(Last Updated On: January 7, 2024)

xDedic Marketplace Is Now An Ex-xDedic Marketplace!

Global Law Enforcement Shuts Down Dark Web Marketplace and Arrests 19

Authors:
•  SCARS Editorial Team – Anthropologist, Scientist, Director of the Society of Citizens Against Relationship Scams Inc.
•  United States Department of Justice

Article Abstract

United States Attorney Roger B. Handberg concludes a significant transnational cybercrime investigation into the xDedic Marketplace, a dark web site trafficking in login credentials and personal data of U.S. residents.

Operating globally, this marketplace enabled diverse illegal activities such as tax fraud and ransomware.

The takedown in 2019 involved a coalition of law enforcement entities and led to the dismantling of xDedic’s infrastructure. Subsequent investigations and prosecutions of administrators, sellers, and buyers—spanning several nations—resulted in the recent numerous convictions and extraditions, highlighting the collaboration among various countries and agencies to combat cybercrime. The cases, managed by the FBI and IRS, underscore the complexity of pursuing cybercriminals across borders.

xDedic Marketplace

19 Individuals Worldwide Charged In Transnational Cybercrime Investigation Of The xDedic Marketplace

Tampa, Florida – United States Attorney Roger B. Handberg announces the culmination of a transnational cybercrime investigation involving the Dark Web xDedic Marketplace. According to court documents, the xDedic Marketplace was a website on the dark web that illegally sold login credentials (usernames and passwords) to servers located across the world and personally identifiable information—dates of birth and Social Security numbers—of U.S. residents. Once purchased, criminals used these servers to facilitate a wide range of illegal activity that included tax fraud and ransomware attacks.

The xDedic dark web administrators practiced exceptional operational security, operating the website across a widely distributed international network, and utilizing cryptocurrency in order to hide the locations of the Marketplace’s underlying servers and the identities of its administrators, sellers, and buyers. In total, xDedic offered more than 700,000 compromised servers for sale, including at least 150,000 in the United States and at least 8,000 in Florida. Marketplace victims spanned the globe and industries, including local, state, and federal government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transit authorities, accounting and law firms, pension funds, and universities.

In January 2019, the U.S. Attorney’s Office for the Middle District of Florida (Tampa Division) seized xDedic’s domain names and dismantled the website’s infrastructure, effectively ceasing its operation. The international operation to dismantle and seize this infrastructure was the result of close cooperation with law enforcement authorities in Belgium and Ukraine, the European law enforcement agency Europol, the National High Tech Crime Unit from the Dutch National Police, and the German Bundeskriminalamt.

In the years that followed the takedown of the xDedic Marketplace, the U.S. Attorney’s Office investigated and charged individuals involved in every level of the website’s operation, including its administrators, server sellers, and buyers. For example, Alexandru Habasescu and Pavlo Kharmanskyi were Marketplace administrators. Habasescu, who resided in Chisnau, Moldova, was the lead developer and technical mastermind for the Marketplace, while Kharmanskyi, who lived in Kiev, Ukraine, advertised for the website, paid administrators, and provided customer support to buyers. Habasescu was taken into custody in the Spanish Canary Islands in 2022 and extradited to the United States, while Kharmanskyi was arrested at the Miami International Airport in 2019 as he attempted to enter the United States. Habasescu and Kharmanskyi were sentenced to 41 and 30 months’ imprisonment, respectively.

Dark Web Marketplace seller Dariy Pankov, a Russian national, was one of the highest sellers on the Marketplace by volume, listing for sale the credentials of more than 35,000 compromised servers located all over the world and obtaining more than $350,000 in illicit proceeds. Pankov’s criminal activities were facilitated by a powerful malicious software program he developed named “NLBrute,” that was capable of compromising protected computers by decrypting login credentials. Pankov was taken into custody in the Republic of Georgia in 2022 and extradited to the United States. He was subsequently sentenced to 60 months in federal prison.

Nigerian national Allen Levinson was a prolific buyer on the Marketplace who held particular interest in purchasing access to U.S.-based Certified Public Accounting firms. He used the information he obtained from those servers to file hundreds of false tax returns with the United States government, requesting more than $60 million in fraudulent tax refunds. Levinson was taken into custody in the United Kingdom in 2020 and extradited to the United States. He was subsequently sentenced to 78 months in federal prison.

Many of the charged defendants are foreign nationals and hold citizenship in countries that do not extradite their nationals, requiring the United States to locate and extradite subjects from countries that do.  As identified in the table below, to date, 17 defendants have been charged and/or extradited to the United States.

