The 28-year-old Ukrainian national Glib Oleksandr Ivanov-Tolpintsev was arrested in Poland and extradited to the USA in 2020.
A Ukrainian national identified as Glib Oleksandr Ivanov-Tolpintsev in the press release from the US Department of Justice (DoJ) has been sentenced to four years in federal prison for stealing server login credentials and selling them on the Dark Web.
Polish police arrested the Chernivtsi, Ukraine resident from Korczowa, Poland, on 3rd October 2020 and later extradited him to the USA. He pleaded guilty in February 2022. The Tampa Division of the Federal Bureau of Investigation (FBI) investigated the case, and the trial was held in Florida.
Accused Brute-Forced Thousands of Server Logins
According to the DoJ’s press release, the 28-year-old Ivanov-Tolpintsev controlled a botnet to brute-force thousands of server logins, and after decrypting the credentials, he sold them on Dark Web.
During the trial, the accused admitted obtaining a minimum of two thousand access credentials every week and listed them for sale between 2017 and 2019. He earned $82,000 through selling decrypted credentials, some of which belonged to businesses based in Florida.
Stolen Credentials Used to Launch Ransomware Attacks
The unnamed marketplace listed stolen server usernames/passwords and PII (personally identifiable information) of US residents, including dates of birth and Social Security numbers, and offered more than 700,000 stolen servers.
Furthermore, the investigation revealed that at least 150,000 impacted servers were based in the US and 8000 in Florida only, while users from across the world were impacted.
Possible victims include metropolitan transit authorities, emergency services, hospitals, state, federal, and local governments, call centers, pension funds, law firms, accounting firms, and educational institutions. Reportedly, threat actors used the access to the servers to carry out ransomware attacks or commit tax fraud.