Hacker who attacked Deutsche Telekom in 2016 is accused of running The Real Deal marketplace

This week, the US Department of Justice indicted British hacker Daniel Kaye, alleging that he ran the now defunct dark web marketplace The Real Deal.

According to law enforcement, 34-year-old Kaye (also known as Bestbuy, Spdrman, Popopret, UserL0ser, and so on) ran the underground marketplace from early 2015 to November 2016, that is, until The Real Deal closed.

The platform sold a variety of illegal goods and services, ranging from stolen US government credentials and hacking tools to drugs and weapons.

Let me remind you that we also reported that US Authorities Announced the Arrest of a Ukrainian Who Developed Raccoon Malware.

According to court documents, The Real Deal contained credentials for systems owned by the National Aeronautics and Space Administration (NASA), the US Navy, the National Oceanic and Atmospheric Administration (NOAA), the US Centers for Disease Control and Prevention (US CDC) and the United States Postal Service (USPS).

It is also reported that Kaye allegedly traded Twitter and Linked accounts, and also colluded with the famous hacker TheDarkOverlord (to sell stolen social security numbers).

According to investigators, Kaye laundered the profits from The Real Deal using the service, hiding his illegal income from law enforcement agencies.

It must be said that Kaye began his hacking activity a long time ago, first as a developer and seller of the GovRAT malware, which his customer’s used to hack government agencies in the United States. However, he did not “famous” for this at all. In 2016, Kaie was one of many hackers who downloaded the source code for the notorious Mirai IoT malware after it was made public. As a result, he carried out an attack on the major ISP Deutsche Telekom, and everything did not go according to plan.

I note that the attack on Deutsche Telekom, which was organized by Kaye, took place in the fall of 2016 and was just one of the links in the chain of powerful attacks behind which was the Mirai botnet, known to experts under the identifier Botnet#14. At the end of 2016, the same BestBuy botnet carried out attacks on the equipment of providers Eircom, TalkTalk, UK Postal Office and KCOM.

As a result, Kaya managed not only to create a powerful botnet, but also to attract the close attention of law enforcement agencies, as he used a bugged version of Mirai. The fact is that as a result of his attacks, more than 900,000 Deutsche Telekom routers failed, and then the situation repeated itself with the equipment of Postal Office, TalkTalk and Kcom providers, due to which about 100,000 more users lost their connection.

Worse, the hacker was later accused of attacks on ISP Lonestar MTN in the small African state of Liberia. This attack was ordered by one of Lonestar MTN’s competitors, however, in this case, the hacker seriously overdid it, and due to the ensuing attack, Liberia actually lost access to the Internet.

As a result, in 2017, Kaye was arrested at a London airport, after which he was handed over to the German authorities. In Germany, DDoS’er received a suspended sentence, but the matter was not limited to this. After that, he was handed over to law enforcement officers in the UK, as another trial was awaiting him there, and in 2019, the British court still sentenced the hacker to two years and eight months in prison.

Currently, Kaye is already at large. According to a press release from the US Department of Justice, the hacker was abroad at the time of the new charges, but in September 2022 he agreed to be extradited from Cyprus to the United States.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button