How the famous hacker Sanix finally got arrested with terabytes of stolen data

The world of malicious hacking has taken a severe blow. Just a few hours ago, the Ukrainian Secret Service revealed the arrest of “Sanix”, a well-known black hat hacker involved in the trading of billions of stolen login credentials on hacking forums and clandestine Telegram channels.

Authorities revealed that Sanix was detected and arrested in Ivano-Frankivsk, a city in western Ukraine. The Secret Service decided not to reveal the cybercriminal’s real name, although they did mention that Sanix has a long history of activity in malicious hacking forums, in which it was first detected in 2018.

Among the cybersecurity community, these kinds of hackers are known as “data brokers”, and focus on collecting exposed data belonging to hacked companies, mainly usernames and passwords. Data brokers resell this information to other malicious hackers, such as spam campaign operators, botnet controllers, or groups specialized in brute force attacks.

The hacker, also known on Telegram as Sanixer, has been linked to incidents of massive sale of personal data (among his crimes are databases known as Collection 1, 2, 3, 4, 5, Antipublic, among others). According to cyber security experts, these databases contain usernames and passwords equivalent to tens of terabytes, so they contain information from millions of users or, in other words, contain billions of username and password combinations.   

These databases have been on sale for years, although according to the experts of the security firm IntSights mention that much of this information could have been exposed due to a dispute between Sanix and Azatej, a hacker, data broker and operator of the Infinity Black site, a dark website dedicated to the sale of stolen information.   

In addition to username and password collections, the Ukrainian Secret Service mentioned that Sanix’s computer also stored PIN code information for bank cards, online cryptocurrency addresses, PayPal account logins, and botnets to deploy denial of service (DDoS) attacks.

Ukrainian authorities also confiscated information equivalent to 2 TB, $3,000 and 190,000 hryvnas (Ukrainian currency) in cash. The hacker will remain in your arrest until the authorities submit the investigation and the corresponding evidence; the sentence Sanix could face if found guilty is still unknown.