This wannabe hacker was caught in a pretty embarrassing way

Hacker is accused of cracking over 2000 passwords every week

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The US Department of Justice (DoJ) has extradited a Ukrainian citizen for using a botnet tobrute force people’s passwords, all thanks to his apparent messages to vape shops in Ukraine, which included a receipt with his home address.

The DoJ accuses Glib Oleksandr Ivanov-Tolpintsev of using a botnet to crack credentials of targeted users, which he’d then sell on the dark web. According tohis indictment, the activity netted Ivanov-Tolpintsev over $80,000.

“During the course of the conspiracy, Ivanov-Tolpintsev stated that his botnet was capable of decrypting the login credentials of at least 2,000 computers every week…Once sold [on the dark web], credentials were used to facilitate a wide range of illegal activity, including tax fraud andransomwareattacks,” reads apress release from the DoJ.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Ivanov-Tolpintsev was taken into custody by Polish authorities in Korczowa, Poland, on October 3, 2020, and has now been extradited to the US to face trial for these crimes.

Amateur mistakes

Amateur mistakes

According to anIRS affidavit, the investigators caught on to Ivanov-Tolpintsev by exploring the contents of the Gmail addresses he used to facilitate his dark web activities.

One of these accounts received a couple of digital receipts from online vape retailers that revealed Ivanov-Tolpintsev’s name and contact details.

Furthermore, the recovery address for these accounts was set to Ivanov-Tolpintsev’s regular email account. Exploring the contents of his regular account revealed all kinds of personally identifiable information such as scans of his passport, and pictures onGoogle Photos.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Thanks to Ivanov-Tolpintsev’s laxity in separating his criminal digital identity from his physical one, the government was able to gather enough evidence to convince a judge to order his arrest and extradition.

Although the authorities haven’t shared details about Ivanov-Tolpintsev’s botnet, the case helps to show the fallacy to relying on password alone to secure an account.

Security experts have been pushing for the use of multi-factor authentication (MFA) mechanisms, since cracking and auctioning passwords on the dark web can lead to significant attacks such as the recent one on the UN.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)