The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace, which is estimated to have facilitated more than $68 million in fraud.
In wrapping up its investigation into the dark web portal, the agency said the transnational operation was the result of close cooperation with law enforcement authorities from Belgium, Germany, the Netherlands, Ukraine, and Europol.
Of the 19 defendants, three have been sentenced to 6.5 years in prison, eight have been awarded jail terms ranging from one year to five years, and one individual has been ordered to serve five years’ probation.
One among them includes Glib Oleksandr Ivanov-Tolpintsev, a Ukrainian national who was sentenced to four years in prison in May 2022 for selling compromised credentials on xDedic and making $82,648 in illegal profits.
Dariy Pankov, described by the DoJ as one of the highest sellers by volume, offered credentials of no less than 35,000 hacked servers located all over the world and obtaining more than $350,000 in illicit proceeds.
The servers were infiltrated using a custom tool named NLBrute that was capable of breaking into protected computers by decrypting login credentials.
Also of note is a Nigerian national named Allen Levinson, who was a “prolific buyer” with a particular interest in purchasing access to U.S.-based Certified Public Accounting firms in order to file bogus tax returns with the U.S. government.
Five others, who have been accused of a conspiracy to commit wire fraud, are pending sentencing.
Alongside these administrators and sellers, two buyers named Olufemi Odedeyi and Oluwaseyi Shodipe have been charged with conspiracy to commit wire fraud and aggravated identity theft. Shodipe has also been charged with making false claims and theft of government funds.
Both individuals are yet to be extradited from the U.K. If convicted, they each face a maximum penalty of 20 years in federal prison.
The marketplace, until its takedown in January 2019, allowed cybercriminals to buy or sell stolen credentials to more than 700,000 hacked computers and servers across the world and personally identifiable information of U.S. residents, such as dates of birth and Social Security numbers.
Alexandru Habasescu and Pavlo Kharmanskyi functioned as the marketplace’s administrators. Habasescu, from Moldova, was the lead developer, while Kharmanskyi, who lived in Ukraine, managed advertising, payments, and customer support to buyers.
“Once purchased, criminals used these servers to facilitate a wide range of illegal activity that included tax fraud and ransomware attacks,” the DoJ said.
Targets of these attacks comprised government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transit authorities, accounting and law firms, pension funds, and universities.