Cybercrime , Fraud Management & Cybercrime , Standards, Regulations & Compliance
Ukrainian Extradited to US Faces Credential Theft Charges
DOJ: Suspect Allegedly Used Botnet to Launch Brute Force AttacksA Ukrainian national was extradited from Poland to the U.S. this week and now faces charges of conspiracy, trafficking in unauthorized access devices and trafficking in computer passwords, according to the U.S. Department of Justice.
See Also: Controlling Website Vulnerabilities to Protect Against Data Leakage and Magecart
Glib Oleksandr Ivanov-Tolpintsev, 28, was arrested by Polish authorities in October 2020. He allegedly hacked, decrypted and exfiltrated the credentials of thousands of computers globally and attempted to sell them on a darknet website, the Justice Department says.
Ivanov-Tolpintsev controlled a botnet that used brute-force attacks to decrypt computer login credentials, and the botnet "was capable of decrypting the login credentials of at least 2,000 computers each week," according to court documents.
He is charged in the U.S. District Court Middle District of Florida, Tampa Division.
The Justice Department's 11-page indictment states that Ivanov-Tolpintsev began his activities in May 2016 and then listed the stolen login credentials on the darknet site called Marketplace starting in January 2017.
"Once sold on this website, credentials were used to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks," the Justice Department says.
If convicted on all counts, Ivanov-Tolpintsev faces 17 years in prison and must forfeit any property constituting, or derived from, proceeds he obtained directly or indirectly as a result of each such violation. These proceeds include the $82,648 the court says he allegedly made selling the credentials.
The Attack
The Justice Department states that, between October 2016 and April 2017, Ivanov-Tolpintsev used a botnet to attack and brute-force entry into computer systems, decrypted the login credentials of at least 2,000 computers each week, opened an account with Marketplace to list and sell the credentials, and communicated with several conspirators.
The credentials of victims were purchased in June, July, November and December 2018, according to the indictment.
The court papers did not say how the investigators intercepted the communications described in the document.
Other Recent Legal Activity
A Russian citizen, alleged to be working as a developer for the malware-spreading organization Trickbot, earlier this month was reportedly arrested at Seoul Incheon International Airport. He was questioned by Korean authorities following an extradition request from the U.S.
In August, a Massachusetts man who used SIM swapping and other account takeover techniques to target business executives and steal more than $530,000 worth of cryptocurrency pleaded guilty to several federal charges, according to the Department of Justice.