The U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace called Rydox (“rydox[.]ru” and “rydox[.]cc”) for selling stolen personal information, access devices, and other tools for conducting cybercrime and fraud.
In tandem, three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, have been arrested. Ardit Kutleshi and Jetmir Kutleshi are expected to be extradited to the U.S. Sokoli, who was apprehended on December 12, 2024, in Albania, will be charged and prosecuted in the nation.
“The Rydox marketplace has conducted over 7,600 sales of personally identifiable information (PII), stolen access devices, and cybercrime tools, which generated at least $230,000 in revenue since its inception in or around February 2016,” the DoJ said in a statement.
This included credit card information and login credentials stolen from thousands of victims residing in the United States. Rydox is also said to have advertised as many as 321,372 cybercrime products such as scam pages, spamming logs, and spamming tutorials to over 18,000 users.
Court documents reveal that users had to register for an account to purchase or sell the illegal products and services and deposit a sum of cryptocurrency into their accounts, which were then placed in a wallet controlled by the defendants.
Rydox also charged registered users a one-time fee that ranged anywhere from $200 to $500 to become authorized sellers. These sellers received 60% from every sale on the marketplace, with Rydox retaining the remaining amount.
Per the indictment document, an undercover source with the Federal Bureau of Investigation (FBI) registered a Rydox account, deposited an equivalent of $300 in cryptocurrency, and purchased about 40 “full,” which refers to a package containing individuals’ personal and financial information.
This comprised their victims’ full names, email addresses, residential addresses, phone numbers, Social Security numbers, dates of birth, and driver’s license numbers.
In coordination with the actions, the FBI and Royal Malaysian Police confiscated servers in Kuala Lumpur to take the site offline. Furthermore, cryptocurrency worth approximately $225,000 has been seized from accounts controlled by the defendants.
Albanian authorities said they have separately seized one computer unit and six laptops, five mobile phones and other storage devices, and documents and monetary assets in cryptocurrencies as part of its investigation related to Sokoli’s arrest.
Ardit Kutleshi and Jetmir Kutleshi have been each charged with two counts of identity theft, one count of conspiracy to commit identity theft, one count of aggravated identity theft, one count of access device fraud, and one count of money laundering. If convicted, they both face a maximum penalty of 37 years in prison.
Nigerian National Extradited to the U.S. for BEC Scheme
The development comes as the DoJ announced the extradition of Abiola Kayode, 37, of Nigeria, to face charges related to his alleged participation in a business email compromise (BEC) scheme from January 2015 to September 2016 to defraud businesses of more than $6 million.
“Kayode’s co-conspirators posed as the chief executive officer, president, owner, or other executive of the targeted company,” the DoJ said. “Using email accounts spoofed to make it appear as though they were from the company’s true business executive, Kayode’s co-conspirators directed business employees or recipients of the email to complete wire transfers.”
Kayode is believed to have provided bank account information to the co-conspirators. These bank accounts belonged to victims of internet romance scams, who were instructed to transfer the funds to other bank accounts.
In late October 2024, one of Kayode’s co-conspirators, a 41-year-old Nigerian national named Alex Ogunshakin, was sentenced to nearly four years in prison. Then last week, another 39-year-old Nigerian citizen, Okechuckwu Valentine Osuji, was sentenced to eight years in prison for operating a BEC scheme across several countries, including the U.S.
Spain Busts Vishing Ring
The law enforcement actions also coincide with the disruption of a phishing ring that defrauded over 10,000 bank customers, as part of a joint operation led by Spanish and Peruvian officials. A total of 83 people, including the e-crime group’s leader, have been arrested in connection with the operation, 35 in different parts of Spain and 48 in Peru.
The individuals have been linked to a call center-based vishing scam based out of Peru, from where thousands of phone calls were made every day in which the they masqueraded as bank employees and tricked users into providing verification codes by leading them to believe that had fraudulent charges and that their accounts had been blocked.
The codes were then passed on to other members of the group in Spain, who used them to withdraw cash from ATMs. The fraudulent scheme is estimated to have made over €3,000,000 ($3.15 million) in illegal profits.
“Once they had the money in their possession, they appropriated a percentage that ranged between 20 and 30%, transferring the rest to the organisation in Peru through companies dedicated to sending cash to other countries,” Spain’s National Police Agency, the Policía Nacional, said.
Russia’s FSB Detains Cybercriminal Group
In a related development, Russia’s Federal Security Service (FSB) said it has detained 11 managers and employees who were allegedly operating a network of call centers that conducted financial fraud on a large scale, netting them $1 million in illegal profits per day.
“The ‘call centers’ were part of an international organized criminal group that, under the guise of investment transactions, committed mass fraud against citizens of the EU, Great Britain, Canada, Brazil, India, Japan, etc.,” the FSB said. “About 100,000 people living in more than 50 countries became victims of their illegal activities.”
The agency also claimed that the network “operated in the interests of the former Minister of Defense of Georgia and founder of the Milton Group, Davit Kezerashvili, who is currently hiding in London.”
In April 2023, BBC published an investigation (now taken down) into a global fraudulent trading network dubbed the Milton Group that defrauded unwitting customers. Kezerashvili, however, has rejected the accusations, stating “I have nothing whatsoever to do with the Milton Group or any call center-based fraud.”
That said, in early September 2024, the Prosecutor’s Office of Georgia said that more than $1 million in illicit proceeds from the call center scams allegedly flowed into bank accounts held by Kezerashvili, and two family members, and that it dismantled a call center operating under the name of Morgan Limited.