Accessibility links

Breaking News

U.S. Arrests Russian Accused Of Trafficking Personal Data Online


(For illustrative purposes)
(For illustrative purposes)

WASHINGTON -- The United States arrested a Russian citizen on charges of running a vast online marketplace for stolen account credentials, the latest in a series of suspected Russian cybercriminals nabbed during overseas travel.

Federal Bureau of Investigation (FBI) officers detained Kirill Firsov on March 7 as he arrived at JFK Airport in New York City, court records show. The charges were unsealed by a California court on March 9 and he is expected to be arraigned later this week.

The United States accuses Firsov of running deer.io, a Russia-based online platform that allows cybercriminals to buy and sell hacked usernames and passwords, including those belonging to U.S. citizens. He faces two felony counts of aiding and abetting the unauthorized solicitation and trafficking of personal data.

The criminal complaint states that the platform became active in 2013 and has over 24,000 active virtual shops with total sales exceeding $17 million.

It offers an individual a ready-made virtual store with all the necessary infrastructure, including design, web hosting, and payment services and is thus similar to Shopify, the popular global ecommerce platform for online stores.

Customers can browse the storefronts on the platform -- the virtual equivalent of walking through a mall -- or search for relevant stores by a topic. Purchases are made with cryptocurrency or Russian versions of Paypal.

The FBI studied about 250 virtual stores on the platform, finding thousands of hacked accounts and personal information, including U.S. Social Security numbers, the complaints states.

“Thus far, law enforcement has found no legitimate business advertising its services and/or products through a deer.io storefront,” the U.S. complaint states.

The FBI said it purchased about 1,100 gamer accounts, including logins and passwords, on March 4 for less than $20 worth of bitcoin.

The FBI also purchased the personal information of 2,650 people for $522 in bitcoin, including U.S. citizens living in California.

Travel Blogger & FSB

Firsov describes himself on his Twitter account as a security researcher and web developer. He is also a popular travel blogger with nearly 200,000 followers on Instagram who has been profiled in Russian media.

According to a biography in Russian weekly Argumenty i Fakty that features a selfie of Firsov standing across from Manhattan, he was born in the southern region of Krasnodar in 1991 and moved to Moscow when he was 9 years old.

He completed his degree at the Federal Security Service’s Moscow Border Institute before joining Habrahabr, a Russian collaborative blog about Internet technology.

Firsov left Habrahabr to launch his own IT projects and, according to the article, later discovered flaws in Telegram’s messenger app, helping raise his profile as a security expert.

The article said he also regularly takes part in hacking competitions.

However, Firsov may have left an easy trail for the U.S. to determine that he was the individual behind deer.io, Brian Krebs, an independent investigative journalist focusing on cyber security, posted on his website Krebs On Security.

In just one example, Krebs said that deer.io was promoted on a Russian hacker forum called Antichat by an individual using the alias Isis.

The user Isis described himself as the winner of a hacking competition while one of his posts linked to a file under the username Firsov.

“In my experience, very few criminals have good [operations security]. The ones who do invariably are true sociopaths,” Krebs said in response to a reader’s comment about Firsov leaving his footprints.

  • 16x9 Image

    Todd Prince

    Todd Prince is a senior correspondent for RFE/RL based in Washington, D.C. He lived in Russia from 1999 to 2016, working as a reporter for Bloomberg News and an investment adviser for Merrill Lynch. He has traveled extensively around Russia, Ukraine, and Central Asia.

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia or the Russia-controlled parts of Ukraine and hold a Russian passport or are a stateless person residing permanently in Russia or the Russia-controlled parts of Ukraine, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.

XS
SM
MD
LG