Admin behind E-Root stolen creds souk extradited to US

Admin behind E-Root stolen creds souk extradited to US

October 20, 2023 at 03:47PM

Sandu Diaconu, a Moldovan national, has been extradited from the UK to the US to face trial for allegedly operating the illicit marketplace E-Root. The marketplace specialized in selling access to compromised servers and facilitated various illegal activities, including ransomware attacks and fraud. The investigation uncovered over 350,000 compromised credentials listed for sale on E-Root. Diaconu and another admin are charged with multiple crimes and face a maximum sentence of 20 years in prison. Diaconu made his initial appearance in a US court on October 16.

The meeting notes discuss the extradition of a Moldovan individual named Sandu Diaconu, who allegedly ran the compromised-credential marketplace E-Root. It is mentioned that Diaconu and another individual operated the illicit souk where compromised servers were sold between 2015 and 2020. The marketplace facilitated illegal activities such as ransomware attacks, fraudulent wire transfers, and tax fraud.

During the investigation, it was discovered that over 350,000 compromised credentials were listed for sale on E-Root. The victims included individuals, companies, a local government agency, a church, and a doctor. The criminals used Perfect Money, an online payment system, for purchases on the marketplace. Diaconu, using the admin moniker “WinD3str0y,” also operated a sister website where Bitcoin could be converted into Perfect Money to hide identities.

Diaconu and the second unnamed admin have been charged with several offenses including conspiracy to commit access device and computer fraud, wire fraud conspiracy, money laundering conspiracy, access device fraud, and computer fraud. Diaconu made his initial appearance before a US judge in October and is currently in custody.

The arrest of Diaconu is part of a broader effort by law enforcement worldwide to crack down on online crime, particularly ransomware operations. Recent successes include the takedown of the RagnarLocker ransomware group’s leaksite and the dismantling of the Qakbot botnet. Earlier this year, an FBI-led operation shut down the Hive ransomware network and provided decryption keys to over 300 victims.

Please note that the information provided is based on the meeting notes and may be subject to further updates or developments.

Full Article