A judge in Atlanta, Georgia, has sentenced Aaron James Glende, a hacker known as IcyEagle, to four years and two months in prison, followed by three years of supervised release, for selling access to stolen bank accounts and others, via the AlphaBay Dark Web marketplace.
Authorities say that Glende, 35, from Winona, Minnesota, started his hacking career last year, when on November 5, 2015, had registered on the AlphaBay hacking portal under the nickname IcyEagle.
Glende used his profile to advertise and sell over 300 listings, with various types of stolen information, usually stolen login credentials for various types of online accounts.
Glende sold access to hacked SunTrust bank accounts
In the DoJ indictment, authorities charged Glende primarily for selling access to hacked SunTrust bank accounts, but the hacker had a diverse portfolio.
According to cyber-threat intelligence company SurfWatch, who keeps track of Dark Web marketplace listings, IcyEagle had listed SunTrust accounts multiple times over the past year, each listing including accounts that held different amounts of money (balances), ready to be stolen by the buyers.
The hacker put up for sale SunTrust accounts with balances ranging between $250,000 and $500,000, selling accounts for $229.99 per item, but also SunTrust accounts with balances between $100 and $500, selling them for $9.99 per account. IcyEagle said had access to 11 high balance accounts and 32 low balance accounts.
Similarly, he ran listings for hacked Amazon accounts with gift card balances, asking in general for a tenth of the gift balance value per account. Glende also sold access to hacked Bank of America accounts, according to 11Alive TV station.
IcyEagle arrested for drug charges first, then for hacking
Glende was arrested by chance for the first time in March 2016, when a postal inspector found prescription pills in a package sent out by Glende. It is unclear if at the moment if Glende was selling the drugs online, but the first arrest tipped off the FBI on Glende’s activities.
After authorities released Glende on the drug selling charges, on two separate occasions, in March and April 2016, an undercover FBI agent bought stolen credentials from Glende, paying in Bitcoin.
The FBI arrested Glende for the second time in late July 2016. Investigators say they seized Glende’s computer where they found 944 usernames and passwords for bank accounts, 1,243 usernames and passwords for other electronic accounts, 123 Social Security numbers, 386 credit card numbers, and 123 bank account numbers.
Glende pleaded guilty to selling hacked accounts in September 2016. Besides the hacking charges, authorities charged Glende with second-degree sale of oxycodone in a park zone, which is punishable by up to 25 years in prison. The drug sale investigation is ongoing.