www.malwarebytes.com
Open in
urlscan Pro
192.0.66.233
Public Scan
URL:
https://www.malwarebytes.com/blog/news/2024/08/data-theft-forum-admins-busted-after-flashing-their-cash-in-a-life-of-luxury
Submission: On August 14 via api from TR — Scanned from DE
Submission: On August 14 via api from TR — Scanned from DE
Form analysis 5 forms found in the DOM
GET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://www.malwarebytes.com/blog/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/blog/">
<div class="labs-sub-nav__searchbar-wrap">
<input class="labs-sub-nav__search-input" type="text" name="s" placeholder="Search Labs">
<button class="labs-sub-nav__search-button" id="cta-labs-rightrail-search-submit-en" aria-label="Search in Malwarebytes">
<svg xmlns="http://www.w3.org/2000/svg" width="35px" height="35px" viewBox="0 0 24 24" fill="none">
<g clip-path="url(#clip0_15_152)">
<rect width="24" height="24" fill="none"></rect>
<circle cx="10.5" cy="10.5" r="6.5" stroke="#0d3ecc" stroke-linejoin="round"></circle>
<path d="M19.6464 20.3536C19.8417 20.5488 20.1583 20.5488 20.3536 20.3536C20.5488 20.1583 20.5488 19.8417 20.3536 19.6464L19.6464 20.3536ZM20.3536 19.6464L15.3536 14.6464L14.6464 15.3536L19.6464 20.3536L20.3536 19.6464Z" fill="#0d3ecc">
</path>
</g>
<defs>
<clipPath id="clip0_15_152">
<rect width="24" height="24" fill="#0d3ecc"></rect>
</clipPath>
</defs>
</svg>
</button>
</div>
</form>GET https://www.malwarebytes.com/digital-footprint-app
<form style="margin-bottom: 32px; border-radius: 1em; padding: 24px 16px; background-color: #18181a; background-image: radial-gradient(#525252 1.5px,transparent 0); background-size: 20px 20px;" id="form" method="GET"
action="https://www.malwarebytes.com/digital-footprint-app" target="_blank" __bizdiag="96619420" __biza="WJ__" vwo-element-id="1713202132545" vwo-op-1713202348479="">
<h2 style="margin: 0 8px 0 8px; color: #fff; font-family: Poppins,sans-serif; font-size: 24px; margin-bottom: 24px" class="vwo_1712655349804 vwo_1712757835977" dir="ltr"> <img class="mb-logo"
src="https://www.malwarebytes.com/wp-content/themes/malwarebytes/assets/src/digital-footprint/dist/assets/mb-logo.svg" alt="malwarebytes logo" style="height: 18px"> <br>Digital Footprint Portal </h2>
<p style="color: #fff; margin-left: 8px; margin-right: 8px" class="vwo_1712654910657 vwo_1712655348228 vwo_1712655373236">Enter your email to see if your personal data has been exposed. </p>
<div style="display: flex; justify-content: flex-end; flex-wrap: wrap;" class="vwo_1712617537229">
<div style="margin: 0 8px 16px 8px; flex-grow: 1; display: flex; padding: 24px 20px; align-items: center; gap: 12px; border-radius: 28px; border: 1px solid #fff; box-shadow: 0 1px 2px #0d10170f; height: 20px; background-color: #18181a;"
class="vwo_1712616680831 vwo_1712616818681 vwo_1712655073123"> <img
src="data:image/svg+xml,%3csvg%20width='20'%20height='20'%20viewBox='0%200%2020%2020'%20fill='none'%20xmlns='http://www.w3.org/2000/svg'%3e%3cpath%20d='M2.7978%203.49805H17.1978C18.1878%203.49805%2018.9978%204.25945%2018.9978%205.19004V15.342C18.9978%2016.2726%2018.1878%2017.034%2017.1978%2017.034H2.7978C1.8078%2017.034%200.997803%2016.2726%200.997803%2015.342V5.19004C0.997803%204.25945%201.8078%203.49805%202.7978%203.49805Z'%20stroke='white'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M18.9978%205.18848L9.99779%2011.1105L0.997803%205.18848'%20stroke='white'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/svg%3e"
alt="email icon"> <input style="margin: 0; width: 100%; background-color: #18181a; border: none; outline: none; color: #fff; font-size: 20px; font-style: normal; font-weight: 300; line-height: 24px;" type="email" name="email"
autocomplete="off" placeholder="name@email.com" class="vwo_1712616897633 vwo_1712660000524"> </div> <input type="submit" value="Scan"
