A man from Ukraine, a 28-year-old Glib Oleksandr Ivanov-Tolpintsev is going to serve a 4-year prison term in jail. The reason for such punishment is the siphoning and trading thousands of personal server credentials. It was a real credential thievery scheme as he was selling this data on the dark web and getting significant amounts of money. The breach of personal data led to commerce of login credentials to servers in many countries in the world. Servers also housed files, such as Social Security numbers and dates of birth of many people. That personal data had been illegally sold on the dark marketplace.
Thousands of compromised servers were offered for sale. More than one hundred of which were in the USA alone. As you understand, the name of that site is unidentified. It is considered to have been functional from around October 2014. As it said in the official papers the dark web was taken by public forces on January 24, 2019. Interesting fact is that another famous black Marketplace – xDedic was shut down at the same time. It took one year for different agencies from Germany, Ukraine, Belgium and the USA to hunt out its members.
It had been expressed in the official statement of Europol that the xDedic Marketplace managed to sell access to compromised computers around the world. They learnt to search for the computers whose confidentiality had been impacted by various criterias such as geographical location and operating or price.
The military and government, law companies, infrastructure, public education, along with health care – a wide range of public sectors were damaged by that hack.
The Department of Justice stated in their press release that hackers utilized such servers to promote a broad range of illicit activities. For instance different attacks and tax fraud.
The profit that Ivanov-Tolpintsev made was $82,648. The Ukrainian man had been selling hacked information on the marketplace since 2017. His scheme with receiving the usernames and passwords was clearly complete by means of a botnet that was used to brute-force and password spraying attacks. The Department of Justice gave a 5-year prison term to a trio of cyber-offenders for misdemeanor identity theft.
As it was said in the department, Jovin, Alessandro Doreus and Djouman Doreus colluded to knowingly and intentionally to deceive, hold thousands of private data – particularly personal names, accounts numbers, and passwords.