This wannabe hacker was caught in a pretty embarrassing way

News
By published

Hacker is accused of cracking over 2000 passwords every week

cybersecurity
(Image credit: Future)

The US Department of Justice (DoJ) has extradited a Ukrainian citizen for using a botnet to brute force people’s passwords, all thanks to his apparent messages to vape shops in Ukraine, which included a receipt with his home address.

The DoJ accuses Glib Oleksandr Ivanov-Tolpintsev of using a botnet to crack credentials of targeted users, which he’d then sell on the dark web. According to his indictment, the activity netted Ivanov-Tolpintsev over $80,000.

“During the course of the conspiracy, Ivanov-Tolpintsev stated that his botnet was capable of decrypting the login credentials of at least 2,000 computers every week...Once sold [on the dark web], credentials were used to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks,” reads a press release from the DoJ

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Ivanov-Tolpintsev was taken into custody by Polish authorities in Korczowa, Poland, on October 3, 2020, and has now been extradited to the US to face trial for these crimes.

Amateur mistakes

According to an IRS affidavit, the investigators caught on to Ivanov-Tolpintsev by exploring the contents of the Gmail addresses he used to facilitate his dark web activities. 

One of these accounts received a couple of digital receipts from online vape retailers that revealed Ivanov-Tolpintsev’s name and contact details. 

Furthermore, the recovery address for these accounts was set to Ivanov-Tolpintsev’s regular email account. Exploring the contents of his regular account revealed all kinds of personally identifiable information such as scans of his passport, and pictures on Google Photos

Thanks to Ivanov-Tolpintsev’s laxity in separating his criminal digital identity from his physical one, the government was able to gather enough evidence to convince a judge to order his arrest and extradition.

Although the authorities haven’t shared details about Ivanov-Tolpintsev’s botnet, the case helps to show the fallacy to relying on password alone to secure an account. 

Security experts have been pushing for the use of multi-factor authentication (MFA) mechanisms, since cracking and auctioning passwords on the dark web can lead to significant attacks such as the recent one on the UN.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Man screaming at computer with TechRadar data privacy week logo next to it.
I almost lost my entire online identity – until one tool made all the difference
An illustration of a hooded hacker with an obscured face holding a large fingerprint against a red background.
ID theft – what happens when someone steals your identity
Hands typing on a keyboard surrounded by security icons
Your passwords aren't the key to protecting your online identity, your email address is
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
Cartoon Phishing
Over a billion credentials stolen were stolen in malware attacks in 2024
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
More about security
Google Chrome

Google Chrome security flaw could have let hackers spy on all your online habits
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Broadcom warns of worrying security flaws affecting VMware tools
Assorted Apple and Asus laptops on orange background with big savings text overlay

These are the 16 laptop deals I'd recommend to anybody in the spring sales – including MacBooks and gaming laptops
See more latest
Most Popular
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
Render of a new RTX 4000 Max-Q gaming laptop.
I can't say I'm surprised, but Nvidia's RTX 5090 laptop GPU has a big performance leap over its predecessor, according to early benchmarks
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Apple Music on a tablet, showing a new Listening Guide feature
Apple Music Classical just got 3 excellent perks in its biggest upgrade since launch
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Quick move in Civ 7.
Sid Meier's Civilization 7 update 1.1.1 is here and it finally adds a setting that I've wanted since day one