Last week, FBI officials arrested a Russian cybersecurity researcher on suspicion of operating deer.io, a vast marketplace for buying and selling stolen account credentials for thousands of popular online stores and services.
Kirill V. Firsov was arrested on March 7 after arriving at New York’s John F. Kennedy airport, according to court documents opened on Monday. Prosecutors with the United States District Court for the Southern District of California Firsov claims he was the administrator of deer.io, an online platform that hosted more than 24,000 stores selling stolen and / or compromised usernames and passwords to a variety of major online destinations.
The indictment against Firsov claims deer.io has been responsible for $ 17 million in sales of stolen credentials since its inception in 2013.
“The FBI’s review of approximately 250 DEER.IO storefronts reveals thousands of compromised accounts offered for sale through this platform and its customers’ storefronts, including game accounts (player accounts) and PII files containing usernames, passwords, customer numbers. US social security, dates of birth and addresses of the victim, “the prosecution said.
In addition to facilitating the sale of compromised accounts on video streaming services such as Netflix is Hulu and social media platforms such as Facebook, Twitter is Vkontakte (the Russian equivalent of Facebook), deer.io is also a favorite marketplace for people involved in selling fake social media accounts.
For example, one of the first users of deer.io was a now defunct shop called “Dedushka” (transliterated Russian “grandfather”), a service offering fake and old Vkontakte accounts that was quite popular with scammers involved in various scams. online dating.
The indictment does not specify how prosecutors have defined Firsov as the mastermind behind deer.io, but there are certainly plenty of clues to suggest such a connection.
Firsov’s identity on Twitter says he is a security researcher and developer currently living in Moscow. Previous tweets from that account indicate that Firsov made a name for himself after discovering a number of serious security holes in Telegram, a popular cross-platform messaging application.
Firsov also tweeted about participating and winning several “catch the flag” hacking contests, including the 2016 and 2017 CTF challenges at Positive Hack Days (PHDays), an annual security conference in Moscow.
Deer.io was originally advertised on the Russian-language public hacking forum antiquity by a revered user in that community using the pseudonym “Isis. “A Google Translate version of that ad is here (PDF).
In 2016 Isis would have posted on Antichat a detailed report on how he managed to win a PHDays hacking contest (thread translated here). In one section of the document, Isis claims authorship of a specific file-dump tool and connects to a Github directory with the username “Firsov”.
In another June 2019 thread, an Antichat user asks if anyone has heard of Isis recently, and Isis pops up the next day to ask what she wants. The user asks why the Isis site, a video and music search site called vpleer[.]ru – wasn’t working at the time. Isis replies that it hasn’t owned the site for 10 years.
According to historical WHOIS records maintained by DomainTools.com (an advertiser on this site), vpleer was originally registered in 2008 to someone using the email address [email protected].
The same email address was used to register the “Isis” account in several other major Russian-language cybercrime forums, including Damagelab, Zloy, Evilzone and Priv-8. It was also used in 2007 for recording xeka[.]ru, a fully fledged cybercrime forum called “The Antichat Mafia”.
More importantly, the same email address [email protected] was used to register accounts on Facebook, Foursquare, Skype and Twitter on behalf of Kirill Firsov.
Russian hacking forums have taken note of Firsov’s arrest, as they do every time an alleged cybercriminal among them is arrested by the authorities; Typically such user accounts are then removed from the forum as a security precaution. An administrator of a popular crime forum posted today that Firsov is a 28-year-old from Krasnodar, Russia, who studied at the Moscow Border Institute, a division of the Russian Federal Security Service (FSB).
Firsov is expected to be indicted later this week, when he will face two counts of crime, in particular aiding and abetting the unauthorized solicitation of access devices and aiding and aiding the trafficking of “false authentication features”. A copy of the indictment is available here (PDF).
Tags: antichat, Firsov arrest, Firsov indictment, [email protected], ISIS, Kirill Firsov, xeka
[ad_2]Source link