On Thursday, a Ukrainian man (a 28-year-old) was sentenced to four years in federal prison for selling decrypted usernames and passwords online and ordered to pay back illegal profits.
In an interview with some of his co-conspirators, Glib Oleksandr Ivanov-Tolpintsev from Chernivtsi in southwest Ukraine asserted that he was able to breach the security mechanisms of over 2,000 systems every week using brute force attacks against an automated botnet of his, which he controlled.
A number of details came to light concerning his case last year when details emerged of sloppy errors that led the authorities to link him to the sold credentials.
Here below we have mentioned all the sloppy errors:-
As a result of stolen credentials being sold on the dark web, threat actors are able to use these credentials for diverse attacks, such as proxies to hide their activity from being observed by the authorities.
Over 100 credentials in Florida (Middle District), where Ivanov-Tolpintsev was sentenced, were found listed for sale by the Tampa Division of the FBI and the IRS between 2017 and 2019.
Over 700,000 compromised servers were listed on the marketplace, with 150,000 coming from the US. All these servers were advertised to criminals to perform ransomware attacks or commit tax fraud.
In an attempt to make a profit on the dark web, the Ukrainian allegedly used an alias called “Mars” to sell access to 6,704 computers, earning a total of $82,648 after selling them for that purpose.
Earlier this year, on October 3, 2020, he was arrested in Korczowa, Poland, and after getting arrested he was deported to the United States by the Polish police.
Government officials, health care workers, emergency operators, public transportation workers, universities, and law firms are among the victims of this scheme.
There were allegations against Ivanov-Tolpintsev for conspiracy, trafficking in unauthorized access devices, and trafficking in passwords for computers.
His plea on February 22, 2022, resulted in him receiving a four-year sentence in federal prison, but the maximum penalty he could be given was 17 years.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
The QSC Loader service DLL named "loader.dll" leverages two distinct methods to obtain the path…
Cybercriminals are exploiting the recent critical LDAP vulnerabilities (CVE-2024-49112 and CVE-2024-49113) by distributing fake proof-of-concept…
A NonEuclid sophisticated C# Remote Access Trojan (RAT) designed for the.NET Framework 4.8 has been…
Fraudsters in the Middle East are exploiting a vulnerability in the government services portal. By…
Juniper Networks has disclosed a significant vulnerability affecting its Junos OS and Junos OS Evolved…
CrowdStrike, a leader in cybersecurity, uncovered a sophisticated phishing campaign that leverages its recruitment branding…