Federal law enforcement agencies say they have shut down a group of websites that made more than $19 million selling Social Security numbers and other personal data.
One Ministry of Justice press release yesterday announced “the seizure of the SSNDOB Marketplace, a series of websites that operated for many years and used to sell personal information, including the names, dates of birth, and Social Security numbers of individuals in USA.” SSNDOB has apparently been in business for about a decade, and the Justice Department says it has listed the personal information of about 24 million US residents.
The message describes how to operate SSNDOB:
SSNDOB administrators created ads on darkweb crime forums for marketplace services, provided customer support functions, and regularly monitored website activities, including monitoring. when buyers deposit money into their accounts. Administrators also use various techniques to protect their anonymity and prevent detection of their activities, including using online aliases that differ from their real identities. strategically maintain servers in different countries and require buyers to use digital payment methods, such as bitcoin.
The seizure operation was directed by the IRS and the FBI, with the coordinating agencies “working closely with law enforcement agencies in Cyprus and Latvia.” On Tuesday, “foreclosures were made against the SSNDOB Marketplace domains (ssndob.ws, ssndob.vip, ssndob.club and blackjob.biz), causing the site to be down,” the notice said. know.
No arrests have been announced, but the press release said the US plans to conduct asset seizures as the investigation continues. The IRS said agents “will continue to work with the US and international law enforcement communities to end these complex scams, no matter where their monetization trail leads.”
The seized domains appear to be part of an operation similar to one detailed by security journalist Brian Krebs about nine years ago. In September 2013, Krebs write that SSNDOB” for the past two years has been marketing on underground cybercrime forums as a reliable and affordable service that customers can use to look up their SSN, date of birth and other personal data. any resident of the United States.” Krebs is Drunk right after one of his articles on SSNDOB, using the ssndob.ru domain at the time.
SSNDOB operators received their data in part by Intrusion LexisNexis, Dun & Bradstreet, and Kroll Background America. Hackers used data from SSNDOB to gain control of Xbox Live accounts held by some Microsoft employees, according to the report. another report by Krebs in 2013.
As security firm Sophos noted in a story as of yesterday, “SSN does not actively identify you” but “knowing someone’s SSN (or equivalent personal identification number in your country) is a good starting point if you’re a thief identity, as it can often be combined with other personal information to pass identity checks.”
SSNDOB big success thanks to bitcoin
Security firm Chainanlysis, which markets “investigative software that connects cryptocurrency transactions to real-world entities,” Written that “SSNDOB’s Bitcoin payment processing system has been in operation since April 2015” and “has received nearly $22 million worth of Bitcoin in over 100,000 transactions.”
“Perhaps the most interesting thing is the activity we’ve seen between SSNDOB and Joker’s Stash, a vast darknet marketplace focused on stolen credit card information and other PII. Turn off in January 2021, “Chainanlysis writes.” Between December 2018 and June 2019, SSNDOB sent over $100,000 in Bitcoin to Joker’s Stash, suggesting the two markets may have some relationship to each other, including joint ownership. “
Chainanlysis also writes that the SSNDOB outage is “the latest in a series darknet market closed in the last year. … Over and over again, illicit services including cryptocurrencies have opened themselves up to law enforcement scrutiny and been shut down, in large part due to the inherent transparency of these services. blockchain. “