FBI Seizes ‘SSNDOB’ ID Theft Service for Selling Personal Info of 24 Million People

An illicit online marketplace known as SSNDOB was taken
down in operation led by U.S. law enforcement agencies, the
Department of Justice (DoJ) announced Tuesday.

SSNDOB trafficked in personal information such as names, dates
of birth, credit card numbers, and Social Security numbers of about
24 million individuals in the U.S., generating its operators $19
million in sales revenue.

The action saw the seizure of several domains associated with
the marketplace — ssndob.ws, ssndob.vip, ssndob.club, and
blackjob.biz — in cooperation with authorities from Cyprus and
Latvia.

According to blockchain analytics firm Chainalysis^[1], SSNDOB’s Bitcoin
payment processing system has received nearly $22 million worth of
Bitcoin across over 100,000 transactions since April 2015.

Furthermore, bitcoin transfers to the tune of more than $100,000
have been unearthed between SSNDOB and Joker’s Stash^[2], another darknet market
that specialized in stolen credit card information and voluntarily
closed shop in January 2021, indicating a close relationship
between the two criminal storefronts.

“The SSNDOB administrators created advertisements on dark web
criminal forums for the Marketplace’s services, provided customer
support functions, and regularly monitored the activities of the
sites, including monitoring when purchasers deposited money into
their accounts,” the DoJ said^[3]
in a statement.

Additionally, the cybercriminal actors are said to have employed
tactics to conceal their true identities, including using anonymous
online profiles, maintaining servers in different countries, and
requiring potential buyers to use cryptocurrencies.

“Identity theft can have a devastating impact on a victim’s
long-term emotional and financial health,” said Darrell Waldon,
special agent in charge of IRS-CI Washington, D.C. Field Office.
“Taking down the SSNDOB website disrupted ID theft criminals and
helped millions of Americans whose personal information was
compromised.”

The takedown marks the continued ramping up of efforts on the
part of law enforcement agencies across the world to disrupt
malicious cyber activity.

Last week, Europol publicized the shut down of FluBot^[4]
Android banking trojan, while the Justice Department said it
seized three domains^[5]
used by cybercriminals to trade stolen personal information and
facilitate distributed denial-of-service (DDoS) attacks for
hire.

Earlier this year, the Federal Bureau of Investigation (FBI)
also neutralized a modular botnet dubbed Cyclops Blink^[6]
as well as dismantled RaidForums^[7], a hacking forum
notorious for selling access to hacked personal information
belonging to users.

In a related development, the U.S. Treasury Department also
sanctioned Hydra^[8]
after German law enforcement authorities disrupted the world’s
largest and longest-running dark web marketplace in April 2022.