Ukrainian hacker sentenced to four years in jail for selling hacked credentials

Glib Oleksandr Ivanov-Tolpintsev (age 28), a Ukrainian hacker, was convicted of selling thousands of login credentials on a marketplace on the dark web.

Polish authorities arrested the Ukrainian cybercriminal after finding him in Korczowa, Poland. He was arrested on October 3 2020, by the Polish police. Then, he was repatriated to America instantly.

Ivanov-Tolpintsev was found guilty in Florida federal district court on February 22 2020. After the court’s verdict, they were sent to a United States Federal Prison.

He made about 82,648 US dollars from selling those login usernames and passwords of US residents. Although, the court has confiscated all of the money and ordered him to leave the possession.

Ivanov-Tolpintsev stole more than 330,000 dates of birth data of US citizens during this malicious scheme. And according to the United States Police Department, the cybercriminals who bought those credentials used them to fraud taxes of those citizens and infiltrated their networks with ransomware to demand a handsome sum of money from them. According to the prosecutors, the dark web marketplace Ivanov-Tolpintsev has sold the information and has trafficked them on 700,000+ servers that are compromised.

The Ukrainian has used a botnet to infect a chain of computers connected by a network with malware. He breached those computers with brute force to decrypt the login usernames and passwords. The botnet was capable of infecting more than 2,000 computers with the malicious software within a week, and it can repeat the process for an unknown time limit. After stealing thousands of login credentials, he sold them to that particular dark web marketplace.

“No legitimate business was conducted in the marketplace,” a statement on the plea agreement. “The victims spanned the globe and industries, including local, state, and federal government infrastructure, hospitals, 911, emergency services, call centres, major metropolitan transit authorities, accounting and law firms, pension funds, and universities.”

According to the court documents, among those 700,000 compromised servers, 150,000 servers were sold in the United States of America. And the Law Enforcement Department was able to seize the marketplace that was selling those compromised serves on January 19, 2019. Ironically, after an investigation for one year, some agencies in the US, Germany, Belgium, and Ukraine were able to seize the operation of a similar marketplace called xDedic on the same date. The xDedic has also done the same thing as the marketplace we were talking about right now. “The xDedic Marketplace sold access to compromised computers worldwide and personal data,” the Europol, who was investigating the matter, said in one of their statements. They also added that “Users of xDedic could search for compromised computer credentials by criteria, such as price, geographic location, and operating system.”

Ivanov-Tolpintsev credential selling scheme started in January 2017 and lasted till January 2019. And finally, in 2020, he was arrested by the Polish authorities. An affidavit from IRS stated that one of his email addresses had receipts from vape shops and suspected that those vape shops were also involved with this whole credential-stealing operation. Although, there is not a single piece of evidence to prove their suspension. And on the contrary, he used another email address to negotiate with the buyers from the dark web marketplace.

These wicked schemes have cost US citizens a lot of money and personal information. Things could have gone to the worst path, but glad that the Feds could put an end to it.

The US feds could only seize the marketplace that worked as the medium to trade that information. The criminals also got away with selling 700,000 servers that were compromised. But at the end of the day, the harm was done, but it couldn’t harm anyone further anymore.