Police arresting cybercriminal

The Düsseldorf Police in Germany have seized Crimemarket, a massive German-speaking illicit trading platform with over 180,000 users, arresting six people, including one of its operators.

Known as Crimemarket, it was the largest cybercrime market in the country and a hub for trading illegal drugs, narcotics, and cybercrime services, while it also hosted tutorials/guides for conducting various crimes.

This law enforcement action resulted from years of investigations and numerous searches that produced evidence leading to the identification of the platform's operators and many users.

"In a concerted campaign, investigators across Germany and abroad took action against the largest German-speaking criminal trading platform on the Internet on Thursday evening," reads a machine-translated announcement.

As part of the operation, 102 search warrants were executed throughout the country simultaneously during the evening of February 29th, 2024.

The press release says the focus was primarily in North Rhine-Westphalia, where three people were arrested, including a 23-year-old man considered the main suspect. An additional three people were arrested in other federal states.

"The police seized numerous pieces of evidence, especially cell phones, IT devices and data carriers. In 21 cases, officers in North Rhine-Westphalia seized narcotics, including 1 kilogram of marijuana and various ecstasy tablets. A total of almost 600,000 euros in cash and movable assets were seized," reads a translated press release.

"A total of three more people were arrested in police measures in other federal states, which were initiated by the police there."

The German police say that the operation is targeting not only the operators of the Crimemarket platform but also its users, and the investigation is ongoing.

The end of Crimemarket

According to user reports, the cybercrime market started to have accessibility issues earlier this week, with many reporting an inability to log in though the site remained online.

Homepage
Crimemarket's homepage
Source: BleepingComputer

Rumors emerged that the intermittent outage resulted from the ChipMixer bust, which the platform used as a payments laundering service provider.

Some claimed that investigations on the ChipMixer's seized infrastructure might have exposed the Crimemarket's administrator, 'Evolution.'

With today's police announcement, it becomes clear that the site accessibility problems were indeed caused by law enforcement and not related to a technical issue.

Interestingly, the site's homepage remains available at the time of writing this, though attempting to visit any other page on the domain displays the following seizure notice, shown below.

Seizure banner on Crimemarket
Seizure banner on Crimemarket
Source: BleepingComputer

The notice mentions that the police "monitored this platform and its content over a long period of time as part of a Europe-wide coordinated operation and confiscated the data."

Also, BleepingComputer has found that the forum space where sellers connect with buyers was active until yesterday, with new posts added.

Based on the above and the seizure banner, it appears the police opted to allow cybercriminals to continue using the platform post-confiscation (or compromise) to gather identification data, login credentials, and other incriminating information.

Related Articles:

Hacker arrested for selling bank accounts of US, Canadian users

Interpol operation Synergia takes down 1,300 servers used for cybercrime

Police seize record 50,000 Bitcoin from now-defunct piracy site

US court docs expose fake antivirus renewal phishing tactics

U.S. sanctions Predator spyware operators for spying on Americans