Notorious hacker Daniel Kaye arraigned for allegedly running dark web marketplace

The U.S. Justice Department on Wednesday arraigned a notorious hacker for alleged connections to The Real Deal, a dark web market that sold hacking tools and stolen login credentials for U.S. government computers.

U.K. national Daniel Kaye is accused of operating the platform and facilitating the sale of stolen information – including bank account and credit card details, as well as other personal information; illegal drugs; weapons; botnets; computer hacking tools; and credentials for social media accounts. He previously served more than two-and-a-half years in a British prison for perpetrating a devastating distributed denial-of-service (DDoS) attack on Liberia, among other crimes.

U.S. Attorney for the Northern District of Georgia Ryan K. Buchanan said the 34-year-old allegedly ran the site while living overseas and organized it under categories like “Exploit Code,” “Counterfeits,” “Drugs,” “Fraud & More, “Government Data,” and “Weapons.” 

Vendors could make pages and get ratings based on the quality of what they sold. The Justice Department said the site featured login credentials for computers at the U.S. Navy, Centers for Disease Control and Prevention, U.S. Postal Service, National Aeronautics and Space Administration and National Oceanic and Atmospheric Administration.

According to the indictment, Kaye himself acquired and sold Social Security numbers as well as “15 or more stolen login credentials for Twitter and LinkedIn.”

Kaye allegedly laundered cryptocurrency generated through this grift through He is facing five counts of access device fraud, one count of money laundering conspiracy and several others related to hacking violations. 

The Justice Department noted that Kaye “consented to his extradition from Cyprus to the United States” in September 2022. 

The German Bundeskriminalamt, United Kingdom National Crime Agency and several law enforcement agencies in Cyprus helped investigate Kaye. 

Kaye is most well known for his devastating DDoS attack against the country of Liberia in October 2016. 

Using the Mirai Botnet, Kaye was able to overwhelm the network of Liberian service provider Lonestar, cutting off internet for half the country and crippling banks, hospitals and schools. 

He was eventually arrested in February 2017 while trying to flee London to Cyprus and has faced charges in several countries over his use of DDoS attacks for hire.

Kaye was initially arrested and extradited to Germany, where he faced charges for crashing hundreds of Deutsche Telekom routers. He was given a suspended sentence by German authorities

He eventually spent 32 months in prison after pleading guilty to charges from the U.K.’s National Crime Agency related to the attacks on Liberia. 

He was also accused of masterminding damaging attacks on Lloyds and Barclay banks but ultimately was released in early 2020. 

Several notable security researchers have had run-ins with Kaye. Brian Krebs has argued that Kaye – using the hacker names ‘bestbuy’ and ‘popopret’ – sold a virus called GovRAT that targeted devices used by U.S. government agencies. 

Kaye allegedly personally launched attacks against prominent British security researchers ​​Marcus Hutchins and Kevin Beaumont after they began to investigate his use of the Mirai botnet. Hutchins said Wednesday on Twitter that Kaye attacked his personal website with an attack “so large that someone from my DNS provider reached out to ask wtf.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.