A Connecticut man pleaded guilty to charges of phishing against criminal dark web markets in a scheme that eventually obtained over $365,000 and more than 10,000 stolen user credentials.
Michael Richo, 35 of Connecticut, pleaded guilty on Tuesday in Hartford federal court to hacking and money laundering offenses.
Richo’s scheme is familiar to any dark net denizen: In forums on the dark net, he posted fake links to dark net markets where illicit goods and services are on sale. He built fake login pages to fool victims and steal their credentials. Richo then monitored the compromised accounts and withdrew any bitcoin deposited into them before it could be spent. It ended up being deposited in his own bitcoin wallet.
“Richo then sold the stolen bitcoins to others in exchange for U.S. currency, which was deposited into bank accounts that RICHO controlled or was provided to him through Green Dot Cards, Western Union transfers, and MoneyGram transfers,” according to a Justice Department release.
AlphaBay, the most popular of extant dark net markets, has dealt with phishing attacks for years. The site’s administrators blamed victims for “their own stupidity” when complaints of phishing began to rise earlier this year.
Tracking bitcoins to real money is big business. Firms like Chainalysis and Elliptic work with law enforcement and major enterprises around the world to track and analyze virtual currency through the blockchain and outside of it. It’s not clear what if any private firm was involved in the Richo case.
Richo tried to use “Bitcoin Fog” — a cryptocurrency “tumbler” that mixes coins from various sources with the intention of hiding their tracks — according to police, before sending the currency to his wallet on LocalBitcoins.com.
Richo had been under investigation since 2013. Police searched his home and arrested him in 2014.
An “access device fraud” charge for the phishing carries a maximum sentence of 10 years, while a money laundering charge could result in a 20-year sentence. A guilty plea will likely significantly reduce Richo’s sentence, which will come Sept. 28 from U.S. District Judge Vanessa L. Bryant.
Phishing for dark net credentials is a crime as old as the dark net itself. Phishers target “normal” websites like Wikipedia as well as underground criminal forums — any digital gathering space, it seems, is a venue for the tactic.