Europol and the FBI are celebrating this week after announcing the takedown of a notorious marketplace for breached server credentials.
The xDedic site was first revealed back in 2016 when Kaspersky Lab was tipped off by a European ISP. The security vendor claimed it provided a platform for the trade of log-ins to as many as 70,000 corporate and government servers, starting at just $6.
Users could search for servers by various criteria including price, OS and geographic location. Affected organizations including hospitals, governments, law firms, universities and many more.
With control of these organizations' servers, cyber-criminals could launch DDoS, click fraud, crypto-mining and other attacks. It’s claimed that xDedic enabled over $68m in fraud, with those behind the marketplace are said to have made a commission on each sale.
Last year, police in Belgium and Ukraine, backed by Europol, signed a Joint Investigative Team agreement. Together with the FBI, they tracked down and last week seized the servers used by xDedic’s administrators, while Ukrainian police announced key arrests.
The German Bundeskriminalamt provided assistance also helped with the server seizures, while in the US, the FBI was aided by the Immigration and Customs Enforcement’s Homeland Security Investigations and the Florida Department of Law Enforcement, alongside the Department of Justice’s Office of International Affairs and the Criminal Division’s Computer Crime and Intellectual Property Section.
While the news is a welcome reminder of the success that can come from co-ordinated law enforcement work, it would be wise not to overstate its significance, according to High-Tech Bridge CEO, Ilia Kolochenko.
"Unfortunately, this is just a drop in the ocean of the stolen data market. Other similar markets and platforms of different sizes exist, including more discreet ones where one can buy virtually anything including access to breached law enforcement systems and stolen data. Worse, cyber-criminals will certainly learn a lesson and move their data and servers to other jurisdictions immune to justice,” he argued.
“We should treat the root cause of skyrocketing cybercrime – growing economic inequality and global poverty. Otherwise, while we dig up standalone trees, a dark forest will grow behind. Hopefully, the seized data will shed some light on previously unknown data breaches and help to investigate them."