Russia-based Deer.io is the one-stop cybercrime hub linked to the hacker behind LinkedIn breach
The existence of a site like Deer.io is indicative of the lowering of the barriers of entry for cybercriminals. iStock

A new Russia-based online business hub has been uncovered, which has been identified by security researchers as a one-stop shop for cybercriminals. Deer.io, a website development platform, is estimated to be hosting over 1,000 shops, most of which were found to sell stolen products from compromised accounts.

Deer.io, which claims to offer "technical hosting including anonymity and security, payment handling, website design and distributed denial of service (DDoS) protection", was also found to be hosting darkside.global – the online shop linked to the pseudonymous hacker Tessa88, who was found to have been behind the high-profile database breach sustained by various social networking sites, including LinkedIn and MySpace.

"Deer.io was detected as advertised on well-known criminal forums such as Xeksek (see below), AntiChat, Zloy and Exploit, and deer.io recommends that its users publicize their shops on these sites as well," Digital Shadows said in a report.

The site was found to be charging "a monthly fee of 500 RUB (approximately $8)" to offer various services including customer service and product development. The site was also found to respond promptly to queries.

"The breadth of offerings and responsiveness almost certainly contribute to the apparent popularity of the service. The majority of the shops hosted on deer.io sell products that are stolen, or from compromised accounts. Additionally there are a number of products that would not be compliant with many sites' terms and conditions," the security firm said.

Items on sale

Digital Shadows uncovered that most of the shops hosted on Deer.io were selling cybercrime-related products, including "Bot-registered social media accounts" (commonly used to promote social media spam), stolen accounts from social media and other platforms (including banks, payment, gift and loyalty cards, and Uber), AWS (Amazon Web Services) and Azure domain names and servers and more.

"The platform offers prospective users the opportunity to login to a test shop to see how it operates from the inside. We were able to login and investigate and found what we consider to be a well-designed, simple user interface that allowed users to easily control and monitor their products, view shop statistics, review payments and shop design, and even ban visitors," the security firm explained.

Crime and popularity

According to Digital Shadows, despite the fact that most of the shops hosted on Deer.io "appear to be criminal", the site by itself, "does not appear to be a criminal site". The firm also noted that the site's popularity is likely to "remain high for the foreseeable future".

"In fact, Alexa, the website monitoring service, reports in the last 12 months that the site has climbed by approximately 35,000 positions in the global website popularity ranking (currently 64,072 globally and 3,699 in Russia), although dropped 20,000 positions in the last quarter," the firm added.

The existence of a site like Deer.io is indicative of the lowering of the barriers of entry for cybercriminals. Moreover, the ironic way in which the site mirrors other legitimate ecommerce services also points to a growth in maturity and sophistication among criminal entities in cyberspace.

"The services offered by deer.io are not unique; a smaller venture primarily offering the sale of gaming accounts and a marketplace for those providing malware crypting services are also advertised. While this trend is not necessarily new, the fact that all of these support services are wrapped into a one-stop shop marks a change. It's a reminder that the dark web does not monopolize criminality," Digital Shadows cautioned.