I. Executive Summary
This report details the extradition of Liridon Masurica, allegedly known as “@blackdb,” from Kosovo to the United States to face federal charges related to his purported role as the lead administrator of BlackDB.cc, an online criminal marketplace. Masurica is accused of facilitating the sale of compromised data, leading to widespread fraud. His apprehension and subsequent extradition highlight a significant success in international law enforcement cooperation against transnational cybercrime. The case underscores the critical importance of modernized extradition treaties and robust inter-agency collaboration in bringing perpetrators of online illicit activities to justice. The charges against Masurica, carrying a potential sentence of up to 55 years, reflect the gravity with which U.S. authorities view the operation of such criminal enterprises and the extensive harm they inflict.
II. Introduction: The Case of Liridon Masurica (“@blackdb”)
The fight against sophisticated cybercriminal operations achieved a notable milestone with the extradition of Liridon Masurica from Kosovo to the United States. This development, announced by United States Attorney Gregory W. Kehoe, marks a crucial phase in the U.S. government’s efforts to dismantle online platforms that trade in stolen data and facilitate myriad fraudulent activities.
Liridon Masurica, aged 33 and a citizen of Gjilan, Kosovo, is the individual identified by authorities as operating under the alias “@blackdb”. He is alleged to have been the lead administrator of BlackDB.cc, an online criminal marketplace. The consistent association of Masurica with the “@blackdb” alias in official documents suggests a thorough investigative process, likely involving digital forensics and intelligence gathering, to connect the real-world individual to the online persona responsible for the illicit platform. It is noteworthy that initial announcements regarding Masurica’s indictment and arrest were made by then-United States Attorney Roger B. Handberg , with U.S. Attorney Gregory W. Kehoe later announcing the extradition, possibly reflecting changes in leadership or case management within the U.S. Attorney’s Office for the Middle District of Florida.
III. The BlackDB.cc Criminal Marketplace: A Hub for Illicit Data Exchange
The online platform BlackDB.cc allegedly served as a significant node in the cybercrime economy, specializing in the trafficking of sensitive information. Its operational details and the nature of its offerings paint a clear picture of its role in enabling financial crime.
A. Operational Framework and Timeline
According to indictments and official statements, BlackDB.cc was an active online criminal marketplace from approximately 2018 until the time of Masurica’s arrest in late 2024. This operational period of roughly six years suggests a sustained enterprise that likely attracted a substantial user base of individuals seeking to buy and sell illicit data. The choice of a “.cc” top-level domain, while not exclusively used for illicit purposes, is sometimes observed in the landscape of online criminal enterprises.
B. Illicit Goods and Services Offered
BlackDB.cc is accused of illegally offering a range of compromised data for sale, constituting the raw materials for various cybercrimes. The primary categories of data available on the platform reportedly included:
- Compromised account and server credentials.
- Credit card information, including full card details.
- Other forms of personally identifiable information (PII).
The types of data allegedly sold on BlackDB.cc are typical of those found on dark web marketplaces, which function as clearinghouses for information stolen through data breaches, phishing attacks, malware infections, and other malicious means.
C. Targeted Victims and Geographic Focus
The primary targets of the data sold on BlackDB.cc were individuals located within the United States. Critically for jurisdictional purposes, the indictment specifically notes that victims were located within the Middle District of Florida. This geographical nexus to the Middle District of Florida provided a strong basis for the U.S. Attorney’s Office in Tampa to assert venue and lead the prosecution.
D. Facilitation of Subsequent Criminal Activities
The data purchased from BlackDB.cc was not an end in itself but rather a means for other cybercriminals to perpetrate a variety of illegal acts. The marketplace effectively served as an enabler, with its offerings directly facilitating crimes such as:
- Tax fraud: Using stolen PII and financial details to file fraudulent tax returns and claim illicit refunds. This explains the significant involvement of IRS-Criminal Investigation in the case.
- Credit card fraud: Making unauthorized purchases or cash withdrawals using stolen credit card information.
- Identity theft: Using compromised PII to open new accounts, take over existing ones, or commit other forms of fraud in a victim’s name.
The operation of BlackDB.cc for over half a decade implies a potentially large number of victims and considerable financial damage. While specific figures for BlackDB.cc are not available in the provided materials, broader statistics from the Federal Trade Commission (FTC) indicate hundreds of thousands of reported cases of identity theft and credit card fraud each quarter, underscoring the pervasive nature of the problem to which such marketplaces contribute.
IV. Legal Framework and Charges: Deconstructing the Indictment
The prosecution of Liridon Masurica is founded upon specific U.S. federal statutes designed to combat access device fraud and conspiracy. The charges reflect the multifaceted nature of his alleged criminal conduct as the administrator of BlackDB.cc.
