Police seizes Cracked and Nulled hacking forum servers, arrests suspects

Europol and German law enforcement confirmed the arrest of two suspects and the seizure of 17 servers in Operation Talent, which took down Cracked and Nulled, two of the largest hacking forums with over 10 million users.

Even though some of their members are also engaged in ethical hacking discussions, these hacking forums are best known for focusing on cybercrime, password theft, cracking, and credential-stuffing attacks and were widely regarded as a hub for cybercriminal activity,

They also hosted hacking tools, such as AI-based tools and scripts that help scan for security vulnerabilities and optimize attacks, "configs" used by credential-stuffing attack tools (e.g., OpenBullet and SilverBullet), and other illicit activities, including content related to software cracks and a "combo lists" marketplace with stolen credentials or databases.

"Both of these underground economy forums offered a quick entry point into the cybercrime scene. These sites worked as one-stop shops and were used not only for discussions on cybercrime but also as marketplaces for illegal goods and cybercrime-as-a-service, such as stolen data, malware or hacking tools," Europol said.

"Throughout the course of the action day, 12 domains within the platforms Cracked and Nulled were seized. Other associated services were also taken down; including a financial processor named Sellix which was used by Cracked, and a hosting service called StarkRDP, which was promoted on both of the platforms and run by the same suspects."

Authorities also searched seven properties and seized over 50 electronic devices and around €300,000 (just over $312,000) in cash and cryptocurrency between January 28 and January 30.

"The seized data, such as e-mail addresses, IP addresses and communication channels of the approximately 10 million registered user accounts, will be the basis for further international investigations against criminal sellers and users of the platforms," added Bundeskriminalamt, Germany's central criminal investigation agency.

As BleepingComputer first reported on Wednesday, seizure banners were added to the cracked[.] io, nulled [.] to, starkrdp [.] io, mysellix [.] io, and sellix [.] io domains, confirming that they had been seized in a joint law enforcement action dubbed "Operation Talent" that included law enforcement authorities from the United States, Italy, Spain, Europe, France, Greece, Australia, and Romania.

"This website, as well as the information on the customers and victims of the website, has been seized by international law enforcement partners," the banners read.

​The FBI seized the forums' domains and changed their name servers from their previous Cloudflare name servers to ns1.fbi.seized.gov and ns2.fbi.seized.gov.

The U.S. law enforcement agency also seized domains used by:

• StarkRDP (starkrdp.io), a Windows RDP virtual hosting provider promoted on both hacking forums and run by the same suspects and
• SellIX (sellix.io and mysellix.io), a financial processor that was also used by Cracked members.

Cracked.io's staff also released a statement on Telegram confirming that police had seized the hacking forum's cracked.io domain.

"Now that everyone has more clarity on the situation, Cracked.io has been seized under operation talent with specific reasons being undisclosed," they said.

"We are still waiting for the official court documentation from the data centre and the domain host. We will inform you guys further on those details once we have it. A sad day indeed for our community."

However, German law enforcement says SellIX and StarkRDP were shut down as they were "directly part of the platforms' economic network."