The US Justice Department announced on Thursday that 19 people involved in the management and use of the xDedic cybercrime marketplace have been charged following its takedown in 2019.
The xDedic Marketplace was a site on the dark web where users sold and bought stolen server credentials and personal information. Authorities said over 700,000 credentials associated with servers housed by government, healthcare, transportation, higher education, financial and other types of organizations from around the world were offered on the website.
An international law enforcement operation dismantled the cybercrime enterprise in 2019 and investigators have since been working on identifying and prosecuting xDedic administrators, buyers and sellers.
The United States has charged 19 individuals, including Moldovan national Alexandru Habasescu and Ukrainian national Pavlo Kharmanskyi, who were the website’s administrators.
Habasescu was arrested in 2022 in the Spanish Canary Islands and Kharmanskyi was arrested in 2019 as he was trying to enter the United States. They were later sentenced to 41 and 30 months in prison, respectively.
A top seller in terms of server credential volume, who made more than $350,000, was Russian national Dariy Pankov. He was sentenced to 60 months in prison after being extradited from the Republic of Georgia, where he was arrested in 2022.
Nigerian national Allen Levinson, described by authorities as a top buyer, was sentenced to 78 months in prison. He used information obtained from hacked accounting firm servers to file false tax returns with the US government, attempting to obtain over $60 million.
The remaining cybercriminals are from Ukraine, UK, Nigeria, and the states of California, Oklahoma, Georgia, Illinois, New York, and Texas.
They have received sentences ranging between 5 years probation and 78 months in prison. Sentencing is pending for five individuals.
In addition, two suspects who face up to 20 years in prison, should soon be extradited from the United Kingdom for charges related to their roles in the cybercrime scheme.