The U.S. Department of Justice said it has indicted nearly 20 people for their involvement in the xDedic cybercrime marketplace operation, and more than a dozen of them have already been sentenced to prison.
The Department announcement Thursday that it had reached the “culmination of a transnational cybercrime investigation” against the darknet site. Since his disassemble In 2019, international law enforcement arrested administrators, sellers and buyers in the United States, Moldova, Ukraine, United Kingdom and Georgia.
The Ukrainian-language cybercrime forum was founded in 2014. It illegally sold login credentials to servers located around the world, as well as personally identifiable information, including residents’ dates of birth and social security numbers. Americans.
In an international operation, the largest site xDedic was blocked for selling confidential information on DarkNet. All members who carried out the activities of this hacker group were arrested.https://t.co/dDzY617LQw#xDedic #darknet #cyberpoliceUkraine #europol pic.twitter.com/59PUKSz1u6
– Cyberpolice Ukraine (@CyberpoliceUA) January 28, 2019
Once purchased, criminals used these servers for a wide range of illegal activities, including tax fraud and ransomware attacks, according to the Justice Department.
To conceal their location and identity, xDedic administrators operated the website on a widely distributed international network and used cryptocurrency for payment.
In total, the marketplace offered more than 700,000 compromised servers for sale, including at least 150,000 in the United States.
Victims included government agencies, hospitals, emergency services, call centers, accounting and legal firms, pension funds and universities.
The big players
In the years since xDedic’s takedown, the United States has investigated, charged, and convicted those involved at every level of the website’s operation. To date, 14 people have been convicted and five cases are still pending, including those of Bamidele Omotosho from Nigeria; Olayemi Adafin, Olakunle Oyebanjo and Akinola Taylor from the United Kingdom; and Oluwarotimi Ogunlana of the United States
Some of the most notable cases include:
Administrators. Alexandru Habasescu, who resided in Moldova, was the main developer and technical mastermind of the market. He was arrested in Spain in 2022 and extradited to the United States.
Pavlo Kharmanskyi, who lived in Ukraine, advertised the website, paid administrators, and provided customer support to buyers. He was arrested at Miami International Airport in 2019 while trying to enter the United States.
They were sentenced to 41 and 30 months in prison respectively.
Sellers. Dariy Pankov, a Russian national, was one of the largest sellers in the market in terms of volume, putting up for sale the credentials of more than 35,000 compromised servers located around the world and obtaining more than $350,000 of illicit products, according to the DOJ.
He developed powerful malware, NLBrute, capable of compromising protected computers by decrypting login information. Pankov was arrested in Georgia in 2022 and extradited to the United States. He was sentenced to 60 months in federal prison.
Buyers. Allen Levinson, a Nigerian national, was particularly interested in access to U.S.-based Certified Public Accounting (CPA) firms. He used the information obtained from these servers to file hundreds of false tax returns with the U.S. government, requesting more than $60 million in fraudulent tax refunds.
Levinson was arrested in the United Kingdom in 2020 and extradited to the United States. He was later sentenced to 78 months in federal prison.
Future saved
Intelligence cloud.
No previous articles
No new articles
Daryna Antoniuk is a freelance journalist for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe, and the state of the Ukraine-Russia cyberwar. She was previously a tech journalist for Forbes Ukraine. His work has also been published in Sifted, The Kyiv Independent and The Kyiv Post.