Ukrainian man extradited to the US to face botnet, data theft charges

A Ukrainian man was arrested in Poland and extradited to the US to face charges as an alleged botnet operator. 

The US Department of Justice (DoJ) said this week that Glib Oleksandr Ivanov-Tolpintsev was taken into custody in Korczowa, Poland, on October 3 last year. As the US and Poland have an extradition treaty, the 28-year-old was then sent to the US to face charges that could land him up to 17 years in federal prison, if found guilty. 

Originally from Chernivtsi, Ukraine, Ivanov-Tolpintsev is suspected of being the operator of a botnet that was able to enslave devices infected with malware and automatically perform brute-force attacks against other internet-facings systems. 

If there is no protection in place to stop these attacks from occurring, brute-force attacks will try out username and password combinations in the hopes of finding the right key. Once secured, these login details can be used to access the target system -- or, as in Ivanov-Tolpintsev's case -- can be sold on to other cyberattackers. 

According to the indictment, Ivanov-Tolpintsev, also known as "Sergios" and "Mars" online, was using an e-commerce front called "The Marketplace" to sell on the information stolen by his botnet. 

The alleged botnet operator claimed that his creation was capable of stealing up to 2,000 sets of credentials each week.

Cyberscoop reports that investigators were able to track him down with the help of an email address used by the suspect to purchase vape products. The receipt contained within listed his home address and linked him to a phone number and passport. Prosecutors were also able to find other email addresses and a Gmail account connected to online retailers and his conversations with individuals in the dark web. 

Two other co-conspirators, allegedly the operators of The Marketplace, have also been charged but are yet to be named. 

Ivanov-Tolpintsev was presented to US Magistrate Julie Sneed on September 7 and has been detained ahead of his trial date. 

He faces charges of conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords, according to the DoJ. Alongside a potentially hefty prison sentence, if found guilty, US prosecutors also intend to pursue forfeiture of $82,648, the amount that was able to be traced as allegedly linked to the sale of data stolen by the suspect. 

Previous and related coverage

• This is why the Mozi botnet will linger on
  
• This ransomware-spreading malware botnet just won't go away
  
• Now this botnet is hunting for unpatched Microsoft Exchange servers
  

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0