Police Nabs Alleged Owner Of Incognito Market, One Of The World’s Biggest Dark Web Marketplaces
Read also: A Russian access broker charged in the US, Coinbase fraudster pleads guilty, and more.
Thursday, May 23, 2024
The owner of one of the largest Dark Web marketplaces arrested, faces a life prison sentence
The US authorities have arrested and charged an alleged owner of one of the largest illegal narcotics marketplaces on the Dark Web, Incognito Market. Rui-Siang Lin, aka Ruisiang Lin, “Pharoah,” and “faro” faces multiple charges that could lead to a lifetime in prison.
According to the indictment, the 23-year-old Taiwanese national operated Incognito Market from its inception in October 2020 until its shutdown in March 2024. During this period, the marketplace, accessible globally through the Tor web browser, facilitated the sale of more than $100 million worth of illegal narcotics to users worldwide.
Lin is said to have managed all aspects of Incognito Market’s operations, including overseeing employees, vendors, and customers, as well as making critical decisions for the multimillion-dollar enterprise. The market generated millions in profits for Lin, facilitated through an internal “bank” system where users could deposit cryptocurrency into their accounts.
In other news, Dutch law enforcement arrested three suspects who used the now-defunct LabHost phishing-as-a-service platform to perform large-scale banking fraud. Also, the Dutch House of Representatives approved a bill that criminalizes espionage, including cyber and digital espionage. Individuals engaged in espionage activities on behalf of a foreign government could face a maximum prison sentence of eight years. In exceptional circumstances, this maximum sentence can be extended to twelve years.
Request your free demo now and talk to our experts.
Russian citizen charged with selling unauthorized access to computer networks
A Russian citizen has been indicted for his involvement in a cybercrime scheme where he acted as a so-called initial access broker (IAB), selling unauthorized access to computer networks. Evgeniy Doroshenko, 31, aka “Eugene Doroshenko,” “FlankerWWH,” and “Flanker,” from Astrakhan, Russia, faces charges of wire fraud and computer fraud.
According to court documents, Doroshenko orchestrated a scheme from February 2019 to May 2024, where he gained illegal access to various computer systems. He then profited by selling this access through a Russian language cybercrime forum on the Dark Web.
In one instance, Doroshenko infiltrated the computer network of a US-based firm and then sold access to it to other cybercriminals, according to the US Department of Justice.
The indictment specifies that the count of wire fraud could result in a maximum sentence of 20 years in prison and a fine of up to $250,000, or twice the gross gain or loss derived from the crime, whichever is greater. The computer fraud charge carries a potential sentence of up to five years in prison and a similar fine.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
A scammer pleads guilty to a $37 million Coinbase fraud scheme
Chirag Tomar, a 30-year-old citizen of the Republic of India, pleaded guilty in a US court to charges of orchestrating a sophisticated spoofing scheme that defrauded Coinbase users of over $37 million.
The court documents show that Tomar and his co-conspirators launched a fake website mimicking a premium service of Coinbase, one of the world's largest virtual currency exchanges. Once victims attempted to log in, they were subjected to an authentication process that allowed the fraudsters to obtain the victims’ Coinbase login and authentication details.
The perpetrators also employed other deceptive tactics, such as impersonating Coinbase customer service representatives to obtain two-factor authentication codes over the phone, and using remote desktop software to gain control of the victims' computers. Using stolen credentials, the fraudsters pilfered cryptocurrency from the victims and transferred the assets to wallets controlled by Tomar and his accomplices.
Tomar was apprehended at the Atlanta airport on December 20, 2023, and has been in federal custody since his arrest. He has pleaded guilty to wire fraud conspiracy, a charge that carries a maximum penalty of 20 years in prison and a $250,000 fine. The date for his sentencing has yet to be scheduled.
Two Chinese men charged in a $73M ‘pig butchering’ money laundering scheme
Two Chinese nationals have been charged in connection with a large-scale money laundering scheme that funneled proceeds from cryptocurrency investment scams. The sophisticated network moved over $73 million through US financial institutions into accounts in the Bahamas, converting the funds into cryptocurrency. The accused, Daren Li, 41, and Yicheng Zhang, 38, were apprehendded in Atlanta and Los Angeles, respectively.
According to court documents, Li, Zhang, and their accomplices orchestrated a syndicate, managing proceeds from “pig butchering” scams - a type of scam that involves investment frauds (often in cryptocurrencies), where victims are fooled into investing their money in fraudulent ventures, promising high returns.
The criminal network allegedly utilized a series of money laundering techniques to move the illicit funds through both domestic and international channels. The laundered money was transferred to bank accounts in the Bahamas, where it was converted into Tether. A crypto wallet, controlled by Li, received over $341 million in virtual assets.
Both Li and Zhang face serious charges, including conspiracy to commit money laundering and six counts of international money laundering. If convicted, they could each face up to 20 years in prison for each count.
Nearly 200 suspects apprehended in Turkey in major 'Sibergöz-40' operation
Turkish law enforcement authorities arrested 181 suspects as part of a nationwide cybercrime crackdown codenamed 'Sibergöz-40' targeting a range of illicit activities across 34 provinces. Coordinated by the Cyber Crimes Department of the General Directorate of Security, the operations are aimed at dismantling criminal networks involved in cybercrime, illegal gambling, money laundering, fraud, and online child pornography.
An action carried out in Istanbul, Gaziantep, Antalya, Tekirdağ, Çorum, Mardin, Malatya, Diyarbakır, and Kütahya, led to the arrest of 17 suspects allegedly involved in creating phishing sites impersonating banks to steal account information from companies. The suspects stole approximately 14 million Turkish lira from the victims' accounts.
Additionally, 7 suspects were arrested on charges of selling citizens' identity information through illegal websites for profit. In Istanbul, İzmir, Muğla, Antalya, Bursa, and Mersin, 69 suspects were detained. The group, known as 'Roma Bilişim,' used mobile applications to coordinate illegal gambling activities and laundered money through cryptocurrency services.
The police have also arrested 17 suspects for running illegal betting sites and facilitating related money transfers and 2 suspects involved in online child pornography. Further investigations are ongoing.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
