FBI employees arrested Russian Kirill Firsov, who is considered the head of the Deer.io marketplace, in the United States. It hosts more than 24 thousand online stores, including those selling hacked account data. Even the potential closure of one of the platforms will have little effect on them, experts in the field of cybersecurity say.
On March 7, FBI officers arrested Kirill Firsov, the alleged head of the Deer.io platform, an online store designer for reselling hacked accounts, in the United States, according to documents published on March 10 by relevant American Internet resources, including ZDNet. The FBI analyzed more than 250 online stores hosted on Deer.io, concluding that they all sold access to hacked accounts, servers, and personal information. The FBI acquired about 1,000 accounts to verify the authenticity of the information, it follows from the indictment. Kirill Firsov “not only managed the platform, but also advertised it on hacker forums,” the document says.
On the Deer.io platform, users can place online stores for 800 rubles. per month, the turnover of its customers reached 1.5 billion rubles. (the period is not specified), it is approved on its website.
From a technical point of view, Deer.io is an online store designer that has become especially popular among cybercriminals; sellers and buyers of various information, including account data, use it, said Kaspersky Lab antivirus expert Dmitry Galov. Typically, such sites operate on the darknet, their annual turnover can reach hundreds of thousands and even millions of dollars, estimates Andrei Arsentiev, Head of Analytics and Special Projects at InfoWatch.
User accounts of various services put up for sale in such online stores are most often obtained using malicious software or by means of busting, said a representative of Group-IB. At the same time, he points out, the rules of Deer.io itself say that the administration of the platform prohibits the sale of compromised bank cards and pornographic material.
There are a lot of sites selling data that are created on the basis of such platforms, but they are quickly blocked, usually they live for a month or two, says Vladimir Chernenko, lawyer at Enforce Law Company. To hold the owner of such a platform in Russia accountable is “on the brink of the possible,” but the sites themselves that distribute illegal content are blocked, he notes. Selling accounts that is not related to the disclosure of personal data in Russia itself is not unlawful, explains Alexey Dobrynin, Managing Partner at Pen & Paper SA St. Petersburg Office.
24 thousand
trading floors are hosted on the Deer.io platform, according to its website
Platforms for creating such resources earn mainly due to two directions - sellers' fees for the opportunity to place a store and the provision of "guarantee service" services, explains the head of Information Security Department of SearchInform Alexei Drozd. There are closed and reliably protected sites that work only with large data wholesalers, the information on them is sold and bought immediately by tens and hundreds of thousands of records, and then resold in small batches on other platforms, such as Deer.io, Mr. Drozd explains. When the platform becomes large and attracts the attention of special services, such services are closed, and sellers and buyers who did not manage to withdraw money from the site lose them, the expert says. In his opinion, the potential closure of Deer.io is unlikely to be a loss for this market, as new platforms will take its place.