A website operating as a marketplace for over 5.85 million records of personally identifying information (PII) was seized today by Portuguese authorities and a federal criminal complaint charging the website’s alleged operator has been unsealed.  Law enforcement in the U.S. has also seized four domains used by the website:  “wt1shop.net,” “wt1store.cc,” “wt1store.com,” and “wt1store.net.”

The federal criminal complaint alleges that Nicolai Colesnicov, age 36, of the Republic of Moldova, operated WT1SHOP, an online market that allowed vendors to sell stolen login credentials and other PII, including approximately 25,000 scanned driver’s licenses/passports, 1.7 million login credentials for various online shops, 108,000 bank accounts, 21,800 credit cards.  Colesnicov is charged with conspiracy and with trafficking in unauthorized access devices.  The criminal complaint was filed on April 21, 2022, and unsealed today upon the seizure of the website and its domains.

The website seizure and criminal complaint were announced by United States Attorney for the District of Maryland Erek L. Barron and Special Agent in Charge Wayne Jacobs of the Federal Bureau of Investigation, Washington Field Office, Criminal Division.

Buy Me A Coffee

According to the affidavit filed in support of the criminal complaint, WT1SHOP provided a forum and payment mechanism for the sale and purchase of stolen PII, using Bitcoin.  As detailed in the affidavit, in June 2020 Dutch law enforcement officials obtained an image of the WT1SHOP database that showed there were approximately 60,823 registered users on the site, including 91 sellers and two administrators.  As of June 2020, sellers on WT1SHOP had engaged in sales of approximately 2.4 million credentials for total proceeds of approximately $4 million.  The credentials sold consisted of login credentials for retailers and financial institutions, email accounts, PayPal accounts, and identification cards, as well as credentials to remotely access and operate computers, servers, and network devices without authorization.  Law enforcement’s review of WT1SHOP in December 2021 showed that the number of users and sellers on the website had increased to approximately 106,273 users and 94 sellers with a total of approximately 5.85 million credentials available for sale.

AMD Investigates Alleged Data Breach, Stolen Company Data Claims Emerge

According to the affidavit, law enforcement was able to trace Bitcoin sales made on WT1SHOP, payments made to the webhost of WT1SHOP, email addresses related to WT1SHOP, and associated login information from these accounts to Colesnicov, including determining that Colesnicov was the operator of WT1SHOP based on his logins as the administrator on the WT1SHOP website.

If convicted, Colesnicov faces a maximum sentence of 10 years in federal prison for conspiracy and trafficking in unauthorized access devices.  Actual sentences for federal crimes are typically less than the maximum penalties. A federal district court judge will determine any sentence after taking into account the U.S. Sentencing Guidelines and other statutory factors. 

A criminal complaint is not a finding of guilt.  An individual charged by criminal complaint is presumed innocent unless and until proven guilty at some later criminal proceedings. 

United States Attorney Erek L. Barron commended the FBI for its work in the investigation and thanked the U.S. Department of Justice Office of International Affairs and our law enforcement partners in Portugal, the Republic of Moldova, the Republic of Estonia, the United Kingdom, and the Netherlands for their assistance.  Mr. Barron thanked Assistant U.S. Attorney Rajeev R. Raghavan, who is prosecuting the federal case.