"Moldovan Operator of Credential Marketplace Sentenced to US Prison"

A Moldovan national has recently been sentenced to 42 months in prison in the US for operating an illicit marketplace on which hundreds of thousands of compromised credentials were offered for sale.  According to the Department of Justice (DoJ), Sandu Boris Diaconu, 31, created and managed E-Root Marketplace, a series of websites for selling access to compromised systems.  Diaconu was arrested in the UK in May 2021 and extradited to the US in October 2023.  He pleaded guilty in December 2023.  Operating across a distributed network, the DoJ noted that E-Root Marketplace allowed buyers to search for various types of stolen credentials, including RDP and SSH, using criteria such as price, location, operating system, and internet service provider.  The marketplace also took steps to conceal the identity of administrators, sellers, and buyers, including by using the online payment system Perfect Money.  The E-Root Marketplace domain names were seized in 2020, along with an illicit cryptocurrency exchange service that allowed individuals to convert Bitcoin to and from Perfect Money.  According to the DoJ, the marketplace listed more than 350,000 compromised credentials for sale, including those of a local government agency in Tampa.  Diaconu was sentenced to 42 months in prison and 36 months of supervised release for "conspiracy to commit access device and computer fraud and possession of 15 or more unauthorized access devices."

SecurityWeek reports: "Moldovan Operator of Credential Marketplace Sentenced to US Prison"