Investigation into cybercrime site xDedic reaches ‘high point’, US says


The U.S. Department of Justice said it has indicted nearly 20 people for their involvement in the xDedic cybercrime marketplace operation, and more than a dozen of them have already been sentenced to prison.

The Department announcement Thursday that it had reached the “culmination of a transnational cybercrime investigation” against the darknet site. Since his disassemble In 2019, international law enforcement arrested administrators, sellers and buyers in the United States, Moldova, Ukraine, United Kingdom and Georgia.

The Ukrainian-language cybercrime forum was founded in 2014. It illegally sold login credentials to servers located around the world, as well as personally identifiable information, including residents’ dates of birth and social security numbers. Americans.

Once purchased, criminals used these servers for a wide range of illegal activities, including tax fraud and ransomware attacks, according to the Justice Department.

To conceal their location and identity, xDedic administrators operated the website on a widely distributed international network and used cryptocurrency for payment.

In total, the marketplace offered more than 700,000 compromised servers for sale, including at least 150,000 in the United States.

Victims included government agencies, hospitals, emergency services, call centers, accounting and legal firms, pension funds and universities.

The big players

In the years since xDedic’s takedown, the United States has investigated, charged, and convicted those involved at every level of the website’s operation. To date, 14 people have been convicted and five cases are still pending, including those of Bamidele Omotosho from Nigeria; Olayemi Adafin, Olakunle Oyebanjo and Akinola Taylor from the United Kingdom; and Oluwarotimi Ogunlana of the United States

Some of the most notable cases include:

Administrators. Alexandru Habasescu, who resided in Moldova, was the main developer and technical mastermind of the market. He was arrested in Spain in 2022 and extradited to the United States.

Pavlo Kharmanskyi, who lived in Ukraine, advertised the website, paid administrators, and provided customer support to buyers. He was arrested at Miami International Airport in 2019 while trying to enter the United States.

They were sentenced to 41 and 30 months in prison respectively.

Sellers. Dariy Pankov, a Russian national, was one of the largest sellers in the market in terms of volume, putting up for sale the credentials of more than 35,000 compromised servers located around the world and obtaining more than $350,000 of illicit products, according to the DOJ.

He developed powerful malware, NLBrute, capable of compromising protected computers by decrypting login information. Pankov was arrested in Georgia in 2022 and extradited to the United States. He was sentenced to 60 months in federal prison.

Buyers. Allen Levinson, a Nigerian national, was particularly interested in access to U.S.-based Certified Public Accounting (CPA) firms. He used the information obtained from these servers to file hundreds of false tax returns with the U.S. government, requesting more than $60 million in fraudulent tax refunds.

Levinson was arrested in the United Kingdom in 2020 and extradited to the United States. He was later sentenced to 78 months in federal prison.

Get more information with the

Future saved

Intelligence cloud.

Learn more.

No previous articles

No new articles

Daryna Antoniuk

Daryna Antoniuk is a freelance journalist for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe, and the state of the Ukraine-Russia cyberwar. She was previously a tech journalist for Forbes Ukraine. His work has also been published in Sifted, The Kyiv Independent and The Kyiv Post.

Leave a comment