The US Department of Justice (DoJ) has extradited a Ukrainian national for using a botnet brute force people passwords, thanks to his candid messages to rape shops in Ukraine, which included a receipt with his home address.
The DOJ accused Gleb Oleksandr Ivanov-Tolpintsev of using a botnet to crack the credentials of targeted users, which it would then sell on the dark web. According to his indictment, the activity earned Ivanov-Tolpintsev more than $80,000.
“During the plot, Ivanov-Tolpintsev stated that his botnet was able to decrypt the login credentials of at least 2,000 computers every week… [on the dark web], credentials were used to facilitate a variety of illegal activities including fraud and ransomware attacks,” reads one DoJ. press release from.
We’re looking at how our readers use a VPN with streaming sites like Netflix so we can improve our content and offer better advice. This survey will take you no more than 60 seconds, and we would greatly appreciate it if you shared your experiences with us.
>> Click here to start survey in new window <
- take a look at these best password manager
- we also scored best security key
- protect yourself from Best Identity Theft Protection Services
Ivanov-Tolpintsev was taken into custody by Polish authorities in Korzowa, Poland on October 3, 2020, and has now been extradited to the US to face trial for these crimes.
according to a IRS affidavitIn this article, investigators caught Ivanov-Tolpinsev by searching the contents of Gmail addresses that he used to facilitate his dark web activities.
One of these accounts found some digital receipts from online vape retailers, which revealed Ivanov-Tolpinsev’s name and contact details.
In addition, the recovery address for these accounts was set to Ivanov-Tolpintsev’s regular email account. Searching the contents of his regular account revealed all kinds of personally identifiable information such as scans of his passport, and photographs. google photos.
Thanks to Ivanov-Tolpinsev’s laxity in separating his criminal digital identity from his physical identity, the government was able to gather enough evidence to persuade a judge to order his arrest and extradition.
Although officials haven’t shared details about Ivanov-Tolpintsev’s botnet, this case helps illustrate the fallacy of relying on passwords alone to secure an account.
Security experts are pushing for the use of multi-factor authentication (MFA) mechanism, because cracking and auctioning passwords on the dark web can lead to significant attacks such as the recent one on the United Nations.
- these are best data loss prevention services