Security firm says identity of renowned hacker is Russian national

A security firm on Tuesday revealed the alleged identity of a renowned hacker who sought to sell high-profile corporate databases online in 2016.

Recorded Future in a blog post claimed their findings "strongly suggest" that a Russian hacker known as Maksim Donakov is behind the alias "tessa88." The allegation challenges the previously common-held belief that the individual is a woman.

ADVERTISEMENT

The hacker garnered attention for trying to sell databases for companies such as Myspace, Dropbox, LinkedIn, Twitter and others starting in early 2016. 

The firm's findings say Donakov, who operated under multiple different monikers on the dark web, could have also tapped an accomplice to help maintain and monitor the tessa88 account, who continues to remain anonymous. But either way, their research indicates he is involved. 

"In either scenario, we firmly believe that Donakov Maksim has directly benefited from the sales of compromised databases and should be viewed as the main actor," the firm wrote in a blog post.

Recorded Future says tessa88 emerged in early 2016, offering to sell the databases from a list of companies. The account, however, went dark within a short time period after it got banned from a series of black market web communities.

"Within several months of incredibly active public engagement, the hacker's personas were banned from almost every dark web community for various reasons, and by May of 2016, tessa88 entirely ceased all communications with the media and public alike," according to the report, citing allegations of fraudulent activities on these forums.

The firm believes Donakov created this particular alias to serve as an account "specifically to sell high-profile databases," but that he operated under a series of other monikers including Paranoy777, Daykalif and tarakan72511.

"All share similar social media photos that are nearly identical to a passport photo of Maksim Donakov, who is the individual behind Paranoy777," according to the firm, which says Donakov likely began his career as a criminal hacker as early as 2012.

Citing multiple digital fingerprints that tied back to Donakov — as well as anonymous sources confirming the Russian national is real, the firm reached the conclusion that the Russian is a resident of Penza and that he was born on July 2, 1989.

"Insikt Group assesses with a high degree of confidence that tessa88 is one of many monikers created by Maksim Donakov to sell high-profile databases on underground criminal forums," the firm's research team writes.