FBI’s Cyber Program Nabs Russian Cybercriminal Catering to Criminals
SAN DIEGO – Dark-web threats were thwarted when FBI Investigators located an insidious site catering to cyber criminals conducted by a Russian hacker/website administrator.
Russian citizen Kirill Victorovich Firsov (29), located in Moscow, had “catered to cyber criminals by virtually selling items such as stolen credit card information, other personal information, and services to be used for criminal activity,” said the Department of Justice, U.S. Attorney’s Office of the Southern District of California. “A criminal could simply “sign up,” “configure wallets to receive funds,” “upload products,” and “get money.”
One frighteningly-easy example included the ability to purchase stolen Uber accounts with “associated credit card information from SHIKISHOP.DEER.IO. To make these purchases, the prospective buyer just needed to click on the cart on the right-hand side of the screen.”
FBI Investigators cracked open the Russia-based platform business scheme with their “initial scan through DEER.IO storefronts, which revealed thousands of compromised accounts posted for sale, including Personally Identifiable Information (PII) files containing full U.S. Social Security Numbers, dates of birth and victim addresses,” said Assistant U. S. Attorney Alexandra F. Foster. “Many of these victims were located in Europe and the United States, including victims in San Diego.”
Firsov’s federal-court guilty plea agreement this week contained his admission to being well- compensated as the administrator of the online platform DEER.IO. Records found as early as 2013, and through March 2020, revealed approximately 3,000 shops set up by cybercriminals to sell illegal services and/or products – garnering sales in excess of $17 million.
“A cybercriminal who wanted to sell contraband or offer criminal services through DEER.IO could purchase a storefront directly from the DEER.IO website for 800 Rubles (approximately $12.50) per month,” said Asst. U.S. Atty. Foster. “The monthly fee was payable by Bitcoin or a variety of online Russian payment methods such as WebMoney, a Russian based money transfer system similar to PayPal.”
For what U.S. Attorney Robert Brewer described as “one-stop shopping for criminals,” – Unauthorized Solicitation of Access Devices (18 U.S.C. § 1029(a)(6)) – Firsov faces a maximum penalty of 10 years in prison, a $250K fine when sentenced before Judge Cynthia Bashant on April 12, 2021.
“The internet allows cybercriminals and our adversaries to attack Americans in new and unexpected ways. Therefore, the FBI is constantly pivoting to staying ahead of the evolving nature of cyber threats,” said Suzanne Turner, Special Agent in Charge of FBI’s San Diego Field Office.
“The seizure of the DEER.IO website and conviction of Firsov is an example of the FBI cyber program’s investigative prowess and jurisdictional reach in order to identify, locate and bring to justice anyone who attempts to profit from harm to U.S. persons, businesses and infrastructure.”
Victims are urged to immediately contact the FBI San Diego’s cyber program by calling the field office (858) 320-1800 or submit tips via Internet Crime Complaint Center (IC3). Specialized cyber agents will work with companies to protect company information and the personal data of its customers.