Ukrainian extradited for selling 2,000 stolen logins per week

The US Department of Justice has indicted a Ukrainian man for using a malware botnet to brute force computer logon credentials and then selling them on a criminal remote access marketplace.

The indictment alleges that Glib Oleksandr Ivanov-Tolpintsev operated a malware botnet that collected login credentials for multiple computers simultaneously using brute force techniques.

While Ivanov-Tolpintsev allegedly operated online under multiple aliases, the DOJ used subpoenaed emails from Google to identify his real identity and a Jabber address used to communicate with representatives of the Marketplace.

Some threat actors used the “Marketplace” dark web site to sell stolen remote access credentials while other bought them for future cyberattacks

Through Jabber chats obtained from an investigation into the Marketplace, the FBI could chronicle Ivanov-Tolpintsev’s attempts to become a seller on the dark web marketplace.

“For example, in chats dated May 23, 2017, Ivanov-Tolpintsev asked about the requirements to become a seller on the Marketplace,” explained a previous complaint out of the District of Florida.

“Conspirator #1 explained that sellers must have a database of credentials from at least 5,000 servers, and the ability to upload 500 credentials to the Marketplace each week.”

“Ivanov-Tolpintsev responded that he planned to be able to satisfy those requirements.”

The DOJ states that Ivanov-Tolpintsev claimed to brute force 2,000 logins per week using his botnet, which was then listed on a dark web remote access marketplace known as the “Marketplace.”

Under the alias “Mars,” Ivanov-Tolpintsev allegedly put up for sale access to 6,704 computers, where he earned $82,648.

Threat actors could then use these sold credentials to perform a wide range of attacks, including data theft, ransomware attacks, or to cover the trails of other attacks.

Ivanov-Tolpintsev was arrested by Polish authorities and has since been extradited to the USA. He now faces charges of conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords.

If convicted of all charges, he faces a maximum penalty of 17 years in prison.