Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management

FBI Shutters Alleged Russian Cybercriminal Forum

Deer.io Enabled Fraudsters to Buy and Sell Stolen Data, Federal Prosecutors Say
FBI Shutters Alleged Russian Cybercriminal Forum
The FBI seized the Deer.io domain Tuesday and displayed this message.

The FBI this week seized the domain of Deer.io, which federal prosecutors say served as a clearinghouse for stolen personal data and a forum where cybercriminals could buy and sell goods, according to the U.S. Department of Justice.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

Federal prosecutors have charged Kirill Victorovich Firsov, a 28-year-old Russian national who they say served as the site’s administrator, with unauthorized solicitation of access devices. If convicted, he faces a maximum 10-year prison term and a $250,000 fine, according to U.S. Attorney's Office for the Southern District of California.

Firsov, who was arrested by FBI agents at John F. Kennedy International Airport in New York on March 7, remains in federal custody, according to the Justice Department. His next hearing is scheduled for April 16.

The Deer.io website continued to operate until Tuesday, when the FBI received permission from a federal court to seize the domain and close the site.

"Deer.io was the largest centralized platform which promoted and facilitated the sale of compromised social media and financial accounts, personally identifiable information (PII) and hacked computers on the internet," says FBI agent Omer Meisel.

Accessible on the Internet

Unlike other cybercriminal forums, including Wall Street Market or Valhalla Marketplace, which operated on the dark net, Deer.io was accessible to anyone with a web browser, according to the FBI. The infrastructure that supported Deer.io was based in Russia, investigators say.

Established in 2013, Deer.io was a platform that hosted about 24,000 online stores that generated about $17 million in revenue over the last seven years, according to the FBI complaint. The stores paid about $12.50 for a monthly hosting fee, the FBI notes.

While the site advertised itself as a legitimate marketplace, the FBI investigation found that cybercriminals used these storefronts to buy and sell stolen or compromised data and financial records taken from victims as well as corporations based in the U.S. and overseas. Federal prosecutors alleged Deer.io trafficked in personally identifiable information, including Social Security numbers, physical addresses, dates of birth, and usernames and passwords taken from compromised accounts.

The site also allowed cybercriminals to trade and discuss malware and buy and sell access to hacked servers and accounts, according to the FBI.

In addition, Firsov, allegedly offered guidance on how to set up a marketplace on the platform as well as instructions for creating a cryptocurrency wallet to accept virtual payments, according to federal prosecutors. The site also had a search function to allow users to find certain stolen goods and services, according to the FBI.

Payments could be made in virtual currency, such as bitcoin, or through WebMoney, a Russian based money transfer system similar to PayPal, the FBI says.

Investigation

The FBI began investigating the site earlier this year, and then began to make purchases of stolen data in March.

On March 4, for instance, FBI agents purchased about 1,100 gamer accounts from the Deer.io site for about $20 in bitcoin, according to federal prosecutors. When agents examined their purchases, they found about 250 of these accounts gave full access to victims' stored payment methods, usernames and password and media library.

On March 5, agents purchased details on 999 individuals through Deer.io for about $170 in bitcoin, according to the complaint. Later, agents used $522 in bitcoin to purchase the details on 2,650 people, including Social Security numbers and addresses.


About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the GovInfoSecurity.com media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.