Chevron icon It indicates an expandable section or menu, or sometimes previous / next navigation options. HOMEPAGE

The FBI arrested the alleged hacker behind the 'Amazon.com of cybercrime,' which it says sold $17 million worth of stolen accounts for Gmail and other sites

hacker
A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, hackers staged a cyber assault with a self-spreading malware that has infected tens of thousands of computers in nearly 100 countries. Kacper Pempel/Reuters

  • The FBI arrested a 'Russian cyber hacker,' the alleged administrator of an illegal online marketplace selling usernames and passwords from around the web, called Deer.io. 
  • Experts advised the public not to visit the site, even out of curiosity, because of possible cybersecurity risks.
  • The marketplace represents an "Amazon.com of cybercrime," an expert says, because of the ease of buying and selling stolen data. 
  • The Website's managers said for the past six years they have cooperated with international law enforcement and removed items for sale that appeared to be illegal.
  • The arrest broke through a barrier law enforcement often faces when pursuing Russian hackers, who are often sheltered by their government.
  • Visit Business Insider's homepage for more stories.

When the FBI arrested the alleged leader of an illegal online marketplace last week, they may have made a small dent in what one expert calls "the Amazon.com of cybercrime."  

"Kirill Victorovich Firsov is a Russian cyber hacker, and the administrator of the Deer.io cyberplatform," wrote Special Agent Brian Nielsen in a criminal complaint filed Friday in US District Court in San Diego. The complaint was unsealed Monday after Firsov's arrest Sunday night at JFK Airport in New York City. 

Deer.io allows users to create digital storefronts and sell items, as on other marketplace websites, like eBay. Experts advised rhe public not to visit the site put of curiosity because of possible cybersecurity risks. 

However, the actual listings on Deer.io feature stolen log-in credentials for accounts on sites like Instagram, Facebook, Gmail, and YouTube, and the website also offers support and advertising opportunities, the complaint indicates. The FBI notes that the site claims to have over 24,000 active shops with sales exceeding $17 million. 

"This is the Amazon.com of cybercrime, with easy-to-use, easy-to-access availability and participation – as a buyer or vendor," says independent threat researcher Stephen Cobb, who previously tracked illegal marketplace activity for Eset, a cybersecurity company.

Website managers respond: We cooperate with law enforcement

The managers of Deer.io said the characterization of their site as an Amazon.com of cybercrime is unfair, because the company does not take part in transactions, which occur between buyer and seller. They said for the past six years they have cooperated with international law enforcement and removed items for sale that appeared to be illegal. "We do not understand what the allegations are based on, and how they relate not only to Mr. Firsov but also to the content posted on the platform as well," the said in an email. 

The complaint says the usernames and passwords bought and sold on the website were stolen with malware and can be used to access victims' payment information to gaming websites and other portals. No legal businesses are advertised on the site, which is hosted on Russian servers, the complaint says. The FBI declined to comment beyond what is in the complaint. 

An orderly and established storefront

The complaint describes an orderly and established storefront where hackers can set up shop and peddle stolen log-in credentials and other stolen data that other hackers can use to commit further crimes. 

"The Deer.io platform provides shop owners with an easy-to-use interface that allows for the automated purchase and delivery of criminal goods and services," the court document says. 

"Once shop access is purchased via the Deer.io platform, the site then guides the newly-minted shop owner through an automated set-up to upload the products and services on offer through the shop and configure crypto-currency wallets to collect payments for the purchased products and/or services."

This polished presentation is what makes Deer.io and many other comparable sites dangerous, Cobb says.

Easy-to-use, easy-to-access availability

While law enforcement is admirably pursuing such sites with limited resources, lawmakers often have no idea this underground industry exists, Cobb said. "When I go to Washington and talk to people in policy circles, they have no idea. They still think cybercriminals are people in their parents' basements."  

As the cybersecurity company SpyCloud says in the 2020 version of its annual SpyCloud Credential Exposure Report, "personally identifiable information is gold." The report found some 9 billion stolen log-in credentials online, and 96 million stolen Social Security numbers online. SpyCloud says its researchers "observed a noticeable uptick in the amount of data available on the criminal underground over the last year." 

Russian operation insulated from U.S. law enforcement

Buyers of stolen accounts can search or browse, much like on legal online marketplaces, the FBI said in its complaint.

"Deer.io contains a search function, so individuals can search for hacked accounts from specific companies or...the user can navigate through the platform, scanning stores advertising a wide array of hacked accounts or cybercriminal services for sale. Purchases are conducted using cryptocurrency, such as Bitcoin, or through Russian-based money transfer systems," the complaint said. 

The complaint notes that "The Deer.io online stores are maintained on Russian-controlled infrastructure, which is insulated from US law enforcement." 

The FBI does not say in court filings how it surveilled Firsov, nor where he was traveling from or to. Russia is little help with cases like this, says Cobb, the independent researcher. "Russia tolerates cybercrime as long as victims are outside of Russia," he said.

FBI bought 5,000 accounts for $700

The FBI says in the complaint that last week it purchased nearly 5,000 accounts on the exchange for around $700. The accounts provided purchasers with personal information including names, dates of birth and Social Security numbers for multiple individuals who reside in San Diego County. 

The arrest is some progress in a very challenging area of enforcement, says Brett Callow, a threat researcher with the cybersecurity firm Emsisoft. "While taking action against the operators of such platforms is obviously a good thing, it's unfortunately also a game of whack-a-mole. Deer.io users will probably switch to other similar platforms." 

The case, USA v. Firsov in US District Court Southern District of California in San Diego, is assigned to Magistrate Judge Linda Lopez. Records do not indicate where Firsov is being held, nor when further proceedings are scheduled.

Cybersecurity Tech

Jump to

  1. Main content
  2. Search
  3. Account