‘One-stop shopping for criminals’

Russian 'security researcher' pleads guilty to running cybercrime e-commerce platform Deer.io

A Russian national has pleaded guilty before a US federal court to being the administrator of a website that helped cybercrooks build illicit webstores.

Kirill Victorovich Firsov, 29, was charged in relation to his role in the operation of Deer.io, a nefarious equivalent of legitimate e-commerce platforms like Shopify and Magento.

Firsov, who submitted the plea yesterday (January 21), “was well-compensated” for his role, according to a press release issued by the Department of Justice (DoJ).

Annual sales of $17m

Deer.io provided cybercriminals with a channel for selling stolen credentials, payment card details, and other illicit goods and services until it was shut down following Firsov’s arrest in March 2020.

During its investigation, the FBI found “thousands of compromised accounts posted for sale, including Personally Identifiable Information (PII) files containing full US Social Security Numbers, dates of birth and victim addresses”.

Many of the victims were based in the US and Europe.

US attorney Robert Brewer said the platform offered “one-stop shopping for criminals”.

Launched in October 2013, the e-commerce site hosted around 3,000 digital stores and generated sales exceeding $17 million as of March 2020, said the DoJ.

Off-the-shelf cybercrime shop

For a monthly subscription of RUB800 (around $12.50) paid for in bitcoin or via Russian-based money transfer systems, cybercriminals could build their storefront, upload products and services for sale, and configure cryptocurrency wallets to collect payments.

Shop owners could choose a store name based on domains such as Deer.io, Deer.st, or Deer.is, or choose a custom name.


READ MORE Magecart attacks: Cat-and-mouse game continues between cybercrooks and law enforcement


Prospective customers could readily access the website over the internet, then browse popular shops or use a search function on the homepage to browse various illicit wares.

The FBI found no evidence of legitimate goods or services for sale on Deer.io storefronts, and said Firsov had advertised the service on other cybercrime forums, according to a previous DoJ filing.

White hat exploits

The defendant’s Twitter bio still describes Firsov as a security researcher and web developer.

In a trawl of his tweets, security journalist Brian Krebs found that Firsov had uncovered a slew of serious security flaws in Telegram, an encrypted messaging platform popular with cybercriminals, and tweets announcing victories in several capture-the-flag hacking competitions.


Read more of the latest cybercrime news


Similar previous FBI successes, achieved in collaboration with other international law enforcement agencies, include the shutdowns of stolen-data search engine WeLeakInfo.com in 2020, and darknet marketplaces xDedic and ‘Wall Street’ in 2019.

“The seizure of the Deer.io website and conviction of Firsov is an example of the FBI cyber program’s investigative prowess and jurisdictional reach in order to identify, locate and bring to justice anyone who attempts to profit from harm to US persons, businesses and infrastructure,” said Suzanne Turner, special agent in charge of the FBI’s San Diego field office.

Firsov is due for sentencing on April 12 and faces a maximum jail term of 10 years and a maximum fine of $250,000.


YOU MIGHT ALSO LIKE Imminent Joker’s Stash demise likely to spawn growth to rival cybercrime forums