This post may contain affiliate links, please read our affiliate disclosure to learn more.
Hackers charged in connection with the xDedic Marketplace

19 Cybercriminals Face Justice in Global Law Enforcement Operation

 By Nataly Vovk | Threat Intelligence Analyst
 Published on January 8th, 2024

On January 4, 2023, the U.S. Department of Justice (DoJ) shared information about 19 individuals charged worldwide in connection with the xDedic Marketplace.

This dark website, known for illegally selling login credentials to servers globally and the personal information of U.S. residents, was used by criminals for activities like tax fraud and ransomware attacks. The U.S. Attorney for the Middle District of Florida, Roger B. Handberg, announced the culmination of this extensive operation.

NordVPN 67% off + 3-month VPN coupon

Stay One Step Ahead of Cyber Threats

Want to Be the Smartest Guy in the Room? Get the Latest Cybersecurity News and Insights.
We respect your privacy and you can unsubscribe anytime.

Key Takeaways:

  • A major international cybercrime investigation culminated on January 4, 2023, with 19 individuals charged globally in relation to the xDedic Marketplace.
  • The xDedic Marketplace was a notorious dark web site involved in selling illegal login credentials and personal information.
  • The U.S. Attorney’s Office in Tampa, Florida, spearheaded the dismantling of the xDedic infrastructure in 2019 with international cooperation, effectively ending its operations.
  • High-profile convictions include marketplace administrators, sellers, and buyers, with notable sentences for key figures.
  • The successful investigation and prosecution efforts were a result of extensive collaboration among law enforcement agencies across multiple countries.

xDedic Criminal Marketplace

The xDedic Marketplace, notorious for its vast scope, offered over 700,000 compromised servers, including many in the U.S. and Florida. The administrators maintained high operational security, using a distributed international network and cryptocurrency to conceal their identities and the locations of the servers.

“The xDedic administrators practiced exceptional operational security, operating the website across a widely distributed international network and utilizing cryptocurrency in order to hide the locations of the Marketplace’s underlying servers and the identities of its administrators, sellers, and buyers,” stated the Department of Justice.

Effective Global Cooperation

This global effort involved cooperation from Belgium, Ukraine, Europol, the Dutch National Police, and Germany’s Bundeskriminalamt. Following the takedown, the U.S. Attorney’s Office pursued charges against individuals at all levels of xDedic’s operation, including administrators, server sellers, and buyers.

Notably, Alexandru Habasescu and Pavlo Kharmanskyi, key administrators from Moldova and Ukraine, respectively, were arrested and sentenced for their roles in managing and supporting the marketplace.

Additional significant convictions include Dariy Pankov, a Russian national who was a major seller on the marketplace, and Allen Levinson, a Nigerian national who extensively purchased from xDedic. Pankov, responsible for listing over 35,000 compromised servers and creating a malicious software program named “NLBrute,” was sentenced to 60 months in prison.

Levinson, who targeted U.S. accounting firms to file fraudulent tax returns, received a 78-month sentence. The U.S. faced challenges in extraditing some foreign nationals due to their countries’ non-extradition policies but has successfully charged or extradited 17 defendants to date.

Recently, the FBI also arrested the admin of the BreachForums hacking forum.

"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional
Scroll to Top