An Illinois man pleaded guilty yesterday to leading a conspiracy to sell stolen financial information on the dark web, aka darknet.
According to court documents, Michael D. Mihalo, aka Dale Michael Mihalo Jr., 40, of Naperville, was the founder of a darknet “carding” site called Skynet Market, which was used to sell stolen financial information on the internet. Operating under the moniker ggmccloud1, Mihalo and his co-conspirators were also prominent vendors on additional darknet markets, including AlphaBay Market, Wall Street Market, and Hansa Market. Each market required users to conduct transactions in digital currencies, including Bitcoin. Through these markets, Mihalo and his co-conspirators sold the stolen financial information, primarily the credit and debit card numbers and associated information, of tens of thousands of U.S. victims between Feb. 22, 2016, and Oct. 1, 2019.
Mihalo assembled and directed the team that helped him sell this stolen financial information on the darknet. Each of the co-conspirators benefitted from the trusted reputation Mihalo, as ggmccloud1, had built on the darknet sites to sell more stolen financial information than they would have been able to sell individually. Taylor Ross Staats, 40, of Texas, conspired with Mihalo and others to sell stolen financial information on the internet. Staats served as a “card-checker,” who ensured the financial information sold by Mihalo and others on multiple darknet sites remained active and had not been canceled by the relevant financial institutions. Staats personally earned at least $21,000 worth of Bitcoin for these services.
Mihalo personally possessed, sent, and received the information associated with 49,084 stolen payment cards with the intent that the payment card information would be trafficked on darknet sites, all in furtherance of the conspiracy. Mihalo earned at least $1 million worth of cryptocurrencies at the time of the sales, including Bitcoin, Ethereum, and Monero. These funds have significantly appreciated since that time.
Mihalo pleaded guilty to one count of conspiracy to commit access device fraud, one count of access device fraud, and six counts of money laundering. He will be sentenced on a later date. He faces a maximum penalty of five years in prison for the conspiracy count and a maximum penalty of 10 years in prison on each of the remaining counts. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
Under the terms of his plea agreement, Mihalo must also forfeit to the government any property he personally obtained through the offenses, including several million dollars’ worth of cryptocurrency, financial accounts, and real property, and has agreed to entry of a money judgment of an amount to be determined by the judge at sentencing.
Mihalo is the second defendant to plead guilty in this case. Staats pleaded guilty on Dec. 14, 2022, to one count of conspiracy to commit access device fraud in connection with his role as “card-checker” for Mihalo and the other co-conspirators. He faces a maximum penalty of five years in prison for the conspiracy count and will be sentenced on a later date.
Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division, U.S. Attorney Teresa A. Moore for the Western District of Missouri, Assistant Director Bryan Vorndran of the FBI’s Cyber Division, and Special Agent in Charge Charles Dayoub of the FBI Kansas City Field Office made the announcement.
The FBI Kansas City Field Office investigated the case.
Senior Counsel Louisa Becker of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Matthew Blackwood for the Western District of Missouri are prosecuting the case. The Justice Department’s Office of International Affairs provided significant assistance.
The Justice Department also thanks its law enforcement colleagues at the Royal Canadian Mounted Police in Canada for their assistance in this case.
Stolen victim payment card information obtained over the course of the investigation has been and/or will continue to be provided to the financial institutions that issued the payment cards. If you were active on Skynet Market, AlphaBay Market, Wall Street Market, or Hansa Market; have been in contact with any of Skynet Market’s administrators; or believe your financial information may have been stolen and sold on any of these markets between Feb. 22, 2016, and Oct. 1, 2019, please file a report with the FBI’s Internet Crime Complaint Center (ic3.gov) and reference this press release.
