Russian Pleads Guilty to Running Cybercrime ForumKirill Victorovich Firsov Was Administrator for Deer.io Market
A Russian national who served as the administrator for the now-defunct Deer.io online clearinghouse - which sold stolen credentials, hacked servers and criminal services, such as assistance performing hacking activities - has pleaded guilty to a federal charge, according to the U.S. Justice Department.
See Also: Automating Security Operations
Kirill Victorovich Firsov, 29, of Moscow, has pleaded guilty to one count of unauthorized solicitation of access devices. He faces up to 10 years in prison and a $250,000 fine when he’s sentenced in April.
Firsov was arrested by FBI agents at John F. Kennedy International Airport in New York in March 2020, and he has remained in federal custody since then, according to the U.S. Attorney's Office for the Southern District of California, which oversaw the case.
From 2013 until the FBI seized the domain in March 2020, Deer.io trafficked in stolen credentials and personal identifiable information, including Social Security numbers, dates of birth and physical addresses, according to the Justice Department. Many of the victims whose information was compromised lived in the U.S. or Europe (see: FBI Shutters Alleged Russian Cybercriminal Forum).
The Deer.io site allowed cybercriminals to buy this data using cryptocurrency or through Russian-based money transfer systems.
Before the FBI shuttered the Deer.io site in 2020, the Russian-based online platform allowed criminals to set up cyber storefronts and sell illegal products or services, according to the Justice Department.
At its peak, Deer.io hosted about 24,000 online stores that generated about $17 million in revenue over seven years, according to court documents. The stores paid a monthly hosting fee of about $12.50 (see: FBI Arrests Suspected Admin of Russian Cybercrime Market).
Although the site advertised itself as a legitimate marketplace, the FBI investigation found that cybercriminals used these storefronts to buy and sell stolen data and financial records taken from victims as well as corporations in the U.S. and overseas. The site also allowed cybercriminals to trade and discuss malware and buy and sell access to hacked servers and accounts.
"A cybercriminal could purchase stolen Uber accounts with associated credit card information from shikishop.deer.io," according to the Justice Department. "To make these purchases, the prospective buyer just needed to click on the cart on the right-hand side of the screen."
Unlike other darknet sites, such as Wall Street Market or Valhalla Marketplace, Deer.io was accessible to anyone with a web browser, according to the FBI.
As the administrator for the Deer.io site, Firsov offered guidance on how to set up a marketplace on the platform as well as instructions for creating a cryptocurrency wallet to accept virtual payments, according to federal prosecutors. The site had a search function to help users find certain stolen goods and services.
The FBI began investigating the site in 2020 and began to make purchases of stolen data in March of the same year.
At one point, FBI agents purchased about 1,100 gamer accounts from the Deer.io site for about $20 in bitcoin, according to federal prosecutors. When agents examined their purchases, they found about 250 of these accounts gave full access to victims' stored payment methods, usernames and passwords and media library, according to the Justice Department.
Agents also bought details on 999 individuals through Deer.io for about $170 in bitcoin, according to court documents. Later, agents used $522 in bitcoin to purchase information on 2,650 people, including Social Security numbers and addresses.