WWH Club был взломан ФБР, обвинения предъявлены создателям форума

[bratva]

Полный текст:

The purported leaders of WWH Club, what investigators call a “cross between eBay and Reddit” online criminal forum, were charged in federal court for allegedly running an illicit enterprise helping more than 170,000 users buy stolen bank account numbers, hire hackers, and perform denial of service operations against websites.

The FBI was able to determine the IP addresses of the WWH Club site’s administrators after obtaining a search warrant for the US-based Cloud company Digital Ocean. From there, according to the complaint, computer scientists working for the FBI coded the WWH site’s data to give agents administrative privileges and the ability to see tens of thousands of emails, passwords, and activity registered to accounts. Agents noted that the administrative view of the website was in Russian, requiring them to use Google to translate much of the data.

Pavel Kublitskii, a Russian national, and Alexandr Khodyrev, from Kazakstan, were purportedly listed as administrators and moderators for WWH. The two men reportedly requested asylum two years ago after arriving in the U.S. Now, Kublitskii and Khodyrev face federal charges stemming from their alleged roles in operating the darknet site for conspiracy to traffic and conspiracy to possess 15 or more unauthorized devices.

The FBI says that they learned from gaining administrative access to WWH that the site’s administrators oversaw and reviewed all the transactions that took place on the site in order to “ensure compliance.” Users were reportedly barred from committing crimes in countries that are members of the Commonwealth of Independent States, which includes Kublitskii’s and Khodyrev’s home countries of Russia and Kazakstan, respectively.

The Justice Department declined to comment. A lawyer representing Kublitskii did not immediately respond to a request for comment. It is not clear if Khodyrev was arrested and efforts to reach him were unsuccessful.

Agents said advertisements and banners appeared to users after immediately accessing WWH, which offered access to ‘how to’ guides on credit card fraud, DDoS attacks, and stolen bank accounts for tens of thousands of rubles. WWH administrators also purportedly operated a scheme that recruited and taught users to purchase items with stolen credit card data. Court records include details of an undercover FBI agent who registered for one of the courses on credit card theft with $1000 in Bitcoin, which he attended for over six weeks alongside fifty other students.

The Bureau says Kublitskii had purchased a luxury condominium in Sunny Isle Beach, Florida. The complaint states that Khodyrev bought a “2023 Corvette at a South Florida dealership with approximately $110,000 cash.” The affidavit notes that a review of records found that both men appear to be unemployed.

The criminal complaint, which is being reported on first by Court Watch, against the men is sealed in the Middle District of Florida where the U.S. Attorney’s Office there is taking the lead on the case. A copy of the affidavit was unsealed this morning in the South District of Florida where Kublitskii was arrested.
Нажмите, чтобы раскрыть...

Источник: https://www.courtwatch.news/p/exclusive-massive-criminal-online

Кратко:
- ФБР выписали ордер на обыск серверов WWH Club, которые почему-то располагались в американской компании Digital Ocean;
- форум был взломан и ФБР имели полные административные привилегии - получили доступ к тысячам емэйлов, паролей и полной активности по аккаунтам;
- администраторы и модераторы форума - Павел Кублицкий, гражданин России, и Александр Ходырев из Казахстана;
- оба администратора форума получили убежище в США два года назад по прибытию туда;
- в данный момент оба администратора предстали перед судом в обвинении в управлении даркнет-форумом, конспираси и неавторизованному доступ к более чем 15 устройствам;
- администраторы сайта имели доступ к просмотру всех пользовательских сделок, была запрещена работа по СНГ;
- судебные документы включают в себя детали как агент ФБР лично зарегистрировался на одни из курсов "как воровать с кредитных карт" и оплатил за них биткойнами, участвуя в них на протяжении 6 месяцев с 50 другими студентами;
- Кублицкий купил роскошное кондо в Флориде, а также корветт 2023 года у автодилера в Южной Флориде за 110к баксов кэша;
- Кублицкий арестован, по Ходыреву нет данных;
- оба админстратора были все это время официально безработными.

Никнеймы Кублицкого и Ходырева:
54. To date, investigators have determined that the owner and creator of the forum has two usemames with administrative functions: "W. W.H" and "Mans77." In addition to the forum owner and creator, it appears there are several
other top administrators who operate the site and receive a portion of the generated revenue. One of those top administrators operates under the usemame "Makein." For the reasons described below, there is probable cause to believe that KUBLITSKII and KHODYREV both serve as administrators of WWH and share the Makein usemame.

+

Thus, it appears that both accounts -timion@gmail.com and 2013KPV@gmail.com -were used by KUBLITSKII in connection with the alias of AngelBatista.

Привет другим админам и модерам:
55. On April 29, 2021, a United States Magistrate Judge sitting in the MDFL authorized four federal search warrants covering approximately 70 email accounts associated to administrators and staff who worked together to facilitate WWH. See 6:21-mj-1332 (TBS); 6:21-mj-1333 (TBS); 6:21-mj-1334 (TBS); 6:21-mj-1335 (TBS). Based on the information gathered from those warrants, on July 25, 2023, a different United States Magistrate Judge sitting in the MDFL authorized four follow-up federal search warrants covering 25 more email accounts associated with the main WWH Club administrators. See 8:23-mj-18 (SPF); 8:23-mj-19 (SPF); 8:23-mj-20 (SPF); 8:23-mj-21 (SPF).

Привет всем пользователям гаранта ВВХ и их маркетплейса:
59. Based on a review of seized backend data pertaining to **********, in or around May 2019, Makein (on **********) sent a message advising a ********** asking the user to send payment for an advertisement to a Bitcoin address ending in -qN2Z9. Blockchain analysis revealed -qN2Z9, as well as other Bitcoin addresses provided by Makein on **********, were clustered with over 100 Bitcoin addresses ("CLUSTER-2"). Between in or around July 10, 2015, and June 22, 2024
CLUSTER-2 received nearly 4,000 individual deposits totaling approximately 152
Bitcoin, or approximately $961,000.

Особое внимание обратите на даты - крайняя - 22 июня 2024!

Судебные документы: https://storage.courtlistener.com/recap/gov.uscourts.flsd.672601/gov.uscourts.flsd.672601.1.0.pdf