U.S. Attorney Brit Featherston announced that the Eastern District of Texas indicted a 23-year-old Russian man for offenses related to operating a cyber-criminal marketplace that sold thousands of stolen login credentials, personally identifiable information, and authentication tools.
A federal grand jury indicted Igor Dekhtyarchuk, a resident and national of the Russian Federation (Russia), on March 16, 2022. They charged him with offenses related to operating a cyber-criminal marketplace that sold thousands of stolen login credentials, personally identifiable information, and authentication tools.
According to the indictment, Dekhtyarchuk operated Marketplace A, which claimed to have sold access to more than 48,000 compromised email accounts, 39,000 compromised online accounts and averaged approximately 5,000 daily visitors. Marketplace A was a business that specialized in the sale of unlawfully obtained access devices for compromised online payment platforms, retailers, and credit card accounts. It included providing the data associated with those accounts, such as names, home addresses, login credentials, and payment card data for the victims, who are the actual owners of those accounts. Marketplace A’s business is known as a “carding shop” in the cyber-criminal world.
Dekhtyarchuk was the administrator of Marketplace A and was a Russian hacker who first appeared in hacker forums in November 2013 under the alias “floraby.” Dekhtyarchuk began advertising the sale of compromised account data in Russian-language hacker forums in April 2018 and opened Marketplace A in May 2018. Dekhtyarchuk immediately began promoting Marketplace A and the products it sold in May 2018.
A potential customer who visited Marketplace A to purchase access devices for compromised accounts could select different products as in a legitimate web store. The options included various online and credit card statements for the same victim. For example, one option allowed Dekhtyarchuk’s customers to purchase the information to unlawfully access two online retail accounts plus receive credit card information for the same victim. Additionally, he broke down some options by known account balances, which he sold at different price points.
Dekhtyarchuk also sold the usage, in seven-day rental increments, of a program called “[Company A] Auth 1.0,” which was a downloadable software program that the customer could use to input the stolen access devices and use the provided cookie to access the compromised Company A accounts.
Beginning in March 2021 and ending in July 2021, the FBI, through an online covert employee (OCE), made thirteen purchases of access devices from Dekhtyarchuk while accessing Marketplace A from the Eastern District of Texas. Each purchase varied in the number of accounts, ranging from three to twenty, resulting in access devices purchased for 131 accounts. SHORTLY AFTER COMPLETING EACH PURCHASE, the OCE received the purchased access devices via a link or Telegram messenger service.
They placed Dekhtyarchuk on the FBI’s Cyber Most Wanted List.
“This case exemplifies the need for all of us, right now, to take steps to protect our online identity, our data, and our monetary accounts,” said U.S. Attorney Brit Featherston. “Cyber-criminals are lurking behind the glow of computer screens and are harming Americans. These investigations require dedicated professionals who work tirelessly to stop thieves that steal from unknowing innocent people. To those who dedicate their lives to stopping cyber-criminals, we thank you.”
“The cyber-criminal marketplace operated by Dekhtyarchuk promoted and facilitated the sale of compromised credentials, personally identifiable information (PII), and other sensitive financial information,” said FBI Houston Special Agent in Charge Jim Smith. “Cyber-criminal actors behind these marketplaces go to great lengths to obfuscate their true identities and often utilize other sophisticated methods to anonymize their activities further.
Success in these complex investigations is dependent on teamwork and collaboration between the FBI, our international partners, and our private sector partners. Only through our commitment, coordinated efforts, and strategic partnerships will we be able to defeat the cyber threat.”
If convicted, Dekhtyarckuk faces up to 20 years in federal prison. A grand jury indictment is not evidence of guilt. A defendant is presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
The Federal Bureau of Investigation Houston Cyber Task Force, with the assistance of the FBI Dallas Field Office, the FBI Cyber Division, the National Cyber-Forensics & Training Alliance, the FBI Legal Attaché Riga office, and the State Police of Latvia, investigated this case. Assistant U.S. Attorney D. Ryan Locker is the prosecutor.