In early March 2020, US law enforcement officers reported the arrest of Russian Cyril Viktorovich Firsov, who is considered the platform operator for the creation of Deer.io sites.
This platform has existed since 2013, then it allowed anyone who wants to launch their own online store for 500 rubles a month. It all worked like WordPress: the user was provided with hosting and design for a fee.
Three years ago, Digital Shadows researchers wrote that more than 1,000 stores use the services of the service, which have already brought over 240 million rubles to their operators, while the creators of Deer.io specified that in reality there are over 4,000 stores.
The problem was that in 2016, researchers found on Deer.io stores that would rather work on the darknet, but the platform’s rules (and the laws of the Russian Federation) prohibited the sale of narcotic substances, programs, devices and scripts for any type of hacking, all related to carding and financial fraud, DDoS services and so on.
Experts claimed that the Deer.io administration deliberately turns a blind eye to such activity. So, the Digital Shadows report stated that the site is well known to hackers and is actively advertised on the Xeksek, AntiChat, Zloy and Exploit forums.
It is interesting that the platform representatives categorically rejected these allegations, assured the media that Deer.io operates in accordance with the laws of the Russian Federation, and also regularly blocks stores that sell drugs / bank accounts and ban stores by order of Roskomnadzor or other authorized bodies of the Russian Federation .
No less interesting is the fact that after the publication of the mentioned material about Deer.io on our website, platform operators threatened Hacker with legal prosecution. In the summer of 2019, the company suddenly demanded that the editorial staff delete the 2016 material on the grounds that the Digital Shadows report did not contain a screenshot of the main page of the site catalog (which clearly showed that the Top 10 stores sell exclusively stolen accounts). It was alleged that we made the screenshot ourselves, which means that the publication “has no confirmation and defames the business reputation of the company.”
Now, three weeks after Firsov’s arrest, the US Department of Justice reported on the liquidation of the site itself. The domain has been withdrawn in accordance with a court order, and the eloquent “stub” now flaunts on the main page of the site.
Law enforcement officials write that at the time of closure, the platform was used to host more than 24,000 stores, whose total revenues amounted to more than $ 17 million. Anyone could create their own store here, it was enough to pay 800 rubles a month by paying this amount in bitcoins or using various online payment systems, including WebMoney.
Investigators say that on March 4, 2020, the FBI made a “test purchase” and acquired about 1,100 game accounts in the ACCOUNTS-MARKET.DEER.IS store for less than $ 20, paying for the purchase with cryptocurrency. After payment, law enforcement officers really received credentials from the players’ accounts, including a username and password for each.
Out of 1,100 of these accounts, 249 turned out to be hacked accounts of an unnamed company A. This company confirmed to the investigation that if a hacker got access to the username and password, he would be able to use this account himself. At the same time, the player’s account provides access to his entire library, and also often has associated payment methods. That is, the attacker could use the associated payment method to make additional purchases.
But only this “control purchase” was not limited. So, on March 5, 2020, the FBI acquired about 999 records with personal data in the DEER.IO SHIKISHOP.DEER.IS store (for about $ 170 in bitcoins), as well as about 2,650 records with personal data in the DEER.IO SHIKISHOP.DEER store. IS (for about $ 522 in bitcoins). Using this information, investigators were able to find out the names, dates of birth, and social security numbers for a number of people living in San Diego County.
“Deer.io was the largest centralized platform that facilitated and facilitated the sale of compromised social media accounts, as well as financial data, personal information and hacked computers. Capturing this criminal site is a big step in reducing the [turnover] of stolen data used to attack individuals and legal entities in the US and abroad, ”summarizes FBI special agent Omer Meisel.