US charges man with running stolen credentials market


A man has been extradited from the UK to the US for allegedly operating a website selling access to compromised computer credentials.

Sandu Diaconu, 31, a native of Moldova, was charged by the United States with conspiracy to commit access device and computer fraud, wire fraud conspiracy, money laundering conspiracy money, access device fraud and computer fraud. If convicted, he faces a maximum sentence of 20 years in federal prison.

Additionally, the indictment informs Diaconu that the United States is seeking an order for forfeiture of the products and products used in connection with the accused criminal conduct.

The charges relate to Diaconu’s alleged administration of the E-Root Marketplace, a website that for years sold access to compromised computer credentials. Based on the investigation by the IRS – CI Cyber ​​Crimes Unit (Washington, DC) and the FBI – Tampa Division, authorities estimate that more than 350,000 credentials were offered for sale on E-Root.

Court documents highlighted the steps taken by the E-Root marketplace to hide the identities of its directors, buyers and sellers. This includes using online payment system Perfect Money to help conceal payments and offering its illicit cryptocurrency exchange service with the aim of converting Bitcoin to Perfect Money and vice versa.

Buyers could search for compromised computer credentials on E-Root, such as RDP and SSH access, through a series of criteria, including price, geographic location, Internet service provider, and security system. exploitation.

Numerous victims, spread across the globe and including at least one government agency in Tampa, Florida, have been subjected to ransomware attacks. Additionally, some of the stolen credentials were linked to stolen identity tax schemes.

The E-Root marketplace was shut down in late 2020, with seizure orders executed on the site’s domain names. Diaconu was arrested in the United Kingdom while trying to leave the country in May 2021, and in September 2023 Westminster Magistrates’ Court ordered his extradition to the United States.

Growing crackdown on cybercrime websites

The takedown of the E-Root Marketplace is one of several actions law enforcement has taken against dark web criminal marketplaces. For example, in April 2022, German the police closed their doors The Russian darknet market Hydra, and in May 2023, Europol arrested nearly 300 people suspected of buying or selling drugs on the underground market of the monopoly market.

Mike Newman, CEO of My1Login, welcomed the recent indictment against Diaconu, highlighting the enormous damage caused by E-Root.

“Because the site was credential-driven, buyers knew that when they purchased a valid set, they could test it on other sites to gain access to more user accounts – this expanded the surface area of attack, but also made the presence of more organizations outside of E-Root likely. the database was affected,” he said.

However, he warned that many other similar markets still exist on the dark web.

Leave a comment