San Diego – A Russian-based cyber platform known as DEER.IO
was shut down by the FBI today, and its suspected administrator – alleged
Russian hacker Kirill Victorovich Firsov - was arrested and charged with crimes
related to the hacking of U.S. companies for customers’ personal information.
DEER.IO was a Russian-based cyber platform that allowed
criminals to purchase access to cyber storefronts on the platform and sell
their criminal products or services.
DEER.IO started operations as of at least October 2013, and claimed to
have over 24,000 active shops with sales exceeding $17 million. The platform
was shut down pursuant to a seizure order issued by the Southern District of
California Court.
FBI agents arrested Firsov, a Russian cyber hacker, on March
7 in New York City. Firsov not only managed the DEER.IO platform, he also
advertised it on other cyber forums, which catered to hackers. Firsov is next
scheduled to appear on April 16, 2020, before U.S. Magistrate Judge Allison H.
Goddard.
According to a federal complaint, DEER.IO virtual stores
offered for sale a variety of hacked and/or compromised U.S. and international
financial and corporate data, Personally Identifiable Information (PII), and
compromised user accounts from many U.S. companies. Individuals could also buy
computer files, financial information, PII, and usernames and passwords taken
from computers infected with malicious software (malware) located both in the
U.S. and abroad. Law enforcement found no legitimate business advertising its
services and/or products through a DEER.IO storefront. Store operators and
customers accessed the storefront via the Internet. Specifically, in this case, the FBI made
purchases from DEER.IO storefronts hosted on Russian servers.
The DEER.IO platform offered a turnkey online storefront
design and hosting platform, from which cybercriminals could advertise and sell
their products (such as harvested credentials and hacked servers) and services
(such as assistance performing a panoply of cyber hacking activities). The
DEER.IO online stores were maintained on Russian-controlled infrastructure. The
DEER.IO platform provided shop owners with an easy-to-use interface that
allowed for the automated purchase and delivery of criminal goods and services.
Once shop access was purchased via the DEER.IO platform, the
site then guided the newly-minted shop owner through an automated set-up to
upload the products and services offered through the shop and configure
crypto-currency wallets to collect payments for the purchased products and/or
services.
As of 2019, a cybercriminal who wanted to sell contraband or
offer criminal services through DEER.IO could purchase a storefront directly
from the DEER.IO website for 800 Rubles (approximately $12.50) per month. The
monthly fee was payable by Bitcoin or a variety of online payment methods such
as WebMoney, a Russian based money transfer system similar to PayPal.
A cybercriminal who wanted to purchase from storefronts on
the DEER.IO platform could use a web browser to navigate to the DEER.IO domain,
which resolved to DEER.IO storefronts. DEER.IO contained a search function, so
individuals could search for hacked accounts from specific companies or PII
from specific countries, or the user could navigate through the platform,
scanning stores advertising a wide array of hacked accounts or cyber criminal
services for sale. Purchases were also conducted using cryptocurrency, such as
Bitcoin, or through the Russian-based money transfer systems.
On or about March 4, 2020, the FBI purchased approximately
1,100 gamer accounts from the DEER.IO store ACCOUNTS-MARKET.DEER.IS for under
$20 in Bitcoin. Once payment was complete, the FBI obtained the gamer accounts,
including the user name and password for each account. Out of the 1,100 gamer
accounts, 249 accounts were hacked Company A accounts. Company A confirmed that
if a hacker gained access to the user name and password of a user account, that
hacker could use that account. A gamer account provides access to the user’s
entire media library. The accounts often have linked payment methods, so the
hacker could use the linked payment method to make additional purchases on the
account. Some users also have subscription-based services attached to their
gamer accounts.
On or about March 5, 2020, the FBI purchased approximately
999 individual PII accounts from the DEER.IO store SHIKISHOP.DEER.IS for
approximately $170 in Bitcoin. On that
same date, the FBI purchased approximately 2,650 individual PII accounts from
the DEER.IO store SHIKISHOP.DEER.IS for approximately $522 in Bitcoin. From
those identities, the FBI identified names, dates of birth and U.S. Social
Security numbers for multiple individuals who reside in San Diego County,
including G.V. and L.Y.
“There is a robust underground market for hacked stolen
information, and this was a novel way to try to market it to criminals hoping
not to get caught,” said U.S. Attorney Robert Brewer. “Hackers are a threat to
our economy, and our privacy and national security, and cannot be tolerated.”
FBI Special Agent in Charge Omer Meisel stated, “Deer.io was
the largest centralized platform, which promoted and facilitated the sale of
compromised social media and financial accounts, personally identifiable
information (PII) and hacked computers on the internet. The seizure of this
criminal website represents a significant step in reducing stolen data used to
victimize individuals and businesses in the United States and abroad. The FBI will continue to be at the forefront
of protecting Americans from foreign and domestic cyber criminals.”
The office extends its appreciation to the New York Division
of U.S. Customs and Border Protection operating at John F. Kennedy
International Airport and to private sector cyber-security company Black Echo
LLC, which provided assistance throughout the investigation.
Report cyber crimes by filing a complaint with the FBI's
Internet Crime Complaint Center, by calling your local FBI office or 1800 CALL
FBI.
DEFENDANT Case
Number: 20MJ1029
Kirill Victorovich Firsov Age: 28
SUMMARY OF CHARGE
Unauthorized Solicitation of Access Devices, 18 USC Sec.
1029(a)(6)(A)
Maximum Penalty: Ten years in prison, $250,000 fine,
restitution.
AGENCIES
Federal Bureau of Investigatio
Posts
No comments:
Post a Comment