Sanix: In January 2019 a hacker calling themselves Sanix posted nearly 1.2 billion unique email and password combinations online. This cache of data quickly caught the world’s attention as everyone began working to understand the risk posed by “Collection 1.” At the time, two other hackers, C0rpz and Clorox, also claimed to be behind the data, leading to some disagreement among members of the security community as to who was responsible. Later, Sanix was believed to be responsible for assembling additional collections of stolen passwords known simply as Collection #2, #3, #4, #5 and Antipublic, altogether amounting to billions of unique username-password combinations. For many years, these collections were privately sold to hackers, but eventually leaked online and became widely available after a dispute with another data broker going by the name of Azatej. It was announced this week that Azatej was arrested in Poland as part of the Europol operation against Infinity Black. Sanix was then arrested in western Ukraine in a joint operation between the Cyber Police Division of the National Police of Ukraine (NPU) and the Security Service of Ukraine (SBU). Following his arrest, members of the SBU seized computers belonging to Sanix containing two terabytes of stolen data, including at least seven databases of stolen and broken passwords. According to the Ukrainian authorities, Sanix is cooperating fully with the investigation.
Analyst Notes
International law enforcement cooperation is essential to bringing cyber criminals to justice, and it is encouraging to see Ukrainian police once again working with Europol to arrest and prosecute criminals in Ukraine. Following the release of Collection 1, information security professionals experienced the same challenge that follows every major data breach: convincing users that old data poses a threat. Until all users make use of password managers to create unique complex passwords and update them regularly, old credentials will always have value. Criminals are always on the lookout for stolen credentials, even old ones, as far too many users will make small changes to easy-to-remember passwords when they have to update their passwords. This makes it short work for criminals to test and determine current passwords based on old data. More information on this incident can be found at:
https://www.zdnet.com/article/hacker-arrested-in-ukraine-for-selling-billions-of-stolen-credentials/