style="margin: 0 8px 0 8px; background: #0d3ecc; color: #fff; border: none; height: 50px; border-radius: 100px; padding: 14px 40px" class="vwo_1712660005400">
</div>
</form>https://www.malwarebytes.com/newsletter/
<form action="https://www.malwarebytes.com/newsletter/" class="newsletter-form">
<div class="newsletter-form__inline">
<label>Email Address</label>
<input type="email" name="email" id="cta-footer-newsletter-input-email-en" placeholder="Email Address" required="" class="newsletter-form__email">
<input type="hidden" class="newsletter-form__pageurl" value="https://www.malwarebytes.com/blog/news/2024/08/data-theft-forum-admins-busted-after-flashing-their-cash-in-a-life-of-luxury">
<input name="source" type="hidden" value="">
<input type="submit" value="Sign Up" class="newsletter-form__btn" id="cta-footer-newsletter-subscribe-email-en">
</div>
<div class="newsletter-form__validate hidden">
<span></span>
</div>
</form>Text Content
Skip to content
Search
Search Malwarebytes.com
Search for:
* Sign In
* MyAccount sign in: manage your personal or Teams subscription >
* Cloud Console sign in: manage your cloud business products >
* Partner Portal sign in: management for Resellers and MSPs >
* Personal
< Personal
Products
* Malwarebytes Premium Security >
* Malwarebytes Privacy VPN >
* Malwarebytes Identity Theft Protection >
* Malwarebytes Browser Guard >
* Malwarebytes for Teams/small offices >
* AdwCleaner for Windows >
--------------------------------------------------------------------------------
Find the right product
See our plans
Infected already?
Clean your device now
Solutions
* Free antivirus >
* Free virus scan & removal >
* Windows antivirus >
* Mac antivirus >
* Android antivirus >
* iOS security >
* Digital Footprint Scan >
See personal pricing
Manage your subscription
Visit our support page
* Business
< Business
BUNDLES
* ThreatDown Bundles
* Protect your endpoints with powerfully simple and cost-effective bundles
* Education Bundles
* Secure your students and institution against cyberattacks
TECHNOLOGY HIGHLIGHTS
* Managed Detection & Response (MDR)
* Deploy fully-managed threat monitoring, investigation, and remediation
* Endpoint Detection & Response (EDR)
* Prevent more attacks with security that catches what others miss
* Explore our portfolio >
Visualize and optimize your security posture in just minutes.
Learn more about Security Advisor (available in every bundle). >
* Pricing
< Pricing
Personal pricing
Protect your personal devices and data
Small office/home office pricing
Protect your team’s devices and data
Business pricing (5+ employees)
Step up your corporate endpoint security. Save up to 45%
* Partners
< Partners
Explore Partnerships
Partner Solutions
* Resellers
* Managed Service Providers
* Computer Repair
* Technology Partners
* Affiliate Partners
Contact Us
* Resources
< Resources
Learn About Cybersecurity
* Antivirus
* Malware
* Ransomware
Malwarebytes Labs – Blog
* Glossary
* Threat Center
Business Resources
* Reviews
* Analyst Reports
* Case Studies
Press & News
Reports
The State of Malware 2023 Report
Read report
* Support
< Support
Malwarebytes Personal Support
Malwarebytes and Teams Customers
ThreatDown Business Support
Nebula and Oneview Customers
Community Forums
Free Download
* Sign In
* < Sign In
* MyAccount sign in: manage your personal or Teams subscription >
* Cloud Console sign in: manage your cloud business products >
* Partner Portal sign in: management for Resellers and MSPs >
Search Search
Search Malwarebytes.com
Search for:
SUBSCRIBE rss
News | Privacy
DATA THEFT FORUM ADMINS BUSTED AFTER FLASHING THEIR CASH IN A LIFE OF LUXURY
Posted: August 13, 2024 by Pieter Arntz
DIGITAL FOOTPRINT PORTAL
Enter your email to see if your personal data has been exposed.
