Cybercrime , Fraud Management & Cybercrime

Illicit Credentials Marketplace Admin Gets 42-Month Sentence

More Than 350,000 Credentials Were Likely Listed for Sale on the Marketplace
Illicit Credentials Marketplace Admin Gets 42-Month Sentence
An administrator of a defunct stolen credential marketplace received a 42-month prison sentence in U.S. federal court. (Image: Shutterstock)

A co-administrator of an illicit online marketplace received a 42-month prison sentence in U.S. federal court after pleading guilty to two criminal counts that could have put him in prison for 15 years.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

Sandu Boris Diaconu, 31, helped develop and administer the E-Root marketplace, which did approximately $1 million worth of business between December 2016 and February 2020. Known for its high-quality customer support - it had an exchange and warranty policy for stolen credentials - the marketplace operated until authorities seized it at the tail end of 2020. The illicit marketplace specialized in selling Remote Desktop Protocol and Secure Socket Shell credentials.

The Moldovan national pleaded guilty on Dec. 1, 2023, in a Tampa, Florida, federal court room under a plea agreement that limited his criminal exposure to one count of conspiracy to commit computer and access device fraud and one count of possession of at least 15 unauthorized access devices. Prosecutors said they would seek far less than the maximum sentence in exchange for Diaconu's cooperation.

Prosecutors said the E-Root marketplace likely listed more than 350,000 credentials for sale. Customers could browse the credentials on sale by criteria such as the country, region or ZIP code of a compromised server or the underlying operating system.

Diaconu initially pleaded not guilty at his first court appearance following his extradition from the United Kingdom on Oct. 13, 2023. British authorities arrested Diaconu when he attempted to leave the country in May 2021. He fought extradition to the United States until September 2023, the U.S. Department of Justice said at the time.

Customers used the credentials for a wide range of criminal activity including ransomware attacks, fraudulent wire transfers and tax fraud. The illicit marketplace operated across a distributed network and gained popularity for its measures to hide the identities of buyers and sellers. It used an online payment system called Perfect Money and offered a separate illicit cryptocurrency exchange service for converting bitcoin to Perfect Money and vice versa. Authorities seized the exchange in 2020.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.