The United States Federal Bureau of Investigation, working alongside law enforcement organizations from several countries in Europe, announced this week that they have officially shut down xDedic, a darknet site where cybercriminals could sell and buy access to hacked servers.
Following an investigation among law enforcement authorities in Ukraine and Belgium, joining forces with the U.S., the takedown took effect on Jan. 24.
Authorities in Germany also assisted in confiscating the website's IT infrastructure. The domain was siezed after an order was authorized by a judge in the U.S.
The Outcome of the International Operation
According to a press release published by Europol, there were more countries and law enforcement agencies involved in the international takedown, as the severity of the case required both European and U.S. authorities working to bring down the darknet site.
The investigation, which took more than two years to complete, officially commenced in Belgium in June of 2016.
Investigators from the Federal Prosecutor's office managed to obtain hidden server data that led them to pinpoint xDedic's admins in Ukraine.
U.S. investigators collaborated with authorities from Europol, Belgium and Ukraine, raiding nine locations and questioning three suspects linked to xDedic's operations.
According to an announcement from Eurojust, the coordinated effort enabled authorities to strike a devastating hit against xDedic.
The press release added that an important message was issued to the culprits online crime that no one is resistant to prosecution for their actions.
A Major Hub in the Trade of Compromised Servers
The website, which operated both on the open internet and the dark web, was founded in 2014.
It gained popularity after a Kaspersky Lab report [PDF] was published in 2016 describing xDedic as a major hub in the trade of compromised servers run by a group of presumably Russian hackers.
Among the content that would end up on the site were also compromised credit card credentials, device information and other private data.
The report said that the site was operating as a registration-based online marketplace where criminal groups sold and bought hacked servers, and that at the time of the report the site listed nearly 70,000 hacked servers for prices as little as $8 per server.
Searching for compromised computer credentials on xDedic could be done according to the buyer's preferred criteria, such as the price of the deal, the geographic location of the offered data or through the desired operating system.
Following the report, the website shut down only to re-emerge on the dark web with a Tor domain.
A statement by the U.S. Attorney's Office for the Middle District of Florida reveals that there were victims all around the world.
Some of the damage that was done spanned to government infrastructure, health institutions, emergency services, international firms and universities.
It further noted that the website used cryptocurrency, more precisely Bitcoin, to cover its tracks, the locations of its servers and the identity of the buyers.
The investigators of this international operation believe that xDedic managed to facilitate approximately $68 million through fraud, if not more.