US says Russian ran online marketplace of stolen logins
Cyber-souk offered bundle deals of account access and credit card info, says Uncle Sam
A Russian national was indicted in the US on Tuesday for allegedly running an online marketplace selling access to credit card, shopping, and web payment accounts belonging to tens of thousands of victims.
Igor Dekhtyarchuk, 23, who is on the FBI's Cyber's Most Wanted list, is suspected to be the mastermind of an underground cyber-souk dubbed "Marketplace A" by the US Department of Justice. The site, launched in 2018 and known as a carding shop in the cyber-security industry, sold login details for people's internet banking and retail accounts so that fraudsters could, for instance, go on spending sprees on a stranger's dime.
Marketplace A functioned like any other online store, and even had bundle deals, such as an offer to buy access to two online retail accounts and get some credit card information thrown in, for the same victim, it was claimed. The credentials were priced according to a victim's account balances; miscreants allegedly had to pay more for data associated with accounts with more money to steal from.
Dekhtyarchuk also apparently rented out software: customers could download a program that, when given someone's stolen login info and a provided cookie, would grant access to said account, prosecutors said. This software was available for seven days at a time, and was called “[Company A] Auth 1.0” as it granted access to a business labeled Company A by the Dept of Justice.
Marketplace A claimed to have sold data for more than 48,000 email accounts, and more than 39,000 other online accounts, and attracted 5,000 visitors every day, according to an indictment filed in a federal district court in eastern Texas.
"The cyber-criminal marketplace operated by Dekhtyarchuk promoted and facilitated the sale of compromised credentials, personally identifiable information (PII), and other sensitive financial information," FBI Houston Special Agent in Charge Jim Smith said in a statement. "Cyber-criminal actors behind these marketplaces go to great length to obfuscate their true identities and often utilize other sophisticated methods to further anonymize their activities."
- Cybercriminals made $7bn in pure profit in 2021, says FBI
- Taiwan rounds up 60 Chinese tech workers on suspicion of poaching tech and people
- US winds up national security team dedicated to Chinese espionage
- FBI seizes $3.6bn in Bitcoin after New York 'tech couple' arrested over Bitfinex robbery
Dekhtyarchuk operated under the alias "floraby" in online cyber-crime forums. He started offering to sell information from stolen accounts in April 2018, and launched Marketplace A a month later, it was claimed. The illegal site was traced to him after the Feds set up a covert operation in March last year.
An FBI employee bought thirteen items from Marketplace A, each containing stolen information for up to 20 online accounts. In total, the FBI was able to purchase details for 131 online accounts. This data was sent via a link to a page or a Telegram message.
"This case exemplifies the need for all of us, right now, to take steps to protect our online identity, our personal data, and our monetary accounts," said US Attorney Brit Featherston. "Cyber-criminals are lurking behind the glow of computer screens and are harming Americans."
Dekhtyarchuk was indicted on charges of wire fraud, access device fraud, and aggravated identity theft. A federal arrest warrant has been issued by law enforcement. He faces up to 20 years in federal prison if convicted. Being a Russian citizen at large, and known to be living in Russia, no one is holding their breath. ®