Russian serial credentials seller of gets 40 months in jail

A Russian nationwide is taking a visit to jail within the US after being discovered responsible of peddling stolen credentials on a preferred darkish internet market.

Hailing from Moscow, 27-year-old Georgy Kavzharadze bought his stolen wares between July 2016 and Might 2021 on the Slilpp market, which was taken down in 2021 following a coordinated effort from worldwide legislation enforcement companies.

He was arrested after which extradited just below a 12 months later in Might 2022, and has been detained since then. The US justice system didn’t state which nation he was extradicted from however it clearly wasn’t Russia.

That takedown led to the invention of details about distributors on the location, of which Kavzharadze was one, together with transactions and fee info. Wiretap knowledge was additionally handed to US authorities by one other nation that recognized website customers’ login credentials and IP addresses. Kavzharadze was arrested the next 12 months.

In keeping with the unique indictment [PDF], the credentials bought by Kavzharadze included these for 5 totally different banks and went on to be abused in fraudulent transactions exceeding $5 million in worth.

This sum has since been lowered to $1.2 million, the whole thing of which he has been ordered to pay again as restitution.

The Russian bought greater than 297,300 credentials on Slilpp and listed greater than 626,000 over the course of his five-year tenure on the location, which additionally included operating themed low cost occasions equivalent to Cyber Monday gross sales. Feds mentioned “associated PII” was bought alongside the logins for “on-line fee accounts, financial institution accounts, and different accounts.” The individuals who bought these login credentials used these credentials to steal cash from sufferer accounts.

Feds have been capable of confidently hyperlink greater than $200,000 value of Bitcoin withdrawals to Kavzharadze from the Slilpp website between 2016 and 2018 – a sum value greater than $450,000 at in the present day’s change charge.

The Slilpp takedown in 2021 was massive information. It had been working for almost a decade by that time, and authorities mentioned greater than 80 million credentials have been bought throughout that point, racking up estimated damages to the tune of greater than $200 million.

“The Slilpp market allegedly precipitated a whole bunch of thousands and thousands of {dollars} in losses to victims worldwide, together with by enabling patrons to steal the identities of American victims,” mentioned then-acting assistant legal professional common Nicholas L McQuaid of the Justice Division’s Felony Division on the time. 

“The division won’t tolerate an underground economic system for stolen identities, and we are going to proceed to collaborate with our legislation enforcement companions worldwide to disrupt prison marketplaces wherever they’re situated.”

Credentials for greater than 1,400 totally different account suppliers have been listed throughout Slilpp’s time and authorities likened it to Amazon and eBay for promoting credentials. ®