The US Department of Justice (DoJ) has extradited a Ukrainian citizen for using a botnet to brute force people’s passwords, all thanks to his clear messages to vape outlets in Ukraine, which incorporated a receipt with his home deal with.
The DoJ accuses Glib Oleksandr Ivanov-Tolpintsev of employing a botnet to crack credentials of focused end users, which he’d then sell on the dim world-wide-web. In accordance to his indictment, the activity netted Ivanov-Tolpintsev in excess of $80,000.
“During the system of the conspiracy, Ivanov-Tolpintsev mentioned that his botnet was capable of decrypting the login credentials of at minimum 2,000 computer systems every week…At the time sold [on the dark web], credentials ended up used to aid a large variety of unlawful activity, together with tax fraud and ransomware attacks,” reads a push launch from the DoJ.
We are looking at how our readers use VPNs with streaming websites like Netflix so we can improve our content and provide superior advice. This study is not going to consider far more than 60 seconds of your time, and we would vastly take pleasure in if you would share your ordeals with us.
>> Simply click in this article to get started the study in a new window <<
Ivanov-Tolpintsev was taken into custody by Polish authorities in Korczowa, Poland, on October 3, 2020, and has now been extradited to the US to face trial for these crimes.
According to an IRS affidavit, the investigators caught on to Ivanov-Tolpintsev by exploring the contents of the Gmail addresses he used to facilitate his dark web activities.
One of these accounts received a couple of digital receipts from online vape retailers that revealed Ivanov-Tolpintsev’s name and contact details.
Furthermore, the recovery address for these accounts was set to Ivanov-Tolpintsev’s regular email account. Exploring the contents of his regular account revealed all kinds of personally identifiable information such as scans of his passport, and pictures on Google Photos.
Thanks to Ivanov-Tolpintsev’s laxity in separating his criminal digital identity from his physical one, the government was able to gather enough evidence to convince a judge to order his arrest and extradition.
Although the authorities haven’t shared details about Ivanov-Tolpintsev’s botnet, the case helps to show the fallacy to relying on password alone to secure an account.
Security experts have been pushing for the use of multi-factor authentication (MFA) mechanisms, since cracking and auctioning passwords on the dark web can lead to significant attacks such as the recent one on the UN.