« IPA 情報システム等の脆弱性情報の取扱いにおける報告書を公開 | Main | 厚労省 医療情報システムの安全管理に関するガイドライン 改定素案(第 5.1 版) »

2020.03.26

FBI - FBI Takes Down a Russian-Based Hacker Platform; Arrests Suspected Russian Site Administrator

こんにちは、丸山満彦です。

DEER.IOとして知られるロシアに拠点を置くサイバー犯罪のプラットフォームがFBIによって閉鎖され、その管理者であるロシア人ハッカー Kirill Victorovich Firsov(キリル・ヴィクトロヴィッチ・フィルソフ)容疑者が逮捕され、起訴されたようですね。。。

-----

the FBI made purchases from DEER.IO storefronts hosted on Russian servers.

・・・

On or about March 4, 2020, the FBI purchased approximately 1,100 gamer accounts from the DEER.IO store ACCOUNTS-MARKET.DEER.IS for under $20 in Bitcoin. Once payment was complete, the FBI obtained the gamer accounts, including the user name and password for each account. Out of the 1,100 gamer accounts, 249 accounts were hacked Company A accounts. Company A confirmed that if a hacker gained access to the user name and password of a user account, that hacker could use that account. A gamer account provides access to the user’s entire media library. The accounts often have linked payment methods, so the hacker could use the linked payment method to make additional purchases on the account. Some users also have subscription-based services attached to their gamer accounts.

On or about March 5, 2020, the FBI purchased approximately 999 individual PII accounts from the DEER.IO store SHIKISHOP.DEER.IS for approximately $170 in Bitcoin. On that same date, the FBI purchased approximately 2,650 individual PII accounts from the DEER.IO store SHIKISHOP.DEER.IS for approximately $522 in Bitcoin. From those identities, the FBI identified names, dates of birth and U.S. Social Security numbers for multiple individuals who reside in San Diego County, including G.V. and L.Y.

-----

と公表しているので、FBIがDEER.IOに出店している店舗から購入したようですね。。。

FBI - Cyber Crime news and press releases

・2020.03.24 FBI Takes Down a Russian-Based Hacker Platform; Arrests Suspected Russian Site Administrator

● まるちゃんの情報セキュリティ気まぐれ日記

・2020.03.23 脅威インテリジェンスサービスの利用とコンプライアンス by 高橋郁夫弁護士

2020.03.07 DOJ - Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources

 

 

|

« IPA 情報システム等の脆弱性情報の取扱いにおける報告書を公開 | Main | 厚労省 医療情報システムの安全管理に関するガイドライン 改定素案(第 5.1 版) »

Comments

Post a comment



(Not displayed with comment.)


Comments are moderated, and will not appear on this weblog until the author has approved them.



« IPA 情報システム等の脆弱性情報の取扱いにおける報告書を公開 | Main | 厚労省 医療情報システムの安全管理に関するガイドライン 改定素案(第 5.1 版) »