A Russian computer security researcher has pleaded guilty to hacking-related charges in connection with U.S. law enforcement action against an internet marketplace where buyers purchased access to stolen personal data.
Kirill Firsov, a Russian national, acknowledged his involvement with Deer.io, an illicit web hosting service that enabled scammers to operate independent web stores where they sold access to hacked web accounts and other services. The U.S. Department of Justice shuttered the website in March 2020, weeks after Firsov was arrested at John F. Kennedy airport in New York City.
Firsov admitted his role in running Deer.io when he was apprehended at the airport, the plea deal states. He now faces up to 10 years in prison.
Deer.io claimed to have more than 24,000 active websites with sales exceeding $17 million, the Justice Department said last year. Various sites hosted through the Deer.io platform offered Americans’ personal information, access to breached social media accounts on Facebook and Twitter, and access to streaming accounts from Netflix and Hulu.
“The FBI’s review of approximately 250 Deer.io storefronts reveals thousands of compromised accounts posted for sale via this platform and its customers’ storefronts, including videogame accounts (gamer accounts) and [personally identifiable information] files containing user names, passwords, U.S. Social Security numbers, dates of birth, and victim addresses,” the indictment states.
Victims were largely located in Europe and in the U.S., investigators said.
Firsov boosted Deer.io’s reputation and aimed to attract more users by advertising the site on black market forums and in other hacking communities, the complaint said.
A Twitter profile belonging to Firsov lists his location as Moscow, his profession as a security researcher and a number of tweets that reference hacking tools and offensive cybersecurity testing techniques.
An attorney for Firsov declined to comment on the case.