New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Deer[dot]io Operator Arrested by FBI

The FBI has arrested Russian national Kirill Victorovich Firsov for his role in the operation of the criminal eCommerce sire deer[dot]io. Deer[dot]io operated similarly to legitimate eCommerce platforms like Shopify, which allows users to create and operate their own shops to sell goods and services to others. Mr. Firsov claims that the site was a legitimate business operation; however, according to the FBI complaint the site was utilized almost entirely for cybercriminal activity. According to the criminal complaint, since 2013 Mr. Firsov took in “at least” $17 million USD from the operation of the site. Mr. Firsov was arrested over the weekend at John F. Kennedy Airport.

Analyst Notes

Deer[dot]io is not a unique platform—unfortunately, there are countless sites on the Deepweb and the Darknet which allow criminals to easily sell their ill-gotten goods to any interested party. Some of these sites allow for unique shops for each seller, while others operate as forums which have sections for users to post-sale information or set up impromptu auctions. While this site will end up eventually going offline and criminals will move away from the platform with news of Mr. Firsov’s arrest, other sites will quickly fill the void left by deer[dot]io. Many of these sites are hosted in Russia and other eastern European nations where U.S. authorities have a much harder time taking sites down or accessing owner/operator information. More information on this incident can be found at and at