IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

DOJ extradites Ukrainian man who used a botnet to decrypt login credentials

The 28-year-old allegedly sold passwords to other criminals on the dark web

Botnet on a red background

The Department of Justice (DOJ) has extradited a Ukrainian man for allegedly accessing thousands of devices and trafficking passwords.

Glib Oleksandr Ivanov-Tolpintsev, a 28-year-old from Chernivtsi, Ukraine, operated a botnet of computers after they were infected with malware and controlled them without the user’s knowledge, according to a statement by the US Attorney's Office.

The devices were then used to guess login passwords belonging to users worldwide.

“During the course of the conspiracy, Ivanov-Tolpintsev stated that his botnet was capable of decrypting the login credentials of at least 2,000 computers every week,” the DOJ said.

Ivanov-Tolpintsev, using the aliases “sergios” and “mars” then sold these credentials on a dark web website that specializes in buying and selling access to compromised computers. Once sold on this website, hackers used the keys to perform many illegal activities, including tax fraud and ransomware attacks. 

Ivanov-Tolpintsev listed over 6,000 compromised computers for sale on the marketplace and generated over $80,000 in illicit proceeds.

The indictment alleges Ivanov-Tolpintsev asked a dark web marketplace if it was accepting sellers of login credentials from compromised computers in May 2016.

By April 2017, Ivanov-Tolpintse had collected the login credentials of 20,000 compromised computers. The formal accusation noted that he sold credentials of victims from Colorado, California, Florida, and Maryland.

Related Resource

X-Force Threat Intelligence Index

Top security threats and recommendations for resilience

Transparent cube against a black background - whitepaper from IBMFree download

To bring in Ivanov-Tolpintsev, the DOJ had to subpoena emails from Google to find out the attacker’s real name and a Jabber address he used to contact the Marketplace representatives.

Ivanov-Tolpintsev was arrested in Poland in October 2020 and extradited to the US. The investigation was carried out with assistance from the Polish National Police, the Polish Prosecutor’s Office, and the Polish Ministry of Justice. 

The Ukrainian appeared in a downtown court in Florida on Tuesday before US Magistrate Julie Sneed, who ordered his arrest pending trial. He is facing charges of conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords. If convicted of all charges, the Ukrainian faces up to a 17-year sentence in an American prison. Assistant United States Attorney Carlton C. Gammons will prosecute the case.

The prosecution also notified Ivanov-Tolpintsev that the US intends to seize over $82,000, which can allegedly be attributed to the proceeds of crimes. 

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Over 200,000 DrayTek routers vulnerable to total device takeover
Security

Over 200,000 DrayTek routers vulnerable to total device takeover

3 Aug 2022
Data on 69 million Neopets users stolen and listed for sale on hacker forum
Security

Data on 69 million Neopets users stolen and listed for sale on hacker forum

21 Jul 2022
What is zero trust?
network security

What is zero trust?

14 Jul 2022
Retbleed hardware-level flaw brings overhead woe to Intel and AMD
Hardware

Retbleed hardware-level flaw brings overhead woe to Intel and AMD

13 Jul 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Samsung proposes 11 Texas semiconductor plants worth $191 billion
Hardware

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022