Admin of Black Market Site Dealing Stolen Credentials Sentenced to Almost 4 Years in US Prison

A US Senior District Judge sentenced a Moldavian citizen to 42 months in federal prison for his role as an administrator of E-Root Marketplace, a resource used to sell credentials belonging to people and companies in the United States.

When accounts and devices are compromised, and hackers steal credentials and gain direct access, they rarely use those resources themselves. The credentials end up on the black market and are sold to other criminals, who then use them to hack into devices and networks.

According to a press release by the US Department of Justice (DoJ), Moldavian Sandu Boris Diaconu was the administrator of E-Root Marketplace, which specialized in selling access to compromised computers worldwide.

“The E-Root Marketplace operated across a widely distributed network and took steps to hide the identities of its administrators, buyers, and sellers,” said the DOJ.

“Buyers could search for compromised computer credentials on E-Root, such as usernames and passwords that would allow buyers to access remote computers for purposes of stealing private information or manipulating the contents of the remote computer,” the DOJ explained. “Buyers could search for credentials by desired criteria, such as price, geographic location, internet service provider, and operating system.”

Of course, the entire operation relied heavily on cryptocurrency and offered an illegal cryptocurrency exchange service, which was also seized. According to authorities, more than 350,000 credentials were available for sale, covering victims worldwide and across all industries.

Diaconu was actually arrested in the UK in May 2021, at the request of the United States, and extradited in October 2023. The Moldavian pleaded guilty to conspiracy to commit access device and computer fraud and possession of 15 or more unauthorized access devices.