FBI adds Russian cybercrime market suspect to its ‘Cyber Most Wanted’ list
A Russian national accused of running a cybercrime forum that sold stolen credentials and sensitive information faces up to 20 years in federal prison, the Department of Justice announced Tuesday evening.
The 23-year-old Igor Dekhtyarchuk, who remains at-large, allegedly began promoting the sale of stolen data as early as April 2018. The market he is accused of running — called Marketplace A — did not begin operating until May of that same year, the DoJ said. FBI investigators were able to track Dekhtyarchuk’s presence in the hacking community back to November 2013 when he joined hacker forums under the alias ‘floraby.’
Dekhtyarchuk was formally indicted on March 16, and a warrant was issued for his arrest the following day. The FBI placed him on its ‘Cyber’s Most Wanted’ list, which consists of more than 100 individuals and organizations, including hackers behind Russia’s interference in the 2016 U.S. elections and creators of notorious malware.
According to the FBI’s wanted poster, Dekhtyarchuk previously studied at Ural State University and was last known to reside in Kamensk-Uralsky, a mid-size city about 150 miles north of Russia’s border with Kazakhstan. He’s wanted for wire fraud, aggravated identity theft, and access device fraud, among other charges.
The enterprise allegedly run by Dekhtyarchuk made use of a well-known tactic called ‘carding,’ which refers to credit card fraud or the sale of personal information to perform illegal and unauthorized transactions using another person’s account. Marketplace A sold personal information including names, home addresses, login credentials, and payment card data needed to gain access into online payment platforms, retailers, and credit card accounts, the DoJ said.
“[Marketplace A] sold access to more than 48,000 compromised email accounts, more than 39,000 compromised online accounts, and averaged approximately 5,000 daily visitors,” according to the DoJ’s press release.
Resembling a legitimate online store or even an online dating app, Marketplace A allowed customers to browse ‘merchandise’ based on the value of a victim’s data. For example, a customer could purchase an assortment of data belonging to the same victim to infiltrate various online and credit card accounts belonging to the account holder. In some cases, the information would be filtered based on the victim’s available account balances, allowing Dekhtyarchuk’s customers to compare the value of their purchases.
The illegal service also offered a seven-day rental feature downloaded onto a customer’s device. Using cookies, the software would automatically input the stolen data into the applicable sections which would grant access into a compromised company’s accounts.
The charges brought against Dekhtyarchuk resulted from an FBI operation that lasted from March 2021 to July 2021 which used an ‘online covert employee’ to purchase thirteen access devices each with varying amounts of data. In total, the thirteen purchases granted investigators access to 131 different accounts. Following each purchase, officials confirmed that the data was delivered via Telegram messenger and links, according to the statement.
“Cyber-criminal actors behind these marketplaces go to great length to obfuscate their true identities and often utilize other sophisticated methods to further anonymize their activities,” FBI Houston Special Agent in Charge Jim Smith said in a statement. “Success in these complex investigations is dependent on teamwork and collaboration between the FBI, our international partners, and our private sector partners.”
Dekhtyarchuk’s indictment can be found below: