Glib Oleksandr Ivanov-Tolpintsev, a Ukrainian man, was extradited by the US Department of Justice for selling login credentials to a criminal remote access marketplace.
According to indictment reports, the man used a malware botnet in brute-force attacks to collect harvest login credentials from computers. He then went on to selling them on a dark web marketplace.
Ivanov-Tolpintsev allegedly used multiple online aliases for several online illegal activities.
Some of the threat actors used to dark web marketplace called “Marketplace” to sell stolen login credentials, the others bought them for future use in attacks.
The US Department of Justice (DoJ) subpoenaed Google emails to trace his real identity. They also found a Jabber address which he used to discuss his business with the Marketplace representatives.
A past District of Florida complaint stated that a chat from 23rd May 2017 showed him inquiring about the criteria to become a seller on the Marketplace. The complaint also mentioned that the “Conspirator #1” in chats said in order to be eligible for selling on the marketplace, one would need a credentials database of a minimum of 5,000 servers. A seller must also regularly upload 500 credentials per week in the marketplace.
According to the DoJ statements, Ivanov-Tolpintsev claimed to have brute forces using his botnet 2,000 login credentials per week and listed them on the Marketplace. He also used his online alias, “Mars,” to upload access to 6,704 computers for sale and earned USD 82,648.
Threat actors use these credentials to run their ransomware attacks, perform data theft, and various other cybercrime.
Ivanov-Tolpintsev was arrested in Poland and has been extradited to the USA. If found guilty of these charges, Ivanov-Tolpintsev could face 17 years in prison.