Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
215704 THEVERGE 2021-9-9:
Vape receipts help DOJ nab man who allegedly botnetted thousands of passwords
1.000 Find similar Compare side-by-side
215718 ZDNET 2021-9-10:
Ukrainian man extradited to the US to face botnet, data theft charges
0.701 0.589 Find similar Compare side-by-side
215420 TECHREPUBLIC 2021-9-8:
Why your IoT devices may be vulnerable to malware
0.375 Find similar Compare side-by-side
215801 ZDNET 2021-9-9:
Virginia National Guard confirms cyberattack hit Virginia Defense Force email accounts
0.336 Find similar Compare side-by-side
216037 TECHREPUBLIC 2021-9-10:
Your voiceprint could be your new password as companies look to increase security for remote workers
0.331 Find similar Compare side-by-side
215636 TECHREPUBLIC 2021-9-9:
The top keywords used in phishing email subject lines
0.330 Find similar Compare side-by-side
215720 ZDNET 2021-9-10:
US military reservist lands himself prison sentence for operating romance scams
0.327 Find similar Compare side-by-side
215522 TECHREPUBLIC 2021-9-6:
Cybersecurity: Watch out for these unique fraudster tricks Loki would be proud of
0.311 Find similar Compare side-by-side
215670 TECHREPUBLIC 2021-9-9:
Stop using your web browser security wrong
0.305 Find similar Compare side-by-side
215437 TECHREPUBLIC 2021-9-8:
REvil ransomware gang may be back in town
0.292 Find similar Compare side-by-side
216061 ZDNET 2021-9-10:
Fujitsu confirms stolen data not connected to cyberattack on its systems
0.280 Find similar Compare side-by-side
215588 ZDNET 2021-9-6:
This is the perfect ransomware victim, according to cybercriminals
0.274 Find similar Compare side-by-side
215616 ZDNET 2021-9-9:
Phishing attacks: One in three suspect emails reported by employees really are malicious
0.272 Find similar Compare side-by-side
215784 ZDNET 2021-9-9:
Attacker releases credentials for 87,000 FortiGate SSL VPN devices
0.264 Find similar Compare side-by-side
215484 ARSTECHNICA 2021-9-7:
ProtonMail removed “we do not keep any IP logs” from its privacy policy
0.258 Find similar Compare side-by-side
216056 TECHREPUBLIC 2021-9-13:
Protect your endpoints with top EDR software
0.255 Find similar Compare side-by-side
215603 ZDNET 2021-9-7:
REvil ransomware group resurfaces after brief hiatus
0.251 Find similar Compare side-by-side
215654 VENTUREBEAT 2021-9-8:
How organizations can improve security operations
0.250 Find similar Compare side-by-side
215997 TECHREPUBLIC 2021-9-13:
IoT device attacks double in the first half of 2021, and remote work may shoulder some of the blame
0.249 Find similar Compare side-by-side
215606 ZDNET 2021-9-7:
Safe connectivity tips for domestic violence victims
0.248 Find similar Compare side-by-side
216021 ZDNET 2021-9-13:
Apple releases update fixing NSO spyware vulnerability affecting Macs, iPhones, iPads and Watches
0.248 Find similar Compare side-by-side
215587 ZDNET 2021-9-6:
Cybersecurity is tough work, so beware of burnout
0.247 Find similar Compare side-by-side
215757 THEVERGE 2021-9-8:
Fraud, or just a failure? Theranos founder Elizabeth Holmes’s trial opening arguments
0.247 Find similar Compare side-by-side
215458 TECHREPUBLIC 2021-9-8:
Dark web prices drop for credit cards but soar for PayPal accounts
0.245 Find similar Compare side-by-side
215686 ARSTECHNICA 2021-9-9:
9,000 years ago, funerals in China involved a lot of beer
0.244 Find similar Compare side-by-side

1

ID: 215704

URL: https://www.theverge.com/2021/9/9/22665545/doj-cybercrime-indictment-botnet-cracking-passwords-online-safety

Date: 2021-09-09

Vape receipts help DOJ nab man who allegedly botnetted thousands of passwords

28-year-old Ukrainian national Glib Oleksandr Ivanov-Tolpintsev has been indicted by the Department of Justice for allegedly using a botnet to brute force peoples passwords, and then selling the credentials on a dark web store ominously called The Marketplace. According to the DOJ, Ivanov-Tolpintsev bragged that he was able to get at least 2,000 logins a week, and he allegedly told one of The Marketplaces admins that he had cracked over 20,000 passwords. The DOJs description of the alleged methods and victims serve as a reminder of how much stolen information is out there, and the importance of implementing basic security principles. The indictment, which can be read in full below, alleges that Ivanov-Tolpintsev talked about controlling a botnet, which is essentially a group of computers whose users dont know they are infected with malware. Hes accused of using those computers power to guess peoples passwords over and over, far faster than he could with his own hardware. Then, according to the DOJ, he would sell those passwords to cybercriminals who used them to carry out fraudulent activity, such as ransomware attacks, or even accessing someones home security cameras. Some of the alleged victims are perhaps a bit surprising. The criminal complaint lists two victims who were interviewed; one ran an IT business, the other was a security systems consultant who did work for the Department of Corrections. While the two victims systems are only a small portion of the over 6,000 compromised logins Ivanov-Tolpintsev is accused of putting up for sale, his alleged contributions are in turn just a drop in the bucket for The Marketplace. According to the complaint, vendors on the site are selling access to over 700,000 machines, and past buyers have used info purchased on The Marketplace to carry out over $100 million of fraud. According to a report by CyberScoop, simple mistakes made it easier for investigators to accuse Ivanov-Tolpintsev. The IRS was granted access to email addresses with a warrant, and was able to link the alleged hacker to them using receipts from local vape and smoke shops, scans of his passport, and pictures on Google Photos. The emails also allegedly linked him to other accounts and identities that were related to The Marketplace, where the passwords were sold. The DOJ says that if Ivanov-Tolpintsev is found guilty he could face up to 17 years in prison, and would have to hand over more than $80,000 that he allegedly made from selling information. He was originally caught by Polish authorities in late 2020, and was extradited to the US. The story serves as a reminder of why good security practices are important. Things like using strong passwords and two-factor authentication can help better protect you against brute-force attacks, and occasionally scanning your computer for malware can keep your computer from inadvertently working to crack other peoples passwords. While authorities may be able to catch some cybercriminals, the vastness of The Marketplace (itself just a single site), shows that theres plenty of people out there trying to get their hands on unprotected data.