TYLER, Texas –A 23-year-old Russian man has been indicted in the Eastern District of Texas for offenses related to operating a cyber-criminal marketplace that sold thousands of stolen login credentials, personal identifiable information, and authentication tools, announced Eastern District of Texas U.S. Attorney Brit Featherston.
Igor Dekhtyarchuk, a resident and national of the Russian Federation (Russia), was named in an indictment returned by a federal grand jury on March 16, 2022, charging him with offenses related to operating a cyber-criminal marketplace that sold thousands of stolen login credentials, personal identifiable information, and authentication tools.
According to the indictment, Dekhtyarchuk operated Marketplace A, which claimed to have sold access to more than 48,000 compromised email accounts, more than 39,000 compromised online accounts, and averaged approximately 5,000 daily visitors. Marketplace A specialized in the sale of unlawfully obtained access devices for compromised online payment platforms, retailers, and credit card accounts, including providing the data associated with those accounts such as names, home addresses, login credentials, and payment card data for the victims, who are the actual owners of those accounts. Marketplace A’s business is known as a “carding shop” in the cyber-criminal world.
Dekhtyarchuk was the administrator of Marketplace A and was a Russian hacker who first appeared in hacker forums in November 2013 under the alias “floraby.” Dekhtyarchuk began advertising the sale of compromised account data in Russian-language hacker forums in April 2018 and opened Marketplace A in May 2018. Dekhtyarchuk immediately began advertising Marketplace A and the products it sold in May 2018.
A potential customer who visited Marketplace A to purchase access devices for compromised accounts could select different products just as in a legitimate web store. The options included various combinations of online and credit card accounts for the same victim. For example, one option allowed Dekhtyarchuk’s customers to purchase the information to unlawfully access two online retail accounts plus receive credit card information for the same victim. Some options were broken down by known account balances, which were sold at different price points.
Dekhtyarchuk also sold the usage, in seven-day rental increments, of a program called “[Company A] Auth 1.0,” which was a downloadable software program that the customer could use to input the stolen access devices, and using the provided cookie, to access the compromised Company A accounts.
Beginning in March 2021 and ending in July 2021, the FBI through an online covert employee (OCE) made thirteen purchases of access devices from Dekhtyarchuk while accessing Marketplace A from the Eastern District of Texas. Each purchase varied in number of accounts, ranging from three to twenty accounts, resulting in access devices purchased for a total of 131 accounts. The OCE received the purchased access devices via link or Telegram messenger service shortly after completing each purchase.
Dekhtyarchuk has been placed on the FBI’s Cyber Most Wanted List.
“This case exemplifies the need for all of us, right now, to take steps to protect our online identity, our personal data, and our monetary accounts,” said U.S. Attorney Brit Featherston. “Cyber-criminals are lurking behind the glow of computer screens and are harming Americans. These investigations require dedicated professionals who work tirelessly to stop thieves that steal from unknowing innocent people. To those who dedicate their lives to stopping cyber-criminals, we thank you.”
“The cyber-criminal marketplace operated by Dekhtyarchuk promoted and facilitated the sale of compromised credentials, personally identifiable information (PII), and other sensitive financial information,” said FBI Houston Special Agent in Charge Jim Smith. “Cyber-criminal actors behind these marketplaces go to great length to obfuscate their true identities and often utilize other sophisticated methods to further anonymize their activities. Success in these complex investigations is dependent on teamwork and collaboration between the FBI, our international partners, and our private sector partners. It is only through our commitment, coordinated efforts and strategic partnerships that we will be able to defeat the cyber threat.”
If convicted, Dekhtyarckuk faces up to 20 years in federal prison. A grand jury indictment is not evidence of guilt. A defendant is presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
This case is being investigated by the Federal Bureau of Investigation Houston Cyber Task Force with the assistance of the FBI Dallas Field Office, the FBI Cyber Division, the National Cyber-Forensics & Training Alliance, the FBI Legal Attaché Riga office, and the State Police of Latvia. This case is being prosecuted by Assistant U.S. Attorney D. Ryan Locker.