Date: January 4, 2024 Contact: newsroom@ci.irs.gov United States Attorney Roger B. Handberg announces the culmination of a transnational cybercrime investigation involving the xDedic Marketplace. According to court documents, the xDedic Marketplace was a website on the dark web that illegally sold login credentials (usernames and passwords) to servers located across the world and personally identifiable information—dates of birth and Social Security numbers—of U.S. residents. Once purchased, criminals used these servers to facilitate a wide range of illegal activity that included tax fraud and ransomware attacks. The xDedic administrators practiced exceptional operational security, operating the website across a widely distributed international network, and utilizing cryptocurrency in order to hide the locations of the Marketplace's underlying servers and the identities of its administrators, sellers, and buyers. In total, xDedic offered more than 700,000 compromised servers for sale, including at least 150,000 in the United States and at least 8,000 in Florida. Marketplace victims spanned the globe and industries, including local, state, and federal government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transit authorities, accounting and law firms, pension funds, and universities. In January 2019, the U.S. Attorney's Office for the Middle District of Florida (Tampa Division) seized xDedic's domain names and dismantled the website's infrastructure, effectively ceasing its operation. The international operation to dismantle and seize this infrastructure was the result of close cooperation with law enforcement authorities in Belgium and Ukraine, the European law enforcement agency Europol, the National High Tech Crime Unit from the Dutch National Police, and the German Bundeskriminalamt. In the years that followed the takedown of the xDedic Marketplace, the U.S. Attorney's Office investigated and charged individuals involved in every level of the website's operation, including its administrators, server sellers, and buyers. For example, Alexandru Habasescu and Pavlo Kharmanskyi were Marketplace administrators. Habasescu, who resided in Chisnau, Moldova, was the lead developer and technical mastermind for the Marketplace, while Kharmanskyi, who lived in Kiev, Ukraine, advertised for the website, paid administrators, and provided customer support to buyers. Habasescu was taken into custody in the Spanish Canary Islands in 2022 and extradited to the United States, while Kharmanskyi was arrested at the Miami International Airport in 2019 as he attempted to enter the United States. Habasescu and Kharmanskyi were sentenced to 41 and 30 months' imprisonment, respectively. Marketplace seller Dariy Pankov, a Russian national, was one of the highest sellers on the Marketplace by volume, listing for sale the credentials of more than 35,000 compromised servers located all over the world and obtaining more than $350,000 in illicit proceeds. Pankov's criminal activities were facilitated by a powerful malicious software program he developed named "NLBrute," that was capable of compromising protected computers by decrypting login credentials. Pankov was taken into custody in the Republic of Georgia in 2022 and extradited to the United States. He was subsequently sentenced to 60 months in federal prison. Nigerian national Allen Levinson was a prolific buyer on the Marketplace who held particular interest in purchasing access to U.S.-based Certified Public Accounting firms. He used the information he obtained from those servers to file hundreds of false tax returns with the United States government, requesting more than $60 million in fraudulent tax refunds. Levinson was taken into custody in the United Kingdom in 2020 and extradited to the United States. He was subsequently sentenced to 78 months in federal prison. Many of the charged defendants are foreign nationals and hold citizenship in countries that do not extradite their nationals, requiring the United States to locate and extradite subjects from countries that do. As identified below, to date, 17 defendants have been charged and/or extradited to the United States. Allen Levinson (Nigeria) was convicted of conspiracy to commit mail and wire fraud and was sentenced to 78 months in prison. T'Andre McNeely (California) was convicted of conspiracy to commit mail and wire fraud and was sentenced to 78 months in prison. Michael Carr (California) was convicted of conspiracy to commit mail and wire fraud and was sentenced to 78 months in prison. Dariy Pankov (Russia) was convicted of conspiracy to commit access device and computer fraud and was sentenced to 60 months in prison. Glib Ivanov-Tolpintsev (Ukraine) was convicted of conspiracy to commit access device and computer fraud and was sentenced to 48 months in prison. Alexandru Habasescu (Moldova) was convicted of access device fraud and was sentenced to 41 months in prison. Adedotun Adejumo (Oklahoma) was convicted of conspiracy to commit wire fraud and was sentenced to 33 months in prison. Pavlo Kharmanskyi (Ukraine) was convicted of access device fraud and was sentenced to 30 months in prison. Joshua Spencer (New York) was convicted of conspiracy to commit access device fraud and was sentenced to 28 months in prison. Ibrahim Jinadu (Georgia) was convicted of conspiracy to commit wire fraud and was sentenced to 27 months in prison. Brandon Williams (California) was convicted of conspiracy to commit mail and wire fraud and was sentenced to 12 months in prison. Harold McKinzie (Illinois) was convicted of wire fraud and was sentenced to 5 years' probation. Bamidele Omotosho (Nigeria) was convicted of conspiracy to commit wire fraud and sentencing is pending. Olayemi Adafin (United Kingdom) was convicted of conspiracy to commit wire fraud and sentencing is pending. Olakunle Oyebanjo (United Kingdom) was convicted of conspiracy to commit wire fraud and sentencing is pending. Akinola Taylor (United Kingdom) was convicted of conspiracy to commit wire fraud and sentencing is pending. Oluwarotimi Ogunlana (Texas) was convicted of conspiracy to commit wire fraud and sentencing is pending. In addition to the individuals above, xDedic Marketplace buyers Olufemi Odedeyi (United Kingdom) and Oluwaseyi Shodipe (United Kingdom) have been charged with conspiracy to commit wire fraud and aggravated identity theft. Both and are pending extradition from the United Kingdom. Shodipe has also been charged with making false claims and theft of government funds. If convicted, Odedeyi and Shodipe each face a maximum penalty of 20 years in federal prison. These cases were led by the Tampa Field Office of Internal Revenue Service - Criminal Investigation and the Tampa Division of the Federal Bureau of Investigation. Substantial assistance was provided by the IRS-CI Cyber Crimes Unit (Washington, D.C.), the Department of Justice's Office of International Affairs, and Homeland Security Investigations. This investigation also benefited greatly from cooperation with foreign law enforcement in Belgium, Georgia, Germany, Poland, Spain, the United Kingdom, Romania, Switzerland, Estonia, Latvia, Bulgaria, Ukraine, Lithuania, and Moldova. The cases are being prosecuted by Assistant United States Attorneys Rachel K. Jones, Carlton C. Gammons, and Suzanne Nebesky.
