IcyEagle Sentenced for Dark Web Data Heist

Atlanta – Aaron James Glende, 35 of Winona, Minnesota, known in criminal corners of the web as IcyEagle, was sentenced to four years and two months in federal prison for access device fraud and aggravated identity theft. Glende peddled stolen personally identifying information and bank login credentials on AlphaBay Market, a notorious Dark Web bazaar where anonymity shields criminals trafficking in fraud, drugs, and weapons.

“Glende sold stolen bank account information and other login credentials on AlphaBay, a ‘Dark Web’ website devoted to the anonymous sale of criminal goods and services, including weapons, stolen credit cards, and illegal narcotics,” said U.S. Attorney John Horn. “In the process, he didn’t care who he hurt, or the effects on the victims’ lives.”

From November 5, 2015, to May 4, 2016, Glende used the alias IcyEagle to run approximately 300 listings on AlphaBay, advertising hacked access to financial and personal accounts. One post boasted “High Balance SunTrust Logins 30K-150K Available,” with Glende promising buyers “freshly hacked Sun Trust Bank Account Logins.” Transactions were conducted in Bitcoin, shielding both buyer and seller from immediate detection.

FBI agents went undercover in March and April 2016, purchasing stolen bank data directly from Glende. The information included usernames, passwords, physical addresses, email accounts, phone numbers, and bank account numbers—all real data belonging to unsuspecting customers. The purchases confirmed Glende was not just a middleman but a direct supplier of compromised credentials harvested through cyber intrusion.

After his arrest, a forensic search of Glende’s computer uncovered a digital arsenal of stolen identities: over 2,800 unauthorized access devices, including 944 bank account credentials, 1,243 logins for other electronic accounts, 123 Social Security numbers, 386 credit card numbers, and 123 bank account numbers. The scale of the breach revealed a systematic operation targeting American financial institutions and their customers.

On September 21, 2016, Glende pleaded guilty to access device fraud and aggravated identity theft. On November 30, 2016, he was sentenced to 50 months in prison followed by three years of supervised release. The FBI, aided by Homeland Security Investigations, the U.S. Postal Inspection Service, and Winona, Minnesota police, brought the case to justice—sending a clear message: the Dark Web isn’t a safe haven.