The US authorities accused the Ukrainian citizen of hacking: namely, they reported that 28-year-old Ukrainian citizen Gleb Ivanov-Tolpintsev had been extradited from Poland and accused of selling access to hacked computer systems through a specialized darknet marketplace.
According to court documents, the suspect had been running a botnet for more than four years, which he used to carry out brute force attacks. Presumably, he was picking up credentials from RDP.
Ivanov-Tolpintsev reportedly worked on the network under several nicknames, and investigators identified his real identity by requesting access to his mail on Google and finding out the Jabber that he used to contact customers.
After examining the Jabber chats, the FBI learned how Ivanov-Tolpintsev became a merchant on the darknet. So, in 2017, he was interested in the requirements that an unnamed marketplace has for sellers, and he was told that he needed to have a database of credentials for at least 5,000 servers and put up at least 500 credentials for sale every week. The suspect reported that he meets these requirements.
The Ministry of Justice reports that as a result, Ivanov-Tolpintsev brute-force and put up for sale about 2,000 credentials a week. Under the nickname Mars, he sold access to 6704 computers, and earned $ 82,648 from this.
US officials say the Ukrainian now faces up to 17 years in prison if convicted on all charges, including conspiracy, trafficking in unauthorized access devices and trade in passwords for computer systems.
Let me remind you that I also informed that France authorities are looking for LockerGoga ransomware developers in Ukraine.