Cybercriminal sentenced for decrypting the credentials of thousands of computers and selling them on a dark web website

 

Date: May 12, 2022

Contact: newsroom@ci.irs.gov

U.S. District Judge Steven D. Merryday today sentenced Glib Oleksandr Ivanov-Tolpintsev (Chernivtsi, Ukraine) to four years in federal prison for conspiring to traffic in unauthorized access devices and computer passwords. As part of his sentence, the court also entered an order of forfeiture in the amount of $82,648, the proceeds of the charged criminal conduct.

Ivanov-Tolpintsev was taken into custody by Polish authorities in Korczowa, Poland on October 3, 2020, and extradited to the United States pursuant to the extradition treaty between the United States and the Republic of Poland. Ivanov-Tolpintsev pleaded guilty on February 22, 2022.

According to court documents, the "Marketplace" was a dark web website that illegally sold login credentials (usernames and passwords) to servers located across the world and personally identifiable information (dates of birth and Social Security numbers) of U.S. residents. Once purchased, criminals used these servers to facilitate a wide range of illegal activity that included ransomware attacks and tax fraud. In total, the Marketplace offered more than 700,000 compromised servers for sale including at least 150,000 in the United States and at least 8,000 in Florida. Marketplace victims spanned the globe and industries, including local, state, and federal government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transit authorities, accounting and law firms, pension funds, and universities.

Ivanov-Tolpintsev controlled a "botnet," which is a network of computers infected with malware and controlled as a group without the owners' knowledge. He used the botnet to conduct brute-force attacks designed to decrypt numerous computer login credentials simultaneously. During the course of the conspiracy, Ivanov-Tolpintsev boasted that his botnet was capable of decrypting the login credentials of at least 2,000 computers every week. Ivanov-Tolpintsev then sold these hacked credentials on the Marketplace. From 2017 through 2019, Ivanov-Tolpintsev listed for sale thousands of login credentials of servers on the Marketplace, including more than 100 in the Middle District of Florida. Marketplace buyers paid at least $82,648 for servers listed by Ivanov-Tolpintsev.

This case was investigated by the Internal Revenue Service - Criminal Investigation's Tampa Field Office, the Internal Revenue Service - Criminal Investigation Cyber Crimes Unit in Washington, D.C. and the Tampa Division of the Federal Bureau of Investigation. Substantial assistance was provided by the Department of Justice's Office of International Affairs. This investigation also benefited from foreign law enforcement cooperation by the Polish National Police, the Polish Prosecutor's Office, and the Polish Ministry of Justice. It was prosecuted by Assistant United States Attorney Carlton C. Gammons.