The US Department of Justice has shut down SSNDOB, a popular darknet marketplace for trading compromised Social Security Numbers, dates of birth, credit card numbers, and other sensitive personally identifiable information (PII).
Thought to possess the stolen PII of over 24 million Americans, SSNDOB operated using at least four related domains: "ssndob.ws," "ssndob.vip," "ssndob.club," and "blackjob.biz." It employed a series of complex tactics to avoid attacks from competitors and crackdowns by authorities.
The cybercriminals used bitcoin for payments and routed traffic through servers in Cyprus and Latvia, which meant the joint task force assigned to halt the operation, which included FBI and IRS agents, had to work closely with their European counterparts.
“Identity theft can have a devastating impact on a victim’s long-term emotional and financial health,” said Special Agent in Charge Darrell Waldon from the IRS. “Taking down the SSNDOB website disrupted ID theft criminals and helped millions of Americans whose personal information was compromised.”
According to blockchain analysis firm Chainalysis, SSNDOB started receiving bitcoin payments as early as 2015 and had revenue of over $22 million. Moreover, it seems to have had a close partnership with defunct darknet marketplace Joker Stash, to which it sent a payment of $100,000.
A Bleeping Computer investigation also revealed that much of the data SSNDOB had come from hospital data leaks.
Marketplaces like SSNDOB operate on the darknet and broker the buying and selling of personal information, usually acquired through data breaches and data leaks or directly stolen from the rightful owners. The data is then sold to other criminal groups that use it for identity theft, credit card fraud, forged documents, all kinds of scams, and even international terrorism.
For example, just by knowing your name and Social Security Number (SSN) a criminal can open a credit card or take out a loan, they can open a new phone account, can get medical care in your name, get a driver’s license, or even claim your tax refund.
Because much of the personal data linked to you can’t be changed or is very difficult to change (SSN number, date of birth, biometric data, address, name, etc) it’s always better to prevent data theft than to deal with its aftermath.
tags
Radu is a tech-geek with 15 years of experience in writing, journalism and copywriting. When he’s not writing he’s probably taking something apart, trying to figure out how things work.
View all postsNovember 14, 2024
September 06, 2024