Georgy Kavzharadze, a 27-year-old Russian nationwide, has been sentenced to 40 months in jail for promoting login credentials for over 300,000 accounts on Slilpp, the biggest on-line market of stolen logins, till its seizure in June 2021.
In a Wednesday press launch, the U.S. Division of Justice stated that Kavzharadze (also referred to as TeRorPP, Torqovec, and PlutuSS) offered huge quantities of monetary info and different personally figuring out info (PII) on the unlawful market.
All through his involvement, between July 2016 and Might 2021, he listed greater than 626,100 stolen login credentials on the market. These offered to Slilpp customers had been later linked to roughly $1.2 million in fraudulent or tried transactions after those that bought them used the data to steal cash from victims’ accounts.
“On May 27, 2021, Kavzharadze’s account on Slilpp listed 240,495 login credentials for sale that would allow the buyer to use the information to steal money from the victim’s online payment and bank accounts,” DOJ stated.
“The credentials included access to bank accounts in New York, California, Nevada, and Georgia. Kavzharadze only accepted Bitcoin as payment for the credentials.”
In response to courtroom paperwork, Kavzharadze was linked by FBI analysts to withdrawals of greater than $200,000 in Slilpp income from the Bitcoin account that collected funds for stolen login, private, and monetary info.
On August 19, 2021, the DOJ charged Kavzharadze with conspiracy to commit financial institution and wire fraud, financial institution fraud, entry machine fraud, and aggravated identification theft.
He was extradited to the U.S. and appeared in a U.S. District Court docket in Might 2022. Virtually two years later, on February 16, 2024, Kavzharadze pleaded responsible to being a prolific Slilpp vendor and conspiracy to commit financial institution and wire fraud.
Largest on-line marketplace for stolen credentials
The U.S. Division of Justice introduced the takedown of Slilpp on June 10, 2021, following a joint operation with regulation enforcement companies from america, Germany, the Netherlands, and Romania, who seized servers used to host Slilpp’s infrastructure.
The FBI coordinated with companies worldwide, together with Germany’s Bundeskriminalamt, the Netherlands’ Nationwide Excessive Tech Crime Unit, and Romania’s Directorate for the Investigation of Organized Crime and Terrorism.
Slilpp has been lively for nearly a decade, since 2012, and was utilized by cybercriminals to promote and purchase stolen login credentials for banks, on-line funds, cell phones, retailers, and different on-line accounts.
Proper earlier than Slilpp was taken down and its domains seized, Slilpp distributors listed over 80 million stolen login credentials belonging to customers of greater than 1,400 corporations on the market, many high-profile organizations worldwide.
Since then, regulation enforcement authorities worldwide have focused comparable operations designed to supply criminals with a simple approach to get their palms on delicate info stolen from victims of cyberattacks.
As an example, earlier this yr, they arrested 23-year-old Rui-Siang Lin, the alleged proprietor and operator of the Incognito darkish internet drug market that offered over $100 million price of narcotics, who may face a compulsory minimal sentence of life in jail if discovered responsible.
Final yr, authorities additionally seized the Genesis stolen credentials market and arrested 288 darkish internet drug distributors and consumers following a regulation enforcement operation codenamed Spector. In June, the FBI seized the BreachForums hacking discussion board after arresting its proprietor, Connor Brian Fitzpatrick (also referred to as Pompompurin).
In December, a global police operation additionally led to the arrest of three,500 cybercriminals and the seizure of over $300 million, whereas German police seized Kingdom Market, a darkish internet market promoting cybercrime instruments, medication, and faux authorities IDs.