A. Indictment and U.S. Court Proceedings
A federal grand jury in the Middle District of Florida returned an indictment against Liridon Masurica on December 3, 2024. The case is docketed as USA v. Masurica, Case Number 8:24-cr-00521. Following his extradition, Masurica made his initial appearance in federal court in Tampa on May 12, 2025, before United States Magistrate Judge Lindsay Saxe Griffin. At this appearance, he was ordered detained pending trial, a decision often based on a determination that the defendant may pose a flight risk or a danger to the community.
B. Specific Charges and Applicable U.S. Federal Statutes
Masurica faces one count of conspiracy and five substantive counts of access device fraud. This dual charging approach—addressing both the agreement to commit crimes and the specific criminal acts themselves—is a common prosecutorial strategy designed to capture the full scope of the alleged criminal enterprise.
- Count 1: Conspiracy to Commit Access Device Fraud (18 U.S.C. § 371) This charge alleges that Masurica conspired with others to commit access device fraud. Under 18 U.S.C. § 371, a conspiracy occurs if “two or more persons conspire either to commit any offense against the United States, or to defraud the United States…and one or more of such persons do any act to effect the object of the conspiracy”. The core elements involve an agreement to commit the underlying offense (access device fraud) and at least one overt act by a conspirator in furtherance of that agreement. In this context, the operation and administration of BlackDB.cc, along with the transactions occurring on the platform, could constitute the necessary overt acts. The “others” in the conspiracy could include sellers and buyers on the platform, or any potential co-administrators.
- Counts 2-6: Fraudulent Use of 15 or More Unauthorized Access Devices (18 U.S.C. § 1029(a)(3)) These five substantive counts pertain to 18 U.S.C. § 1029(a)(3), which criminalizes “knowingly and with intent to defraud possess[ing] fifteen or more devices which are counterfeit or unauthorized access devices”. An “access device” can include stolen credit card numbers or compromised account credentials, such as those allegedly sold on BlackDB.cc. The statute requires that the offense affects interstate or foreign commerce, a jurisdictional element readily met by online criminal marketplaces that deal with data from U.S. individuals and cater to a global clientele of cybercriminals. As the alleged administrator, Masurica would have effectively controlled a platform trafficking in vast quantities of such unauthorized access devices. The five separate counts likely represent distinct instances or collections of 15 or more such devices.
The following table summarizes the charges:
Table 1: Summary of Charges Against Liridon Masurica
| Count Number | Charge Description | U.S. Code Citation | Key Elements of the Offense | Maximum Statutory Penalty per Count (First §1029 Offense) |
|---|---|---|---|---|
| 1 | Conspiracy to Commit Access Device Fraud | 18 U.S.C. § 371 | 1. Agreement between ≥2 persons. <br> 2. To commit access device fraud. <br> 3. Overt act by ≥1 conspirator. | 5 years imprisonment, fine, or both. |
| 2-6 | Fraudulent Use of 15 or More Unauthorized Access Devices (x5) | 18 U.S.C. § 1029(a)(3) | 1. Knowing possession. <br> 2. Intent to defraud. <br> 3. ≥15 counterfeit/unauthorized access devices. <br> 4. Affects interstate/foreign commerce. | 10 years imprisonment, fine, or both (per count). |
Export to Sheets
C. Aggregate Potential Penalties and Presumption of Innocence
If convicted on all counts, Masurica faces a maximum potential penalty of 55 years in federal prison (5 years for the conspiracy count plus 10 years for each of the five substantive access device fraud counts). This substantial potential sentence underscores the severity with which U.S. law treats large-scale cyber fraud operations and the profound economic and societal damage they inflict. It is imperative to note, as stated in official announcements, that an indictment is merely a formal accusation. Liridon Masurica, like every defendant in the U.S. justice system, is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.
V. International Cooperation and Extradition: Bridging Jurisdictional Divides
The successful transfer of Liridon Masurica to U.S. custody is a testament to effective international cooperation, particularly between the United States and Kosovo. This process relied heavily on a modern extradition treaty and close collaboration between multiple law enforcement and governmental agencies.
A. Arrest in Kosovo and the Extradition Process
Liridon Masurica, a citizen and resident of Kosovo, was arrested by Kosovar authorities in Gjilan on December 12, 2024. This arrest was not an isolated action but the culmination of a coordinated investigative effort. Following legal proceedings in Kosovo, Masurica was extradited to the United States on May 9, 2025.
The legal basis for this extradition was the bilateral Extradition Treaty between the Government of the United States of America and the Government of the Republic of Kosovo. This treaty, signed in Pristina on March 29, 2016, and ratified by the U.S. Senate on July 26, 2018, replaced an archaic 1901 treaty with Serbia that had previously applied to Kosovo. Key provisions of the modern treaty facilitate such extraditions:
- It employs a “dual criminality” approach, meaning an offense is extraditable if it is punishable under the laws of both the requesting (U.S.) and requested (Kosovo) states. This is particularly vital for addressing contemporary crimes like cybercrime, which were not envisaged in older treaties that relied on a fixed list of extraditable offenses.
