Admin of major stolen account marketplace gets 42 months in prison


Hacker prison

Moldovan national Sandu Boris Diaconu has been sentenced to 42 months in prison for operating E-Root, a major online marketplace that sold access to hacked computers worldwide.

According to court documents, after the federal prison ends, Diaconu (aka ‘utmsandu,’ ‘sandushell,’ ‘rootarhive,’ and ‘WinD3str0y’) will also be under supervised release for another 3 years.

The sentence comes after his December guilty plea to one count of conspiracy to commit access device and computer fraud and four counts of possessing 15 or more unauthorized access devices.

Diaconu attempted to flee but was arrested in the U.K. in May 2021 after E-Root’s domains were seized by authorities in late 2020.

In October 2023, he was extradited to the United States under charges of wire fraud, money laundering, computer fraud, and access device fraud.

“Based on evidence obtained during the investigation, authorities believe that more than 350,000 credentials were listed for sale on the Marketplace,” said the Department of Justice in a Thursday press release.

“The victims span the globe and all industries, as well as at least one local government agency in Tampa. Many victims were subject to ransomware attacks, and some of the stolen credentials listed on the Marketplace were linked to stolen identity tax fraud schemes.”

E-Root seizure
E-Root seizure banner (DOJ)

​Diaconu was an administrator of the E-Root Marketplace between January 2015 and February 2020. This cybercrime market operated across a sprawling network infrastructure and was designed to shield the identities of its administrators, buyers, and sellers.

Using this platform, buyers could search for RDP and SSH credentials to compromised computer systems, which could be filtered by various criteria, including price, geographic location, internet service provider, and operating system.

Cybercriminals later used the compromised credentials to gain remote unauthorized access to victims’ systems and extract or manipulate data.

The E-Root marketplace transactions also used an online payment system dubbed Perfect Money to obfuscate the payment chain.

Moreover, E-Root provided an illicit cryptocurrency exchange service designed to convert Bitcoin, U.S. dollars, and other currencies to Perfect Money and vice versa, a service that has also been seized.

“The Marketplace looked like a traditional e-commerce website and functioned like a legitimate business would. The Marketplace touted the fact that it sold valid login credentials to compromised servers, offered an exchange and warranty policy, and offered high-quality customer service,” the indictment states.

“The Marketplace existed primarily as a place for individuals to buy and sell RDP and SSH access (login credentials) to compromised servers, which was used to facilitate a wide range of illegal activity, such as ransomware attacks, fraudulent wire transfers, and tax fraud.”

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top