Pierluigi Paganini
May 15, 2025
Kosovo citizen Liridon Masurica (33) of Gjilan, was extradited to the US for running the cybercrime marketplace BlackDB.cc and appeared in federal court facing related charges.
The online criminal marketplace BlackDB.cc has been active sunce 2018, the platform offered for sale compromised credentials and PII used by crooks for tax fraud, credit card fraud, and identity theft.
Kosovo police arrested Masurica (aka @blackdb) on December 12, 2024.
The man was charged in the US with six fraud-related counts a few days before his arrest. Extradited on May 9, he appeared in court on May 12.
The Kosovo citizen faces up to 55 years in U.S. prison for conspiracy and using over 15 unauthorized access devices across six fraud charges.
Masurica, alleged admin of BlackDB.cc, sold stolen data used in fraud and ID theft.
“According to the indictment, Masurica was the lead administrator of BlackDB.cc—an online criminal marketplace in operation from 2018 until present. BlackDB.cc illegally offered for sale compromised account and server credentials, credit card information, and other personally identifiable information of individuals primarily located in the United States, including those located within the Middle District of Florida.” reads the press release published by DoJ. “Once purchased, cybercriminals used the items purchased on BlackDB.cc to facilitate a wide range of illegal activity, including tax fraud, credit card fraud, and identity theft.”
The FBI led the investigation with support from the Kosovo Police’s Cybercrime Investigation Directorate. Assistant U.S. Attorney Carlton C. Gammons will prosecute the case. The FBI’s Legal Attaché Office in Sofia and the DOJ’s Office of International Affairs played key roles in securing Masurica’s arrest and extradition. The Special Prosecution of the Republic of Kosova and Kosovo Police’s Cybercrime Directorate also provided significant support in the arrest.
In December 2024, the U.S. Department of Justice (DoJ) seized Rydox, another cybercrime marketplace for selling stolen personal data and fraud tools.
Kosovars authorities arrested three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli. Kosovo nationals Ardit and Jetmir Kutleshi, Rydox administrators, were arrested in Kosovo and await extradition to the U.S. The third administrator, Sokoli, was arrested in Albania by SPAK and is set to face charges and prosecution in Albania.
The Rydox marketplace has been active since February 2016, it facilitated over 7,600 sales of stolen PII, access devices, and cybercrime tools, generating $230,000 since 2016. It offered over 321,000 products to 18,000 users, including names, social security numbers, and hacking tools. Thousands of U.S. victims were affected.
The U.S. authorities seized the Rydox domain, a coordinated operation by the FBI and Royal Malaysian Police seized servers in Kuala Lumpur, Malaysia, that hosted the illicit marketplace.
The US authorities also seized $225,000 in cryptocurrency.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, BlackDB.cc)
