DOJ, FBI shut down marketplace for stolen Social Security numbers

The Justice Department, IRS and FBI seized and shut down a popular marketplace used by cybercriminals to buy stolen Social Security numbers and other sensitive personal information.

The SSNDOB Marketplace — which the DOJ said generated more than $19 million in sales revenue — was shut down in coordination with law enforcement agencies in Cyprus and Latvia. 

Seizure orders were executed against several domains associated with SSNDOB including ssndob.ws, ssndob.vip, ssndob.club, and blackjob.biz. 

The DOJ said the site has listed the information for more than 24 million people living in the U.S. 

“Identity theft can have a devastating impact on a victim’s long-term emotional and financial health,” said FBI Special Agent in Charge Darrell Waldon, IRS-CI Washington, D.C. Field Office. “Taking down the SSNDOB website disrupted ID theft criminals and helped millions of Americans whose personal information was compromised.”

The people behind SSNDOB advertised their site’s services in several other darkweb forums frequented by other cybercriminals. 

According to the DOJ, the administrators of the site offered support to their customers and went to great lengths to conceal their identities, using servers in various countries and requiring payment in cryptocurrencies like Bitcoin. 

“The theft and misuse of personal information is not only criminal but can have a catastrophic impact on individuals for years to come,” U.S. Attorney Roger Handberg said. 

Blockchain analysis firm Chainalysis said that in addition to Social Security numbers, the site also carried email addresses, passwords and credit card numbers. The site also had ties to other popular stolen credential marketplaces like Joker’s Stash, a large darknet market that offered stolen credit card information and other information before it was was shut down January 2021.

From December 2018 and June 2019, Chainalysis said SSNDOB "sent over $100,000 worth of Bitcoin to Joker’s Stash, suggesting the two markets may have had some relationship to one another, including possibly shared ownership."

The company added that SSNDOB's Bitcoin payment processing system has been active since 2015, and received nearly $22 million of Bitcoin over 100,000 transactions.

"Most funds sent to SSNDOB have come from centralized and P2P cryptocurrency exchanges, as well as other services. Interestingly, roughly 10% of funds sent to SSNDOB have come from cryptocurrency ATMs, a higher proportion than we typically see for most services, including darknet markets and other illicit providers," Chainalysis said.

The takedown of SSNDOB is one of several conducted by the DOJ and other international law enforcement agencies in recent months as countries seek to limit the sale of sensitive personal information stolen during data breaches. 

Last week, Europol announced that it coordinated with nearly a dozen countries to take down the operation behind the prolific Android malware FluBot and in April, U.S. and European law enforcement authorities seized popular hacking marketplace RaidForums. 

A Brooklyn resident was sentenced to four years in federal prison two weeks ago after pleading guilty to being an integral member of the Infraud Organization, a cybercrime cartel that stole over four million credit and debit card numbers and cost victims more than $568 million dollars.