- The treaty stipulates that extradition shall not be refused based on the nationality of the person sought.
- It includes a modernized “political offense” clause and aims to streamline and expedite the overall extradition process. The relatively rapid timeline from Masurica’s arrest in December 2024 to his extradition in May 2025 (approximately five months) for complex cybercrime charges suggests that these treaty provisions are proving effective in practice, especially when compared to the often protracted nature of international extraditions.
B. Collaborative Investigative and Apprehension Efforts
The investigation and subsequent extradition of Masurica involved a complex network of U.S. and Kosovar agencies, demonstrating a multi-layered approach to combating transnational crime. Kosovo’s proactive cooperation in this case is significant, showcasing its commitment as a reliable international partner in addressing global security threats, which can, in turn, bolster its international standing.
Table 2: Key Agencies and Entities Involved in the Liridon Masurica Case
| Agency/Entity Name | Country/Affiliation | Specific Role/Contribution in Investigation/Arrest/Extradition |
|---|---|---|
| Federal Bureau of Investigation (FBI) | U.S. | Lead investigative agency; international liaison. |
| IRS-Criminal Investigation (IRS-CI) | U.S. | Key investigative partner, focusing on financial crimes, including tax fraud facilitated by BlackDB.cc. |
| Kosovo Police’s Cybercrime Investigation Directorate | Kosovo | Cooperation in investigation; substantial assistance in the arrest of Masurica. |
| Special Prosecution of the Republic of Kosova | Kosovo | Substantial assistance in the arrest; coordination with Kosovo Police. |
| FBI’s Legal Attaché Office in Sofia, Bulgaria | U.S. (International) | Facilitated international law enforcement liaison and cooperation. |
| Department of Justice’s Office of International Affairs (OIA) | U.S. | Handled the formal extradition request and mutual legal assistance processes between the U.S. and Kosovo. |
| U.S. Attorney’s Office, Middle District of Florida | U.S. | Leading the prosecution of Masurica; Assistant U.S. Attorney Carlton C. Gammons is the named prosecutor. |
This intricate web of cooperation underscores a critical reality: combating globalized cybercrime effectively is beyond the capacity of any single nation or agency. Each entity played a specialized and indispensable role, from OIA managing the legal intricacies of extradition, to the FBI Legat fostering on-the-ground liaison, to Kosovar police executing the arrest based on shared intelligence. A joint media release from the Special Prosecution and the Kosovo Police on December 12, 2024, detailed the actions taken in both the BlackDB and another case (RYDOX), explicitly acknowledging cooperation with U.S. authorities (Prosecution Office and FBI) and detailing the seizure of items such as cryptocurrency, laptops, and storage devices.
VI. Broader Implications and Context: The Fight Against Digital Dark Markets
The Masurica case and the takedown of BlackDB.cc occur within a larger context of global efforts to combat the pervasive threat of online criminal marketplaces. These platforms are not isolated phenomena but integral components of a sprawling cybercrime ecosystem.
A. The Pervasive Threat of Online Criminal Marketplaces
Platforms like BlackDB.cc function as critical infrastructure for the digital underground economy. They enable the systematic monetization of stolen data—such as credentials, credit card details, and PII—and provide tools and services that facilitate a vast array of subsequent offenses. The ability of BlackDB.cc to operate for approximately six years (from 2018 to late 2024) before its alleged administrator’s arrest highlights the resilience and adaptability of such criminal enterprises. These marketplaces act as force multipliers, equipping a multitude of criminals with the necessary resources to conduct their illicit activities. The scale of some of these operations can be immense, as seen in the takedown of DarkMarket, which had almost half a million users and processed transactions worth over €140 million.
B. The Importance of International Law Enforcement Cooperation in Cybercrime
The Masurica case serves as a compelling example of successful international law enforcement cooperation. Cybercrime, by its very nature, transcends geographical borders, making unilateral responses largely ineffective. The challenges are numerous, including navigating differing legal systems, overcoming jurisdictional hurdles, and ensuring the timely collection and sharing of digital evidence, which can be volatile and easily moved across borders. The collaborative framework evident in this case—involving law enforcement, prosecutorial bodies, and specialized international affairs units—is essential for future successes.
