Ukrainian police arrested three individuals aged between 20 and 40 who were stealing email accounts and Instagram profiles of internet users.
To hijack accounts, the suspects used the brute force method, which involves guessing passwords by trying a large number of password phrases with the use of specialized software.
Preliminary investigations revealed that, over the course of a year of criminal activity, the group members amassed databases of stolen accounts from over 100 million internet users worldwide.
The suspects resided in different regions of Ukraine and communicated with each other via the internet. The group formed databases of hacked accounts and offered them for sale on the dark web. The customers were primarily other cyber crooks who purchased compromised accounts for use in various scams.
The police conducted seven searches at the residences and registration places of the suspects in Kyiv, Odesa, Vinnytsia, Ivano-Frankivsk, as well as the Kyiv, Donetsk, and Kirovohrad regions. During the raids, computer equipment, mobile phones, bank cards and cash were seized.
The members of the group were charged with unauthorized interference in the operation of information (automated), electronic communication, information and communication systems, electronic communication networks under Part 3 of Article 28, Part 5 of Article 361 (Unauthorized interference in the operation of information (automated), electronic communication, information and communication systems, electronic communication networks) of the Criminal Code of Ukraine. They face up to 15 years in prison.
Additionally, the investigation is underway into the possibility of collaboration between the suspects and the Russian intelligence agencies, as the stolen accounts were used for conducting information-psychological operations (IPSO) in the interests of the aggressor state.