Hacker Sanix arrested in Ukraine for selling billions of stolen credentials
The Ukrainian Secret Service (SSU) announced today the arrest of a hacker known as Sanix. The Ukrainian police said the Sanix was caught selling billions of hacked credentials on hacking forums and Telegram channels. Sanix has been on the radar of various European law enforcement agencies and the FBI for involvement in the stealing of databases.
Sanix aka a.k.a. “Sanixer” is very popular in Ukraine and among hackers and cybercriminals communities. The Ukrainian police said that it arrested Sanix in Ivano-Frankivsk, a city in western Ukraine. Authorities did not release the hacker’s name. The Security Service of Ukraine (SBU) which specializes in cybercrime claimed the arrest. SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”
Who is Sanix aka Sanixer?
Sanix was first noticed in January 2019 for a database leak of whopping 773 million stolen usernames and passwords. The database leak made headlines at that time and was labeled as “the largest collection of stolen data in history.” Security researcher, Brian Krebs analyzed the leaked database and found that very old and compiled from the databased leaked over the years.
Sanix started operating somewhere in 2018. He used to operate as a data broker on the dark web hacker forums and market places. A data broker is a guy who is the middleman between the hacker group stealing the database and the buyer. Sanix operated by collecting data leaked from hacked companies and compiling the information in large lists of usernames and passwords.
Sanix would then list his compiled database on dark web hacker forums for sale. Sanix used Telegram exclusively and operated under the nickname of Sanixer. Sanix is popular among the cybercriminals for his recording skills for assembling a series of user and password combos known as Collection #1, #2, #3, #4, #5, Antipublic, and others. Sanix compiled the list neatly with terabytes of data and billions of unique username-password combinations.
The collections were sold separately as different lots by Sanix. He collaborated with another hacker named Azatej, the operator of Infinity Black, a web portal for selling stolen databases. Azatej and Sanix introduced the concept of “combolists” to the hacker community. They sold the above collections as different lots. Today, Collection #1 even has its own Wikipedia page.
Azatej was arrested earlier this month in Poland as part of a Europol operation against the Infinity Black web service. It may be possible that Azatej or his team members leaked the whereabouts of Sanix to the authorities. It is also possible that the Swiss police found his identity and whereabouts from the Infinity Black servers seized by authorities during the Infinity Black raid.
The Security Service of Ukraine has identified and detained a hacker known as Sanix. Early last year, it caught the attention of global cybersecurity experts by posting on one of the forums the sale of a database with 773 million e-mail addresses and 21 million unique passwords.
Press release by the SSU.
SSU officers said they seized 2 TB of data, $3,000, and 190,000 Ukrainian hryvnias ($7,000) from Sanix’s residence following the raid. Below is a video of Sanix’s arrest released today by Ukrainian authorities.