IRS And FBI Seize SSNDOB Marketplace Promoting Private Information Of 24M Americans
On: June 10, 2022
Yesterday, we reported on a knowledge breach at Shields Health Care Group that resulted within the theft of private data belong to 2 million Americans. Oftentimes, information stolen in breaches like this find yourself on on-line boards or marketplaces where cybercriminals purchase and promote these ill-gotten positive aspects. Lately, US legislation enforcement businesses, in collaboration with legislation enforcement businesses in different international locations, have carried out main operations with the aim of shutting down hubs of cybercriminal exercise.
The Federal Bureau of Investigation (FBI), the United States Secret Service, and the Department of Justice (DOJ) seized RaidForums again in April. According to the DOJ, RaidForums was house to “greater than 10 billion distinctive information for people residing within the United States and internationally.” Now, federal law enforcement has shut down SSNDOB Marketplace by seizing the domains of the website and its mirrors. The domains “ssndob.ws,” “ssndob.vip,” “ssndob.club,” and “blackjob.biz” now all display a notice informing visitors of the seizure.
The DOJ press release states that cybercriminals listed 24 million Americans’ personal information for sale on SSNDOB Marketplace, “generating more than $19 million USD in sales revenue.” According to Chainalysis, a blockchain investigation firm, almost $22 million in Bitcoin flowed to SSNDOB’s Bitcoin payment processing system since coming online in April 2015. Chainalysis’ investigation also reveals that $100,000 worth of Bitcoin moved from SSNDOB Marketplace to Joker’s Stash, which was a marketplace for stolen credit card and identity data that shut down in February 2021. This trail of money could be an indication that the two marketplaces were related in some way.
The FBI and Internal Revenue Service – Criminal Investigation (IRS-CI) Cyber Crimes Unit headed up the investigation that resulted in the seizure of SSNDOB Marketplace. The FBI and IRS-CI also had help from the DOJ and both Latvian and Cyprus police. According to the press release, the servers running the illegal website were distributed in various countries, presumably including Latvia and Cyprus.
The press release states that the seizure of all four domain names has effectively ceased the website’s operation. While a new website touting the SSNDOB name has appeared on a new domain, this new website isn’t necessarily connected with the old SSNDOB Marketplace. The new website may even be a trap set up by US law enforcement to collect information on cybercriminals. Hopefully, SSNDOB Marketplace is gone for good.