E-Root sold access to compromised devices and had more than 350,000 compromised computer credentials for sale.
A man from Moldova, Sandu Diaconu (31), has been extradited to the United States to face charges related to his operation of the E-Root marketplace, a website that sold access to compromised computers worldwide.
It’s worth noting that the E-Root marketplace had its domain seized in 2020 following a coordinated operation by international law enforcement authorities.
On October 16, 2023, Diaconu was extradited from the UK and appeared in a federal court in Florida the following day. He is charged with conspiring to commit computer and access device fraud, wire fraud, money laundering, and additional computer and access device fraud. If found guilty on all counts, Diaconu could potentially face a maximum sentence of 20 years in prison.
The indictment alleges that Diaconu served as an administrator of the E-Root Marketplace, a website that provided access to compromised computers for an extended period, including servers owned by American businesses and individuals.
To safeguard the privacy of its administrators, customers, and vendors, the Marketplace implemented certain measures. Through E-Root, buyers could search for compromised computer credentials, such as RDP and SSH access, tailored to their preferences, including criteria like price, location, operating system, and internet service provider.
The Marketplace also utilized Bitcoin and the online payment service Perfect Money to conceal the money paid by customers. The platform additionally offered a conversion service between Bitcoin and Perfect Money through its separate cryptocurrency exchange, which was also seized by the authorities.
According to the DoJ’s press release, the Marketplace had over 350,000 compromised computer credentials available for sale. Victims spanned across multiple industries and regions, including various companies, businesses, and at least one local government agency.
Furthermore, several of the affected companies experienced Ransomware attacks with extensive ramifications for victims, and some of the pilfered credentials listed on the Marketplace were linked to tax fraud schemes involving stolen identities.
The IRS-CI Cyber Crimes Unit in Washington, D.C., and the FBI-Tampa Division jointly spearheaded the investigation. Several key entities played a substantial role in this effort, including the Tampa Field Office of the IRS-Criminal Investigation, the Department of Justice’s Office of International Affairs, IRS-CI and FBI International Operations at Mission UK, the United Kingdom’s National Extradition Unit, the United Kingdom’s Central Authority, and the Tampa Field Office of the United States Marshals Service.
This case is a reminder of the growing threat of cybercrime and the importance of international cooperation in combating it. The United States Department of Justice is committed to working with its partners around the world to bring perpetrators of cybercrime to justice.