Authorities shut down illegal online marketplace xDedic

Nine locations in Ukraine were raided last week.

Authorities in the U.S. and Belgium announced Monday they have shut down an illegal online marketplace used to sell personal information stolen in cyber-attacks.

Compromised credit card numbers, computer credentials and other sensitive data would sometimes end up for sale on xDedic, a website that concealed the locations of its servers and the identities of its operators and customers.

Federal prosecutors in Tampa, Florida, blamed xDedic for $68 million in fraud by selling personal information stolen from a number of different victims.

“The victims span the globe and all industries, including local, state, and federal government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transit authorities, accounting and law firms, pension funds, and universities,” said the U.S. Attorney’s office for the Middle District of Florida.

The FBI and IRS were part of an international operation to dismantle xDedic’s computer infrastructure. American agents worked with authorities from Belgium, Europol and Ukraine when they raided nine locations in Ukraine last week, according to the federal prosecutor’s office in Belgium.

“Several IT systems were confiscated and three Ukrainian suspects were questioned,” the office said in a statement. “The house searches are related to two criminal investigations into the illegal online marketplace called xDedic.”

Authorities say that computers were seized and suspects were questioned.

The federal prosecutor’s office in Belgium started the investigation into the xDedic marketplace in June 2016. According to the office, investigators were able to view previously concealed server information that helped them identify administrators in Ukraine.

In dismantling xDedic, the federal prosecutor’s office in Belgium said authorities “struck a devastating blow against the online marketplace for the illegal trade of hacked computer systems.” In a statement, they added that the case sent an “important signal” to the perpetrators of other online criminal activities that they are not immune from criminal prosecution.