Admin behind E-Root stolen creds souk extradited to US

Trending 1 month ago

A Moldovan who allegedly ran nan compromised-credential marketplace E-Root has been extradited from nan UK to America to guidelines trial.

Sandu Diaconu, 31, on pinch different individual whose sanction has been redacted from tribunal documents, allegedly operated nan illicit souk trading entree to compromised servers worldwide betwixt 2015 and 2020.

"The Marketplace existed chiefly arsenic a spot for individuals to bargain and waste RDP and SSH entree (login credentials) to compromised servers, which was utilized to facilitate a wide scope of forbidden activity, specified arsenic ransomware attacks, fraudulent ligament transfers, and taxation fraud," nan indictment says [PDF].

On E-Root, different criminals could hunt for compromised machine credentials including Remote Desktop Protocol (RDP) and Secure Socket Shell (SSH) access, aliases by price, geographic location, net work provider, unfastened ports, and operating system.

During nan people of nan investigation, nan Feds uncovered much than 350,000 compromised credentials listed for waste connected E-Root, according to nan US Justice Department. The victims included individuals and companies successful nan US and worldwide, and included astatine slightest 1 section authorities agency successful Tampa, Florida, arsenic good arsenic a section religion and and a doctor.

Criminals utilized nan online costs strategy Perfect Money to make purchases connected nan credential-selling marketplace. In summation to processing and E-Root, Diaconu, whose admin moniker was "WinD3str0y," besides allegedly operated a sister website wherever buyers could person Bitcoin into Perfect Money to effort and hide their identities. 

The duo offered customer support and apparently maintained elaborate records including buyers' usernames, registration dates, email addresses, purchases, Perfect Money balances, past login dates, and IP addresses, nan tribunal documents say.

  • Europol knocks RagnarLocker offline successful 2nd awesome ransomware bust this year
  • FBI-led Operation Duck Hunt shoots down Qakbot
  • MGM Resorts attackers deed individual information jackpot, but location mislaid $100M
  • Here's why unreality credentials are nan hottest point connected criminal marketplaces

A associated US-UK effort took down E-Root successful precocious 2020, and British rule enforcement arrested Diaconu successful May 2021 erstwhile he attempted to time off nan country. In September 2023, Westminster Magistrates' Court ordered Diaconu to beryllium extradited to America to look charges, aft he consented to recreation to nan US and look his Feds.

Diaconu, and nan 2nd unnamed E-Root admin, person been charged pinch conspiracy to perpetrate entree instrumentality and machine fraud, ligament fraud conspiracy, money laundering conspiracy, entree instrumentality fraud, and machine fraud. He faces a maximum of 20 years down bars.

Diaconu made his first quality earlier a US judge connected October 16, and remains successful custody. He has not registered a plea to nan charges yet.

The E-Root admin's apprehension comes arsenic rule enforcement worldwide cracks down connected online crime successful wide and ransomware operations successful particular. 

Also this week, Europol, nan FBI and different world agencies took down RagnarLocker ransomware group's leaksite. Not a monolithic deal, but very useful for victims looking to debar publicity.

In August, a akin world effort dismantled Qakbot, aka QBot, a notorious botnet responsible for losses totaling hundreds of millions of dollars worldwide. And earlier this year, an FBI-led sting unopen down Hive's ransomware network, seizing power of nan notorious gang's servers and websites, and handing retired decryption keys to much than 300 victims. ®