U.S. law enforcement have announced the takedown of SSNDOB, a notorious marketplace used for trading the personal information — including Social Security numbers, or SSNs — of millions of Americans.
The operation was conducted by the FBI, the Internal Revenue Service (IRS) and the Department of Justice (DOJ), with help from the Cyprus Police, to seize four domains hosting the SSNDOB marketplace — ssndob.ws, ssndob.vip, ssndob.club and blackjob.biz.
SSNDOB listed the personal information for approximately 24 million individuals in the United States, including names, dates of birth, SSNs and credit card numbers and generated more than $19 million in revenue, according to the DOJ. Chainalysis, a blockchain analysis company, reports separately that the marketplace has received nearly $22 million worth of Bitcoin across over 100,000 transactions since April 2015, though the marketplace is believed to have been active since at least 2013.
These figures suggest that some users were buying personally identifiable information from the service in bulk, according to Chainalysis, which also uncovered a connection between SSNDOB and Joker's Stash, a large dark net market focused on stolen credit card information that shut down in January 2021.
The operators of SSDOB are said to have employed various techniques to protect their anonymity and to thwart detection of their activities, including using online monikers that were distinct from their true identities and strategically maintaining servers in various countries, the DOJ said.
“Identity theft can have a devastating impact on a victim’s long-term emotional and financial health. Taking down the SSNDOB website disrupted ID theft criminals and helped millions of Americans whose personal information was compromised,” said Darrell Waldon, the special agent in charge of the IRS' criminal investigation field office in Washington, D.C.
The seizure of SSNDOB’s infrastructure marks the continued ramping up of efforts by law enforcement to disrupt malicious cyber activity. Last week, Europol announced the shut down of FluBot, an Android trojan that steals online banking information, while the DOJ said it seized three domains used by cybercriminals to trade stolen personal information and facilitate distributed denial-of-service (DDoS) attacks for hire.