Two men without a clear source of income landed cyberfraud charges after being
so flash with their ill-gotten cash that it gained the attention of the
authorities.
In 2022, Russian national Pavel Kublitskii and Kazakhstan national Alexandr
Khodyrev arrived in Florida and requested asylum, which was granted by the
Department of Homeland Security (DHS). Both provided DHS with the same
residence address in Hollywood, Florida.
However, their lavish lifestyle was unusual. For example, Kublitskii opened a
Bank of America account with a cash deposit of $50,000 and rented a luxury
house, while Khodyrev purchased a 2023 Corvette with approximately $110,000
cash. All while appearing to not have a job.
The investigation indicated that the two men were involved in the activities of
the dark web platform WWH Club and related forums Skynetzone, Opencard, and
Center-Club.
WWH Club and the other forums are Dark Web marketplaces where cybercriminals
buy, sell, and trade login credentials, personal identifying information (PII),
malware, fake identification documents, and financial credentials. The forums
even provide training for aspiring cybercriminals.
The FBI was able to determine the IP addresses of the WWH Club site’s
administrators after obtaining a search warrant for the US-based Cloud company
Digital Ocean. Based on the information derived from the logs, the FBI agent
concluded:
> “In addition to the forum owner and creator, it appears there are several
> other top administrators who operate the site and receive a portion of the
> generated revenue. One of those top administrators operates under the usemame
> “Makein.” The FBI agent provides details which show there is probable cause to
> believe that Kublitskii and Khodyrev both serve as administrators of WWH and
> share the Makein username.”
Makein is also the handle of the owner and primary administrator of Skynetzone.
Part of the offered training at WWH was a scheme that recruited and taught users
to purchase items with stolen credit card data. An FBI covert online employee
registered for an account on WWH and paid approximately $1,000 in bitcoin to
attend the WWH training.
While on the forums, the agent saw an post where a user was selling stolen PII
of people and businesses in the US. Buyers could choose how many people’s PII
they wished to buy and specify the particular US state of residence, gender,
age, and the credit score of their desired victims. In exchange for $110, paid
in Bitcoin, the WWH seller sent the undercover agent a folder containing 20
files, each of which contained the name, date of birth, Social Security Number
(SSN), state of residency, address, credit score, credit report, and account
information from LendingTree.com for a US citizen.
The lead FBI agent explained:
> “I know, based on my training and experience, that the presence of account
> information from LendingTree.com suggests that this stolen PII derived from a
> February 2022 breach of LendingTree that compromised the data of over 200,000
> customers.”
The FBI researched domain registrations, exchanged messages, Bitpay
transactions, blockchain analysis, and other digital evidence and came to the
conclusion that the suspects shared the Makein account and were responsible for
the cybercrimes committed by that persona.
Agents obtained records from Google which revealed that messages from and to
their accounts often contained stolen PII and credit card information and which
tied the account to the suspects.
With probable cause provided, the FBI agent requested the court to authorize the
requested criminal complaint charging the suspects with conspiracy for
trafficking in unauthorized access devices and possession of 15 or more
unauthorized access devices.
Kublitski has been placed under arrest. It is not clear if Khodyrev was arrested
as well. The WWH forums are running as usual and the current administrators
acknowledge that the suspects were involved, but only as moderators.
