A 28-year-old Ukrainian man has been extradited to the United States and indicted after authorities say he listed the login credentials for more than 6,000 compromised computers for sale on the dark web — many of them from Tampa Bay — and gained more than $80,000 in illegal profits.
According to an indictment for the case, which is being prosecuted in the Middle District of Florida, Glib Oleksandr Ivanov-Tolpintsev operated a botnet, which is a network of hijacked computers infected with malware and used as group, that used repeated attacks to decrypt login credentials through trial and error.
In court documents, Ivanov-Tolpintsev is accused of selling these credentials in an online marketplace on the dark web that specialized in buying and selling access to compromised computers. Once sold, the credentials were used for illegal activities ranging from tax fraud to ransomware attacks, federal authorities said.
In October 2016, Ivanov-Tolpintsev approached one of the administrators of the e-commerce site to find out the requirements to become a seller, telling the administrator that his botnet could decrypt 2,000 credentials a week, according to the indictment.
Ivanov-Tolpintsev created an account on the site around Jan. 8, 2017, and he was accepted as a conditional seller in April of that year, investigators said.
According to the criminal complaint for the case, authorities identified Ivanov-Tolpintsev through search warrants for several of his Gmail accounts. One of his Gmail accounts led investigators to his usernames for Jabber, a messaging and calling platform.
Law enforcement officers collected thousands of Jabber chats as part of its investigation into the e-commerce site, including messages in which Ivanov-Tolpintsev asked to become a vendor on the platform, officials said.
Investigators also obtained transaction records for the marketplace and found a user who listed one of Ivanov-Tolpintsev’s Jabber handles in his profile, according to authorities. That user had listed the credentials of 6,704 servers for sale — more than 100 of them were located in the Middle District of Florida.
Among the victims investigators interviewed was a man from New Port Richey who runs an IT company. In June 2018, he told investigators that he realized one of his company’s virtual machines had been compromised, so he deleted it, shut down the server and moved the data.
Investigators also interviewed a Tampa man who works as a security systems consultant for the Department of Corrections. That man told them the credentials sold on the e-commerce site that related to him were used to access his home video security system, according to the criminal complaint. He also said someone had accessed his computer without authorization in 2018.
Ivanov-Tolpintsev was extradited from Poland to the U.S. on Oct. 3, 2020, and three days later, a grand jury indicted him on charges related to conspiracy and trafficking in unauthorized access devices, as well as two counts of trafficking in computer passwords, the release said.
Ivanov-Tolpintsev appeared before United States Magistrate Julie S. Sneed on Sept. 7, and she ordered that he be detained, pending trial.
According to a news release from the U.S. Attorney’s Office for the Middle District of Florida, Ivanov-Tolpintsev could face up to 17 years in federal prison if convicted on all counts. He also would be directed to forfeit money or property totaling at least $82,648 — the amount he gained from illicit sales of the login credentials — if convicted, according to the indictment.