DOJ Wraps xDedic Dark Web Market Case; 19 Charged Worldwide
Cybercrime
,
Fraud Management & Cybercrime
,
Government
Authorities in 15 Countries Helped Dismantle Operations Following 2019 Takedown
The U.S. Department of Justice announced Friday that it has wrapped up its investigation of the xDedic dark web marketplace and successfully dismantled the multinational criminal organizations, leading to charges against 19 individuals, ranging from administrators and site developers to buyers and customer service reps.
See Also: OnDemand | Understanding Human Behavior: Tackling Retail’s ATO & Fraud Prevention Challenge
Before it was shut down by authorities in 2019, xDedic Marketplace was infamous for illegally selling login credentials to servers, as well as the personal information of U.S. residents, including Social Security numbers and birthdates. The site listed over 700,000 compromised servers for sale, affecting at least 150,000 in the United States and around 8,000 in Florida alone, U.S. Attorney Roger B. Handberg of the Middle District of Florida announced Friday.
“In the years that followed the takedown of the xDedic Marketplace, the U.S. attorney’s office investigated and charged individuals involved in every level of the website’s operation, including its administrators, server sellers and buyers,” Handberg said.
The January 2019 takedown of the marketplace was international in its scope, reflecting the distributed infrastructure used by xDedic. At the time, authorities estimated that the marketplace had helped contribute to more than $68 million in global fraud as cybercriminals used stolen data for a wide range of illegal activity including tax fraud and ransomware attacks.
Since then, the U.S. Department of Justice has worked with law enforcement in Belgium and
Ukraine and with Europol, the Dutch National Police and the German Bundeskriminalamt to charge and extradite suspects to the United States for trial.
Among those charged were marketplace administrators Alexandru Habasescu and Pavlo Kharmanskyi, who were sentenced to 41 and 30 months in prison, respectively. Habasescu, from Moldova, was the lead developer and technical mind behind xDedic, while Kharmanskyi, from Ukraine, managed advertising, payments and customer support. The DOJ said these administrators practiced “exceptional operational security, operating the website across a widely distributed international network, and utilizing cryptocurrency in order to hide the locations of the Marketplace’s underlying servers and the identities of its administrators, sellers, and buyers.”
Dariy Pankov, a Russian national and one of the top sellers on xDedic, was responsible for listing over 35,000 compromised servers and generating over $350,000 from his criminal activities. He was captured in the Republic of Georgia in 2022 and later sentenced to 60 months in federal prison (see: US Prosecutors Unspool xDedic Criminal Marketplace Cases).
Allen Levinson, a Nigerian national and prolific buyer, targeted U.S.-based certified public accounting firms to file hundreds of false tax returns, aiming to defraud over $60 million from the U.S. government. Levinson was apprehended in the United Kingdom in 2020 and sentenced to 78 months in federal prison.
Authorities charged most of the suspects with conspiracy to commit wire fraud, access device or computer fraud. Four individuals are awaiting sentencing in the United States, while two more are awaiting extradition from the United Kingdom.
The FBI, IRS, DOJ and Department of Homeland Security led the investigation, which involved broad international cooperation, Handberg said.
“This investigation also benefited greatly from cooperation with foreign law enforcement in Belgium, Georgia, Germany, Poland, Spain, the United Kingdom, Romania, Switzerland, Estonia, Latvia, Bulgaria, Ukraine, Lithuania and Moldova,” he said.