Georgy Kavzharadze, a 27-year-old Russian nationwide, has been sentenced to 40 months in jail for promoting login credentials for over 300,000 accounts on Slilpp, the most important on-line market of stolen logins, till its seizure in June 2021.
In a Wednesday press launch, the U.S. Division of Justice stated that Kavzharadze (also referred to as TeRorPP, Torqovec, and PlutuSS) bought huge quantities of monetary info and different personally figuring out info (PII) on the unlawful market.
All through his involvement, between July 2016 and Might 2021, he listed greater than 626,100 stolen login credentials on the market. These bought to Slilpp customers had been later linked to roughly $1.2 million in fraudulent or tried transactions after those that bought them used the knowledge to steal cash from victims’ accounts.
“On Might 27, 2021, Kavzharadze’s account on Slilpp listed 240,495 login credentials on the market that might permit the client to make use of the knowledge to steal cash from the sufferer’s on-line fee and financial institution accounts,” DOJ stated.
“The credentials included entry to financial institution accounts in New York, California, Nevada, and Georgia. Kavzharadze solely accepted Bitcoin as fee for the credentials.”
In accordance with court docket paperwork, Kavzharadze was linked by FBI analysts to withdrawals of greater than $200,000 in Slilpp income from the Bitcoin account that collected funds for stolen login, private, and monetary info.
On August 19, 2021, the DOJ charged Kavzharadze with conspiracy to commit financial institution and wire fraud, financial institution fraud, entry gadget fraud, and aggravated id theft.
He was extradited to the U.S. and appeared in a U.S. District Courtroom in Might 2022. Nearly two years later, on February 16, 2024, Kavzharadze pleaded responsible to being a prolific Slilpp vendor and conspiracy to commit financial institution and wire fraud.
Largest on-line marketplace for stolen credentials
The U.S. Division of Justice introduced the takedown of Slilpp on June 10, 2021, following a joint operation with regulation enforcement businesses from america, Germany, the Netherlands, and Romania, who seized servers used to host Slilpp’s infrastructure.
The FBI coordinated with businesses worldwide, together with Germany’s Bundeskriminalamt, the Netherlands’ Nationwide Excessive Tech Crime Unit, and Romania’s Directorate for the Investigation of Organized Crime and Terrorism.
Slilpp has been energetic for nearly a decade, since 2012, and was utilized by cybercriminals to promote and purchase stolen login credentials for banks, on-line funds, cell phones, retailers, and different on-line accounts.
Proper earlier than Slilpp was taken down and its domains seized, Slilpp distributors listed over 80 million stolen login credentials belonging to customers of greater than 1,400 corporations on the market, many high-profile organizations worldwide.
Since then, regulation enforcement authorities worldwide have focused related operations designed to supply criminals with a straightforward approach to get their palms on delicate info stolen from victims of cyberattacks.
For example, earlier this 12 months, they arrested 23-year-old Rui-Siang Lin, the alleged proprietor and operator of the Incognito darkish net drug market that bought over $100 million price of narcotics, who may face a compulsory minimal sentence of life in jail if discovered responsible.
Final 12 months, authorities additionally seized the Genesis stolen credentials market and arrested 288 darkish net drug distributors and consumers following a regulation enforcement operation codenamed Spector. In June, the FBI seized the BreachForums hacking discussion board after arresting its proprietor, Connor Brian Fitzpatrick (also referred to as Pompompurin).
In December, a global police operation additionally led to the arrest of three,500 cybercriminals and the seizure of over $300 million, whereas German police seized Kingdom Market, a darkish net market promoting cybercrime instruments, medicine, and faux authorities IDs.