Admin behind E-Root stolen creds souk extradited to US • The Register
A Moldovan who allegedly ran the compromised-credential marketplace E-Root has been extradited from the UK to America to stand trial.
Sandu Diaconu, 31, along with another individual whose name has been redacted from court documents, allegedly operated the illicit souk selling access to compromised servers worldwide between 2015 and 2020.
“The Marketplace existed primarily as a place for individuals to buy and sell RDP and SSH access (login credentials) to compromised servers, which was used to facilitate a wide range of illegal activity, such as ransomware attacks, fraudulent wire transfers, and tax fraud,” the indictment says [PDF].
On E-Root, other criminals could search for compromised computer credentials including Remote Desktop Protocol (RDP) and Secure Socket Shell (SSH) access, or by price, geographic location, internet service provider, open ports, and operating system.
During the course of the investigation, the Feds uncovered more than 350,000 compromised credentials listed for sale on E-Root, according to the US Justice Department. The victims included individuals and companies in the US and worldwide, and included at least one local government agency in Tampa, Florida, as well as a local church and and a doctor.
Criminals used the online payment system Perfect Money to make purchases on the credential-selling marketplace. In addition to developing and E-Root, Diaconu, whose admin moniker was “WinD3str0y,” also allegedly operated a sister website where buyers could convert Bitcoin into Perfect Money to try and hide their identities.
The duo offered customer support and apparently maintained detailed records including buyers’ usernames, registration dates, email addresses, purchases, Perfect Money balances, last login dates, and IP addresses, the court documents say.
A joint US-UK effort took down E-Root in late 2020, and British law enforcement arrested Diaconu in May 2021 when he attempted to leave the country. In September 2023, Westminster Magistrates’ Court ordered Diaconu to be extradited to America to face charges, after he consented to travel to the US and face his Feds.
Diaconu, and the second unnamed E-Root admin, have been charged with…
