Macedonian man extradited to the United States and then pleaded guilty to operating an international cybercrime marketplace received 90 months in federal prison.
Djevair Ametovski, 32, had pleaded guilty to access device fraud and aggravated identity theft. In addition to his sentence, he was ordered to forfeit $250,000 and pay restitution — the exact restitution amount will be determined at a later date.
Ametovski was arrested by Slovenian authorities in January 2014 and extradited to the United States in May 2016.
Ametovski ran Codeshop, a website that offered stolen payment card data, bank account credentials, and personal information, according to the Department of Justice (DoJ). He was also known by other aliases like “codeshop,” “xhevo,” “sindrom” and “sindromx.”
Between August 2010 and January 2014, Ametovski and others used Codeshop to sell information on hundreds of thousands of people from around the world. They used phishing to hack into the databases of financial institutions and other types of organizations.
“Ametovski and his co-conspirators were merchants of crime, stealing victims’ information and selling that information to other criminals,” said United States Attorney Richard P. Donoghue. “This Office and our law enforcement partners will tirelessly pursue cybercriminals who seek to profit at others’ expense.”
After obtaining the information from victims, they packaged the stolen data for sale and posted it on the Codeshop website, a fully indexed and searchable website that allowed users to search by bank identification number, financial institution, country, state and card brand to find the data they wanted, DoJ officials said. The stolen data could then be used to make online purchases and to encode plastic cards to withdraw cash at ATMs.
Ametovski used a network of online money exchangers and anonymous digital currencies, including Bitcoin, to reap revenues from the Codeshop website and to conceal all participants’ identities, including his own, DoJ said. Over the four-year period, Ametovski obtained and sold stolen credit and debit card data for more than 1.3 million cards.