FBI Shuts Down Deer.io – Russian based Hacking Marketplace that Dealt in Stolen Corporate Data, Hacked User Accounts, Cyberattack Services
The US Federal Bureau of Investigation (FBI) announced the agency shut down a Russian-based online marketplace that specialized in selling compromised data and criminal services. The marketplace, DEER.IO, allowed hackers to set up online storefronts for a monthly fee to buy and sell stolen information and criminal hacking services. No legitimate companies were found to be buying or selling on the marketplace. DEER.IO was accessible to anyone online using any web browser. The reamains of the marketplac can be seen (Safely) here https://deer.io/
The marketplaces offered hackers individual storefronts where they could set up shop and sell compromised U.S. and international financial and corporate data, personally identifiable Information (PII) about employees, and hacked user accounts from U.S. companies. Anyone could purchase computer files, financial information, personally identifiable information (PII) for individuals, and login credentials to online accounts from computers infected with malware. Victims were located in the United States and overseas.
FBI Special Agent in Charge Omer Meisel stated, “Deer.io was the largest centralized platform, which promoted and facilitated the sale of compromised social media and financial accounts, personally identifiable information (PII) and hacked computers on the internet.”
Alleged Russian hacker, Kirill Victorovich Firsov, was arrested on March 7 in New York City. He is suspected of being the DEER.IO administrator.
DERR.IO allowed hackers to buy and sell hacked data, accounts, and personal information through their own online storefronts they paid to set up and host on DEER.IO. Individuals could also hire criminal hacking services like buying and selling malware attacks. The marketplace was in business since at least October 2013. The marketplace claimed to have 24,000 active shops with sales over $17 million USD.
FBI Bought Hacked Data
During the first week of March 2020, the FBI purchased about 1,100 gamer accounts from a DEER.IO storefront called ACCOUNTS-MARKET.DEER.IS for less than $20 in Bitcoin A day later, the FBI bought almost 1,000 PII accounts from another DEER.IO storefront called SHIKISHOP.DEER.IS for about $170 in Bitcoin. The agency then bought about another 2,650 PII accounts from a third DEER.IO storefront called SHIKISHOP.DEER.IS for $522 in Bitcoin. The PII accounts contained names, birthdates, and Social Security numbers for citizens in San Diego County.
DEER.IO sold easy to operate pre-packaged online storefronts that hackers could use to sell their stolen data, financial information, and accounts. The template storefronts even came with product uploaders and other tools to make managing a store easier. The platform was maintained on Russian-controlled infrastructure and was publicly accessible on the clear web. The storefronts used cryptocurrency digital wallets to collect payments for the purchased products and services.
Store owners paid a fee of 800 Rubles (about $12.50 USD) monthly to keep a store on DEER.IO.
“There is a robust underground market for hacked stolen information, and this was a novel way to try to market it to criminals hoping not to get caught,” said U.S. Attorney Robert Brewer.
Firsov will be extradited to San Francisco where he will appear in court on 06 April and faces charges of Unauthorized Solicitation of Access Devices, 18 USC Sec. 1029(a)(6)(A)
