InfinityBlack, a hacking group based in Poland and
Switzerland, was taken down by Polish and Swiss law enforcement after the
arrest of five alleged active members.
InfinityBlack has a very specific operating strategy, all
based on stealing loyalty scheme login credentials, which in turn would be
exchanged in various electronic devices. The hackers gained access to numerous
Swiss customer accounts, but losses were calculated ay only €50,000. Much of
their “wealth” was still tied up in €610,000 worth of loyalty points that have
yet to be siphoned off.
Polish National Police arrested five people on April 29
and confiscated electronic equipment, external hard drives and hardware
cryptocurrency wallets, all worth around €100,000. Law enforcement officials
also identified a couple of databases containing around 170 million entries.
“A number of investigation measures by specialists from the Cyber Investigation Division (DEC) of the Vaud Cantonal Police made it possible to dismantle the InfinityBlack hacker’s network set up to exploit this data to the detriment of businesses,” reads the official announcement.
“Between April 30 and May 2 2019, five arrests were made
in the canton of Vaud, Switzerland. Once the criminal gang cashing out the
loyalty points was identified in Switzerland, police exchanged criminal
intelligence and uncovered links to members of the separate hacking group in
Poland.”
The hackers had created an online platform to sell stolen
credentials, also known as combos since they contain both the user name and
password. Their goal was to sell this data to other criminal gangs who could use
it, but who were a lot less sophisticated.
The arrests and the dismantling of the InfinityBlack
group were possible because of cooperation between cyber units in Poland and
Switzerland.