The Department of Justice (DOJ) has extradited a Ukrainian man for allegedly accessing thousands of devices and trafficking passwords.
Glib Oleksandr Ivanov-Tolpintsev, a 28-year-old from Chernivtsi, Ukraine, operated a botnet of computers after they were infected with malware and controlled them without the user’s knowledge, according to a statement by the US Attorney's Office.
The devices were then used to guess login passwords belonging to users worldwide.
“During the course of the conspiracy, Ivanov-Tolpintsev stated that his botnet was capable of decrypting the login credentials of at least 2,000 computers every week,” the DOJ said.
Ivanov-Tolpintsev, using the aliases “sergios” and “mars” then sold these credentials on a dark web website that specializes in buying and selling access to compromised computers. Once sold on this website, hackers used the keys to perform many illegal activities, including tax fraud and ransomware attacks.
Ivanov-Tolpintsev listed over 6,000 compromised computers for sale on the marketplace and generated over $80,000 in illicit proceeds.
The indictment alleges Ivanov-Tolpintsev asked a dark web marketplace if it was accepting sellers of login credentials from compromised computers in May 2016.
By April 2017, Ivanov-Tolpintse had collected the login credentials of 20,000 compromised computers. The formal accusation noted that he sold credentials of victims from Colorado, California, Florida, and Maryland.
RELATED RESOURCE
X-Force Threat Intelligence Index
Top security threats and recommendations for resilience
To bring in Ivanov-Tolpintsev, the DOJ had to subpoena emails from Google to find out the attacker’s real name and a Jabber address he used to contact the Marketplace representatives.
Ivanov-Tolpintsev was arrested in Poland in October 2020 and extradited to the US. The investigation was carried out with assistance from the Polish National Police, the Polish Prosecutor’s Office, and the Polish Ministry of Justice.
The Ukrainian appeared in a downtown court in Florida on Tuesday before US Magistrate Julie Sneed, who ordered his arrest pending trial. He is facing charges of conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords. If convicted of all charges, the Ukrainian faces up to a 17-year sentence in an American prison. Assistant United States Attorney Carlton C. Gammons will prosecute the case.
The prosecution also notified Ivanov-Tolpintsev that the US intends to seize over $82,000, which can allegedly be attributed to the proceeds of crimes.
-
The NCSC wants developers to get serious on software securityNews The NCSC's new Software Security Code of Practice has been welcomed by cyber professionals as a positive step toward bolstering software supply chain security.
-
Citrix wants to help enterprises dodge pricey hardware costsNews Tariffs could push up hardware costs in the coming months - Citrix wants to ease the pressure
-
Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up stingNews Europol has detained several people believed to be involved in a botnet operation as part of a follow-up to a major takedown last year.
-
Horabot campaign targeted businesses for more than two years before finally being discoveredNews The newly-discovered Horabot botnet has attacked companies in the accounting, investment, and construction sectors in particular
-
Brand-new Emotet campaign socially engineers its way from detectionNews This latest resurgence follows a three-month hiatus and tricks users into re-enabling dangerous VBA macros
-
Microsoft says “it’s just too difficult” to effectively disrupt ransomwareNews The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy
-
Beating the bad bots: Six ways to identify and block spam trafficIn-depth Not all traffic is good. Learn how to prevent bad bots from overrunning your website
-
Ukraine's vigilante IT army now has a DDoS bot to automate attacks against RussiaNews The 270,000-strong IT Army of Ukraine will now combine supporters' cloud infrastructure to strengthen the daily attacks against their invaders
-
Microsoft's secure VBA macro rules already being bypassed by hackersNews Recent analysis of Emotet activity has revealed a shift away from malicious Office documents to drop malware
-
Emotet infrastructure has almost doubled since resurgence was confirmed
News Researchers confirm the infrastructure has also been upgraded for a "better secured", more resilient operation
