish authorities led to the arrest of the hackers in Poland.”


INTERVIEW Inside J-CAT – Europol’s Joint Cybercrime Action Taskforce