A cybersecurity firm has been carefully analyzing and researching different accounts related to a prominent hacker, whose activities negatively affected high-profile companies. The firm believes it knows the real identity of the cybercriminal involved in the heinous acts back in 2016.
The firm, Recorded Future, reports that the cybercriminal was a Russian male hacker known as Maksim Donakov. The data collected from different social media accounts that Donakov used clearly connected him to the renown dark web hacker, “tessa88.” It is a big contradiction to the previous report on the public domain which stated the hacker involved in the “tessa88” activities was a Russian female.
Back in 2016, when the hacker was very active, he gained a lot of attention when he tried to sell databases belonging to high-profile companies like Dropbox, LinkedIn, Twitter, Myspace and many more.
According to the report published by the cybersecurity firm, Donakov operated under different pseudonyms on the dark web underbelly. The firm also came to learn the hacker might have an assistant who helped him maintain the dark web “tessa88” account in a bid to help him remain anonymous on the online internet platform.
For some reasons, the dark web account “tessa88” did not stay online for a long time, as most darknet markets and forums banned its operation. By May 2016, the hacker went silent, and all his communications with the public social media ceased completely.
The firm also firmly believes that Donakov operated with different pseudonym accounts, like Paranoy777, Daykalif, and tarakan72511, to sell the high-profile databases on dark web platforms.
Tessa88 was reported to use a number of chat and email accounts to communicate with his customers. He also had a number of Jabber accounts that included tessa88@exploit(.)im, tessa88@xmpp(.)jp, mrfreeman777@xmpp(.)jp, and darksideglobal@exploit(.)im.
According to the firm, all the social media accounts used by the hacker shared a similar profile photo with that used in Maksim Donakov’s identity card. After the firm finalized their research, they concluded that the hacker began his activities back in 2012.
The firm also analyzed a number of digital fingerprints left behind by Donakov, through which they confirmed that he was a Russian national. The cybersecurity firm also had an anonymous source who confirmed that the hacker was a Russian national. Specifically, he was a resident of Penza, Russia, where he was born on July 2, 1989.
The hacker also sold personally identifiable information (PII) on the dark web belonging to different companies like Facebook and Twitter, which were compromised by a group of hackers called “Group E..” This “Group E.” was a gang of organized cybercriminals who compromised many system databases belonging to high profile companies and later sold them on the dark web to other hackers.
According to the report, “tessa88” and another hacker referred to as “Peace_of_Mind” agreed amongst themselves to share their respective stolen databases. It was a move made to see if they would reach more customers and therefore resonate a higher profit.
The hacker identified as “Peace_of_Mind” was also known as Peace on the darknet platforms, and he used to sell LinkedIn databases on the defunct darknet market, “TheRealDeal.” It was this data breach case that warranted his arrest by the Federal Bureau of Investigation in the Czech Republic. Since the hacker, Yevgeniy Nikulin, was a Russian citizen, a sort of tug-of-war occurred between the Russian and American government on who would incriminate him.
The American government wanted him extradited to their jurisdiction for the LinkedIn data breach case, while their Russian counterparts wanted him for what was alleged as the theft of $3,450 from WebMoney. The Russian government accused the Americans of playing political games in the case and not following the due process of the law.
The relationship between the two hackers did not last for long as their customers started complaining about the poor quality of the data sold to them. This led to their collaboration coming to an end as business could not run with such hostility.
It is a significant revelation for a cybercriminal to compromise so many personal details which ended up on dark web markets for sale.