He just needs/ask for a provider/registrar that don't close the domain on first absue Email about cybercrime/fraud on domain.
Like: Abuse E-Mail "Yo, there is fraud and hardcore carding content von watwat.su."
Answer registrar 1: "OMG, WTF, instant close domain and holders account."
Answer registrar 2: "We don't care, GTFO." (Or the just ignore mail, heh.)
So he searches for registrar type 2 ones. Basiclly known/trusted fraud/offshore hosters, where he can get .su domain. (Like these small operations selling normally VPS, Dedis and Co to fraudsters.)