Investigation of xDedic cybercrime site reaches 'culmination,' US says

The U.S. Department of Justice said that it has charged nearly 20 individuals for their involvement in the xDedic cybercrime marketplace operation, with more than a dozen already sentenced to prison.
Since its takedown in 2019, international law enforcement officers have arrested administrators, sellers and buyers in the U.S., Moldova, Ukraine, the U.K. and Georgia.
The Ukrainian-language cybercrime forum was founded in 2014.
It illicitly sold login credentials to servers located worldwide, along with personally identifiable information, including dates of birth and Social Security numbers of U.S. residents.
In the course of an international operation the largest site xDedic was blocked for the sale of confidential information at DarkNet.
Once purchased, criminals used those servers for a wide range of illegal activities, including tax fraud and ransomware attacks, according to the Justice Department.
To conceal their locations and identities, the xDedic administrators operated the website across a widely distributed international network and used cryptocurrency for payment.
In total, the marketplace offered more than 700,000 compromised servers for sale, including at least 150,000 in the U.S. Victims included government agencies, hospitals, emergency services, call centers, accounting and law firms, pension funds and universities.
In the years that followed the takedown of the xDedic, the U.S. investigated, charged and convicted individuals involved in every level of the website's operation.
Alexandru Habasescu, who resided in Moldova, was the lead developer and technical mastermind for the marketplace.
He was taken into custody in Spain in 2022 and extradited to the U.S. Pavlo Kharmanskyi, who lived in Ukraine, advertised the website, paid administrators, and provided customer support to buyers.
He was arrested at the Miami International Airport in 2019 as he attempted to enter the U.S. They were sentenced to 41 and 30 months in prison, respectively.
Dariy Pankov, a Russian national, was one of the highest sellers on the marketplace by volume, listing for sale the credentials of more than 35,000 compromised servers located all over the world and obtaining more than $350,000 in illicit proceeds, according to DOJ. He developed a powerful malicious software program NLBrute that was capable of compromising protected computers by decrypting login credentials.
Pankov was taken into custody in Georgia in 2022 and extradited to the U.S. He was sentenced to 60 months in federal prison.
Allen Levinson, a Nigerian national, was particularly interested in purchasing access to U.S.-based certified public accounting firms.
He used the information he obtained from those servers to file hundreds of false tax returns with the U.S. government, requesting more than $60 million in fraudulent tax refunds.
Levinson was taken into custody in the U.K., in 2020 and extradited to the U.S. He was subsequently sentenced to 78 months in federal prison.
Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine.
She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia.
She previously was a tech reporter for Forbes Ukraine.


This Cyber News was published on therecord.media. Publication date: Fri, 05 Jan 2024 15:10:05 +0000


Cyber News related to Investigation of xDedic cybercrime site reaches 'culmination,' US says