A coalition of international law enforcement agencies, including the FBI, has disrupted the operations of Slilpp, which is considered the largest underground criminal marketplace for stolen credentials.
The marketplace has been in operation since at least 2021, and the Justice Department alleges that the stolen credentials sold on the site have caused more than $200 million in losses to victims in the United States alone. Working with law enforcement agencies in Germany, the Netherlands, and Romania, the FBI identified servers that hosted the Slilpp infrastructure and domains, and then seized them. More than a dozen people have been charged or arrested by law enforcement in the U.S.
“The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located.”
The Slilpp marketplace was one of a number of similar sites that allow users to buy and sell login credentials for a variety of different account types, such as banks, payment systems, and mobile phone providers. The Justice Department said at the time of the disruption, there were more than 1,400 sets of credentials for sale on the site. Cybercrime marketplaces like Slilpp have been around for about as long as the web has existed, and they often don’t last very long before law enforcement takes notice. But many marketplaces will disappear and then pop up again in a different guise a few weeks later.
The Internet is awash in stolen credentials, username and passwords dumped after data breaches, stolen in targeted attacks, or gathered in other ways. Some of those credential sets aren’t valid for long, as users change passwords if they’re notified of a breach of compromise. But plenty of them remain useful long enough for criminals to access the affected account and take advantage of it.
“American identities are not for sale,” said Assistant Director in Charge Steven M. D’Antuono of the FBI Washington Field Office. “The FBI remains committed to working with our international partners to dismantle global cyber threats.”
This has been a nig week for the FBI’s anti-cybercrime efforts. In addition to the Slilpp disruption, on Monday the bureau announced that it had seized about $2.3 million of the $4.4 million ransom that the Colonial Pipeline Co. had paid after an intrusion by DarkSide ransomware actors.