IRS And FBI Seize SSNDOB Marketplace Selling Personal Info Of 24M Americans
Yesterday, we reported on a data breach
at Shields Health Care Group that resulted in the theft of personal information belong to 2 million Americans. Oftentimes, data stolen in breaches
like this end up on online forums or marketplaces where cybercriminals buy and sell these ill-gotten gains. Lately, US law enforcement agencies, in collaboration with law enforcement agencies in other countries, have conducted major operations with the goal of shutting down hubs of cybercriminal activity.
The Federal Bureau of Investigation (FBI), the United States Secret Service, and the Department of Justice (DOJ) seized RaidForums
back in April. According to the DOJ, RaidForums was home to “more than 10 billion unique records for individuals residing in the United States and internationally." Now, federal law enforcement has shut down SSNDOB Marketplace by seizing the domains of the website and its mirrors. The domains “ssndob.ws,” “ssndob.vip,” “ssndob.club,” and “blackjob.biz” now all display a notice informing visitors of the seizure.
The landing page of SSNDOB Marketplace before the seizure
The DOJ press release states that cybercriminals listed 24 million Americans’ personal information for sale on SSNDOB Marketplace, “generating more than $19 million USD in sales revenue.” According to Chainalysis, a blockchain investigation firm, almost $22 million in Bitcoin flowed to SSNDOB’s Bitcoin payment processing system since coming online in April 2015. Chainalysis’ investigation also reveals that $100,000 worth of Bitcoin moved from SSNDOB Marketplace to Joker’s Stash, which was a marketplace for stolen credit card and identity data that shut down in February 2021. This trail of money could be an indication that the two marketplaces were related in some way.
The FBI and Internal Revenue Service - Criminal Investigation (IRS-CI) Cyber Crimes Unit headed up the investigation that resulted in the seizure of SSNDOB Marketplace. The FBI and IRS-CI also had help from the DOJ and both Latvian and Cyprus police. According to the press release, the servers running the illegal website were distributed in various countries, presumably including Latvia and Cyprus.
New SSNDOB website (source: ISMG)
states that the seizure of all four domain names has effectively ceased the website’s operation. While a new website touting the SSNDOB name has appeared on a new domain, this new website isn’t necessarily connected with the old SSNDOB Marketplace. The new website may even be a trap set up by US law enforcement to collect information on cybercriminals. Hopefully, SSNDOB Marketplace is gone for good.