Rydox, an online marketplace used by cybercriminals to sell hacked personal information and tools to commit fraud, has been seized in an international law enforcement operation and its suspected administrators arrested.
Rydox has been operating since early 2016, and has been used to sell personally identifiable information, stolen access devices, and tools to assist cybercrime on thousands of occasions according to the US Department of Justice.
Information sold on the underground site includes the names, addresses, dates of birth, and social security numbers of individuals, as well as their financial information, credit card details, and passwords. In addition, a section of the Rydox marketplace devoted itself to the sale of software and tutorials to assist cybercriminals in committing attacks.
According to the US Department of Justice, three Kosovan nationals are thought to be the administrators of the site and have been arrested in recent days.
26-year-old Ardit Kutleshi, and Jetmir Kutleshi, 28 were arrested last week in Kosovo by local law enforcement agents, with a view to being extradited to the United States.
The third suspected administrator of Rydox, Shpend Sokoli, was arrested in Albania on Thursday. He had one computer, six laptops, five mobile phones and other storage devices, as well as documents related to cryptocurrency assets seized at the same time.
Visitors to the Rydox cybercrime marketplace are now greeted by a banner announcing that the site is now under the control of law enforcement agencies as deeper investigations continue into the apprehended men and the many users of the site.
“The Rydox marketplace was a one-stop shop where upwards of 18,000 of its cybercriminal customers could choose from more than 300,000 cybercrime tools,” said US Attorney Eric G. Olshan for the Western District of Pennsylvania. “While cybercrime often involves conduct occurring overseas and the actions of foreign nationals, its harms can be devastatingly local, with residents in our own communities suffering financial ruin as a result of the theft and misuse of their sensitive personal information. Today’s takedown reinforces our steadfast message that the Western District of Pennsylvania and our domestic and international law enforcement partners will use every available tool to hold accountable those who pursue illicit profit at the expense of ordinary citizens around the world.”
The news of Rydox’s seizure came in the same week that 27 DDoS-for-hire websites had been shut down. Europol explained that law enforcement agencies had taken the action in an attempt to disrupt attacks that cybercriminals typically launch in the run-up to the holiday season.