A Ukrainian man was sentenced to four years in prison on Thursday, May 12, for his role in helping identity thieves and ransomers cause approximately $100 million in losses between the years of 2014 and 2020. Glib Oleksandr Ivanov-Tolpintsev, 28, pleaded guilty in February this year to charges related to trafficking unauthorized access to servers which he obtained from a large, sophisticated botnet.
At one point Ivanov-Tolpintsev boasted of being able to add 2,000 new machines to his botnet each week, which he would use to brute force server credentials in an indiscriminate fashion around the globe. He sold the credentials to identity thieves and ransomware deployers on a darknet market known as “The Marketplace.”
The collection for sale at The Marketplace was thought to consist of an estimated tally of over 700,000 username/password combinations in all, with over 150,000 of them coming from US-based locations. According to court documents, victims included “local, state, and federal government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transit authorities, account and law firms, pension funds, and universities.”
Passport photo of Ivanov-Tolpintsev found in an email account from which he had emailed other sellers of stolen server credentials. Source: Criminal complaint filed in May 2020.
The US Department of Justice began an investigation into Ivanov-Tolpintsev based on a criminal complaint filed in May 2020 by two victims in Florida — a state that had been particularly impacted by the hacker’s botnet. After obtaining a warrant, investigators searched Gmail accounts suspected of belonging to Ivanov-Tolpintsev and discovered he had emailed a China-based account seller the Jabber name associated with his activities on The Marketplace.
Other emails in the Gmail accounts – one of which was registered under Ivanov-Tolpintsev’s full name when he was 13 years old – were associated with his birth date, passport, online pseudonyms, and place of residence.
As a result of the investigation, Ivanov-Tolpintsev was extradited from Poland in October 2020 at the request of US law enforcement. In addition to the prison sentence – handed by a US District Judge in Tampa, Florida – he is ordered to forfeit $82,648 in proceeds from the server credential sales, which is the total amount that can be directly traced to his activities at The Marketplace.