US Charge Man with Running Stolen Credentials Marketplace

Written by

A man has been extradited from the UK to the US for allegedly operating a website that sold access to compromised computer credentials.

Sandu Diaconu, 31, from Moldova, has been charged by the US with conspiracy to commit access device and computer fraud, wire fraud conspiracy, money laundering conspiracy, access device fraud, and computer fraud. If found guilty, he faces a maximum of 20 years in federal prison.

Additionally, the indictment notifies Diaconu that the US is seeking an order of forfeiture relating to the proceeds of and used in the charged criminal conduct.

The charges relate to Diaconu’s alleged administration of the E-Root marketplace, a website that for years sold access to compromised computer credentials. Based on the investigation led by IRS - CI Cyber Crimes Unit (Washington, D.C) and the FBI - Tampa Division, the authorities believe more than 350,000 credentials were listed for sale on E-Root.

The court documents highlighted the steps the E-Root marketplace took to hide the identities of its administrators, buyers and sellers. This includes using the online payment system Perfect Money to help conceal payments, and offering its illicit cryptocurrency exchange service for the purpose of converting Bitcoin to Perfect Money and vice-versa.

Buyers could search for compromised computer credentials on E-Root, such as RDP and SSH access, through a range of criteria, including price, geographic location, internet service provider, and operating system.

Many of the victims, who spanned the globe and included at least one government agency in Tampa, Florida, were subjected to ransomware attacks. Additionally, some of the stolen credentials were linked to stolen identity tax schemes.

The E-Root marketplace was taken down at the end of 2020, with seizure orders executed against the domain names of the site. Diaconu was arrested in the UK while trying to leave the country in May 2021, and in September 2023, Westminster Magistrates’ Court ordered him to be extradited to the US.

Growing Crackdown on Cybercrime Websites

The takedown of the E-Root marketplace is one of a number of law enforcement actions against dark web criminal marketplaces. For example, in April 2022, German police shut down Russian darknet marketplace Hydra, and in May 2023, Europol arrested nearly 300 individuals on suspicion of buying or selling drugs on underground marketplace Monopoly Market.

Mike Newman, CEO of My1Login, welcomed the recent indictment against Diaconu, highlighting the enormous damage caused by E-Root.

“Because the site focused on credentials, buyers knew that when purchasing one valid set they could test them out on other sites to gain access to more user accounts – this widened the attack surface but also made it likely many more organizations outside of E-Root’s database were impacted,” he said.

However, he cautioned that many other similar marketplaces still exist on the dark web.

What’s hot on Infosecurity Magazine?