{"id":11115,"date":"2018-01-15T10:17:05","date_gmt":"2018-01-15T18:17:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/01\/15\/news-4886\/"},"modified":"2018-01-15T10:17:05","modified_gmt":"2018-01-15T18:17:05","slug":"news-4886","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/01\/15\/news-4886\/","title":{"rendered":"Canadian Police Charge Operator of Hacked Password Service Leakedsource.com"},"content":{"rendered":"<p><strong>Credit to Author: BrianKrebs| Date: Mon, 15 Jan 2018 16:44:47 +0000<\/strong><\/p>\n<p>Canadian authorities have arrested and charged a 27-year-old Ontario man for allegedly selling billions of stolen passwords online through the now-defunct service <strong>Leakedsource.com<\/strong>.<\/p>\n<div id=\"attachment_38087\" style=\"width: 579px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-38087\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2017\/02\/lsscreen.png\" alt=\"\" width=\"569\" height=\"313\" srcset=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2017\/02\/lsscreen.png 894w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2017\/02\/lsscreen-580x319.png 580w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2017\/02\/lsscreen-768x422.png 768w\" sizes=\"auto, (max-width: 569px) 100vw, 569px\" \/><\/p>\n<p class=\"wp-caption-text\">The now-defunct Leakedsource service.<\/p>\n<\/div>\n<p>On Dec. 22, 2017, the <strong>Royal Canadian Mounted Police<\/strong> (RCMP) charged <strong>Jordan Evan Bloom<\/strong> of Thornhill, Ontario for trafficking in identity information, unauthorized use of a computer, mischief to data, and possession of property obtained by crime. Bloom is expected to make his first court appearance today.<\/p>\n<p>According to a statement from the RCMP, &#8220;Project Adoration\u201d began in 2016 when the RCMP learned that LeakedSource.com was being hosted by servers located in Quebec.<\/p>\n<p>\u201cThis investigation is related to claims about a website operator alleged to have made hundreds of thousands of dollars selling personal information,&#8221; said Rafael Alvarado, the officer in charge of the RCMP Cybercrime Investigative Team. &#8220;The RCMP will continue to work diligently with our domestic and international law enforcement partners to prosecute online criminality.\u201d<\/p>\n<p>In January 2017, multiple news outlets reported that unspecified law enforcement officials\u00a0had seized the servers for\u00a0Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches \u2014 including three billion credentials for accounts at top sites like\u00a0<strong>LinkedIn\u00a0<\/strong>and\u00a0<strong>Myspace.<\/strong><\/p>\n<div id=\"attachment_42229\" style=\"width: 250px\" class=\"wp-caption alignleft\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-42229\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2018\/01\/jordanbloom.png\" alt=\"\" width=\"240\" height=\"305\" \/><\/p>\n<p class=\"wp-caption-text\">Jordan Evan Bloom. Photo: RCMP.<\/p>\n<\/div>\n<p>LeakedSource in October 2015 began selling access to passwords stolen in high-profile breaches. Enter any email address on the site\u2019s search page and it would tell you if\u00a0it had a password corresponding to that address. However, users had to select a payment plan before viewing any passwords.<\/p>\n<p>The RCMP alleges that Jordan Evan Bloom was responsible for administering the LeakedSource.com website, and earned approximately $247,000 from trafficking identity information.<\/p>\n<p>A <a href=\"https:\/\/krebsonsecurity.com\/2017\/02\/who-ran-leakedsource-com\/\" target=\"_blank\" rel=\"noopener\">February 2017 story here at KrebsOnSecurity<\/a> examined clues that LeakedSource was administered by an individual in the United States.\u00a0 Multiple sources suggested that one of the administrators of LeakedSource also was the admin of\u00a0<strong>abusewith[dot]us<\/strong>, a site unabashedly\u00a0dedicated to helping people hack email and online gaming accounts.<span id=\"more-42223\"><\/span><\/p>\n<p>That story traced those clues back to a Michigan man who ultimately admitted to running <strong>Abusewith[dot]us<\/strong>, but who denied being the owner of LeakedSource.<\/p>\n<p>The RCMP said it had help in the investigation from The <strong>Dutch National Police<\/strong> and the <strong>FBI<\/strong>. The FBI could not be immediately reached for comment.<\/p>\n<p>LeakedSource was a curiosity to many, and for some journalists a potential source of news about new breaches. But unlike services such as\u00a0<a href=\"https:\/\/www.breachalarm.com\/\" target=\"_blank\" rel=\"noopener\">BreachAlarm<\/a>\u00a0and\u00a0<a href=\"https:\/\/haveibeenpwned.com\/\" target=\"_blank\" rel=\"noopener\">HaveIBeenPwned.com<\/a>\u00a0\u2014 which force users to verify that they can access a given account or inbox before the site displays whether it has found a password associated with the account in question \u2014 LeakedSource did nothing to validate users.<\/p>\n<p>This fact, critics charged, showed that the proprietors of LeakedSource were purely interested in making money and helping others pillage accounts.<\/p>\n<p>Since the demise of LeakedSource.com, multiple, competing new services have moved in to fill the void. These services &#8212; which are primarily useful because they expose when people re-use passwords across multiple accounts &#8212; are popular among those involved in a variety of cybercriminal activities, particular account takeovers and email hacking.<\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2018\/01\/canadian-police-charge-operator-of-hacked-password-service-leakedsource-com\/\" target=\"bwo\" >https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2017\/02\/lsscreen.png\"\/><\/p>\n<p><strong>Credit to Author: BrianKrebs| Date: Mon, 15 Jan 2018 16:44:47 +0000<\/strong><\/p>\n<p>Canadian authorities have arrested and charged a 27-year-old Ontario man for allegedly selling billions of stolen passwords online through the now-defunct service Leakedsource.com.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[11350,11355,17165,6627,11362,17166,17167,16696,17168,8419,17169],"class_list":["post-11115","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-abusewithus","tag-breachalarm","tag-dutch-national-police","tag-fbi","tag-haveibeenpwned-com","tag-jordan-evan-bloom","tag-leakedsource-com","tag-neer-do-well-news","tag-project-adoration","tag-rcmp","tag-royal-canadian-mounted-police"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11115","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11115"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11115\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11115"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}