Federal legislation enforcement businesses say they shut down a gaggle of internet sites that remodeled $19 million promoting Social Safety numbers and different private knowledge.
A Justice Department press release yesterday introduced “the seizure of the SSNDOB Market, a collection of internet sites that operated for years and had been used to promote private data, together with the names, dates of delivery, and Social Safety numbers belonging to people in the USA.” SSNDOB apparently operated for a couple of decade, and the Justice Division stated it listed the private data of about 24 million US residents.
The announcement described how the SSNDOB operation was run:
The SSNDOB directors created commercials on darkweb prison boards for {the marketplace}’s providers, offered buyer help capabilities, and recurrently monitored the actions of the websites, together with monitoring when purchasers deposited cash into their accounts. The directors additionally employed numerous strategies to guard their anonymity and to thwart detection of their actions, together with utilizing on-line monikers that had been distinct from their true identities, strategically sustaining servers in numerous nations, and requiring patrons to make use of digital fee strategies, reminiscent of bitcoin.
Seizure orders
The seizure operation was led by the IRS and FBI, with the businesses working in “shut cooperation with legislation enforcement authorities in Cyprus and Latvia.” On Tuesday, “seizure orders had been executed towards the domains of the SSNDOB Market (ssndob.ws, ssndob.vip, ssndob.membership, and blackjob.biz), successfully ceasing the web site’s operation,” the announcement stated.
No arrests had been introduced, however the press launch stated the US plans to conduct asset forfeiture because the investigation continues. The IRS stated brokers “will proceed to work with the US and worldwide legislation enforcement neighborhood to finish these complicated scams, no matter the place the cash path leads them.”
The seized domains appear to be a part of the identical operation as one detailed by safety journalist Brian Krebs about 9 years in the past. In September 2013, Krebs wrote that SSNDOB “has for the previous two years marketed itself on underground cybercrime boards as a dependable and inexpensive service that clients can use to lookup SSNs, birthdays and different private knowledge on any US resident.” Krebs was swatted shortly after considered one of his articles on SSNDOB, which used the ssndob.ru area on the time.
SSNDOB operators received their knowledge partially by infiltrating LexisNexis, Dun & Bradstreet, and Kroll Background America. Hackers used knowledge from SSNDOB to achieve management of Xbox Stay accounts held by some Microsoft workers, in accordance with another Krebs report in 2013.
As safety firm Sophos famous in a story on yesterday’s shutdown, “an SSN would not actively determine you,” however “realizing somebody’s SSN (or the equal private identifier in your nation) is an efficient place to begin when you’re an id thief, as a result of it might probably usually be mixed with different private data to get previous id checks.”
SSNDOB was massive on bitcoin
Safety firm Chainanlysis, which markets “investigation software program that connects cryptocurrency transactions to real-world entities,” wrote that “SSNDOB’s Bitcoin fee processing system has been lively since April 2015” and “has obtained almost $22 million value of Bitcoin throughout over 100,000 transactions.”
“Maybe most fascinating of all although is the exercise we see between SSNDOB and Joker’s Stash, a big darknet market centered on stolen bank card data and different PII that shut down in January 2021,” Chainanlysis wrote. “Between December 2018 and June 2019, SSNDOB despatched over $100,000 value of Bitcoin to Joker’s Stash, suggesting the 2 markets might have had some relationship to at least one one other, together with probably shared possession.”
Chainanlysis additionally wrote that the SSNDOB shutdown is “the most recent in a string of darknet market closures over the previous 12 months. … Again and again, illicit providers that embrace cryptocurrency have opened themselves as much as legislation enforcement scrutiny and been shut down, largely due to the inherent transparency of blockchains.”