Sandu Diaconu, a 31-year-old Moldovan national, was extradited from the United Kingdom to the United States on October 16th to face charges related to his administration of the E-Root Marketplace website.
The site E-Root, which operated for years and was used to sell access to compromised computers worldwide, including servers belonging to companies and individuals in the US.
Diaconu appeared in federal court in Tampa, Florida on October 16th. He has been charged with conspiracy to commit access device and computer fraud, wire fraud conspiracy, money laundering conspiracy, access device fraud, and computer fraud. If convicted on all counts, Diaconu faces a maximum penalty of 20 years in federal prison.
The indictment also notifies Diaconu that the United States is seeking an order of forfeiture relating to the proceeds of and used in the charged criminal conduct.
According to court documents, the E-Root Marketplace operated across a widely distributed network and took steps to hide the identities of its administrators, buyers, and sellers. Buyers could search for compromised computer credentials on E-Root, such as RDP and SSH access, by desired criteria such as price, geographic location, internet service provider, and operating system.
The Marketplace also used Perfect Money, an online payment system, to help conceal buyers’ payments. It also offered its illicit cryptocurrency exchange service for the purpose of converting Bitcoin to Perfect Money and vice-versa. This exchange was also seized.
Seizure orders were executed against the domain names of the E-Root Marketplace and a public takedown notice was issued at the end of 2020. Diaconu was arrested while attempting to leave the United Kingdom in May 2021.
In September 2023, after Diaconu consented, the Westminster Magistrates’ Court ordered Diaconu to be extradited to the United States to face the outstanding charges.
U.S. Attorney Roger B. Handberg said victims spanned the globe and industries, including businesses, government agencies and individuals. Many were targeted in ransomware attacks and tax fraud schemes. Based on evidence obtained during the investigation, authorities believe that more than 350,000 compromised computer credentials were listed for sale on the Marketplace.
The U.S. investigation involved the IRS Criminal Investigation Cyber Crimes Unit, FBI Tampa Division, and other agencies. Diaconu's arrest and extradition involved international cooperation between the U.S. and the U.K.
The case demonstrates the global nature of cybercrime and the importance of international cooperation in prosecuting such crimes. Diaconu's extradition shows authorities' determination to hold cybercriminals accountable no matter where they are located.
Source: DOJ