Defendant’s “Codeshop” Website Sold Troves of Stolen Credit Card Data and Bank Account Logins on the Black Market
April 17 – Earlier today, in federal court in Brooklyn, Djevair Ametovski, a Macedonian citizen, was sentenced by United States District Judge Eric N. Vitaliano to 90 months’ imprisonment after previously pleading guilty to access device fraud and aggravated identity theft. Those crimes related to Ametovski’s operation of “Codeshop,” a website he created for the sole purpose of selling stolen credit and debit card data, bank account credentials and personal identification information. Judge Vitaliano also ordered the defendant to forfeit $250,000 and to pay restitution in an amount to be determined by the Court at a later date. Ametovski was arrested in Ljubljana, Slovenia, in January 2014, and was extradited to the United States in May 2016.
Richard P. Donoghue, United States Attorney for the Eastern District of New York, and David E. Beach, Special Agent-in-Charge, United States Secret Service, New York Field Office (USSS), announced the sentence.
“Ametovski and his co-conspirators were merchants of crime, stealing victims’ information and selling that information to other criminals,” stated United States Attorney Donoghue. “This Office and our law enforcement partners will tirelessly pursue cybercriminals who seek to profit at others’ expense.” Mr. Donoghue thanked the Slovenian Ministry of the Interior and Ministry of Justice, the United States Marshals Service, the U.S. Department of State Regional Security Officers in Slovenia and the Netherlands, and the Justice Department’s Office of International Affairs, for their assistance with the investigation and prosecution of the defendant.
“The sentencing of this transnational cybercriminal emphasizes the commitment of the Secret Service to disrupt and dismantle global criminal networks,” stated USSS Special Agent-in-Charge Beach. “The Secret Service will continue to work closely with our network of law enforcement partners to dismantle criminal enterprises seeking to victimize innocent people, regardless of geographic distance or borders.”
Ametovski and his co-conspirators operated Codeshop between August 2010 and January 2014, victimizing hundreds of thousands of individuals around the world by hacking into the computer databases of financial institutions and other businesses and through “phishing” scams designed to induce accountholders to unwittingly surrender private identification information. They packaged this stolen data for sale and posted it on the Codeshop website, a fully indexed and searchable website that allowed users to search by bank identification number, financial institution, country, state and card brand to find the data they wanted. The stolen data could then be used to make online purchases and to encode plastic cards to withdraw cash at ATMs. Ametovski used a network of online money exchangers and anonymous digital currencies, including Bitcoin, to reap revenues from the Codeshop website and to conceal all participants’ identities, including his own. Over the course of the scheme, Ametovski obtained and sold stolen credit and debit card data for more than 1.3 million cards.
The government’s case is being handled by the Office’s National Security & Cybercrime Section. Assistant United States Attorneys Saritha Komatireddy and David K. Kessler are in charge of the prosecution.
DJEVAIR AMETOVSKI (also known as “xhevo,” “codeshop,” “sindrom” and “sindromx”)
E.D.N.Y. Docket No. 16-CR-409 (ENV)