Federal law enforcement agencies say they shut down a group of websites that made over $19 million selling Social Security numbers and other personal data.
HAS Justice Department press release yesterday announced “the seizure of the SSNDOB Marketplace, a series of websites that operated for years and were used to sell personal information, including the names, dates of birth, and Social Security numbers belonging to individuals in the United States.” SSNDOB apparently operated for about a decade, and the Justice Department said it listed the personal information of about 24 million US residents.
The announcement described how the SSNDOB operation was run:
The SSNDOB administrators created advertisements on darkweb criminal forums for the marketplace’s services, provided customer support functions, and regularly monitored the activities of the sites, including monitoring when purchasers deposited money into their accounts. The administrators also employed various techniques to protect their anonymity and to thwart detection of their activities, including using online monikers that were distinct from their true identities, strategically maintaining servers in various countries, and requiring buyers to use digital payment methods, such as bitcoin.
The seizure operation was led by the IRS and FBI, with the agencies working in “close cooperation with law enforcement authorities in Cyprus and Latvia.” On Tuesday, “seizure orders were executed against the domain names of the SSNDOB Marketplace (ssndob.ws, ssndob.vip, ssndob.club, and blackjob.biz), effectively ceasing the website’s operation,” the announcement said.
No arrests were announced, but the press release said the US plans to conduct asset forfeiture as the investigation continues. The IRS said agents “will continue to work with the US and international law enforcement community to end these complex scams, regardless of where the money trail leads them.”
The seized domains seem to be part of the same operation as one detailed by security journalist Brian Krebs about nine years ago. In September 2013, Krebs wrote that SSNDOB “has for the past two years marketed itself on underground cybercrime forums as a reliable and affordable service that customers can use to look up SSNs, birthdays and other personal data on any US resident.” Krebs was swatted shortly after one of his articles on SSNDOB, which used the ssndob.ru domain at the time.
SSNDOB operators got their data in part by infiltrating LexisNexis, Dun & Bradstreet, and Kroll Background America. Hackers used data from SSNDOB to gain control of Xbox Live accounts held by some Microsoft employees, according to another Krebs report in 2013.
As security company Sophos noted in a story on yesterday’s shutdown, “an SSN doesn’t actively identify you,” but “knowing someone’s SSN (or the equivalent personal identifier in your country) is a good starting point if you’re an identity thief, because it can often be combined with other personal information to get past identity checks.”
SSNDOB was big on bitcoin
Security company Chainanlysis, which markets “investigation software that connects cryptocurrency transactions to real-world entities,” wrote that “SSNDOB’s Bitcoin payment processing system has been active since April 2015” and “has received nearly $22 million worth of Bitcoin across over 100,000 transactions.”
“Perhaps most interesting of all though is the activity we see between SSNDOB and Joker’s Stash, a large darknet market focused on stolen credit card information and other PII that shut down in January 2021,” Chainanlysis wrote. “Between December 2018 and June 2019, SSNDOB sent over $100,000 worth of Bitcoin to Joker’s Stash, suggesting the two markets may have had some relationship to one another, including possibly shared ownership.”
Chainanlysis also wrote that the SSNDOB shutdown is “the latest in a string of darknet market closures over the past year. … Over and over, illicit services that embrace cryptocurrency have opened themselves up to law enforcement scrutiny and been shut down, in large part because of the inherent transparency of blockchains.”