A Ukrainian accused of decrypting the credentials of thousands of computers across the globe and selling them on the dark web has been extradited to the United States.
US authorities indicted Glib Oleksandr Ivanov-Tolpintsev in October 2020 in connection with charges of conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords.
Polish authorities arrested 28-year-old Ivanov-Tolpintsev on October 3, 2020. The defendant, who is from Chernivtsi, Ukraine, was recently extradited to the US, where he was presented before US magistrate Julie S. Sneed on September 7, 2021.
According to the indictment, from as early as May 2016, Ivanov-Tolpintsev used a botnet and brute-forcing malware to compromise and unlawfully obtain the login credentials of computers all over the world.
It is alleged that in or around January 2017 he created an account on a dark website called The Marketplace and listed the login credentials of compromised computers for sale. Ivanov-Tolpintsev is further accused of selling the credentials and using the funds generated by their sale for his own personal enrichment.
“Once sold on this website, credentials were used to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks,” said the Department of Justice.
The botnet allegedly deployed by Ivanov-Tolpintsev was capable of decrypting the login credentials of at least 2,000 computers each week, according to the indictment.
By April 2017, the Ukrainian had allegedly amassed the login credentials of 20,000 compromised computers.
Among the alleged victims of Ivanov-Tolpintsev whose decrypted login credentials were purchased on the dark web were individuals located in Florida, Maryland, California, and Colorado.
According to the indictment, the United States intends to forfeit $82,648, which it alleges can be traced to proceeds of the offenses, from Ivanov-Tolpintsev.
If convicted of all the charges laid against him, Ivanov-Tolpintsev could be sentenced to up to 17 years in federal prison.
The investigation into the Ukrainian and his alleged illegal botnet activities was led by the Tampa Division of the Federal Bureau of Investigation, the Internal Revenue Service - Criminal Investigation’s Tampa Field Office, and Homeland Security Investigations - Tampa Division.