- 906
- 246
Last week, the FBI seized domains of the hacker forum LeakBase as part of the international "Operation Leak" coordinated by Europol. The forum, which had been active since 2021, had over 142,000 members.
On March 3 and 4, the FBI, along with law enforcement agencies from 14 countries, conducted a coordinated operation to seize LeakBase. Two domains were seized, and law enforcement obtained the resource's complete database, including user accounts, publications, private messages, and IP logs. In total, the forum contained approximately 215,000 private messages and 32,000 public posts.
The seized domain, leakbase[.]la, now displays an FBI banner with a warning: all forum content has been saved and will be used as evidence in future investigations. The domain's nameservers were switched to ns1.fbi.seized.gov and ns2.fbi.seized.gov—standard addresses used by law enforcement when seizing domains.
The operation wasn't limited to the LeakBase infrastructure. Law enforcement also conducted searches, arrests, and "interviews" with suspects in the United States, Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom. In total, approximately 100 operational activities were conducted worldwide, including measures taken against 37 of the resource's most active users.
According to Europol , the database seizure allowed the identification of numerous site users. The agency notes that the platform operated a credit and user rating system, which helped build trust among participants and maintain the activity of the cybercriminal community.
Europol also emphasizes that one of the forum's internal rules prohibited the sale or publication of data related to Russia. Law enforcement believes this may indicate the origin of LeakBase's operators.
The forum itself originated as a project associated with the hacker group ARES and began actively gaining users after the closure of the Breached forum. Registration was free, and participants were offered access to databases, a marketplace for selling leaks and exploits, an escrow service for transactions, and sections dedicated to programming, hacking, social engineering, cryptography, and OPSEC.
On March 3 and 4, the FBI, along with law enforcement agencies from 14 countries, conducted a coordinated operation to seize LeakBase. Two domains were seized, and law enforcement obtained the resource's complete database, including user accounts, publications, private messages, and IP logs. In total, the forum contained approximately 215,000 private messages and 32,000 public posts.
The seized domain, leakbase[.]la, now displays an FBI banner with a warning: all forum content has been saved and will be used as evidence in future investigations. The domain's nameservers were switched to ns1.fbi.seized.gov and ns2.fbi.seized.gov—standard addresses used by law enforcement when seizing domains.
The operation wasn't limited to the LeakBase infrastructure. Law enforcement also conducted searches, arrests, and "interviews" with suspects in the United States, Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom. In total, approximately 100 operational activities were conducted worldwide, including measures taken against 37 of the resource's most active users.
According to Europol , the database seizure allowed the identification of numerous site users. The agency notes that the platform operated a credit and user rating system, which helped build trust among participants and maintain the activity of the cybercriminal community.
Europol also emphasizes that one of the forum's internal rules prohibited the sale or publication of data related to Russia. Law enforcement believes this may indicate the origin of LeakBase's operators.
The forum itself originated as a project associated with the hacker group ARES and began actively gaining users after the closure of the Breached forum. Registration was free, and participants were offered access to databases, a marketplace for selling leaks and exploits, an escrow service for transactions, and sections dedicated to programming, hacking, social engineering, cryptography, and OPSEC.