Although not the most famous and largest Darknet marketplace out there, the DOJ has officially arrested and charged a total of 19 individuals who played a role in running the marketplace. The darknet fraud-focused market is known for illegally selling login credentials and personally identifiable information, including dates of birth and Social Security numbers of U.S. residents. The stolen data facilitated a range of illicit activities, such as tax fraud and ransomware attacks. However, law enforcement agencies have put finally concluded their investigation five years after its seizure. Key figures like Alexandru Habasescu, Pavlo Kharmanskyi, Dariy Pankov, and Allen Levinson received prison sentences ranging from 30 to 78 months for their roles in the cybercrime network.
Key Takeaways
- The defunct xDedic Marketplace was a Darknet fraud market selling over 700,000 compromised server credentials and personally identifiable information, including government, healthcare, and finance.
- The dismantling of xDedic was a result of a coordinated international law enforcement effort. Agencies from Belgium, Ukraine, Germany, the Netherlands, and the United States, along with Europol and Eurojust
- The U.S. Department of Justice charged 19 individuals for their involvement with xDedic.
- The case continues with several defendants still awaiting sentencing or extradition.
On Friday, 5 January 2024, the U.S. Department of Justice reported closing its investigation of the xDedic Dark Web marketplace. In January 2019, the U.S. Attorney’s Office for the Middle District of Florida (Tampa Division) seized xDedic’s domain names and dismantled the website’s infrastructure, effectively ceasing its operation; the aftermath continued for five years. Having successfully brought down the multinational criminal organisation responsible for the marketplace, the Department of Justice has charged 19 individuals with fraud.
This investigation has been ongoing for years now. Before the marketplace was shut down in 2019, it was known for selling login credentials to servers and personal info of U.S. residents, as well as their birthdates and social security numbers.
The Darknet marketplace listed a staggering 700,000 compromised servers for sale, which affected 150,000 US residents alone. At the time of its takedown, the authorities involved estimated that xDedic had helped contribute to over $68 million worth of global fraud as cybercriminals used the data they purchased on the marketplace.
The DoJ said, “Once purchased, criminals used these servers to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks.” These attacks primarily target government infrastructure like hospitals, emergency services, call centres, accounting firms, pension funds and law firms.
U.S. Attorney Roger B. Handberg had this to say about the ongoing investigation in regards to the investigation over the last few years;
“In the years that followed the takedown of the xDedic Marketplace, the U.S. attorney’s office investigated and charged individuals involved in every level of the website’s operation, including its administrators, server sellers, and buyers.”
To bring the case to a close, the FBI, IRS, DoJ, and Department of Homeland Security led the investigation, with help from other international law enforcement agencies. Handberg had this to say;
“This investigation also benefited greatly from cooperation with foreign law enforcement in Belgium, Georgia, Germany, Poland, Spain, the United Kingdom, Romania, Switzerland, Estonia, Latvia, Bulgaria, Ukraine, Lithuania, and Moldova.”
19 Suspects Charged with Fraud
The DoJ, Belgium and Ukraine law enforcement, Europol, Dutch National Police, and German Bundeskriminalmt worked together to get the suspects charged and extradited to the U.S. to stand trial. Those charged include Alexandru Habsescu, who received 40 months in prison, and Pavlo Kharmanskyi, who received 30 months in jail.
Alexandru was the brain behind the xDedic marketplace, with Pavlo managing the whole operation’s payments, advertising and customer support. According to the DoJ, these practised exceptional operational security, running their organisation across international networks and using crypto to mask the original location of their servers. Out of the 19 caught, 12 have already been sentenced. The other individuals involved include:
- Allen Levinson (31, Nigeria)
- T’Andre McNeely (33, California)
- Michael Carr (33, California)
- Dariy Pankov (29, Russia)
- Glib Ivanov-Tolpintsev (29, Ukraine)
- Adedotun Adejumo (45, Oklahoma)
- Joshua Spencer (29, New York)
- Ibrahim Jinadu (36, Georgia)
- Brandon Williams (34, California)
- Harold McKinzie (29, Illinois)
- Bamidele Omotosho (42, Nigeria)
- Olayemi Adafin (38, UK)
- Olakunle Oyebanjo (29, UK)
- Akinola Taylor (38, UK)
- Oluwarotimi Ogunlana (29, Texas)
- Olufemi Odedeyi (42, UK)
- Oluwaseyi Shodipe (41, U.K.)
Allen Levinson, a Nigerian national, was a common buyer on the marketplace, buying access to US-based accounting firms where he filed over $60 million of fraudulent tax returns. He was sentenced to 78 months in the United Kindom after he was caught in 2020.
Dairy Pankov, one of the top sellers on xDedic, listed over 35,000 compromised servers, which earned over $350,000 in sales; he was caught in 2022 in the Republic of Georgia and later sentenced to 60 months in prison. Pankov’s success in criminal activities came from a malicious software program he developed named “NLBrute.” The malware would decrypt login credentials and provide Pankov with a lot of valuable information.
Most of the other charges brought against the rest of the accused were conspiracy to commit mail and wire fraud, conspiracy to commit access device and computer fraud, access device fraud, conspiracy to commit wire fraud, Conspiracy to commit wire fraud, aggravated I.D. and theft.
The xDedic Marketplace was an online marketplace that operated on the dark web, selling a wide range of illegal services, from login credentials to personal information, that led to millions of dollars’ worth of theft.
It’s likely that there were other criminals involved in the marketplace as buyers or sellers. However, as soon as the marketplace was shut down, most individuals were scattered to avoid prosecution.
While the shutting down of the xDedic marketplace was a massive victory in the battle against cybercrime, there are still other marketplaces. Check out our forum list