Getting your Trinity Audio player ready... |
The transnational cybercrime investigation into the xDedic Marketplace has been successfully concluded, according to the US Department of Justice (DOJ), with charges against 19 people worldwide as a result.
xDedic’s infrastructure and domains were taken down in January 2019 as a result of the investigation, which was carried out in cooperation with law enforcement agencies from the United States, Germany, Belgium, Ukraine, and the Netherlands.
Operating on the dark web, the xDedic Marketplace sold login credentials to servers and distributed personally identifiable information illegally, among other illicit services.
In order to hide the identities of buyers, sellers, and administrators, xDedic’s administrators used a complex system that ran servers all over the world and accepted cryptocurrency payments.
By offering for sale more than 700,000 compromised servers, the criminal organisation enabled unlawful activities such as tax fraud and ransomware attacks.
The multinational operation—which received support from Europol and Eurojust—estimated that fraudulent activity via xDedic generated $68 million in revenue from worldwide cybercrime.
The cybercrime marketplace claimed the lives of state and federal government organisations, academic institutions, medical facilities, legal practices, pension funds, and city transportation authorities.
The US Attorney’s Office for the Middle District of Florida shut down xDedic’s operations in January 2019 by seizing its domain names and destroying its infrastructure.
The US Attorney’s Office pursued its investigations after the takedown, leading to the filing of charges against members of the xDedic Marketplace at all levels.
Two administrators, Alexandru Habasescu and Pavlo Kharmanskyi, were among those who were captured.
Originally from Moldova, Habasescu is the lead developer. He was apprehended in the Canary Islands in 2022 and extradited to the US. In 2019, Ukrainian national Kharmanskyi was taken into custody at Miami International Airport. The sentences for the two were 41 and 30 months in jail, respectively.
The DOJ emphasised the role of Russian national Dariy Pankov, who is among the top volume sellers on the market. With the creation of the NLBrute malware and the listing of credentials for over 35,000 compromised servers, Pankov amassed over $350,000 in illegal profits. After being apprehended in the Republic of Georgia in 2022, Pankov received a sentence of sixty months in federal prison.
Prominent buyer Allen Levinson, a Nigerian national, filed hundreds of fraudulent tax returns with the intention of defrauding US accounting firms out of over $60 million in refunds.
Following his 2020 arrest in the UK, Levinson was extradited to the US and given a 78-month prison sentence.
To date, the US has successfully charged and/or extradited 17 people, despite obstacles brought about by the foreign nationality of some defendants.
In addition, charges of conspiracy to commit wire fraud and aggravated identity theft are pending the extradition of Olufemi Odedeyi and Oluwaseyi Shodipe, buyers on the xDedic Marketplace from the UK.
In addition, Shodipe is accused of falsifying documents and embezzling public funds. Should they be found guilty, both defendants could spend up to 20 years in federal prison.
DoJ Files $68 Million xDedic Dark Web Marketplace Fraud Charges
According to the U.S. Department of Justice (DoJ), 19 people have been charged globally in relation to the defunct xDedic Marketplace, which is thought to have enabled fraud totaling over $68 million.
The agency concluded its investigation into the dark web portal by stating that close collaboration with law enforcement agencies from Belgium, Germany, the Netherlands, Ukraine, and Europol led to the successful transnational operation.
Out of the 19 accused, three have received prison sentences of 6.5 years, eight have received terms varying from one to five years in jail, and one has been mandated to serve five years on probation.
Among them is Glib Oleksandr Ivanov-Tolpintsev, a citizen of Ukraine, who is serving a four-year prison sentence for selling credentials that were compromised on xDedic and earning $82,648 in unlawful profits in May 2022.
According to the Department of Justice, Dariy Pankov was among the top volume sellers; he sold access to at least 35,000 compromised servers worldwide, bringing in over $350,000 in illegal income.
Through the use of a specialized tool called NLBrute, which could crack into secured computers by decrypting login credentials, the servers were compromised.
One other noteworthy individual is Allen Levinson, a national of Nigeria, who was a “prolific buyer” who had a specific interest in buying access to Certified Public Accounting firms located in the United States so that he could file false tax returns with the American government.
Five more people are awaiting sentencing after being charged with conspiring to commit wire fraud.
In addition to these administrators and sellers, Olufemi Odedeyi and Oluwaseyi Shodipe, two buyers, have also been charged with aggravating identity theft and conspiring to commit wire fraud. Shodipe is also accused of stealing money from the government and making fraudulent statements.
The UK has not yet extradited either of the two people. They each risk a maximum sentence of 20 years in federal prison if found guilty.
The market, which was shut down in January 2019, gave hackers access to over 700,000 compromised computers and servers worldwide as well as personally identifiable information, including Social Security numbers and dates of birth, for purchase or sale.
The administrators of the market were Alexandru Habasescu and Pavlo Kharmanskyi. Lead developer Habasescu was a Moldovan, and Kharmanskyi was a Ukrainian who oversaw marketing, payments, and customer service for purchasers.
“Once purchased, criminals used these servers to facilitate a wide range of illegal activity that included tax fraud and ransomware attacks,” according to the Department of Justice.
These attacks were directed towards a variety of targets, including major metropolitan transit authorities, universities, hospitals, 911 and emergency services, call centres, accounting and legal firms, and pension funds.