CHECK YOUR DIGITAL FOOTPRINT
If you want to find out how much of your data has been exposed online, you can
try our free Digital Footprint scan. Fill in the email address you’re curious
about (it’s best to submit the one you most frequently use) and we’ll send you a
free report.
SCAN NOW
--------------------------------------------------------------------------------
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your
family’s—personal information by using identity protection.
SHARE THIS ARTICLE
RELATED ARTICLES
Personal
MALWAREBYTES AWARDED PARENT TESTED PARENT APPROVED SEAL OF APPROVAL
August 13, 2024 - Malwarebytes has been awarded the Parent Tested Parent
Approved Seal of Approval for product excellence.
CONTINUE READING 0 Comments
Podcast
AI GIRLFRIENDS WANT TO KNOW ALL ABOUT YOU. SO MIGHT CHATGPT (LOCK AND CODE
S05E17)
August 12, 2024 - This week on the Lock and Code podcast, we speak with Zoë
MacDonald about how to protect your privacy when using ChatGPT and other tools.
CONTINUE READING 0 Comments
News | Personal
GOOGLE MANIFEST V3 AND MALWAREBYTES BROWSER GUARD
August 12, 2024 - We wanted to update you on some changes that Google’s making,
and what we’re doing in Browser Guard to keep you protected.
CONTINUE READING 1 Comment
News
A WEEK IN SECURITY (AUGUST 5 – AUGUST 11)
August 12, 2024 - A list of topics we covered in the week of August 5 to August
11 of 2024
CONTINUE READING 0 Comments
News | Privacy
SECURITY COMPANY ADT ANNOUNCES SECURITY BREACH OF CUSTOMER DATA
August 9, 2024 - Home surveillance provider ADT just announced they suffered a
data breach and cybercriminals are already leaking the data
CONTINUE READING 0 Comments
ABOUT THE AUTHOR
Pieter Arntz
Malware Intelligence Researcher
Was a Microsoft MVP in consumer security for 12 years running. Can speak four
languages. Smells of rich mahogany and leather-bound books.
Contributors
Threat Center
Podcast
Glossary
Scams
Cyberprotection for every one.
FOR PERSONAL
* Windows Antivirus
* Mac Antivirus
* Android Antivirus
* Free Antivirus
* VPN App (All Devices)
* Malwarebytes for iOS
* SEE ALL
COMPANY
* About Us
* Contact Us
* Careers
* News and Press
* Blog
* Scholarship
* Forums
FOR BUSINESS
* Small Businesses
* Mid-size Businesses
* Larger Enterprise
* Endpoint Protection
* Endpoint Detection & Response (EDR)
* Managed Detection & Response (MDR)
FOR PARTNERS
* Managed Service Provider (MSP) Program
* Resellers
MY ACCOUNT
Sign In
SOLUTIONS
* Digital Footprint Scan
* Rootkit Scanner
* Trojan Scanner
* Virus Scanner
* Spyware Scanner
* Password Generator
* Anti Ransomware Protection
ADDRESS
One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland
3979 Freedom Circle
12th Floor
Santa Clara, CA 95054
LEARN
* Malware
* Hacking
* Phishing
* Ransomware
* Computer Virus
* Antivirus
* What is VPN?
* Twitter
* Facebook
* LinkedIn
* Youtube
* Instagram
CYBERSECURITY INFO YOU CAN’T LIVE WITHOUT
Want to stay informed on the latest news in cybersecurity? Sign up for our
newsletter and learn how to protect your computer from threats.
Email Address
* Legal
* Privacy
* Accessibility
* Compliance Certificates
* Vulnerability Disclosure
* Terms of Service
© 2024 All Rights Reserved
This site uses cookies in order to enhance site navigation, analyze site usage
and marketing efforts. Please see our privacy policy for more information.
Privacy Policy
Cookies Settings Decline All Accept All Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
Privacy Policy
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE AND FUNCTIONALITY
Performance and Functionality
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
ANALYTICS
Analytics
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
ADVERTISING
Advertising
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
Back Button
COOKIE LIST
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Decline All Confirm My Choices