Authorities shutdown the XDedic Marketplace, after staying in operation for years selling hacked servers. The black market website known as a “hacker’s dream” sold compromised computer credentials and personally identifiable information of U.S citizens to people around the globe.
The investigation was led by the FBI and IRS, alongside U.S Immigration and Customs Enforcement’s Homeland Investigations and the Florida Department of Law Enforcement. Further, the international enforcement operation involved assistance from Belgium, Ukraine, and the European law enforcement agency Europol.
The DOJ press release stated:
“On January 24, 2019, seizure orders were executed against the domain names of the xDedic Marketplace, effectively ceasing the website’s operation.”
According to authorities, the website made more than $68 million in fraud, since it first began its operation in 2014. The site first became widely known after Kaspersky published a report in 2016. The site shutdown intermittently after the report, but reappeared on the Tor network. The illicit site was thought to have been run by a Russian hacker group. At the time buyers had options to purchase more than 70,000 hacked servers for cheap prices.
In a report, Kaspersky said:
“And the best thing about it – it’s cheap! Purchasing access to a server located in a European Union country government network can cost as little as $6.”
xDedic operators, maintained servers across the globe selling compromised computers. Additionally, operators used bitcoin to mask locations of servers and the names of administrators, buyers, and sellers maintaining anonymity. Buyers searched for the site according to their desired price, operating system, and geographic location.
The press release noted:
“The victims span the globe and all industries, including local, state, and federal government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transit authorities, accounting and law firms, pension funds, and universities”
During the operation multiple IT systems were found. Three Ukrainian suspects were also arrested.
Image credits: U.S Department of Justice
If you believe your organization was compromised contact LIFARS immediately.