Cybercrime , Fraud Management & Cybercrime , Standards, Regulations & Compliance

Ukrainian Extradited to US Faces Credential Theft Charges

DOJ: Suspect Allegedly Used Botnet to Launch Brute Force Attacks
Ukrainian Extradited to US Faces Credential Theft Charges

A Ukrainian national was extradited from Poland to the U.S. this week and now faces charges of conspiracy, trafficking in unauthorized access devices and trafficking in computer passwords, according to the U.S. Department of Justice.

See Also: Ransomware Demystified: What Security Analysts Need to Know

Glib Oleksandr Ivanov-Tolpintsev, 28, was arrested by Polish authorities in October 2020. He allegedly hacked, decrypted and exfiltrated the credentials of thousands of computers globally and attempted to sell them on a darknet website, the Justice Department says.

Ivanov-Tolpintsev controlled a botnet that used brute-force attacks to decrypt computer login credentials, and the botnet "was capable of decrypting the login credentials of at least 2,000 computers each week," according to court documents.

He is charged in the U.S. District Court Middle District of Florida, Tampa Division.

The Justice Department's 11-page indictment states that Ivanov-Tolpintsev began his activities in May 2016 and then listed the stolen login credentials on the darknet site called Marketplace starting in January 2017.

"Once sold on this website, credentials were used to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks," the Justice Department says.

If convicted on all counts, Ivanov-Tolpintsev faces 17 years in prison and must forfeit any property constituting, or derived from, proceeds he obtained directly or indirectly as a result of each such violation. These proceeds include the $82,648 the court says he allegedly made selling the credentials.

The Attack

The Justice Department states that, between October 2016 and April 2017, Ivanov-Tolpintsev used a botnet to attack and brute-force entry into computer systems, decrypted the login credentials of at least 2,000 computers each week, opened an account with Marketplace to list and sell the credentials, and communicated with several conspirators.

The credentials of victims were purchased in June, July, November and December 2018, according to the indictment.

The court papers did not say how the investigators intercepted the communications described in the document.

Other Recent Legal Activity

A Russian citizen, alleged to be working as a developer for the malware-spreading organization Trickbot, earlier this month was reportedly arrested at Seoul Incheon International Airport. He was questioned by Korean authorities following an extradition request from the U.S.

In August, a Massachusetts man who used SIM swapping and other account takeover techniques to target business executives and steal more than $530,000 worth of cryptocurrency pleaded guilty to several federal charges, according to the Department of Justice.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.