U.S. authorities have arrested a Russian man accused of running an illicit service where buyers allegedly have spent years purchasing stolen data and hacked web accounts.
In a complaint unsealed March 9, the FBI accused Kirill Victorovich Firsov of operating Deer.io, a web hosting service where subscribers can host independent stores online for roughly $250. The site, which remains online, is based in Russia, outside the reach of U.S. law enforcement, and advertises itself as the home of more than 24,000 accounts with more than $17 million in sales.
Unlike legitimate hosting services, Deer.io promises anonymity and markets strong defenses against the kind of distributed denial-of-service attacks that scammers often use to harass each other, the threat intelligence provider Digital Shadows found in 2016. FBI investigators probing the site determined it existed entirely for the purpose of cybercrime.
Seamus Hughes, the deputy director of the Program on Extremism at George Washington University and a specialist on court filings, first noticed Firsov’s arrest. Firsov was taken into custody at John F. Kennedy airport in New York City, Hughes noted.
Deer.io has operated in some form since 2013, though much of the evidence cited in the complaint was collected in recent weeks. On March 5, FBI agents spent roughly $170 in bitcoin for personal information about 999 individuals, and $522 in bitcoin on another 2,650 people, yielding names, addresses and Social Security numbers. Before that, on March 4, investigators purchased 1,100 accounts for a video game service, including 249 hacked accounts, proving scammers with access to users’ payment information, the FBI said.
Firsov knowingly advertised Deer.io on other cybercriminal forums, aiming to boost membership by spreading the word in other hacking communities, according to the complaint.
The complaint was filed in the U.S. Southern District of California. An attorney representing Firsov could not be located for comment.
Deer.io is one of dozens of websites on the open internet and dark web offering hacking services. Existing sites offer affordable phishing tools, while others have avoided a law enforcement dragnet aimed primarily at digital drug markets.