Lizzie Clark

FBI seizes Cracked.io and Nulled.to Hacking Forums

In this blog series we spotlight one of the stories from our cybersecurity newsletter, Beacon.

The FBI has seized the domains of the notorious hacking forums Cracked.io and Nulled.to, both known for facilitating cybercrime, password theft, cracking, and credential stuffing attacks.

Although some members engaged in ethical hacking discussions, the sites were widely recognized as hubs for cybercriminal activity. They hosted content related to software cracks, hacking tools such as “configs” used in credentials stuffing attacks with tools like OpenBullet and SilverBullet – and marketplaces for “combo lists” containing stolen credentials or databases.

To begin with, visitors trying to access the sites encountered error messages like “Error 1016: Origin DNS error.” But following the FBI taking control of the domain, the servers were renamed to ns1.fbi.seized.gov and ns2.fbi.seized.gov, replacing the previous Cloudflare settings.

Cracked.io’s staff addressed the outage on their Telegram channel, attributing it to a data center issue. “There is an active issue in our data center which the staff is working on. Hence, services will remain offline until the issue is resolved. We will get a detailed report later,” they stated. “We can only hope it is resolved without further issues. No estimated time at this moment. The current status from the data center is that it may take up to one day.”

Since their initial update, they have stated: “Now that everyone has more clarity on the situation, Cracked.io has been seized under operation talent with specific reasons being undisclosed. We are still waiting for the official court documentation from the data centre and the domain host. We will inform you guys further on those details once we have it. A sad day indeed for our community.”

In addition to Cracked.io and Nulled.to, the FBI also seized the domains of:

MySellX and SelllX: Platforms that allowed users to create online stores, some of which were used to sell stolen data, software keys, and compromised accounts.
StarkRDP: A Windows RDP virtual hosting provider allegedly used by threat actors for credential stuffing attacks.

Visitors attempting to access the sites now encounter seizure banners confirming that the domains had been seized in a joint law enforcement action dubbed “Operation Talent” that included authorities from the United States, Italy, Spain, Europe, France, Greece, Australia, and Romania.

The FBI has not yet provided an official statement on the seizures, but the move appears to be part of a broader crackdown on platforms involved in credential stuffing and the stale of stolen credentials.

If you’d like the latest dark web news and insights delivered into your inbox every Thursday at 10am, SIGN UP to the email version of BEACON.