The FBI, together with authorities from several European countries, have seized the domain and servers of xDedic, a notorious online marketplace where cyber-criminals would sell and buy access to hacked servers. Three suspects were also arrested in Ukraine.
The site has been around since 2014, but it became widely known after a Kaspersky report published in June 2016.
According to the report, the site was operating as a registration-based online marketplace where several criminal groups would either put up for sale or buy hacked servers, usually in the form of compromised RDP (Remote Desktop Protocol) accounts.
At the time, Kaspersky said the site listed nearly 70,000 hacked servers, for prices as little as $8 per server. The xDedic server count later went up to 85,000, while prices bottomed out at $6, according to a Flashpoint report from 2017.
Investigators said xDedic listed servers from all over the globe and included compromised computers on the networks of local, state, and federal government infrastructure, hospitals, emergency services, major metropolitan transit authorities, accounting and law firms, pension funds, and universities.
After the huge media exposure following the Kaspersky report, the site went underground by restricting its user registration process and mirroring its official portal on the Dark Web, in case authorities would seize its domain.
But in Europol and FBI press releases published today, authorities announced that they'd seized both the domains and the servers hosting the marketplace, effectively shutting down the site and gaining access to its list of customers.
Authorities said they dismantled the site's infrastructure, which had been located in Belgium and Ukraine. Ukrainian police also announced the arrest of three suspects.
Besides law enforcement in the US, Belgium, and Ukraine, German authorities also helped with the investigation. The US Internal Revenue Service was also involved in the takedown.
- Chinese server hack story doesn't convince chip CEO (CNET)
- Typing 'A' key 29 times lets you hack HPE iLO 4 servers (TechRepublic)
Authorities said they believe that xDedic facilitated more than $68,000,000 in fraud.
In September 2018, the FBI sent out a public service announcement about hackers increasingly abusing RDP connections and the dangers of leaving RDP endpoints exposed online and the increased usage.
As discussed in ZDNet's coverage at the time, xDedic sparked a trend in the cyber-criminal underground, with several copycat portals popping up since then, with the latest being MagBO, another cyber-criminal marketplace specialized in selling backdoored sites.
How to discover and destroy spyware on your smartphone (in pictures)
- DNC says Russia tried to hack its servers again in November
- Popular Dark Web hosting provider got hacked, 6500 sites down
- Popular WordPress plugin hacked by angry former employee
More security coverage:
- Hackers are going after Cisco RV320/RV325 routers using a new exploit
- New ransomware strain is locking up Bitcoin mining rigs in China
- Unsecured MongoDB databases expose Kremlin's backdoor into Russian businesses
- Japanese government plans to hack into citizens' IoT devices
- DailyMotion discloses credential stuffing attack
- Internet experiment goes wrong, takes down a bunch of Linux routers
- California governor signs country's first IoT security law CNET
- Why cryptojacking will become an even larger problem in 2019 TechRepublic