Moldovan national sentenced in E-Root cybercrime marketplace case

Siva Ramakrishnan
A 31-year-old Moldovan national was sentenced to 42 months in U.S. federal prison for operating a series of websites used to sell access to compromised computers worldwide, the U.S. Department of Justice said on Thursday

A 31-year-old Moldovan national was sentenced to 42 months in U.S. federal prison for operating a series of websites used to sell access to compromised computers worldwide, the U.S. Department of Justice said on Thursday.

According to court documents, Sandu Boris Diaconu was an administrator for the E-Root Marketplace, which listed more than 350,000 compromised credentials for sale, including those belonging to companies and individuals in the U.S. 

The victims included at least one local government agency in Tampa, Florida, prosecutors said. Authorities took down E-Root in 2020.

Diaconu was arrested while attempting to leave the U.K. in May 2021 and was extradited to the U.S. in October. He pleaded guilty in December.     

E-Root operated across a widely distributed network and took steps to hide the identities of its administrators, buyers, and sellers. Buyers could search for compromised computer credentials on E-Root, such as usernames and passwords, by desired criteria: price, geographic location, internet service provider and operating system.

The compromised credentials allowed criminals to access remote computers and steal private information or manipulate the contents of those computers. E-Root’s victims often were subject to ransomware attacks, and some of the stolen credentials listed on the marketplace were linked to stolen identity tax fraud schemes.

The E-Root Marketplace used Perfect Money, a legitimate online payment system, to help conceal buyers’ payments. The marketplace administrators offered an illicit cryptocurrency exchange service to convert bitcoin to Perfect Money and vice-versa. This exchange was also seized by U.S. law enforcement.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

IMF says February cyberattack involved compromise of 11 email accounts

Next Post

Pennsylvania’s Scranton School District dealing with ransomware attack

Related Posts

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain
Avatar
Read More