Russian dark web marketplace admins indicted after arrest in Miami

Avatar

Two men have been indicted for their role in managing a popular Russian dark web marketplace known for selling troves of stolen credit card information and offering cybercrime classes. 

Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian national, were charged Friday by the Justice Department with wire fraud and conspiracy to commit access device fraud. 

If convicted, both men face maximum sentences of 20 years in federal prison. Prosecutors added that two vehicles “traceable to proceeds of the offenses” — Khodyrev’s 2023 Mercedes-Benz and Kublitskii’s 2020 Cadillac CT5 Sport sedan — will be forfeited as part of the charges.

Khodyrev and Kublitskii were arrested in Miami last month after being accused of running WWH-Club — a well-known cybercriminal forum for stolen personal information, credit card numbers and more. 

A warrant for the two men’s arrest called WWH-Club a “cross between Ebay and Reddit” where hackers shared everything from stolen Social Security numbers to PayPal account information. The site is written entirely in Russian but FBI investigators traced the website’s IP address back to servers from U.S. company Digital Ocean, which provided them with even more information. 

The Justice Department said the two ran the platform and other connected websites like Skynetzone, Opencard, and Center-Club from 2014 to 2024, even after moving to Miami two years ago. 

WWH-Club and its sister sites “existed solely to facilitate crime” according to the Justice Department, which added that criminals also used the marketplaces to buy and sell bank account information, passwords and other sensitive personal information. 

Users of the platforms shared tools and tips on how to launch cyberattacks, evade law enforcement and commit other types of fraud. 

At its peak in 2023, WWH-Club alone had more than 353,000 users worldwide. Khodyrev, Kublitskii and other administrators earned money from the site through advertising revenue, cybercrime class tuition fees and membership fees, according to the Justice Department.  

The fees appeared to range from approximately 10,000 rubles to 60,000 rubles (approximately $130 to $780), according to FBI investigators. 

Undercover FBI agents signed up for the site and attended several of the classes offered by the platform, in one instance learning how to gain access to a specific person’s financial information that was stolen in a 2022 hack of financial platform LendingTree.  

The FBI eventually used a trail of email addresses to find photos of Khodyrev and Kublitskii and Department of Homeland Security records showed that the two arrived in south Florida together in December 2022. 

They claimed asylum and listed the same residence in Hollywood, Florida. Both never appeared to have been employed but social media posts showed they rented luxury condominiums in Sunny Isles Beach, Florida and purchased expensive vehicles. 

“Around March 2023, KHODYREV purchased a 2023 Corvette at a South Florida dealership with approximately $110,000 cash,” the court filing explained. 

Cybersecurity researchers at Flashpoint said WWH-Club is still online and operational, with the site’s current administrators attempting to distance themselves from Kublitskii and Khodyrev. 

WWH-Club deleted the accounts identified by the FBI and urged members to change their screen names according to Flashpoint, which called the site “one of the largest Russian-language carding forums.”

CybercrimeGovernmentNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

Next Post

YouTube removes Tenet Media channel over alleged ties to Russian disinformation effort

Related Posts

Experts Uncover 70,000 Hijacked Domains in Widespread ‘Sitting Ducks’ Attack Scheme

Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently
Avatar
Read More