On Thursday, a Ukrainian man (a 28-year-old) was sentenced to four years in federal prison for selling decrypted usernames and passwords online and ordered to pay back illegal profits.
In an interview with some of his co-conspirators, Glib Oleksandr Ivanov-Tolpintsev from Chernivtsi in southwest Ukraine asserted that he was able to breach the security mechanisms of over 2,000 systems every week using brute force attacks against an automated botnet of his, which he controlled.
A number of details came to light concerning his case last year when details emerged of sloppy errors that led the authorities to link him to the sold credentials.
Here below we have mentioned all the sloppy errors:-
As a result of stolen credentials being sold on the dark web, threat actors are able to use these credentials for diverse attacks, such as proxies to hide their activity from being observed by the authorities.
Over 100 credentials in Florida (Middle District), where Ivanov-Tolpintsev was sentenced, were found listed for sale by the Tampa Division of the FBI and the IRS between 2017 and 2019.
Over 700,000 compromised servers were listed on the marketplace, with 150,000 coming from the US. All these servers were advertised to criminals to perform ransomware attacks or commit tax fraud.
In an attempt to make a profit on the dark web, the Ukrainian allegedly used an alias called “Mars” to sell access to 6,704 computers, earning a total of $82,648 after selling them for that purpose.
Earlier this year, on October 3, 2020, he was arrested in Korczowa, Poland, and after getting arrested he was deported to the United States by the Polish police.
Government officials, health care workers, emergency operators, public transportation workers, universities, and law firms are among the victims of this scheme.
There were allegations against Ivanov-Tolpintsev for conspiracy, trafficking in unauthorized access devices, and trafficking in passwords for computers.
His plea on February 22, 2022, resulted in him receiving a four-year sentence in federal prison, but the maximum penalty he could be given was 17 years.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across its…
Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across several…
A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products, including…
The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in ransomware…
Penetration testing is still essential for upholding strong security procedures in a time when cybersecurity…
A newly identified advanced persistent threat (APT) campaign, dubbed "Swan Vector" by Seqrite Labs, has…
