In a significant crackdown on cybercrime, the FBI, alongside European authorities, recently seized the domain names of the notorious forums Cracked and Nulled. These platforms, known for their vast user base and illegal activities involving stolen data, hacking tools, and malware, have been under scrutiny for some time. An in-depth investigation reveals intriguing details about the individuals allegedly behind these operations.

The Seizure and Its Implications

On January 30th, the U.S. Department of Justice announced the seizure of eight domain names linked to Cracked, a cybercrime forum that emerged in 2018 and amassed over four million users. This operation, termed Operation Talent, also targeted domains associated with Sellix, a payment processor for Cracked. Additionally, domains for anonymity services StarkRDP[.]io and rdp[.]sh, frequently advertised on Cracked and Nulled, were seized.

Entities and Individuals Involved

Both RDP services were reportedly owned by 1337 Services GmbH, a company registered in Hamburg, Germany, also known as AS210558. Corporate records from Northdata.com identify the key figures behind this entity as Florian Marzahl and Finn Alexander Grimpe. Notably, Grimpe's first name aligns with the alias "Finndev," the founder of Nulled.

  • Florian Marzahl: Co-founder of Sellix and associated with multiple cybercrime forums under the alias "FlorainN."
  • Finn Alexander Grimpe: Linked to the founding of Nulled and other cybercrime activities under the pseudonym "Finndev."

Connections to Other Cybercrime Activities

Intel 471, a cyber intelligence firm, has traced the activities of "Finndev" across several cybercrime forums, including Raidforums and vDOS. The email f.grimpe@gmail.com was used to register domains such as nulled[.]lol, further linking Grimpe to these illicit activities. Similarly, "FlorainN" was found to have registered on multiple forums using the email olivia.messla@outlook.de.

Additional Platforms and Operations

Interestingly, both Cracked and Nulled forums have experienced breaches, exposing private communications among users. These leaks revealed that "Finndev" was also associated with Shoppy[.]gg, an e-commerce platform catering to similar clientele as Sellix. Although Shoppy was not targeted in Operation Talent, its connections to the seized forums remain noteworthy.

Current Status and Future Developments

The DOJ reported the arrest of Lucas Sohn, a 29-year-old Argentinian national and alleged administrator of Nulled, in Spain. However, no further arrests or charges have been announced. Meanwhile, the operators of 1337 Services GmbH, including "StarkRDP" and "FlorainN," have communicated via Telegram, asserting their compliance with the law and planning to resume operations under a new identity.

In a statement, the StarkRDP Telegram account assured users that their servers were secure and unaffected by the seizure, emphasizing their commitment to lawful operations. The transition to a new domain and name is underway, marking a new chapter for the service.

The link has been copied!