The U.S. Department of Justice announced the end of a transnational investigation into the dark web xDedic cybercrime marketplace, charging 19 suspects for their involvement in running and using the market’s services.
An international operation involving law enforcement authorities from the United States, Belgium, Ukraine, Germany, and the Netherlands, with support from Europol and Eurojust, led to the seizure of xDedic’s domains and infrastructure in January 2019.
Law enforcement estimated at the time of its takedown that fraudulent activities facilitated through the xDedic cybercrime market totaled more than $68 million.
Before its shutdown, xDedic’s administrators operated servers worldwide, using cryptocurrency payments to hide the location of their servers and the identities of the buyers, sellers, and admins.
xDedic allowed users to buy stolen credentials to compromised servers worldwide and U.S. residents’ personally identifiable information (PII).
“In total, xDedic offered more than 700,000 compromised servers for sale, including at least 150,000 in the United States and at least 8,000 in Florida,” the Justice Department said.
Victims whose information was sold on the marketplace came from various industries and locations worldwide, including local, state, and federal government entities, hospitals, universities, metropolitan transport authorities, accounting and law firms, and pension funds.
Lead developer and marketplace admin already in prison
12 out of the 19 suspects charged following the international investigation into xDedic’s activity have already been sentenced, five are scheduled to receive a sentence, and two are pending extradition from the United Kingdom.
| Name (Age, Nationality) | Offense of conviction | Imprisonment term |
| Allen Levinson (31, Nigeria) | Conspiracy to Commit Mail and Wire Fraud | 78 months |
| T’Andre McNeely (33, California) | Conspiracy to Commit Mail and Wire Fraud | 78 months |
| Michael Carr (33, California) | Conspiracy to Commit Mail and Wire Fraud | 78 months |
| Dariy Pankov (29, Russia) | Conspiracy to Commit Access Device & Computer Fraud | 60 months |
| Glib Ivanov-Tolpintsev (29, Ukraine) | Conspiracy to Commit Access Device & Computer Fraud | 48 months |
| Alexandru Habasescu (31, Moldova) | Access Device Fraud | 41 months |
| Adedotun Adejumo (45, Oklahoma) | Conspiracy to Commit Wire Fraud | 33 months |
| Pavlo Kharmanskyi (32, Ukraine) | Access Device Fraud | 30 months |
| Joshua Spencer (29, New York) | Conspiracy to Commit Access Device Fraud | 28 months |
| Ibrahim Jinadu (36, Georgia) | Conspiracy to Commit Wire Fraud | 27 months |
| Brandon Williams (34, California) | Conspiracy to Commit Mail and Wire Fraud | 12 months |
| Harold McKinzie (29, Illinois) | Wire Fraud | 5 years probation |
| Bamidele Omotosho (42, Nigeria) | Conspiracy to Commit Wire Fraud | Sentence pending |
| Olayemi Adafin (38, UK) | Conspiracy to Commit Wire Fraud | Sentence pending |
| Olakunle Oyebanjo (29, UK) | Conspiracy to Commit Wire Fraud | Sentence pending |
| Akinola Taylor (38, UK) | Conspiracy to Commit Wire Fraud | Sentence pending |
| Oluwarotimi Ogunlana (29, Texas) | Conspiracy to Commit Wire Fraud | Sentence pending |
| Olufemi Odedeyi (42, UK) | Conspiracy to commit wire fraud, aggravated id. theft | Extradition pending |
| Oluwaseyi Shodipe (41, UK) | Conspiracy to commit wire fraud, aggravated id. theft | Extradition pending |
Two xDedic administrators, Moldovan Alexandru Habasescu and Ukrainian Pavlo Kharmanskyi, were sentenced to 41 and 30 months in prison after being arrested in the Spanish Canary Islands in 2022 and the Miami International Airport in 2019, respectively.
Habasescu was also the market’s lead developer and technical mastermind, while Kharmanskyi was the one who paid the admins, provided buyer support, and promoted the cybercrime website.
“Marketplace seller Dariy Pankov, a Russian national, was one of the highest sellers on the Marketplace by volume, listing for sale the credentials of more than 35,000 compromised servers located all over the world and obtaining more than $350,000 in illicit proceeds,” the DOJ added.
“Nigerian national Allen Levinson was a prolific buyer on the Marketplace who held particular interest in purchasing access to U.S.-based Certified Public Accounting firms.
“He used the information he obtained from those servers to file hundreds of false tax returns with the United States government, requesting more than $60 million in fraudulent tax refunds.”
Levinson was sentenced to 78 months in federal prison after his apprehension in the United Kingdom and extradition to the United States in 2020.
Last year, law enforcement also seized the Genesis stolen credentials market and arrested 288 dark web drug vendors and buyers as part of an international law enforcement operation codenamed Spector.
In June, the FBI seized the BreachForums hacking forum after arresting its owner Connor Brian Fitzpatrick (aka Pompompurin), in March.
Last but not least, in December, an international police operation led by Interpol led to the arrests of 3,500 cybercriminals and seizures of $300 million, while German police seized Kingdom Market, a dark web marketplace that dealt with cybercrime tools, drugs, and fake government IDs.
Source: www.bleepingcomputer.com