Due to a collaborative effort by US officials and their colleagues in Cyprus, SSNDOB, which gathered and sold people’s names, Social Security numbers, and dates of birth, has been effectively taken offline. According to Bleeping Computer, the marketplace wasn’t your typical business — its illegal activity impacted about 24 million people in the United States alone.
Because of the scale of the operation, three federal departments worked together to shut down SSNDOB. The FBI, the IRS, and the Department of Justice were all involved in the investigation. The marketplace’s closure was also influenced by additional police help from Cyprus. According to the Department of Justice’s news release, the website’s operators amassed more than $19 million in “sales income.” “ssndob.ws,” “ssndob.vip,” “ssndob.club,” and “blackjob.biz” were among four domains confiscated that supplied hosting services for the whole SSNDOB marketplace.
Bleeping Computer explains how the SSNDOB marketplace’s operations have remained uncontrolled since 2015, citing how the websites successfully eluded DDoS assaults and law enforcement measures by providing many mirror sites. This is a typical practice on unauthorized websites like torrent sites and the like. Because there is always a new domain that may be visited, it is practically hard to target the fundamental activity underlying the websites using this strategy.
As a consequence, SSNDOB discovered that threat actors could acquire “social security numbers, dates of birth, and entire information about persons” mostly using Bitcoin, an unregulated currency that has grown popular among hackers. In certain situations, personal information about citizens of the United States was available for $0.50. The website also offered dates of birth for people who lived in the United Kingdom. According to Advanced Intel, a cybersecurity firm that spoke with Bleeping Computer about the situation, a major amount of the stolen data was obtained through hacking into healthcare and hospital systems and then used by cybercriminals to commit financial fraud.
In other news, blockchain analysis firm Chainalysis has explained how they uncovered $22 million in Bitcoin transactions coming straight to SSNDOB since April 2015. Certain Bitcoin payments were worth $100,000; as Bleeping Computer points out, this information demonstrates how thieves buy data in bulk.