The U.S. Attorney’s Office for the Middle District of Florida recently announced significant progress in an ongoing investigation into the notorious xDedic marketplace, an illegal website that sold stolen login credentials and personal data.
The culmination of this transnational cybercrime investigation has resulted in charges against 19 individuals across the globe for their roles in operating, selling on, and utilizing the dark web marketplace.
What was xDedic?
According to released court documents, xDedic was a marketplace hosted on the dark web that specialized in the sale of compromised credentials, including usernames, passwords, and personal information such as dates of birth and Social Security numbers. At its peak, xDedic offered access to over 700,000 hacked servers for sale, with at least 150,000 located in the United States.
The marketplace served as a platform for cybercriminals to purchase access to a wide range of servers, including those belonging to government agencies, hospitals, call centres, law firms, and more. The purchased credentials were then used to facilitate additional criminal activity such as tax fraud and ransomware attacks.
Multi-national Takedown Operation
Law enforcement authorities first dismantled xDedic’s infrastructure and seized its domain names in January 2019, effectively shutting down the marketplace. This complex operation was conducted jointly by agencies in the U.S., Ukraine, Belgium, the European law enforcement agency Europol, the National High Tech Crime Unit from the Dutch National Police, and the German Bundeskriminalamt.
In the years since investigators have identified and charged individuals in roles across xDedic’s operations – from its administrators to prolific sellers and buyers who profited from the sale of the stolen data.
Charges and Extradition of Key Figures
Among those charged were two of the marketplace’s primary administrators, Alexandru Habasescu of Moldova and Pavlo Kharmanskyi of Ukraine. Habasescu served as the lead developer and was arrested in the Canary Islands in 2022 before being extradited to face charges in the U.S. Kharmanskyi handled advertising and customer service for xDedic and was arrested at Miami International Airport in 2019. Habasescu and Kharmanskyi were sentenced to 41 and 30 months’ imprisonment, respectively.
Additional high-profile suspects charged include prolific Russian seller Dariy Pankov, who sold credentials for over 35,000 compromised servers on xDedic. He was arrested in Georgia in 2022 and extradited to the U.S., receiving a 60 month sentence.
Nigerian buyer Allen Levinson was found to have used xDedic to file hundreds of fraudulent tax returns seeking over $60 million in refunds. He was extradited from the U.K. in 2020 and sentenced to 78 months in prison.
To date, 17 defendants have been charged, with some awaiting extradition from countries including the U.K. The extensive investigation demonstrates the global cooperation required to combat cybercriminal enterprises operating across international borders on the dark web. Authorities tout the years-long operation as a successful disruption of a major player in the underground economy of credential theft and fraud.