The FBI, together with authorities from several European countries, have seized the domain and servers of xDedic, a notorious online marketplace where cyber-criminals would sell and buy access to hacked servers. Three suspects were also arrested in Ukraine.
The site has been around since 2014, but it became widely known after a Kaspersky report published in June 2016.
According to the report, the site was operating as a registration-based online marketplace where several criminal groups would either put up for sale or buy hacked servers, usually in the form of compromised RDP (Remote Desktop Protocol) accounts.
At the time, Kaspersky said the site listed nearly 70,000 hacked servers, for prices as little as $8 per server. The xDedic server count later went up to 85,000, while prices bottomed out at $6, according to a Flashpoint report from 2017.
Investigators said xDedic listed servers from all over the globe and included compromised computers on the networks of local, state, and federal government infrastructure, hospitals, emergency services, major metropolitan transit authorities, accounting and law firms, pension funds, and universities.
After the huge media exposure following the Kaspersky report, the site went underground by restricting its user registration process and mirroring its official portal on the Dark Web, in case authorities would seize its domain.
But in Europol and FBI press releases published today, authorities announced that they’d seized both the domains and the servers hosting the marketplace, effectively shutting down the site and gaining access to its list of customers.
Authorities said they dismantled the site’s infrastructure, which had been located in Belgium and Ukraine. Ukrainian police also announced the arrest of three suspects.
Besides law enforcement in the US, Belgium, and Ukraine, German authorities also helped with the investigation. The US Internal Revenue Service was also involved in the takedown.
Authorities said they believe that xDedic facilitated more than $68,000,000 in fraud.
In September 2018, the FBI sent out a public service announcement about hackers increasingly abusing RDP connections and the dangers of leaving RDP endpoints exposed online and the increased usage.
As discussed in ZDNet’s coverage at the time, xDedic sparked a trend in the cyber-criminal underground, with several copycat portals popping up since then, with the latest being MagBO, another cyber-criminal marketplace specialized in selling backdoored sites.