Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online

A US District judge sentenced Ukrainian citizen Glib Oleksandr Ivanov-Tolpintsev to four years in federal prison for using a botnet network to brute-force login credentials and sell them on the dark web.

Sometimes, login credentials land on the dark web following phishing campaigns, but that’s not the only way. Brute-forcing credentials is also a possibility, although it requires technical expertise and support infrastructure. In this case, Tolpintsev had a botnet that did this precise job.

“He used the botnet to conduct brute-force attacks designed to decrypt numerous computer login credentials simultaneously,” reads the press release from Florida’s U.S. Attorney’s Office. “During the course of the conspiracy, Ivanov-Tolpintsev boasted that his botnet was capable of decrypting the login credentials of at least 2,000 computers every week.”

He sold the credentials on a now-defunct dark website, named Marketplace, specialized in illegally obtained login credentials. The buyers paid at least $82,648 for stolen credentials.

“In total, the Marketplace offered more than 700,000 compromised servers for sale including at least 150,000 in the United States and at least 8,000 in Florida,” the press release said. Polish authorities arrested Tolpintsev in Korczowa, Poland, on Oct. 3, 2020, and extradited him shortly after.

His activities didn’t stop at simply stealing login credentials. He also obtained personally identifiable information, such dates of birth and Social Security numbers, of US residents. More than 700,000 compromised servers have been put up for sale on the Marketplace, including at least 150,000 in the US, with 8,000 or more in Florida. This information is often used in all sorts of illegal activity, including ransomware attacks and tax fraud.

Has your information been exposed in a data breach? Find out now if your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection tool.

Our privacy-focused service scours the web for any exposure of your email addresses, breached passwords and other personal data so you can stay on top of privacy threats with real-time data breach alerts and one-click action items to help you prevent potential financial damages.