Dismantling was the result of the international law enforcement operation WT1SHOPan online criminal marketplace that specializes in selling stolen credentials and other personal information.
The seizure was organized by Portuguese authorities, and US officials took control of four domains used by the website: “wt1shop[.]net”, “wt1store[.]cc”, “wt1store[.]com” and “wt1store[.]network”.
More than 5.85 million personally identifiable information (PII) records were posted on the website, including about 25,000 scanned driver’s licenses/passports, 1.7 million login credentials for various online stores, 108,000 bank accounts, 21,800 credit cards, US Department of Justice (DoJ) said.
The Ministry of Justice also opened a criminal case against Mikalai Kalesnikov, accusing the 36-year-old citizen of the Republic of Moldova of managing the market. Kolesnikov is accused of conspiracy and illegal circulation of means of unauthorized access.
According to unsealed court documents, WT1SHOP offered a payment mechanism that facilitated the trading of stolen identity information using bitcoins. The account store had 106,273 registered users and 94 sellers with a total of about 5.85 million credentials available for sale as of December 2021.
The login credentials included retail and financial institution credentials, email accounts, PayPal accounts, and ID cards, as well as the ability to remotely access and control computers, servers, and network devices without authorization.
The Justice Department also said law enforcement was able to trace bitcoin transactions made on WT1SHOP, along with email addresses and login information from those accounts, to Kalesnikov, allowing authorities to identify his role as an administrator of the illegal marketplace.
If convicted, Kolesnikov faces a maximum sentence of 10 years in federal prison.
The development comes more than a year after law enforcement agencies in the US, Germany, the Netherlands and Romania cracked down on and dismantled the infrastructure of an underground market known as Slizpp which specializes in trading in stolen login credentials.
