Inside the Dark World of xDedic: Uncovering the Cybercrime Marketplace and its Criminals
The xDedic Cybercrime Marketplace
The xDedic marketplace, which operated on the dark web, became a notorious hub for cybercriminal activity dealing with stolen personal data and compromised servers worldwide. The marketplace was run by administrators who operated servers globally, and due to the use of cryptocurrency payments, they managed to conceal the location of their servers and the identities of admins, buyers, and sellers. Before its takedown, the marketplace had allowed users to purchase stolen credentials linked to compromised servers and U.S. residents' personal identifiable information (PII).
Overview of the xDedic Marketplace
The xDedic marketplace was a well-structured, illicit online market operating on the dark web. The platform offered a comprehensive range of illegally obtained data, targeting various industries and entities, including local, state, and federal government organizations, universities, hospitals, metropolitan transport authorities, accounting and law firms, pension funds, and more. The website's illicit activities effectively facilitated fraudulent transactions of over $68 million.
Types of Personal Information Sold
The personal data sold on the xDedic marketplace mainly included personally identifiable information (PII) of U.S. residents and access to compromised servers worldwide. This unethically procured information was made available for purchase by users of the site. This marketplace engaged in trading stolen login credentials, which allowed perpetrators easy access to compromised servers and networks.
Volume of Stolen Server Credentials associated with the Website
The U.S. Justice Department estimated that xDedic offered over 700,000 compromised servers for sale, with at least 150,000 based in the United States and at least 8,000 in Florida. The extent of the illegal operations facilitating and promoting cybercrime was massive, negatively impacting countless individuals and companies worldwide.
Involvement of International Organizations
The takedown of xDedic in 2019 was facilitated by cooperative international operations involving law enforcement agencies from several countries — the United States, Belgium, Ukraine, Germany, and the Netherlands. Moreover, noteworthy support came from Europol and Eurojust, two prominent European agencies dealing with law enforcement cooperation across the European Union.
Total Number of Individuals Charged
According to the US Justice Department, 19 individuals were charged as part of the investigations into the xDedic marketplace. All the individuals charged were involved in managing or using the website to facilitate illegal activities. The list includes:
- The administrators of the site.
- Developers of malware.
- Sellers of compromised servers.
- Buyers who were keen on purchasing access to compromised networks and data.
Specific Charges Against Individuals
The individuals who ran or used the xDedic marketplace faced various charges, including conspiracy to commit wire fraud and aggravated identity theft. The gravity of the charges varied with each individual's specific role and level of involvement in the cybercrime activities performed through the platform. Consequently, the sentences given ranged from probation to years in prison.
Arrests and Sentencing of Website Administrators Alexandru Habasescu and Pavlo Kharmanskyi
Key figures in the operation of the xDedic marketplace were Ukrainian national Pavlo Kharmanskyi and Alexandru Habasescu from Moldova. Kharmanskyi was caught while attempting to enter the United States, and Habasescu was arrested in the Spanish Canary Islands in 2022. Kharmanskyi received a sentence of 30 months in prison, and Habasescu was given a longer sentence of 41 months.
Role and Sentencing of Russian National Dariy Pankov and Nigerian National Allen Levinson
The developer of the NLBrute malware and a significant seller on the xDedic marketplace was Russian national Dariy Pankov. The U.S. government attributed Pankov with listing the credentials of over 35,000 compromised servers for sale worldwide, which earned him more than $350,000 in illicit funds. Pankov was sentenced to 60 months in federal prison. On the other hand, Allen Levinson, a Nigerian national interested in purchasing access to US-based Certified Public Accounting firms, was another active participant in the marketplace. Levinson was arrested in the U.K. in 2020 and then extradited to the U.S., where he received a lengthy sentence of 78 months in jail.
Other Criminals and Associated Sentences
In addition to the arrests and sentencing of the site administrators and prominent users, the crackdown on the xDedic marketplace led to charges against various individuals. These included cybercriminals from various geographic locations and different roles within the cybercrime network. While some have already received their sentences, a few still await sentencing, and others may face extradition.
Origins of the Remaining Cybercriminals
Of the 19 individuals recently charged in relation to the xDedic marketplace, the remaining cybercriminals hail from various countries, including Ukraine, Nigeria, the United Kingdom, and the United States. The reach of this illicit marketplace was globally extensive, bringing together a diverse set of criminals under the banner of cybercrime.
Range of Received Sentences
The individuals charged in connection with the xDedic marketplace received a range of sentences, differing based on their respective involvement in the network's operations. The sentences already handed down vary from 5 years' probation to 78 months in prison. This reflects the varying depth of involvement and nature of each indicted party's criminal activities in the marketplace.
Extradition and Charges for Two Suspects from the United Kingdom
Further charges could come from the United Kingdom as two additional suspects may face extradition to the United States. These suspects are potentially facing charges of conspiracy to commit wire fraud and aggravated identity theft. These charges reflect the seriousness of the criminal activities facilitated and undertaken on the xDedic marketplace and the commitment of international law enforcement to seek justice.
Additional Cybersecurity News
Apart from cybercrimes related to the xDedic marketplace, a slew of other cybersecurity incidents have also been making headlines around the globe. They include a case of SIM swapping that led to a prison sentence, an arrest connected to LockBit ransomware attacks, the U.S. Energy Department's substantial investment in security research, Airbus' potential acquisition of a significant cybersecurity unit, and a hacking incident that resulted in considerable cryptocurrency theft.
Russian National Arrested over LockBit Ransomware Attacks
Further exemplifying the international reach and impact of cybercrimes, a Russian national was apprehended due to connections with the notorious LockBit ransomware attacks. This arrest is another firm stride in the global effort to counteract cyber threats and punish their perpetrators.
Energy Department's Funding for Security Research
In an encouraging development on the cybersecurity front, the U.S. Department of Energy is reportedly set to offer a substantial sum of $70 million for security and resilience research. This substantial investment underlines the government's commitment to intensifying security measures against the evolving landscape of cyber threats.
Hacked Mandiant X Account and Resulting Cryptocurrency Theft
In another glaring instance of cybersecurity threats, a Mandiant X account was attacked and exploited for illicit cryptocurrency theft. This incident reiterates the vulnerability of digital asset technologies and the need for robust cybersecurity measures to prevent cyber theft.