U.S. District Court sentenced the Moldovan national (31) Sandu Boris Diaconu to 42 months in federal prison for conspiracy to commit access device and computer fraud and possession of 15 or more unauthorized access devices.
Diaconu was operating the E-Root cybercrime marketplace. The man operated a series of websites used to sell access to compromised computers worldwide, including servers belonging to companies and individuals in the United States.
Diaconu was arrested in May 2021 while attempting to leave the United Kingdom 2021 and was extradited to the United States on October 13, 2023. Diaconu pleaded guilty on December 1, 2023.
E-Root customers could search for credentials of compromised computers that granted access to remote computers, enabling buyers to either steal sensitive data or manipulate the contents stored on the remote computer.
“The E-Root Marketplace operated across a widely distributed network and took steps to hide the identities of its administrators, buyers, and sellers.” reads the press release published by DoJ. “Buyers could search for compromised computer credentials on E-Root, such as usernames and passwords that would allow buyers to access remote computers for purposes of stealing private information or manipulating the contents of the remote computer. Buyers could search for credentials by desired criteria, such as price, geographic location, internet service provider, and operating system.”
The marketplace allowed buyers to pay using cryptocurrency exchange and online payment system Perfect Money. The platform provided an illicit cryptocurrency exchange service for converting Bitcoin to Perfect Money and vice versa. The authorities also seized the exchange platform.
Authorities reported that over 350,000 credentials were advertised for sale on the marketplace.
The victims belong to multiple industries, according to court documents the platform also offered for sale access to at least one local government agency in Tampa. Many ransomware operations targeted victims of the marketplace, while some of the stolen credentials offered through the E-Root were linked to stolen identity tax fraud schemes.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, cybercrime)