US sentences Ukrainian for stolen credential sale

The Register reports that the U.S. has sentenced Glib Oleksandr Ivanov-Tolpintsev to four years imprisonment for his involvement in the sale of stolen credentials across over 6,700 compromised servers. Ivanov-Tolpintsev was also ordered by a Florida federal district court to surrender earnings of $82,648 from the scheme. Using a botnet and brute-force malware, Ivano-Tolpintsev claimed to be able to decrypt at least 2,000 computers' login credentials per week, according to court documents. Court documents also showed that the stolen credentials had been sold in an unnamed marketplace on the dark web that facilitated the trade of details from over 700,000 compromised servers, at least 150,000 of which were in the U.S. "The victims spanned the globe and industries, including local, state, and federal government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transit authorities, accounting and law firms, pension funds and universities. No legitimate business was conducted on the Marketplace," the plea agreement noted.