Ukrainian crook jailed in US for selling thousands of stolen login credentials

2022-05-13 22:16

A Ukrainian man has been sentenced to four years in a US federal prison for selling on a dark-web marketplace stolen login credentials for more than 6,700 compromised servers.

The prosecution's documents [PDF] detail an unnamed, dark-web marketplace on which usernames and passwords along with personal data, including more than 330,000 dates of birth and social security numbers belonging to US residents, were bought and sold illegally.

After criminals bought credentials for these systems, they used them for all sorts of illicit activities including tax fraud and ransomware attacks, according to the Feds.

While it's only referred to as "The Marketplace," the documents say that in late January 2019, US law enforcement agencies seized the online souk's domain names and dismantled its infrastructure, effectively shutting it down.

Ivanov-Tolpintsev controlled a botnet and used brute-forcing malware, which he "Boasted" could crack login credentials of at least 2,000 computers every week, according to the court documents.

Between January 2017 and January 2019, he sold these stolen credentials on the marketplace.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/13/ukrainian_credentials_botnet/

#credential #ukrainian #US