Cybersecurity News

US Department of Justice charges 19 people in Darknet marketplace fraud

The U.S. Department of Justice (DoJ) has announced charges against 19 individuals globally in relation to the now-defunct xDedic Marketplace, believed to have orchestrated more than $68 million in fraudulent schemes.

Concluding its investigation into the dark web portal, the DoJ disclosed that this transnational operation was the outcome of close collaboration with law enforcement authorities from Belgium, Germany, the Netherlands, Ukraine, and Europol.

Among the 19 defendants, three have received 6.5-year prison sentences, while eight have been handed jail terms ranging from one to five years. Additionally, one individual has been placed on five years’ probation.

Notable among those charged is Glib Oleksandr Ivanov-Tolpintsev, a Ukrainian national sentenced to four years in prison in May 2022 for selling compromised credentials on xDedic, resulting in illegal profits totaling $82,648.

Another significant figure in the operation is Dariy Pankov, identified by the DoJ as one of the highest-volume sellers. Pankov provided credentials for over 35,000 hacked servers worldwide, accumulating more than $350,000 in illicit proceeds. The infiltration of servers involved the use of a custom tool named NLBrute, capable of decrypting login credentials to breach protected computers.

The DoJ also highlighted Allen Levinson, a Nigerian national described as a “prolific buyer” with a specific interest in acquiring access to U.S.-based Certified Public Accounting firms. Levinson aimed to file bogus tax returns with the U.S. government, exploiting the purchased credentials.

Five other individuals, accused of conspiring to commit wire fraud, are awaiting sentencing.

In addition to those charged and convicted, two buyers, Olufemi Odedeyi and Oluwaseyi Shodipe, face charges of conspiracy to commit wire fraud and aggravated identity theft. Shodipe also faces charges of making false claims and theft of government funds. Both individuals are yet to be extradited from the U.K., and if convicted, they could face a maximum penalty of 20 years in federal prison.

The xDedic Marketplace, until its dismantling in January 2019, facilitated the trade of stolen credentials for over 700,000 hacked computers and servers globally, containing personally identifiable information of U.S. residents, such as birthdates and Social Security numbers.

Administrators of the marketplace, Alexandru Habasescu and Pavlo Kharmanskyi, played crucial roles. Habasescu, from Moldova, served as the lead developer, while Kharmanskyi, residing in Ukraine, managed advertising, payments, and customer support. The DoJ emphasised that criminals, upon purchasing servers, engaged in various illegal activities, including tax fraud and ransomware attacks. Targets ranged from government infrastructure and hospitals to emergency services, call centers, transit authorities, accounting and law firms, pension funds, and universities.

The operation’s intricacies unfolded further with the revelation that the marketplace administrators, Alexandru Habasescu and Pavlo Kharmanskyi, played pivotal roles in its illicit activities. Habasescu, hailing from Moldova, functioned as the lead developer, while Kharmanskyi, based in Ukraine, managed crucial aspects such as advertising, payments, and customer support for buyers.

The DoJ underscored that the acquired servers were used by criminals to facilitate a broad spectrum of illegal activities, encompassing tax fraud and ransomware attacks. The targets of these nefarious endeavors included critical infrastructures like government facilities, hospitals, emergency services, call centers, major transit authorities, accounting and law firms, pension funds, and universities.

The U.S. government’s pursuit of justice also extends to two individuals based in the United Kingdom – Olufemi Odedeyi and Oluwaseyi Shodipe. Both face charges of conspiracy to commit wire fraud and aggravated identity theft. Shodipe carries additional charges of making false claims and theft of government funds. Despite the charges, extradition from the U.K. is pending for both individuals. If convicted, they could potentially face a maximum penalty of 20 years in federal prison.

The xDedic Marketplace, until its shutdown in January 2019, operated as a notorious hub for cybercriminals, enabling the trade of stolen credentials for more than 700,000 compromised computers and servers worldwide. The data traded on the platform included sensitive information about U.S. residents, such as birthdates and Social Security numbers.

The DoJ’s announcement underscores the magnitude of the international collaboration required to dismantle such sophisticated cybercrime operations. The charges and convictions serve as a stern warning to those engaging in similar illicit activities, emphasising the global effort to combat cyber threats and protect individuals and institutions from the reach of criminal enterprises operating on the dark web.

Hey! Can we make it official? 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. I promise not to spam you, and you can count on me to keep your data safe πŸ˜‡

Related Hacking Guides

Fifteen Steps to maximising firefox privacy πŸ”’βœ…

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity.Β 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me πŸ˜‡

Access free subscriber only content 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties πŸ˜‡

UK Cybersecurity Company

About Aitken Security

Aitken Security is a UK Cybersecurity Company specialising in offensive and defensive security.