Federal legislation enforcement companies say they shut down a team of websites that manufactured above $19 million promoting Social Protection figures and other individual info.
A Justice Department press release yesterday declared “the seizure of the SSNDOB Marketplace, a collection of websites that operated for yrs and have been made use of to provide particular facts, which includes the names, dates of start, and Social Safety quantities belonging to persons in the United States.” SSNDOB seemingly operated for about a decade, and the Justice Department mentioned it outlined the particular details of about 24 million US people.
The announcement described how the SSNDOB procedure was operate:
The SSNDOB directors developed adverts on darkweb felony forums for the marketplace’s products and services, provided buyer assistance features, and often monitored the routines of the web-sites, including checking when purchasers deposited revenue into their accounts. The directors also employed several approaches to defend their anonymity and to thwart detection of their functions, together with working with on-line monikers that ended up distinct from their real identities, strategically retaining servers in various nations, and requiring purchasers to use digital payment approaches, these types of as bitcoin.
The seizure operation was led by the IRS and FBI, with the organizations functioning in “near cooperation with regulation enforcement authorities in Cyprus and Latvia.” On Tuesday, “seizure orders had been executed towards the domain names of the SSNDOB Market (ssndob.ws, ssndob.vip, ssndob.club, and blackjob.biz), proficiently ceasing the website’s operation,” the announcement said.
No arrests have been declared, but the push launch reported the US programs to conduct asset forfeiture as the investigation continues. The IRS claimed brokers “will go on to operate with the US and international legislation enforcement group to end these complex frauds, irrespective of where by the cash path potential customers them.”
The seized domains appear to be component of the same procedure as one in-depth by safety journalist Brian Krebs about 9 a long time ago. In September 2013, Krebs wrote that SSNDOB “has for the previous two a long time promoted alone on underground cybercrime boards as a dependable and economical support that clients can use to search up SSNs, birthdays and other personalized details on any US resident.” Krebs was swatted shortly just after one of his articles or blog posts on SSNDOB, which made use of the ssndob.ru domain at the time.
SSNDOB operators got their knowledge in aspect by infiltrating LexisNexis, Dun & Bradstreet, and Kroll Track record The us. Hackers utilized details from SSNDOB to attain control of Xbox Reside accounts held by some Microsoft workers, in accordance to a further Krebs report in 2013.
As security enterprise Sophos famous in a tale on yesterday’s shutdown, “an SSN isn’t going to actively discover you,” but “recognizing someone’s SSN (or the equal particular identifier in your region) is a excellent starting up issue if you might be an id thief, due to the fact it can frequently be blended with other personal information and facts to get past identity checks.”
SSNDOB was significant on bitcoin
Safety firm Chainanlysis, which markets “investigation software program that connects cryptocurrency transactions to real-entire world entities,” wrote that “SSNDOB’s Bitcoin payment processing process has been lively considering the fact that April 2015” and “has acquired almost $22 million really worth of Bitcoin throughout in excess of 100,000 transactions.”
“Potentially most fascinating of all even though is the activity we see involving SSNDOB and Joker’s Stash, a significant darknet current market focused on stolen credit score card facts and other PII that shut down in January 2021,” Chainanlysis wrote. “Involving December 2018 and June 2019, SSNDOB sent above $100,000 well worth of Bitcoin to Joker’s Stash, suggesting the two marketplaces may possibly have had some romance to just one a different, which includes maybe shared possession.”
Chainanlysis also wrote that the SSNDOB shutdown is “the most current in a string of darknet sector closures over the past calendar year. … About and above, illicit providers that embrace cryptocurrency have opened by themselves up to legislation enforcement scrutiny and been shut down, in substantial portion since of the inherent transparency of blockchains.”