Account Takeover Fraud , Card Not Present Fraud , Fraud Management & Cybercrime

Russian Sentenced to 3 Years for Selling Stolen Identities

FBI Sting Identified Georgy Kavzharadze as Vendor on Illicit Slilpp Marketplace
Russian Sentenced to 3 Years for Selling Stolen Identities
Moscow-born Georgy Kavzharadze received a 40-month prison sentence for his involvement in the Slilpp carder marketplace. (Image: Shutterstock)

A Russian national received a 40-month sentence after earning more than $200,000 through the sale of thousands of stolen credentials.

See Also: OnDemand | Everything You Can Do to Fight Social Engineering and Phishing

On Wednesday, District Judge Colleen Kollar-Kotelly of the U.S. District Court for the District of Columbia sentenced Moscow-born Georgy Kavzharadze, 27, who pleaded guilty in February to conspiracy to commit bank fraud and wire fraud. She ordered Kavzharadze to pay $1.2 million in restitution.

Prosecutors presented evidence against Kavzharadze gleaned from the illicit marketplace Slilpp, showing that from 2016 to 2021, he sold nearly 300,000 stolen credentials - of the 626,000 he'd listed - which the FBI linked to more than $1.2 million in fraud (see: DOJ Shut Down Slilpp Marketplace for Stolen Credentials).

"The Slilpp marketplace allowed vendors to sell, and customers to buy, stolen login credentials by providing the forum and payment mechanism for such transactions," according to court documents. "Slilpp buyers subsequently used those login credentials to conduct unauthorized transactions - such as wire transfers - from the related accounts."

In June 2021, the DOJ reported that an international law enforcement operation led to the seizure of multiple Slilpp servers and domain names. At the time of the seizure, authorities said, they tied the marketplace to more than $200 million in losses for U.S. victims alone.

Law enforcement was able to see inside the marketplace's activities starting years earlier. "In January 2016, September 2016, March 2021 and June 2021, the FBI obtained forensic copies of the server hosting Slilpp," prosecutors said. Investigators were able to identify marketplace buyers and sellers.

"The Slilpp database contained a wealth of historical information about Slilpp vendors, customers and transactions, including subscriber and payment information for individual accounts that have been used to buy and sell login credentials over Slilpp," the Department of Justice said. "The database accurately reflected known Slilpp transactions and subscriber records, including FBI undercover purchases."

The FBI made undercover purchases and then followed the money - in the form of bitcoin payments - to connect Kavzharadze to his Slilpp account, from which it said he withdrew over $200,000 worth of profits. Prosecutors said the stolen information he was selling included access credentials for U.S. banks based in New York, California, Nevada and Georgia.

Prosecutors charged Kavzharadze in August 2021, and he first appeared in a U.S. courtroom in May 2022, after being extradited.

More than a dozen individuals with connections to the Slilpp marketplace, which launched in 2012, have been charged or arrested.

Other stolen information sold on Slilpp included credentials - typically usernames and passwords - for accessing bank accounts, online payment accounts, mobile phone accounts, accounts with retailers and other online platforms and services.

Another Slilpp user sentenced to serve time in a federal prison was Alexander Pakhtusov. Prosecutors said he sold 14,000 sets of stolen login credentials via the criminal marketplaces Slilpp as well as on Paysell, now called Blackpass, using the moniker "Mrtikov," from at least April 2016 through September 2019.

Pakhtusov was indicted in 2019 and extradited to the U.S. in March 2021. He later pleaded guilty to access device fraud and aggravated identity theft.

In September 2023, District Judge Trevor N. McFadden of the U.S. District Court for the District of Columbia sentenced Pakhtusov to serve 61 months in prison and ordered him to pay $1.4 million in restitution.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.