Police Shut Down xDedic – An Online Market for Cyber Criminals

In an international operation involving law enforcement authorities from the U.S. and several European countries, feds have shut down an online underground marketplace and arrested three suspects in Ukraine.

Dubbed xDedic, the illegal online marketplace let cybercriminals buy, sell or rent out access to thousands of hacked computers and servers across the world and personally identifiable information of U.S. residents.

The underground website had been around for years with its administrators strategically maintaining and concealing the locations of its servers all over the world to facilitate the operation of the underground site.

xDedic offered buyers to search for over 176,000 unique compromised servers—which were usually in the form of credentials for compromised Remote Desktop Protocol (RDP) accounts—from around the world by price, operating system, or even their geographic location from where it was stolen.

xDedic impacted victims in multiple industries, “including local, state, and federal government infrastructure, hospitals, 911, and emergency services, call centers, major metropolitan transit authorities, accounting and law firms, pension funds, and universities.”

Anyone could buy a hacked server located in a European Union country government network for as little as $6, according to a 2016 report from Kaspersky Lab, which claimed xDedic was operated by a group of Russian-speaking hackers.

The underground marketplace facilitated more than $68 million in fraud before it was takedown on Thursday (24 January 2019), while the Europol and the U.S. Department of Justice announced the takedown on 28 January.

Authorities said they dismantled and seized xDedic’s infrastructure located in Belgium and Ukraine. People still accessing the underground website would be redirected to a page displaying the marketplace has been taken offline.

Meanwhile, Ukrainian authorities have announced the arrest of three suspects after they searched at least nine locations in Ukraine last week and seized several IT systems.