A Russian man accused of running an online criminal marketplace devoted to credit card fraud and other cybercrimes pleaded guilty Thursday, federal prosecutors said.
Aleksei Burkov, 29, pleaded guilty to charges of access device fraud and conspiracy to commit computer intrusion, identity theft, wire and access device fraud and money laundering, the U.S. Attorney’s Office for the Eastern District of Virginia said in a statement.
Prosecutors say that he ran a website called "Cardplanet" in which stolen debit and credit card numbers were sold and that the stolen data resulted in more than $20 million in fraudulent purchases on U.S. cards.
He also allegedly ran another site where people advertised personal information, malicious software and other criminal services, prosecutors said.
Burkov was arrested at Israel's Ben-Gurion Airport in late 2015 and fought extradition to the United States. An Israeli Supreme Court approved his extradition to the U.S., and he was sent to America in November.
Russian officials objected to the extradition. Israeli officials have suggested Russia sought Burkov's release by offering an exchange for Naama Issachar, a 26-year-old Israeli woman who received a seven-year prison sentence in Moscow on marijuana charges, The Associated Press reported.
The U.S. Attorney’s Office said that Burkov faces a maximum of 15 years when he is sentenced May 8.
A plea agreement also says that Burkov is eligible to be deported after he serves any sentence and that he will not contest removal from the country.
A statement of facts filed in the case says that Burkov operated Cardplanet from October 2011 through at least August 2013 and that the site sold stolen card information from virtually all major U.S. payment cards.
Burkov also offered a fee-based "checker" service to allow buyers to instantly validate the stolen card information, the document says.
Customers could also search the site to ensure that the stolen information would be used in the state where the victim lived, so that fake purchases would be harder to detect. The people who bought the stolen card information would then encode it on counterfeit cards.
The other website was called "Direct Connection." Prosecutors said that was a secure forum for "elite cybercriminals" to meet and plan crimes.