The US authorities have teamed up with police in Europe to dismantle a prolific underground marketplace, although its administrators remain at large.
SSNDOB made more than $19m from selling personally identifiable information (PII), including individuals’ names, dates of birth, email addresses, passwords, credit card numbers and Social Security numbers. Most of the victims listed on the site, around 24 million, are said to have been American.
The FBI and IRS teamed up with Latvian and Cyprus law enforcement authorities to execute seizure orders yesterday against multiple domains associated with the site: ssndob.ws, ssndob.vip, ssndob.club and blackjob.biz.
The business model of the marketplace was like that of many others: visitors paid cryptocurrency to its administrators in return for access to PII, which could then be used in follow-on phishing attacks, extortion and identity fraud.
As well as requiring users to pay for services in Bitcoin and Litecoin, SSNDOB’s admins used online pseudonyms and maintained servers in various countries in order to preserve their anonymity. As is the case with most cybercrime endeavors, time and money was spent on advertising on the dark web and providing customer support to users, according to the Department of Justice (DoJ).
“Identity theft can have a devastating impact on a victim’s long-term emotional and financial health. Taking down the SSNDOB website disrupted ID theft criminals and helped millions of Americans whose personal information was compromised,” said special agent in charge, Darrell Waldon, of the IRS-Criminal Investigation Washington, DC Field Office.
“Special agents with IRS-CI’s DC Cyber Crimes Unit will continue to work with the US and international law enforcement community to end these complex scams, regardless of where the money trail leads them.”
According to blockchain analytics company Chainalysis, the service received around $22m in Bitcoin since 2015 across 100,000 transactions, with some “power users” spending over $100,000 on bulk purchases of PII.
“Perhaps most interesting of all, though, is the activity we see between SSNDOB and Joker’s Stash, a large darknet market focused on stolen credit card information and other PII that shut down in January 2021,” Chainalysis explained.
“Between December 2018 and June 2019, SSNDOB sent over $100,000 worth of Bitcoin to Joker’s Stash, suggesting the two markets may have had some relationship to one another, including possibly shared ownership.”