Sandu Diaconu, a 31-year-old Moldovan national, has been extradited from the UK to the US to stand trial over his alleged administration of the notorious E-Root marketplace, which specialized in the trade of stolen credentials.
The extradition followed a mandate from Westminster Magistrates' Court in September 2023. A co-defendant, whose identity was redacted from court documents, allegedly operated the illicit online bazaar alongside Diaconu between 2015 and 2020.
According to the Middle District of Florida US Attorney's Office, E-Root was a long-operational platform used to sell access to compromised computers globally, including servers owned by US-based entities.
Cybercriminals on E-Root could search for various compromised credentials such as Secure Socket Shell (SSH) and Remote Desktop Protocol (RDP) access. The platform also boasted advanced filtering features, enabling the malefactors to filter by price, region, operating system, open ports, and Internet Service Provider (ISP).
The federal investigation into the marketplace revealed that over 350,000 credentials were put up for sale on E-Root, per the US Department of Justice.
The victims encompass multiple worldwide businesses and firms, and at least one local government agency in Tampa. It was disclosed that many victims subsequently suffered ransomware attacks, while some credentials listed on the marketplace were connected to stolen identity tax fraud schemes.
Payments on E-Root were facilitated through the Perfect Money online payment system. Diaconu, under the alias "WinD3str0y", is also alleged to have operated a sister website, enabling the conversion of Bitcoin into Perfect Money to help obfuscate the identities of the marketplace users.
Despite these elaborate arrangements, court documents revealed chinks in the operation, as the administrators kept extensive records about the buyers, making it easier for authorities to trace back the illegal activities.
The downfall of E-Root came in late 2020 through a joint operation, and Diaconu was apprehended by British authorities in May 2021 while trying to leave the country. The charges against Diaconu and his co-defendant include conspiracy to commit access device and computer fraud, money laundering conspiracy, wire fraud conspiracy, access device fraud, and computer fraud.
Diaconu, now facing up to 20 years in federal prison if convicted on all counts, made his initial appearance before a US judge on Oct. 16. He remains in custody and has not registered a plea to the charges.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsNovember 14, 2024
September 06, 2024