Name

(Age, Nationality)

Offense of Conviction

Term of

Imprisonment

Allen Levinson

(31, Nigeria)

Conspiracy to Commit

Mail and Wire Fraud

78 months

T’Andre McNeely

(33, California)

Conspiracy to Commit

Mail and Wire Fraud

78 months

Michael Carr

(33, California)

Conspiracy to Commit

Mail and Wire Fraud

78 months

Dariy Pankov

(29, Russia)

Conspiracy to Commit

Access Device and Computer Fraud

60 months

Glib Ivanov-Tolpintsev

(29, Ukraine)

Conspiracy to Commit

Access Device and Computer Fraud

48 months

Alexandru Habasescu

(31, Moldova)

Access Device Fraud

41 months

Adedotun Adejumo

(45, Oklahoma)

Conspiracy to Commit Wire Fraud

33 months

Pavlo Kharmanskyi

(32, Ukraine)

Access Device Fraud

30 months

Joshua Spencer

(29, New York)

Conspiracy to Commit

Access Device Fraud

28 months

Ibrahim Jinadu

(36, Georgia)

Conspiracy to Commit

Wire Fraud

27 months

Brandon Williams

(34, California)

Conspiracy to Commit

Mail and Wire Fraud

12 months

Harold McKinzie

(29, Illinois)

Wire Fraud

5 years’ probation

Bamidele Omotosho

(42, Nigeria)

Conspiracy to Commit Wire Fraud

Sentence pending

Olayemi Adafin

(38, United Kingdom)

Conspiracy to Commit Wire Fraud

Sentence pending

Olakunle Oyebanjo

(29, United Kingdom)

Conspiracy to Commit Wire Fraud

Sentence pending

Akinola Taylor

(38, United Kingdom)

Conspiracy to Commit Wire Fraud

Sentence pending

Oluwarotimi Ogunlana

(29, Texas)

Conspiracy to Commit Wire Fraud

Sentence pending

In addition to the individuals above, xDedic Marketplace buyers Olufemi Odedeyi (42, United Kingdom) and Oluwaseyi Shodipe (41, United Kingdom) have been charged with conspiracy to commit wire fraud and aggravated identity theft. Both and are pending extradition from the United Kingdom. Shodipe has also been charged with making false claims and theft of government funds. If convicted, Odedeyi and Shodipe each face a maximum penalty of 20 years in federal prison.

These cases were led by the Tampa Division of the Federal Bureau of Investigation and the Tampa Field Office of Internal Revenue Service – Criminal Investigation. Substantial assistance was provided by the IRS-CI Cyber Crimes Unit (Washington, D.C.), the Department of Justice’s Office of International Affairs, and Homeland Security Investigations. This investigation also benefited greatly from cooperation with foreign law enforcement in Belgium, Georgia, Germany, Poland, Spain, the United Kingdom, Romania, Switzerland, Estonia, Latvia, Bulgaria, Ukraine, Lithuania, and Moldova. The cases are being prosecuted by Assistant United States Attorneys Rachel K. Jones, Carlton C. Gammons, and Suzanne Nebesky.

SCARS Resources:

PLEASE NOTE: Psychology Clarification

The following specific modalities within the practice of psychology are restricted to psychologists appropriately trained in the use of such modalities:

  • Diagnosis: The diagnosis of mental, emotional, or brain disorders and related behaviors.
  • Psychoanalysis: Psychoanalysis is a type of therapy that focuses on helping individuals to understand and resolve unconscious conflicts.
  • Hypnosis: Hypnosis is a state of trance in which individuals are more susceptible to suggestion. It can be used to treat a variety of conditions, including anxiety, depression, and pain.
  • Biofeedback: Biofeedback is a type of therapy that teaches individuals to control their bodily functions, such as heart rate and blood pressure. It can be used to treat a variety of conditions, including stress, anxiety, and pain.
  • Behavioral analysis: Behavioral analysis is a type of therapy that focuses on changing individuals’ behaviors. It is often used to treat conditions such as autism and ADHD.
    Neuropsychology: Neuropsychology is a type of psychology that focuses on the relationship between the brain and behavior. It is often used to assess and treat cognitive impairments caused by brain injuries or diseases.

SCARS and the members of the SCARS Team do not engage in any of the above modalities in relationship to scam victims. SCARS is not a mental healthcare provider and recognizes the importance of professionalism and separation between its work and that of the licensed practice of psychology.

