Cybercrime , Fraud Management & Cybercrime

FBI Arrests Suspected Admin of Russian Cybercrime Market

Kirill Firsov Suspected of Operating Deer.io
FBI Arrests Suspected Admin of Russian Cybercrime Market

The FBI has arrested a Russian national who allegedly ran an online forum that enabled cybercriminals to buy and sell stolen data and personally identifiable information.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

The suspect, Kirill Victorovich Firsov, was arrested on March 7, according to a complaint the FBI filed in federal court.

The FBI alleges that starting in 2013, Firsov served as the administrator of an online forum called Deer.io, which was still active as of Thursday. The FBI complaint states that Firsov will be charged with aiding and abetting in the unauthorized solicitation of access devices, and aiding and abetting in the trafficking in false authentication features. These penalties typically carry a 10-year federal prison sentence.

Although Deer.io is portrayed as a legitimate business forum for online stores, the FBI alleges that it actually acts a clearinghouse for cybercriminals looking to buy and sell stolen identities and other personally identifiable information.

"Kirill Victorovich Firsov is a Russian cyber hacker, and the administrator of the Deer.io cyber platform. Firsov not only managed the platform, he also advertised it on other cyber forums, which catered to hackers," according to the FBI's complaint.

The FBI says that, as part of its investigation, agents purchased personal data on the online forum’s "stores." That data included Social Security numbers, dates of birth and physical addresses.

How Deer.io Operated

In the court documents, the FBI alleges that the Deer.io domain, which is based in Russia, sells space to online stores. About 24,000 of these are active on the site, and they have produced about $17 million in rent revenue for the hosting site, the court documents show.

The monthly online hosting fee for the stores is about $12.50, according to the FBI.

FBI agents found no evidence of the stores on the online forum selling legitimate products or services or products. As part of its investigation, the FBI monitored 250 Deer.io stores that agents allege were selling stolen personal data.

"The FBI's review of approximately 250 Deer.io storefronts reveals thousands of compromised accounts posted for sale via this platform and its customers' storefronts, including videogame accounts and [personally identifiable information] files containing user names, passwords, U.S. Social Security numbers, dates of birth, and victim addresses," according to the FBI complaint. The data was mainly for victims in Europe or the U.S.

The online forum accepts bitcoin for the purchase of stolen information, the FBI says. FBI agents initially purchased details on 999 individuals for about $170 in bitcoin, according to the complaint. A further investigation by agents used $522 in bitcoin to purchase the details on 2,650 people, including Social Security numbers and addresses.

Other Investigations

Over the last several years, the FBI, Justice Department and other international law enforcement agencies have been cracking down on marketplaces that traffic in stolen data or malware and other malicious tools.

In January, for example, a former moderator for the now-defunct AlphaBay darknet marketplace site pleaded guilty to a federal racketeering charge and faces up to 20 years in federal prison, according to the U.S. Justice Department (see: AlphaBay Moderator Pleads Guilty to Racketeering Charge).

In May 2019, Wall Street Market and Silkkitie, two darknet markets, were shuttered as part of coordinated, international law enforcement operations. These markets sold narcotics, counterfeit currency, malware, stolen jewelry and more, authorities say (see: Darknet Disruption: 'Wall Street Market' Closed for Business).

Managing Editor Scott Ferguson contributed to this report..


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.