The FBI has arrested a Russian national believed to be behind Deer.io, a Shopify-like platform that hosts online stores where hackers advertise and sell hacked accounts and stolen user information.
The suspect, named Kirill Victorovich Firsov, was arrested on Saturday, March 7, at the John F. Kennedy Airport, in New York, according to an arrest warrant seen by ZDNet.
US officials say Firsov has been in charge and running the Deer.io platform since its launch in October 2013.
The site, which lets users host online stores for around $12/month, is believed to have hosted more than 24,000 shops and made more than $17 million, according to claims posted by Firsov on the Deer.io platform.
Deer.io used almost entirely for cybercrime, feds say
However, in a criminal complaint unsealed today, the FBI says that despite claims to host legitimate businesses, the Deer.io platform was used almost entirely for cybercrime.
“Thus far, law enforcement has found no legitimate business advertising its services and/or products through a DEER.IO storefront,” the complaint reads.
The FBI says they’ve reviewed more than 250 online stores hosted on Deer.io and found shops selling access to hacked accounts, hacked servers, and personally identifiable information (PII), such as names, Social Security numbers, dates of birth, and victim addresses.
Feds say they successfully purchased hacked data from Deer.io-hosted stores on multiple occasions, confirming that Deer.io shops were selling authentic information, and not fake data.
US officials claim that Firsov was fully aware of the clientele he wanted on the site, as he regularly advertised Deer.io on cybercrime forums.
Widely known platform
Firsov’s arrest is not a shock for cyber-security industry insiders. The Deer.io platform was first exposed as a haven for cybercrime activity in a now-removed Digital Shadows report, published in June 2016.
At the time, the Deer.io platform rose to infamy after a famous hacker known as Tessa88 used a Deer.io shop to sell user data hacked from MySpace and LinkedIn.
In a message sent to this reporter back in 2016, the Deer.io admin, believed to have been Firsov, intentionally avoided answering a direct question about selling hacked data, and even flaunted their Russian nationality as a reason for not taking down infringing shops.
“deer.io works according to the laws of the Russian Federation,” the Deer.io admin told this reporter back in 2016.
“Our clients can create shops that do not violate the laws of the Russian Federation. We block shops that sell drugs/stolen bank accounts. We will also block any shop if requested by Roskomnadzor or the competent authorities of the Russian Federation.”
Firsov will be arraigned in a New York court later this week, where he’s expected to be officially charged with aiding and abetting of trafficking, and trafficking of stolen information.
At the time of writing, the Deer.io portal was still up and running. ZDNet is also aware of two other platforms similar to Deer.io that have also been operating for years by hosting online stores almost exclusively for cybercrime purposes.
Firsov is not the first operator of a criminal shop arrested in recent years. In January 2019, authorities took down xDedic, a website for selling hacked servers, and three suspects were arrested in Ukraine.