Russian web hosting service a favorite among cybercriminals

A Russian web hosting service is providing an avenue for cybercriminals to set up sites for selling stolen passwords, credit cards, and other pilfered personal information, a cybersecurity firm said. 

The web hosting company Deer.io has become popular among online thieves because it's easy to use and asks few questions from users, said Rick Holland, vice president of strategy at the cybersecurity firm Digital Shadows, on Tuesday at the Black Hat cybersecurity conference in Las Vegas. 

"You can basically go onto Deer.io, set up your site, and just sell whatever you want," said Mr. Holland, suggesting the service lowers the bar for criminals who want to find a domain on the web for peddling stolen information. 

Over the past three years, he said, criminals have used Deer.io to create more than 1,000 sites that have reaped nearly $4 million from illicit trade, selling goods that range from stolen social media accounts to fraudulent gift cards and servers. 

The Digital Shadows research comes as Americans are increasingly wary about web safety. A survey from the nonprofit Digital Citizens Alliance found that 52 percent of Americans say they feel less safe online than they did five years ago. Forty-six percent of those surveyed said they've been victimized as part of an online scam. 

“We’ve reached a point where Americans are bracing for what comes next – a stolen credit card, a breach of sensitive information, or criminal scam,” said Tom Galvin, executive director of the Digital Citizens Alliance.

Digital Shadows' Holland suggested part of the problem is that criminals are able to rely on the anonymity of digital currency such as bitcoin and the borderless nature of the internet to carry out scams.

According to Holland, Deer.io claims to provide its customers with anonymity, a template for selling their goods, help with payment process, and protection against distributed denial of service attacks, which rival online gangs often use to attack competing sites.

Unlike legitimate web hosting services, said Holland, Deer.io does not attempt to authenticate customers' identities and allows users to quickly sign up and begin advertising stolen goods on the open web. While these kinds of sites aren't uncommon on the internet, they are often found on Dark Web domains accessible only with the Tor browser that hides users' location and identity. 

Deer.io did not respond to request for comment. 

Possibly the most prominent site using the service is darkside.global. An alleged criminal hacker known by the handle Tessa88 – who took credit for publishing databases of MySpace and Twitter passwords – reportedly uses the site sell stolen social media credentials.

Some reports suggest that Tessa88 earned between $50,000 and $60,000 from the illicit password trade.