The US Department of Justice announced today it seized the servers and domains of SlilPP, a well-known online marketplace where criminal groups assembled to trade stolen login credentials.

Before it was taken down today in a joint operation by law enforcement agencies from the US, Germany, the Netherlands, and Romania, SlilPP operated across multiple domains on the public internet and the dark web.

The portal had been live since 2012 and allowed anyone to register an account and then start buying or selling hijacked accounts.

Slilpp
Image: The Record

In a press release today, the DOJ said that across its nine-year history, the SlilPP portal sold more than 80 million login credentials from more than 1,400 companies.

According to a Recorded Future intelligence card, the site’s users often sold login credentials for accounts at PayPal, Wells Fargo, SunTrust, Amazon, Verizon Wireless, Xfinity, Walmart, but also credit cards from various banks.

“According to the affidavit, a fraction of the victimized account providers have calculated losses so far; based on limited existing victim reports, the stolen login credentials sold over Slilpp have been used to cause over $200 million in losses in the United States,” the DOJ said today.

“The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located,” said Acting Assistant Attorney General Nicholas McQuaid of the Justice Department’s Criminal Division.

Roman Y. Sannikov, Director of Cybercrime and Underground Intelligence at Recorded Future, described SlilPP as the “grandfather of all marketplaces.”

The portal marks the third online cybercrime marketplace specialized in selling login credentials that authorities took down in recent years after xDedic and Deer.io. xDedic sold RDP (remote desktop protocol) logins while Deer.io served as a Shopify-like platform for hosting shops for criminal groups.

Currently, the SlilPP homepage shows a typical DOJ & FBI seizure banner.

iprc_seized_banner
Image: The Record

administrator

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Freelance writer