A federal grand jury has charged a man with selling access to bank customers’ stolen account logins on a dark web marketplace.
On 22 July, 2016, U.S. Magistrate Judge Janet F. King charged Aaron James Glende, 35, of Winona, Minnesota with bank fraud, access device fraud, and aggravated identity theft after the man allegedly advertised criminal services on the dark web marketplace AlphaBay.
AlphaBay is an underground web market that allows members to buy and sell counterfeit items, weapons, and other goods. Purchases are made in Bitcoin, and buyers can rate their experience of completing a transaction with a particular seller.
Glende, also known as “IcyEagle,” began offering criminal services on AlphaBay beginning around 5 November, 2015, according to court documents.
On 19 March, 2016, the dark web vendor advertised “Hacked SunTrust Bank Account Logins $100-$500 Balances” for sale at USD 9.99 a piece and claimed he had sold 32 logins since November.
Two months later, on 4 May, 2016, Glende put up a sale of “High Balance SunTrust Logins 30K-150K.” Those accounts were listed at USD 66.99 each. In his post, IcyEagle claimed to have sold 11 login credentials since 5 November.
A federal agent accessed AlphaBay in March and April 2016 and purchased some of the account credentials offered by Glende. Analysis of those accounts revealed the vendor had gained access to SunTrust bank customers’ usernames, passwords, email addresses, physical addresses, telephone numbers, and bank account numbers.
It’s unclear how Glende obtained those credentials. Yacin Nadji, a post doctoral researcher at Georgia Tech who specializes in cyber security, believes either IcyEagle or another actor planted banking malware on users’ machines and stole the information that way.
As quoted by 11Alive News:
“This isn’t just people in their parent’s basements, this is much more sophisticated than that…. This is running on your machine, so when you access your SunTrust, or Bank of America bank account, it sees what you type in, username and password. So, in that case, even if you changed your password, the next time you logged in they have your information again.”
Federal law enforcement arrested Glende and indicted him before a federal grand jury on 28 June, 2016.
Going forward, U.S. Attorney John Horn urges users to be on the lookout for criminals like Glende who would hope to compromise their bank accounts.
As he said in a statement published by the Department of Justice:
“Glende allegedly sold stolen bank account information on a website designed to traffic criminal goods and services, including weapons, stolen credit cards, and illegal narcotics. As cyber criminals increasingly trade financial information for cash, citizens must be vigilant with their account information.”
News of Glende’s indictment follows more than a year after computer criminals offered 100 Uber account credentials for sale on AlphaBay.