Authorities have successfully disrupted and dismantled the notorious online cybercrime marketplaces known as Cracked and Nulled, which had been operating since 2016. The Justice Department’s involvement in this effort was part of the larger Operation Talent, a multinational initiative aimed at targeting these criminal platforms that trafficked in stolen login credentials, hacking tools, and various other illicit products.
The operation spanned across several countries, including the United States, Romania, Australia, France, Germany, Spain, Italy, and Greece. This law enforcement operation, which has led to widespread seizures of servers and domain names associated with these marketplaces, is expected to disrupt the illicit trade that has victimized millions of individuals. It is believed that at least 17 million people in the United States alone were impacted by the cybercrimes linked to these platforms.
Cracked and Nulled: A Hotbed of Cybercrime Activity
One of the primary targets of Operation Talent was Cracked, an online marketplace that had been operational since March 2018. Cracked had more than 4 million users and was involved in selling stolen login credentials, hacking tools, malware hosting services, and other cybercrime products.
Over 28 million posts were listed on the platform, with content ranging from illegal tools to sensitive stolen information. According to reports, Cracked generated approximately $4 million in revenue during its operation, primarily by trafficking in stolen data that allowed cybercriminals to launch fraudulent schemes.
A particularly disturbing example of how Cracked was used involved a case of cyberstalking and sextortion in the Western District of New York. A criminal accessed a victim’s personal credentials using a product advertised on the platform, which claimed to offer access to “billions of leaked websites.” This allowed the criminal to send sexually explicit and threatening messages to the victim, demonstrating just one of the numerous harmful applications of the Cracked marketplace’s offerings.
To mitigate such incidents, the FBI, in cooperation with international law enforcement partners, identified and seized servers and domain names associated with the Cracked infrastructure. This operation, including the takedown of servers used for payment processing through Sellix and related hosting services, was a direct hit at the heart of the platform’s operations. Law enforcement officials now expect that anyone trying to access the seized domains will encounter a law enforcement seizure banner, alerting them to the legal actions taken.
Nulled Marketplace: A Parallel Operation
Simultaneously, the U.S. Justice Department also announced the seizure of the Nulled marketplace domain and revealed criminal charges against Lucas Sohn, one of its key administrators. Nulled had been active since 2016, with over 5 million users and more than 43 million posts related to cybercrime products and services. Similar to Cracked, the platform was responsible for selling stolen login credentials, personal identification documents, and hacking tools. The marketplace reportedly generated around $1 million annually, enabling criminals to further their activities with ease.
A particularly concerning item that was sold through Nulled was a database containing the names and social security numbers of 500,000 U.S. citizens, highlighting the scale of identity theft facilitated by the platform. Lucas Sohn, a 29-year-old Argentinian residing in Spain, acted as a key administrator for Nulled, processing transactions and acting as an intermediary for users engaged in cybercrime activities. Sohn faces several charges, including conspiracy to traffic in passwords, identity fraud, and access device fraud. If convicted, he could face lengthy prison sentences.
The Global Nature of the Cybercrime Threat
This operation exemplifies the collaborative efforts between international law enforcement agencies in addressing the growing issue of cybercrime. Investigators from multiple countries, including the Australian Federal Police, France’s Anti-Cybercrime Office, Germany’s Federal Criminal Police Office, and the Spanish National Police, among others, joined forces with the FBI to disrupt the Cracked and Nulled marketplaces.
With the seizures of critical cybercrime infrastructure and the arrests of key figures involved in these online marketplaces, authorities have taken a step toward curbing the global trade in stolen data and hacking tools. The operation not only highlights the widespread use of such platforms in criminal enterprises but also demonstrates the ongoing international commitment to combat online cybercrime.
The Justice Department, along with its law enforcement partners, has sent a clear message to cybercriminals operating in the dark corners of the internet: they are not beyond reach. The takedown of Cracked and Nulled serves as a powerful reminder of the risks associated with engaging in illegal activities within online cybercrime marketplaces. With the help of operations like Operation Talent, authorities are sending a warning to others who may attempt to exploit similar platforms for criminal purposes.
