According to court documents, Diaconu developed, published online, and conspired with others to manage the operations of the E-Root Marketplace, a series of websites that operated for years and was used to sell access to compromised computers worldwide, including servers belonging to companies and individuals in the United States. The E-Root Marketplace operated across a widely distributed network and took steps to hide the identities of its administrators, buyers, and sellers. Buyers could search for compromised computer credentials on E-Root, such as usernames and passwords that would allow buyers to access remote computers for purposes of stealing private information or manipulating the contents of the remote computer. Buyers could search for credentials by desired criteria, such as price, geographic location, internet service provider, and operating system. The Marketplace also used Perfect Money, an online payment system, in order to help conceal buyers’ payments, and it offered its illicit cryptocurrency exchange service for the purpose of converting Bitcoin to Perfect Money and vice-versa. This exchange was also seized.
Tampa, Florida – U.S. Senior District Judge James Moody, Jr. has sentenced Sandu Boris Diaconu (31, Moldova) to 42 months in federal prison for conspiracy to commit access device and computer fraud and possession of 15 or more unauthorized access devices. Diaconu pleaded guilty on December 1, 2023.
Diaconu was arrested while attempting to leave the United Kingdom in May 2021, at the request of the United States, and extradited to the United States on October 13, 2023.
Based on evidence obtained during the investigation, authorities believe that more than 350,000 credentials were listed for sale on the Marketplace. The victims span the globe and all industries, as well as at least one local government agency in Tampa. Many victims were subject to ransomware attacks, and some of the stolen credentials listed on the Marketplace were linked to stolen identity tax fraud schemes.
This U.S. investigation was led by the IRS – Criminal Investigation Cyber Crimes Unit (Washington, D.C) and the FBI – Tampa Division. Substantial assistance was provided by the IRS – Criminal Investigation (Tampa Field Office), the Department of Justice’s Office of International Affairs, IRS-CI and FBI International Operations at Mission UK, the United Kingdom’s National Extradition Unit, and the U.S. Marshals Service (Tampa Field Office). The criminal investigation was overseen at various stages of the prosecution by Assistant United States Attorneys Rachel Jones and Adam J. Duso. Asset forfeiture was handled by Assistant United States Attorney Suzanne Nebesky.