author photo
By Bruce Sussman
Wed | Jan 30, 2019 | 6:45 AM PST

If you are a cybercriminal looking for compromised computer access or stolen login credentials, then cybercrime marketplace xDedic might have been one of your favorite places to shop.

Until the last few days, when a Europol investigative team announced it had seized the xDedic marketplace servers and domains:

xDedic-marketplace-taken-downAccording to Europol investigators, xDedic had some robust cybercrime search features:

"Users of xDedic could search for compromised computer credentials by criteria, such as price, geographic location, and operating system. The xDedic administrators strategically maintained servers all over the world. Furthermore they utilised Bitcoin to hide the locations of its underlying servers and the identities of its administrators, buyers, and sellers."

And the victims of compromised credentials and machines are global:

"The victims came from all around the world and involved all kind of industries. This includes local, state, and federal government infrastructure, hospitals, emergency services, major metropolitan transit authorities, accounting, and law firms, pension funds, and universities. Authorities believe the website facilitated more than $68,000,000 in fraud."

The response was global, as well, with law enforcement cooperating across borders and geography, including: the U.S. Prosecutor’s Office for the Middle District of Florida; the FBI and the Internal Revenue Service of Tampa (Florida); the Federal Computer Crime Unit (FCCU); the Federal Prosecutor’s Office, and the Investigating Judge of Belgium; the Ukrainian National Cyber Police and Prosecutor General’s office of Ukraine; with the support of the Bundeskriminalamt of Germany and Europol.

Dark Web experts speaking at SecureWorld cybersecurity conferences have told us that this kind of bust does not stop cybercrime, but it does disrupt it in the short term, which is a positive for InfoSec teams around the world.