The US authorities announced they concluded the investigation into a dark web marketplace called ‘xDedic’ that sold stolen login credentials, access to hacked servers, and personally identifiable information (PII).
Criminals used these servers to facilitate a wide range of illegal activity that included tax fraud and ransomware attacks, the US Department of Justice said.
In total, xDedic offered more than 700,000 compromised servers for sale, with victims spanning multiple industries, including local, state, and federal government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transit authorities, accounting and law firms, pension funds, and universities. The marketplace was dismantled in 2019 as a result of an international law enforcement operation involving authorities from the US, Germany, Belgium, the Netherlands and Ukraine.
Since the site’s shut down, the US authorities have arrested and charged multiple individuals involved in the operation and use of the marketplace, including two key figures, Alexandru Habasescu and Pavlo Kharmanskyi. Habasescu, who resided in Chisnau, Moldova, was the lead developer and technical mastermind for the Marketplace, while Kharmanskyi, who lived in Kiev, Ukraine, advertised for the website, paid administrators, and provided customer support to buyers.
Habasescu was arrested in the Spanish Canary Islands in 2022 and extradited to the US, while Kharmanskyi was apprehended at the Miami International Airport in 2019 as he tried to enter the country. Habasescu and Kharmanskyi were sentenced to 41 and 30 months’ imprisonment, respectively.
The list also includes Dariy Pankov, a Russian national who was one of the top sellers on the marketplace, listing for sale the credentials of more than 35,000 hacked servers. Pankov, aka dpxaker, is a developer behind a brute-forcing tool called “NLBrute.” He was arrested in October 2022 in Georgia and extradited to the US. Pankov pleaded guilty in September 2023 and was subsequently sentenced to 60 months in prison.
Nigerian national Allen Levinson, described by authorities as “a prolific buyer,” was sentenced to 78 months in prison. He used information obtained from hacked accounting firm servers to file false tax returns with the US government, attempting to obtain over $60 million.
The remaining cybercriminals hail from Nigeria, the UK, the US, and Ukraine. They were handed sentences ranging from probation to 6.5 years in prison. The sentence is pending for five cybercriminals.
