Canadians don’t think this country as a major source of computer crime, but criminal charges laid against an Ontario man have changed that.
Police charged a Thornhill, Ont. man with allegedly selling stolen personal identities online through the website Leakedsource.com, which allegedly was being hosted in Quebec. The site was raided and closed earlier this month.
Jordan Evan Bloom, 27, made his first court appearance today in a Toronto court to face the charges.
The RCMP said the charges include
- Trafficking in identity information
- Unauthorized use of a computer (s. 342.1 of the Criminal Code)
- Mischief to data
- and possession of property obtained by crime.
The RCMP said Leakedsources.com alleged had a database of 3 billion pieces of stolen digital information belonging to people around the world, including online user names and passwords.
“This investigation is related to claims about a website operator alleged to have made hundreds of thousands of dollars selling personal information,” Insp. Rafael Alvarado, who heads the RCMP’s national cybercrime investigative team, said in a release. “The RCMP will continue to work diligently with our domestic and international law enforcement partners to prosecute online criminality.”
Another RCMP investigator said Leakedsource.com was a middleman between the Internet and the Dark Web, a section of the Internet that can only be accessed through a browser that strips away a user’s IP address. Once accessing the site, for a fee a person could search for any information about usernames or passwords, the officer was quoted as saying.
Bloom allegedly came to the attention of police in 2016, when the RCMP learned that LeakedSource.com was being hosted by servers in Quebec. That began what the force called Project Adoration. According to The Star, police raided a computer server farm that hosted the Leakedsource.com data in January and seized the data, shutting the site down.
Bloom is alleged to have the site’s administrator, earning approximately $247,000 from trafficking identity information. The charges against him were laid Dec. 22, 2017, 11 months after the site was closed.
Cyber security reporter Brian Krebs called the site “perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches.” He said the site began selling stolen data in October, 2015.
The Dutch National Police’s and the FBI helped in the investigation.