It’s been almost a year since an international sting took down WeLeakInfo, a site that marketed stolen personal data, but its alleged customers are still drawing the attention of law enforcement.
The U.K.’s National Crime Agency says that 21 people have been arrested across the country recently for using data purchased on WeLeakInfo for criminal activity, including hacking and fraud.
“Of those 21 arrested — all men aged between 18-38 — nine were detained on suspicion of Computer Misuse Act offences, nine for Fraud offences and three are under investigation for both,” the agency said in a Dec. 25 release.
The operation began Nov. 16 and will continue into next year, the agency said. Some WeLeakInfo users are being threatened with legal action rather than arrested outright.
“A further 69 individuals in England, Wales and Northern Ireland aged between 16-40 were visited by Cyber Prevent officers, warning them of their potentially criminal activity. 60 of those were served with cease and desist notices,” the NCA said. “Many more of these visits are due to take place over the coming months.”
The U.S. Department of Justice announced the shutdown of WeLeakInfo on Jan. 17, in coordination with authorities from the U.K. and Germany. The site claimed to have more than 12 billion records compiled from some 10,000 data breaches. Buyers could purchase usernames, passwords and other personal data meant to facilitate identity theft.
The U.K. operation showed the links between WeLeakInfo’s customers and other areas of cybercrime, the NCA said.
“As well as being customers of WeLeakInfo, evidence suggests that some had also purchased other cybercrime tools such as remote access Trojans (RATs) and crypters,” the agency said. “Additionally, three subjects have been found to be in possession of, or involved with, indecent images of children.”
U.S. authorities have made no announcements about investigations or arrests related to WeLinkInfo since the January takedown.
In announcing the arrests, the NCA also touted a U.K. program, Cyber Choices, that attempts to divert young people with cyber skills away from illicit activity. The U.K. also participated in a similar Netherlands-based program called Hack_Right.
“We were also able to pin point those on the verge of breaking the law and warn them that should they continue, they could face a criminal conviction,” said Paul Creffield of the NCA’s National Cyber Crime Unit, in the news release. “Cyber skills are in huge demand and there are great prospects in the tech industry for those who choose to use their skills legally.”