FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals

Avatar
Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information. Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian national, have been charged with conspiracy to commit access device fraud and conspiracy to commit wire

Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information.

Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian national, have been charged with conspiracy to commit access device fraud and conspiracy to commit wire fraud.

Khodyrev and Kublitskii, between 2014 and 2024, acted as the main administrators of WWH Club (wwh-club[.]ws) and various other sister sites – wwh-club[.]net, center-club[.]pw, opencard[.]pw, skynetzone[.]org – that functioned as dark web marketplaces, forums, and training centers to enable cybercrime.

The indictment follows an investigation launched by the U.S. Federal Bureau of Investigation (FBI) in July 2020 after determining that WWH Club’s primary domain (www-club[.]ws] resolved to an IP address belonging to DigitalOcean, allowing them to issue a federal search warrant to the infrastructure company.

“WWH Club and sister site members used the marketplaces to buy and sell stolen personal identifying information (PII), credit card and bank account information, and computer passwords, among other sensitive information,” the U.S. Department of Justice (DoJ) said.

The forums, on the other hand, acted as a hotspot for discussions on best practices for committing fraud, launching cyber attacks, and evading law enforcement.

Furthermore, the darknet marketplace offered online courses for aspiring and active cyber criminals on how to conduct frauds. The advertised cost of the course ranged from 10,000 rubles to 60,000 rubles (about $110 to $664 as of September 7, 2024) and an additional $200 for training materials.

Court documents show that undercover FBI agents signed up for the site and attended a training course offered by the platform by paying approximately $1,000 in bitcoin that included topics such as the sale of sensitive information, DDoS and hacking services, credit card skimmers, and brute-force programs.

“The training was conducted through a chat function on the forum to a class of approximately 50 students; the various instructors provided training in text format rather than audible instruction,” the criminal complaint reads. “It was apparent the purpose of the training was to educate individuals on how to obtain and use stolen credit card data and PII to generate fraudulent proceeds.”

WWH Club is estimated to have had 353,000 users worldwide as of March 2023, up from 170,000 registered users in July 2020. Both Khodyrev and Kublitskii are believed to have profited from the membership fees, tuition fees, and advertising revenue.

Flashpoint, in a report published last month, said WWH-Club remains operational despite the law enforcement effort, and that “its other administrators are attempting to distance themselves from Kublitskii and Khodyrev.”

Khodyrev and Kublitskii “had been living in Miami for the past two years, while secretly continuing to administer WWH Club and its sister dark web marketplaces, forums, and schools,” the DoJ said.

If convicted on all counts, they could each face up to 20 years in federal prison. The indictment also requires Khodyrev to forfeit his 2023 Mercedes-Benz G63 AMG sport utility vehicle and Kublitskii’s 2020 Cadillac CT5 Sport sedan, which are said to have been purchased using proceeds from their criminal enterprise.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Previous Post

Russian authorities able to identify train saboteur from anonymous Telegram account

Next Post

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

Related Posts

CyberDSA 2024

August 6-8, 2024Location: Kuala Lumpur, Malaysia CyberDSA 2024, organized by Aerosea Exhibitions Sdn. Bhd. and supported by CyberSecurity…
Avatar
Read More