TYLER, Texas (KETK) – A Russian hacker has been indicted in East Texas federal court on thirty counts, ranging from wire fraud to identity theft.

Court documents filed with the Tyler division of the Eastern Court of Texas list the defendant as Igor Dekhtyarchuk and he is a resident of Sverdlovsk Oblast, Russia.

According to the indictment, he is accused of creating a cybercriminal marketplace, known as “Marketplace A”, which was “dedicated to the sale of unlawfully obtained access devices” that allowed unauthorized access to companies’ accounts as well as personal credit cards.

Data associated with these accounts included names, home addresses, login credentials and credit card payment data.

Dekhtyarchuk, who went under the alias “floraby,” allegedly began advertising the sale of comprised data in Marketplace A in May 2018. He focused on five companies, known only in the indictment as Company A, B, C, D and E.

The indictment states that Companies A-C were based in California, Company D was located in Arkansas and Company E was headquartered in Massachusetts. Dekhtyarchuk allegedly advertised on Marketplace A that between 2018 and 2021, he sold access to more than “48,000 compromised email accounts, 25,000 compromised Company B accounts and 19,000 compromised Company A accounts.”

The documents state that the site averaged approximately 5,000 daily visitors as of March 2022.

“A potential customer who visited Marketplace A to purchase access devices for compromised accounts could select different products just as in a legitimate web store. The options included various combinations of Company A, Company B, Company C and credit card accounts for the same victim.”

Indictment filed against Igor Dekhtyarchuk

Once a purchase was made on Marketplace A, Dekhtyarchuk allegedly sent the customer the access devices via a text message. FBI agents in East Texas made 13 covert purchases over 131 total accounts from March to July 2021, according to the indictment.

Dekhtyarchuk is charged with one count of wire fraud, three counts of access device fraud and 26 counts of aggravated identity theft.

The wire fraud charge alone carries a maximum sentence of 20 years in prison with a $250,000 fine. Each count of access device fraud can have a 10-year sentence imposed while each identity theft accusation carries a two-year maximum sentence.