International joint investigation team shut down the xDedic Marketplace
On Thursday, January 24, 2019, the international joint investigation team, which included members of the National Police, the Prosecutor General’s Office of Ukraine and the Federal Computer Crime Unit (FCCU) of Belgium, with assistance from members of Europol, the US Federal Bureau of Investigation (FBI) and Internal Revenue Service (IRS) of Tampa, Florida, conducted house searches in nine places in Ukraine. Several IT systems were confiscated and three Ukrainian suspects were questioned.
The house searches were conducted in the framework of criminal proceedings against the illegal online marketplace called xDedic. At this marketplace (which was accessible via domains on both the clear web and the dark web), access to tens of thousands of compromised (hacked) servers of victims (companies and private individuals) was offered for sale. The hacking was accomplished by cracking access via the Remote Desktop Protocol (RDP). Buyers and sellers traded such RDP servers on this platform for amounts from just six to more than ten thousand dollars each.
The operation was part of two criminal investigations. First, the investigating judge in Mechelen, at the request of the federal prosecutor’s office, and the Prosecutor General’s Office of Ukraine conducted a criminal investigation with a Joint Investigation Team, directed at a number of vendors on the xDedic marketplace who sold a large number of Belgian hacked computer systems and the criminal offender group that organized and operated the illegal online marketplace.
The United States investigation into the criminal offender group behind the xDedic marketplace was led by the United States Attorney’s Office for the Middle District of Florida.
On Thursday, January 24, 2019, the xDedic online marketplace was made inaccessible on the orders of a US court and the criminal IT infrastructure was confiscated. Customers who attempt to access the xDedic domain will be referred to a government page explaining that the marketplace was taken offline. For this confiscation and inaccessibility, assistance was also provided by police forces in Germany and Vietnam.
The federal prosecutor’s office in Belgium started the investigation into the xDedic marketplace in June 2016. Using special investigation techniques, the FCCU was able to visualize the criminal infrastructure behind xDedic and obtain digital copies of the most important criminal servers. To accomplish this task, an intense cooperation using European Investigation Orders was set up with the National Public Prosecution Service and the NHTCU of the Netherlands.
In the course of 2017, the federal prosecutor’s office requested the investigating judge in Mechelen to start a judicial investigation with charges of criminal organization, illegal access and data and system interference.
A thorough analysis of the content of the servers, in which Europol and the Ukrainian National Cyber Police provided important support, led to the identification of administrators in Ukraine. Throughout this investigation, Belgian and Ukrainian law enforcement have been closely coordinating their investigative efforts. At the beginning of 2018, a JIT agreement was signed with the Prosecutor General of Ukraine and Europol.
Further support of the Ukrainian side was provided in the framework of the criminal proceedings of the Main Investigation Department of the National Police of Ukraine under the procedural guidance of the Department for International Legal Cooperation of the Prosecutor General’s Office of Ukraine.
As soon as it became clear that the Belgian and American criminal investigations shared common targets and goals, the Belgian and American investigators and prosecutors worked closely to achieve those goals.
In the course of 2018, Eurojust organized two coordination meetings between the three countries in The Hague.
Through their coordinated efforts, Belgian, Ukrainian and American law enforcement, prosecution, and police authorities struck a devastating blow against the online marketplace for the illegal trade of hacked computer systems. Also, an important signal has been sent to the perpetrators of other online criminal activities, including on the dark web, that they are not immune from criminal investigation and prosecution. The law enforcement approach to the xDedic marketplace demonstrates the importance of intensive international cooperation in order to achieve successful interventions in the fight against organized crime on the dark web.
The investigations in Belgium, Ukraine and the United States continue. In the interest of the criminal investigations, no further details can be given.