Pierluigi Paganini March 10, 2020

The FBI announced the arrest of a Russian national that is suspected to be the mastermind behind Deer.io, a Shopify-like platform.

The FBI arrested Kirill Victorovich Firsov, the alleged main operator behind Deer.io which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. Crooks ware paying around $12/month to open their online store on the platform. The Russian man also advertised the platform on other hacking forums.

Firsov was arrested at the John F. Kennedy Airport, in New York, on March 7, the man is accused of running the Deer.io platform since October 2013.

“The suspect, named Kirill Victorovich Firsov, was arrested on Saturday, March 7, at the John F. Kennedy Airport, in New York, according to an arrest warrant seen by ZDNet.” reported ZDNet.

The Russian citizen claimed to have hosted more than 24,000 online stores and more than $17 million.

“The stores were offering for sale a variety hacked and/or compromised U.S. international financial and corporate data, Personally Identifiable Information (PII), and compromised user accounts from many U.S. companies. Individuals can also buy computer files, financial information, PII, and usernames and passwords taken from computers infected with malicious software (malware) located both in the U.S. abroad.” reads a criminal complaint unsealed today.

“Thus far, law enforcement has found no legitimate business advertising its services and/or products through a DEER.IO storefront.”

The DEER.IO online stores are maintained on Russian-controlled bullet-proof infrastructure.

Feds reviewed approximately 250 DEER.IO store used by hackers to offer for sale thousands of compromised accounts, including videogame accounts (gamer accounts) and PII files containing user names, passwords, U.S. Social Security Numbers, dates of birth, and victim addresses. Most of the victims are in Europe and the United States.

FBI agents successfully purchased hacked data from some stores hosted on the Deer.io platform, offered data were authentic according to the feds.

“On or about March 4, 2020, the FBI purchased approximately 1,100 gamer accounts from the DEER.IO store ACCOUNTS-MARKET.DEER.IS for under $20 in Bitcoin. Once payment was complete, the FBI obtained the gamer accounts, including the user name and password for each account.” continues the criminal compliant.

“Out of the 1,100 gamer accounts, 249 accounts were hacked Company A accounts. Company A confirmed that if a hacker gains access to the user name and password of a user account, that hacker can use that account. A gamer account provides access to the user’s entire media library is contained within the account. The accounts often have linked
payment methods, so the hacker could use the linked payment method to make additional purchases on the account. Some users also have subscription-based services attached to their gamer accounts.”

Firsov will appear in a New York court this week, where he will be charged abetting and sale of stolen data.

At the time of writing, the Deer.io portal was still up and running.

Pierluigi Paganini

(SecurityAffairs – hacking, Deer.io)

[adrotate banner=”5″]

[adrotate banner=”13″]