Man ran secret site that sold stolen data, police allege
Faces rare cybercrime charges after billions of records accessed
The mystery man behind a secretive website that sold billions of pieces of stolen digital information belonging to millions of people walked into a Toronto courtroom Monday wearing a blue shirt and grey dress pants.
Jordan Evan Bloom, 27, is facing rare Canadian Criminal Code charges including “trafficking in identity information,” and “mischief to data” for his involvement in the infamous website Leakedsource.com, the RCMP allege.
Before being shut down by police in January 2017, LeakedSource.com offered visitors access to three billion records that were harvested from computer security breaches around the world, reportedly including data leaks from Twitter, LinkedIn, Dropbox, Weebly, Foursquare, Tumblr, Rambler.ru, MySpace and AdultFriendFinder.
Once decrypted and aggregated, the information was available by keyword search and accessible for a fee.
Leakedsources.com “was a middle man between the dark web and the internet,” said RCMP Staff Sgt. Maurizio Rosa, who supervised the investigation. “A person would log into the site and, with a fee, would be able to look through the site for any information about usernames or passwords to be able to get them.”
“(The site) was a middle man between the dark web and the internet.” STAFF SGT. MAURIZIO ROSA, RCMP
Police allege that Bloom earned $247,000 as the website’s administrator.
In addition to identity trafficking and data mischief, Bloom is charged with unauthorized use of computers and possession of property obtained by crime.
Outside of court, Bloom declined to be interviewed.
His lawyer sought a publication ban on the proceedings. The Star raised concerns about that request and it was later withdrawn.
While Leakedsource.com sold the digital identities of others, the website’s operators carefully guarded their own identities. Bloom is the first person to be publicly named in association with the site.
York University’s 2013 convocation lists Jordan Evan Bloom as a graduate with a bachelor’s degree in physics and astronomy. Bloom’s personal Facebook page also says he studied at York.
An acquaintance, speaking on condition of anonymity Monday, said Bloom is well known for a green Lamborghini he drives (and poses with on his Facebook page). Bloom was swept up in the RCMP national cybercrime division’s “Project Adoration” investigation, launched in 2016 when the fledgling RCMP cybercrime division was tipped off by the Dutch National Police about a Canadian connection to the highly secretive Leakedsource website.
The tip: billions of pieces of personal data harvested from corporate se- curity breaches were sitting on computer servers in Quebec.
The database contained personal information on several thousand Canadians in addition to millions more around the world, Rosa said.
“If I was able to determine your password, I’d have your password associated to your email and then, knowing that we, as humans, use passwords across other sites, I’d be potentially able to go to any site . . . and have access to those websites,” he said. “We want Canadians to be aware there are criminals out there trying to monetize the use of their information to achieve nefarious results.”
RCMP confirmed the site was hosted in Quebec and conducted an investigation throughout 2016, obtaining production orders and search warrants.
In January 2017, police raided a computer server firm that hosted the Leakedsource.com data and seized the data, shutting the site down.
An anonymous posting on an online forum that day reads: “LeakedSource is down forever and won’t be coming back. Owner raided early this morning. Wasn’t arrested, but all SSDs got taken, and LeakedSource servers got subpoena’d and placed under federal investigation. If somehow he recovers from this and launches LeakedSource again, then I’ll be wrong. But I am not wrong.” Bloom was arrested, but released. “We determined at the time our way to proceed was to release him without any charges,” Rosa said.
The server company, which Rosa would not identify, was not involved in the operation of the site and cooperated with police.
“This was a server farm, a legitimate company hosting them as a service,” he said.
Police pursued the investigation over the next several months cracking open encrypted records in the database, “to determine exactly what his involvement was,” Rosa said.
By last month, police were, “satisfied that we had the information we could lay out in a way we could pursue formal charges against Mr. Bloom.”
The four charges were laid Dec. 22, and Bloom was arrested at his home in Thornhill. He was later released on a promise to appear in court.
Bloom is the only Canadian suspect in the Leakedsource.com investigation, Rosa said.
Leakedsource.com, which launched in 2015, has long been a subject of intrigue in the computer security world.
One U.S. computer security expert writing in a column titled “Who Ran Leakedsource.com?”, published last year after the site’s shut down, called the site, “perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches.”
A 2016 feature about the site in Wired magazine described a mysterious, decentralized leadership structure in which “a small group of anonymous international members” operated the site from undis- closed locations.
“The group says that, ‘if nobody knows who we are or where our site is located, bad people can’t attack us,’ ” the piece read.
(The site’s spokesperson is never quoted by name.)
Leakedsource.com’s defenders argued the information it sold was already widely available and the website provided an easily searchable, aggregated source for concerned internet users to check their own information to determine whether it had been made public in a security breach.
The RCMP’s Rosa says the site also provided the opportunity for anyone to search and obtain the private digital identity records of others.
“(It) is an offence under the Criminal Code in Canada,” he said.
There is little jurisprudence in Canada related to some of the charges laid against Bloom, in part because of the rarity of police undertaking these time-consuming and highly technical investigations, Rosa said.
The RCMP’s national cybercrime division — the force’s first unit dedicated to pursuing cybercrime investigations — only began in 2016, gradually expanding to a total force of 21 officers today.
These charges are only the second laid by the unit to date.
“Very few of these types of cases are investigated. They’re lengthy, complex types of investigations. These are very rare charges, offences that haven’t really been brought before Canadian courts,” Rosa said. Robert Cribb can be reached at rcribb@thestar.ca