SCARS is an educational provider of generalized self-help information that individuals can use for their own benefit to achieve their own goals related to emotional trauma. SCARS recommends that all scam victims see professional counselors or therapists to help them determine the suitability of any specific information or practices that may help them.

SCARS cannot diagnose or treat any individuals, nor can it state the effectiveness of any educational information that it may provide, regardless of its experience in interacting with traumatized scam victims over time. All information that SCARS provides is purely for general educational purposes to help scam victims become aware of and better understand the topics and to be able to dialog with their counselors or therapists.

It is important that all readers understand these distinctions and that they apply the information that SCARS may publish at their own risk, and should do so only after consulting a licensed psychologist or mental healthcare provider.

Opinions

The opinions of the author are not necessarily those of the Society of Citizens Against Rleationship Scams Inc. The author is solely responsible for the content of their work. SCARS is protected under the Communications Decency Act (CDA) section 230 from liability.

Disclaimer:

SCARS IS A DIGITAL PUBLISHER AND DOES NOT OFFER HEALTH OR MEDICAL ADVICE, LEGAL ADVICE, FINANCIAL ADVICE, OR SERVICES THAT SCARS IS NOT LICENSED OR REGISTERED TO PERFORM.

IF YOU’RE FACING A MEDICAL EMERGENCY, CALL YOUR LOCAL EMERGENCY SERVICES IMMEDIATELY, OR VISIT THE NEAREST EMERGENCY ROOM OR URGENT CARE CENTER. YOU SHOULD CONSULT YOUR HEALTHCARE PROVIDER BEFORE FOLLOWING ANY MEDICALLY RELATED INFORMATION PRESENTED ON OUR PAGES.

ALWAYS CONSULT A LICENSED ATTORNEY FOR ANY ADVICE REGARDING LEGAL MATTERS.

A LICENSED FINANCIAL OR TAX PROFESSIONAL SHOULD BE CONSULTED BEFORE ACTING ON ANY INFORMATION RELATING TO YOUR PERSONAL FINANCES OR TAX RELATED ISSUES AND INFORMATION.

SCARS IS NOT A PRIVATE INVESTIGATOR – WE DO NOT PROVIDE INVESTIGATIVE SERVICES FOR INDIVIDUALS OR BUSINESSES. ANY INVESTIGATIONS THAT SCARS MAY PERFORM IS NOT A SERVICE PROVIDED TO THIRD-PARTIES. INFORMATION REPORTED TO SCARS MAY BE FORWARDED TO LAW ENFORCEMENT AS SCARS SEE FIT AND APPROPRIATE.

This content and other material contained on the website, apps, newsletter, and products (“Content”), is general in nature and for informational purposes only and does not constitute medical, legal, or financial advice; the Content is not intended to be a substitute for licensed or regulated professional advice. Always consult your doctor or other qualified healthcare provider, lawyer, financial, or tax professional with any questions you may have regarding the educational information contained herein. SCARS makes no guarantees about the efficacy of information described on or in SCARS’ Content. The information contained is subject to change and is not intended to cover all possible situations or effects. SCARS does not recommend or endorse any specific professional or care provider, product, service, or other information that may be mentioned in SCARS’ websites, apps, and Content unless explicitly identified as such.

The disclaimers herein are provided on this page for ease of reference. These disclaimers supplement and are a part of SCARS’ website’s Terms of Use

Legal Notices: 

All original content is Copyright © 1991 – 2023 Society of Citizens Against Relationship Scams Inc. (Registered D.B.A SCARS) All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.

U.S. State of Florida Registration Nonprofit (Not for Profit) #N20000011978 [SCARS DBA Registered #G20000137918] – Learn more at www.AgainstScams.org

SCARS, SCARS|INTERNATIONAL, SCARS, SCARS|SUPPORT, SCARS, RSN, Romance Scams Now, SCARS|INTERNATION, SCARS|WORLDWIDE, SCARS|GLOBAL, SCARS, Society of Citizens Against Relationship Scams, Society of Citizens Against Romance Scams, SCARS|ANYSCAM, Project Anyscam, Anyscam, SCARS|GOFCH, GOFCH, SCARS|CHINA, SCARS|CDN, SCARS|UK, SCARS|LATINOAMERICA, SCARS|MEMBER, SCARS|VOLUNTEER, SCARS Cybercriminal Data Network, Cobalt Alert, Scam Victims Support Group, SCARS ANGELS, SCARS RANGERS, SCARS MARSHALLS, SCARS PARTNERS, are all trademarks of Society of Citizens Against Relationship Scams Inc., All Rights Reserved Worldwide

Contact the legal department for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org