US Extradites Ukrainian Man for Using Botnet to Crack Thousands of Passwords

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


The US has charged a Ukrainian man for using an army of computers to help him crack thousands of login passwords each week. 

On Wednesday, the Justice Department announced it had extradited 28-year-old Glib Oleksandr Ivanov-Tolpintsev for carrying out the hacking crimes. Ivanov-Tolpintsev allegedly operated a botnet, a collection of computers that were secretly taken over through malware. The various machines were then used to guess login passwords belonging to users across the globe.

“During the course of the conspiracy, Ivanov-Tolpintsev stated that his botnet was capable of decrypting the login credentials of at least 2,000 computers every week,” the DOJ says.

The Ukrainian then allegedly sold the cracked passwords to cybercriminals through an unnamed online marketplace on the dark web that specialized in selling stolen login credentials. “Once sold on this website, credentials were used to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks,” the Justice Department adds.

Federal investigators didn’t provide many other details, such as how the suspect was caught. But according to the indictment, Ivanov-Tolpintsev began his scheme around May 2016 when he first began inquiring on the dark web marketplace if he could sell cracked login passwords. 

Recommended by Our Editors

By April 2017, he told admins of marketplace “he had collected the login credentials of 20,000 compromised computers.” The indictment also notes Ivanov-Tolpintsev sold at least a few login credentials belonging to US victims based in California, Florida, and Maryland.

The extradition occurs as the US has been stepping up efforts to crack down on ransomware, which has been increasingly terrorizing businesses, schools, hospitals, and even critical infrastructure. Ivanov-Tolpintsev was originally arrested last October in Poland before he was extradited to the US. He faces a maximum penalty of 17 years in prison.

Like What You’re Reading?

Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your…

Source…