Ukrainian Imprisoned

On Thursday, a Ukrainian man (a 28-year-old) was sentenced to four years in federal prison for selling decrypted usernames and passwords online and ordered to pay back illegal profits.

In an interview with some of his co-conspirators, Glib Oleksandr Ivanov-Tolpintsev from Chernivtsi in southwest Ukraine asserted that he was able to breach the security mechanisms of over 2,000 systems every week using brute force attacks against an automated botnet of his, which he controlled.

A number of details came to light concerning his case last year when details emerged of sloppy errors that led the authorities to link him to the sold credentials.

Here below we have mentioned all the sloppy errors:-

  • Vape shop receipts
  • Passport scans
  • Pictures on Google Photos

As a result of stolen credentials being sold on the dark web, threat actors are able to use these credentials for diverse attacks, such as proxies to hide their activity from being observed by the authorities.

Over 100 credentials in Florida (Middle District), where Ivanov-Tolpintsev was sentenced, were found listed for sale by the Tampa Division of the FBI and the IRS between 2017 and 2019.

Over 700,000 compromised servers were listed on the marketplace, with 150,000 coming from the US. All these servers were advertised to criminals to perform ransomware attacks or commit tax fraud.

In an attempt to make a profit on the dark web, the Ukrainian allegedly used an alias called “Mars” to sell access to 6,704 computers, earning a total of $82,648 after selling them for that purpose.

Earlier this year, on October 3, 2020, he was arrested in Korczowa, Poland, and after getting arrested he was deported to the United States by the Polish police.

Government officials, health care workers, emergency operators, public transportation workers, universities, and law firms are among the victims of this scheme.

There were allegations against Ivanov-Tolpintsev for conspiracy, trafficking in unauthorized access devices, and trafficking in passwords for computers.

His plea on February 22, 2022, resulted in him receiving a four-year sentence in federal prison, but the maximum penalty he could be given was 17 years.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Please enter your comment!
Please enter your name here