InfinityBlack, a hacking group based in Poland and Switzerland, was taken down by Polish and Swiss law enforcement after the arrest of five alleged active members.
InfinityBlack has a very specific operating strategy, all based on stealing loyalty scheme login credentials, which in turn would be exchanged in various electronic devices. The hackers gained access to numerous Swiss customer accounts, but losses were calculated ay only €50,000. Much of their “wealth” was still tied up in €610,000 worth of loyalty points that have yet to be siphoned off.
Polish National Police arrested five people on April 29 and confiscated electronic equipment, external hard drives and hardware cryptocurrency wallets, all worth around €100,000. Law enforcement officials also identified a couple of databases containing around 170 million entries.
“A number of investigation measures by specialists from the Cyber Investigation Division (DEC) of the Vaud Cantonal Police made it possible to dismantle the InfinityBlack hacker’s network set up to exploit this data to the detriment of businesses,” reads the official announcement.
“Between April 30 and May 2 2019, five arrests were made in the canton of Vaud, Switzerland. Once the criminal gang cashing out the loyalty points was identified in Switzerland, police exchanged criminal intelligence and uncovered links to members of the separate hacking group in Poland.”
The hackers had created an online platform to sell stolen credentials, also known as combos since they contain both the user name and password. Their goal was to sell this data to other criminal gangs who could use it, but who were a lot less sophisticated.
The arrests and the dismantling of the InfinityBlack group were possible because of cooperation between cyber units in Poland and Switzerland.