close
close

first Drop

Com TW NOw News 2024

Russian serial credential seller gets 40 months in prison • The Register
news

Russian serial credential seller gets 40 months in prison • The Register

A Russian national has been sent to prison in the US after pleading guilty to selling stolen login credentials on a popular dark web marketplace.

Georgy Kavzharadze, 27, from Moscow, sold his stolen goods on the Slilpp marketplace between July 2016 and May 2021. The marketplace was taken offline in 2021 thanks to a joint effort by international law enforcement agencies.

He was arrested and then extradited just under a year later in May 2022, and has been in custody ever since. The U.S. justice system has not indicated which country he was extradited from, but it was clearly not Russia.

That takedown led to the discovery of information about sellers on the site, of which Kavzharadze was one, including transaction and payment information. Wiretap data was also turned over to U.S. authorities by a foreign country, which identified the login credentials and IP addresses of site users. Kavzharadze was arrested the following year.

According to the original indictment (PDF), Kavzharadze sold, among other things, login credentials to five different banks. The credentials were then misused in fraudulent transactions worth more than $5 million.

This amount has now been reduced to $1.2 million, which he must repay in full.

The Russian sold more than 297,300 credentials on Slilpp, listing more than 626,000 over the course of his five-year tenure on the site, which also included hosting themed discount events such as Cyber ​​Monday sales. The Feds said that “related PII” was sold alongside credentials for “online checking accounts, bank accounts, and other accounts.” The people who bought those credentials used those credentials to steal money from their victims’ accounts.

The federal government was able to confidently link more than $200,000 in Bitcoin withdrawals to Kavzharadze through the Slilpp site between 2016 and 2018 – a sum worth more than $450,000 at today’s exchange rate.

The Slilpp takedown in 2021 was big news. It had been active for almost a decade at the time, and authorities said more than 80 million credentials were sold during that time, causing estimated damages of more than $200 million.

“The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of U.S. victims,” said Nicholas L. McQuaid, then acting assistant attorney general for the Justice Department’s Criminal Division.

“The Department will not tolerate an underground economy based on stolen identities, and we continue to work with our law enforcement partners around the world to disrupt criminal markets wherever they exist.”

At the time of Slilpp, credentials from over 1,400 different account providers were listed, and authorities compared it to Amazon and eBay for selling credentials. ®