Hackers used the website, which has operated for years, to sell personally identifiable information of U.S. residents and access to thousands of compromised computers. According to the Justice Department, xDedic administrators maintained a distributed network of strategically placed servers worldwide. They used bitcoin to cloak the locations of the servers and the identities of the operatives, sellers and buyers.
The site functioned as a network of affiliates through which buyers could search by price, geographic location and operating system to find compromised computer credentials. Justice didn’t name any victims but said they spanned local, state, and federal government agencies, healthcare facilities and emergency services, call centers, metropolitan transit systems, accounting and law firms, pension funds and universities.
U.S. law enforcement worked in concert with agencies in Germany, Belgium, and Ukraine in a coordinated effort to take down the site and servers.
A Kaspersky SecureList report in 2016 said more than 70 thousand servers from 416 unique sellers in 173 countries were up for sale on the website, many of which belonged to government and businesses. The security specialist called xDedic a “hacker’s dream,” for its easy access and cheap price.
“If the truth be told, the people behind xDedic have created what appears to be a ‘quality’ service,” including live technical support, special tools to patch hacked servers to allow multiple RDP sessions and profiling tools that upload information about the hacked servers into the xDedic database, Kaspersky wrote at the time.
“From government networks to corporations, from web servers to databases, xDedic provides a marketplace for buyers to find anything,” the report said. “And the best thing about it – it’s cheap! Purchasing access to a server located in a European Union country government network can cost as little as $6. The one-time cost gives a malicious buyer access to all the data on the server and the possibility to use this access to launch further attacks.”
The U.S. portion of the investigation was led by the FBI and IRS-CI, along with U.S. Immigration and Customs Enforcement’s Homeland Security Investigations and the Florida Department of Law Enforcement.