The U.S. Department of Justice filed charges against a well-known British hacker on Wednesday for allegedly running the now-defunct “The Real Deal” dark web marketplace.
Daniel Kaye, 34, the defendant (also known as Bestbuy, Spdrman, Popopret, and UserL0ser), is accused of running the black market for services from early 2015 until November 2016, when The Real Deal went down.
Threat actors sold anything on this site, including hacking tools, narcotics, and government data, as well as credentials for networks used by U.S. government agencies.
According to court documents, login information for computers owned by the National Aeronautics and Space Administration (NASA), the U.S. Navy, the National Oceanic and Atmospheric Administration (NOAA), the Centers for Disease Control and Prevention (CDC), and the U.S. Postal Service is among the login information offered for sale on the dark web market (USPS).
In addition, it has been claimed that Kaye sold stolen Social Security data while collaborating with threat actor TheDarkOverlord to traffic Twitter and Linked accounts.
In order to conceal the illegal gains from law enforcement’s blockchain tracing analytical efforts, he used the Bitcoin mixer site Bitmixer.io to launder the cryptocurrency acquired while running The Real Deal.
“While living overseas, this defendant allegedly operated an illegal website that made hacking tools and login credentials available for purchase, including those for U.S. government agencies,” said U.S. Attorney Ryan K. Buchanan.
As the creator and vendor of the GovRAT malware [PDF] that his “clients” employed to penetrate U.S. government organizations, Kaye established a reputation for himself.
Using a flaky Mirai botnet malware variant, Kaye is notable for hijacking and unintentionally taking down over 900,000 routers on Deutsche Telekom’s network in late November 2016.
When a non-disclosed Liberian ISP hired Deutsche Telekom routers to launch DDoS assaults against its regional rivals, the routers were taken over to increase the firepower of the DDoS botnet.
Additionally, he promoted DDoS-for-hire renting services supported by a sizable botnet of more than 400,000 IoT devices infected with Mirai.
Kaye was detained by the UK’s National Crime Agency (NCA) in late February 2017 at a London airport after utilizing his Mirai to take over another 100,000 routers on the network of several UK ISPs (such as UK Postal Office, TalkTalk, and Kcom) and once more unintentionally shutting them down as well.
In accordance with the DOJ press release, Kaye was out of the country when the indictment was brought, and he agreed to be extradited from Cyprus to the United States in September 2022.