The US Justice Department (DoJ) announced that 19 individuals involved in managing and using the late xDedic cybercrime marketplace have been charged with lengthy prison sentences.
The list includes two xDedic administrators, Pavlo Kharmanskyi, a Ukrainian man who was arrested while trying to enter the US, and Alexandru Habasescu, of Moldovan nationality, who was arrested in the Spanish Canary Islands in 2022.
Kharmanskyi and Habasescu were sentenced to 30- and 41-months’ imprisonment, respectively.
Russian national Dariy Pankov and Nigerian national Allen Levinson were also among the people charged.
The US government described Pankov as the developer of the NLBrute malware and as “one of the highest sellers on the Marketplace by volume, listing for sale the credentials of more than 35,000 compromised servers located all over the world and obtaining more than $350,000 in illicit proceeds.” He was sentenced to 60 months in federal prison.
Meanwhile, Levinson is “a prolific buyer on the Marketplace who was interested in purchasing access to US-based Certified Public Accounting firms.” He was taken into custody in the UK in 2020 and extradited to the US. Levinson has been sentenced to 78 months in jail.
The rest of the list counts cybercriminals from Ukraine, Nigeria the UK and several US nationals.
Of those, 11 have received sentences from 5 years’ probation to 78 months in jail. Five individuals are still awaiting their sentences.
Two additional suspects could be extradited from the UK to the US for charges of conspiracy to commit wire fraud and aggravated identity theft.
What Was the xDedic Dark Web Marketplace?
The xDedic dark web marketplace was first discovered in 2016 when Kaspersky Lab was tipped off by a European Internet service provider (ISP).
The security vendor claimed that the marketplace had been active since at least 2014 and provided a platform for trade log-ins to as many as 70,000 corporate and government servers, starting at just $6 per log-in.
In January 2019, the US Attorney’s Office for the Middle District of Florida (Tampa Division) seized xDedic’s domain names and dismantled the website’s infrastructure, effectively ceasing its operation.
The joint law enforcement also involved the FBI, Europol, authorities in Belgium and Ukraine, the National High Tech Crime Unit from the Dutch National Police and the German Bundeskriminalamt.
In total, the DoJ estimates that xDedic offered more than 700,000 compromised servers for sale, including at least 150,000 in the US.
Marketplace victims spanned the globe and industries, including local, state, and federal government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transit authorities, accounting and law firms, pension funds and universities.