The Security Service of Ukraine (SBU) announced this week the arrest of a hacker identified as "Sanix". Also known as "Sanixer", this hacker was associated with selling personal data on the web.
Sanix gained fame in January 2019 when a series of "collections" of leaked data went on sale in the web's underworld. The first package, called "Collection # 1", had data for 773 million e-mail addresses. Later, other compilations were released.
At the time, the package was considered the largest of its kind. The hacker, however, was not responsible for obtaining this information. Most of them originated from previous hacks by other hackers. Sanix had just organized everything into a single file. For this reason, the price of the data collection also drew attention: only $ 45 (about R $ 255).
According to the SBU, more than 2 TB of files were seized, among which are possibly the personal and financial data contained in the leaks, which amounted to half that volume. The hacker would also be involved in selling access to hacked systems to carry out denial of service attacks.
During the search of the suspect's home, the authorities seized the equivalent of R $ 56,000 in dollars and currency (Ukrainian currency), as well as cell phones and computers.
Sanix's name and age were not disclosed. Security experts had previously noted the hacker's carelessness and suspected that he was a young resident of Ivano-Frankivsk, in western Ukraine. The SBU operation took place in the same location.
According to the SBU, the hacker will have to answer for crimes of unauthorized computer interference and unauthorized sale or dissemination of restricted information stored on a computer.
Understand data 'builds'
When hackers manage to break into online services and steal users' information, the resulting data leak will have only the data obtained from that action. The "collections" or "compilations", in turn, gather data from several similar leaks, gathering information related to the same e-mail address.
Although data compilations organized by Sanix drew the attention of experts in January 2019, packages like this have appeared more and more.
In addition to simply collecting files from old leaks, hackers also try to use passwords already registered on new service websites, "recycling" leaks and creating opportunities to reuse old information.
In other words, when a hacker obtains passwords from users on one site, he tries to use those same passwords on several other sites. If a user used the same password in more than one place, the hacker will know that that password works on more than one website, even if he was unable to attack that second website where the password worked. This is an attack called "credential stuffing".
LEARN MORE: Understand and protect yourself from the 'credential stuffing' attack used by hackers in data leaks
Questions about security, hackers and viruses? Send to email@example.com