On Wednesday, Acting United States Attorney Karin Hoppmann announced the extradition of a 28-year old Ukrainian cybercriminal named Glib Oleksandr Ivanov-Tolpintsev. The U.S. has charged him for using a malware botnet to conduct brute-force attacks meant to decrypt multiple computer login credentials simultaneously.
Following the attack, Ivanov-Tolpintsev allegedly sold the login credentials through an unnamed online marketplace on the dark web that specializes in selling and purchasing stolen login credentials.
How Did They Catch the Ukrainian Hacker?
It wasn’t easy to discover the real identity of Ivanov-Tolpintsev as he was using numerous pseudonyms while operating online. The Department of Justice had to use subpoenaed emails from Google in order to find out the real name of the attacker and a Jabber address he used to get in touch with the Marketplace representatives.
What Happened with the Credentials?
The credentials sold on the website were used to ease a wide range of illegal activities, including tax fraud and ransomware assaults.
An investigation on the Marketplace showed the man’s intentions of becoming a seller on the dark web marketplace.
For example, in chats dated May 23, 2017, Ivanov-Tolpintsev asked about the requirements to become a seller on the Marketplace.
Conspirator #1 explained that sellers must have a database of credentials from at least 5,000 servers, and the ability to upload 500 credentials to the Marketplace each week.
Ivanov-Tolpintsev responded that he planned to be able to satisfy those requirements.
The DOJ says that the man claimed his botnet was capable of decrypting the login credentials of at least 2,000 machines weekly.
According to BleepingComputer, Ivanov-Tolpintsev’s alias was “Mars” and under this name, he supposedly put up for sale access to 6,704 computers, where he obtained $82,648.
Facing 17 Years in Jail
Ivanov-Tolpintsev was arrested by Polish authorities in Korczowa, Poland, on October 3, 2020, and extradited to the United States pursuant to the extradition treaty between the United States and the Republic of Poland. Ivanov-Tolpintsev was presented on September 7, 2021, before United States Magistrate Julie S. Sneed, and ordered detained pending trial.
He is facing charges of conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords. If convicted on all counts, he faces a maximum penalty of 17 years in federal prison.