C. Victim Impact and the Scope of Cyber-Enabled Fraud
While the legal proceedings focus on the alleged perpetrator, the activities of marketplaces like BlackDB.cc inflict substantial harm on countless individuals and institutions. The sale of PII, financial details, and account credentials directly leads to identity theft, tax fraud, credit card fraud, and significant financial losses. Although specific victim numbers and total financial damages directly attributable to BlackDB.cc are not detailed in the available information, the scale of the problem is immense. Data from the Federal Trade Commission (FTC) reveals that hundreds of thousands of identity theft incidents are reported each quarter in the U.S., with credit card fraud being the most common type. Florida, where Masurica is being prosecuted, consistently ranks among the states with high rates of identity theft reports. Furthermore, data breaches, which are a primary source of the information sold on these marketplaces, continue to expose the sensitive information of hundreds of millions of people, with stolen credentials being a leading attack vector in many compromises. In the U.S. legal system, Victim Impact Statements (VIS) provide a mechanism for those harmed by crime to describe the financial, emotional, and physical consequences they have endured. While it is too early in Masurica’s court proceedings for such statements to have been formally submitted, the potential for widespread victimhood is inherent in the nature of BlackDB.cc’s alleged operations.
The disruption of such marketplaces is part of an ongoing “cat-and-mouse” game. As one platform is dismantled, cybercriminals often adapt and establish new ones. This necessitates sustained and evolving strategies from law enforcement, focusing not only on individual takedowns but also on disrupting the broader ecosystem and addressing the root causes, such as vulnerabilities that lead to data breaches.
VII. Conclusion and Forward Outlook
The investigation, arrest, and extradition of Liridon Masurica represent a significant achievement in the global fight against cybercrime. This case demonstrates the efficacy of concerted international cooperation, underpinned by modern legal instruments like the U.S.-Kosovo Extradition Treaty, in holding alleged perpetrators of online criminal marketplaces accountable. The serious charges Masurica faces, and the substantial potential penalties, signal the United States’ unwavering commitment to pursuing and prosecuting those who operate these illicit platforms, regardless of their location.
The prosecution of Masurica is ongoing, and he remains presumed innocent until proven guilty. However, the successful efforts to bring him before a U.S. court can serve as a deterrent to other cybercriminals who might believe themselves beyond the reach of justice due to geographical boundaries. It sends a clear message that international borders are not insurmountable obstacles for coordinated law enforcement action.
The battle against cybercrime is dynamic and requires continuous adaptation. As criminals devise new methods and exploit emerging technologies, legal frameworks and law enforcement strategies must evolve in tandem. The Masurica case highlights the importance of sustained vigilance, investment in cyber capabilities, and the strengthening of international partnerships to disrupt criminal infrastructures, protect individuals and institutions, and ensure a safer digital environment.
VIII. Appendix
A. Timeline of Key Events in the Liridon Masurica Case
| Date | Event | Key Agencies Involved (as reported) | Significance/Source |
|---|---|---|---|
| Dec 3, 2024 | Grand jury in the Middle District of Florida returns indictment against Liridon Masurica. | U.S. Attorney’s Office (MDFL) | Formal charges initiated. |
| Dec 12, 2024 | Liridon Masurica arrested by authorities in Gjilan, Kosovo. | Kosovo Police’s Cybercrime Investigation Directorate, Special Prosecution of Kosovo, FBI, IRS-CI | Apprehension of the suspect through international cooperation. |
| Dec 12, 2024 | Joint media release by Special Prosecution and Kosovo Police regarding BlackDB and RYDOX arrests/seizures. | Special Prosecution of Kosovo, Kosovo Police, FBI | Public disclosure of Kosovar actions and cooperation with U.S. authorities. |
| May 9, 2025 | Liridon Masurica extradited from Kosovo to the United States. | DOJ Office of International Affairs, FBI Legal Attaché (Sofia), Kosovar authorities | Successful transfer of the defendant to U.S. custody under the U.S.-Kosovo Extradition Treaty. |
| May 12, 2025 | Masurica makes initial appearance in federal court in Tampa; ordered detained pending trial. | U.S. Attorney’s Office (MDFL), U.S. Magistrate Judge Lindsay Saxe Griffin | Commencement of U.S. court proceedings; defendant remanded to custody. |
B. Relevant U.S. Statutory Provisions (Excerpts)
- 18 U.S.C. § 371 – Conspiracy to commit offense or to defraud United States: “If two or more persons conspire either to commit any offense against the United…source provided for such misdemeanor.”
- 18 U.S.C. § 1029 – Fraud and related activity in connection with access devices:
- (a) Whoever—… (3) knowingly and with intent to defraud possesses fifteen or more devices which are counterfeit or unauthorized access devices;… shall, if the offense affects interstate or foreign commerce, be punished as provided in subsection (c) of this section.
- (c) Penalties.—(1) Generally.—The punishment for an offense under subsection (a) of this section is— (A) in the case of an offense that does not occur after a conviction for another offense under this section— (i) if the offense is under paragraph (1), (2), (3), (6), (7), or (10) of subsection (a), a fine under this title or imprisonment for not more than 10 years, or both;…
