Security news that informs and inspires

Law Enforcement Seizes Cybercriminal Marketplace That Sold PII


The Department of Justice has seized the SSNDOB marketplace, which is a series of websites used for years to sell personal information of 24 million U.S. citizens, including their names, dates of birth, passwords, credit card numbers and social security numbers.

U.S. authorities worked as part of an international operation - in coordination with law enforcement in Cyprus and Latvia - to dismantle and seize the infrastructure used by the SSNDOB marketplace, including domain names ssndob[.]ws, ssndob[.]vip, ssndob[.]club and blackjob[.]biz.

“Identity theft can have a devastating impact on a victim’s long-term emotional and financial health,” said Darrell Waldon, special agent in charge with the IRS-CI Washington, D.C. Field Office in a Tuesday statement. “Taking down the SSNDOB website disrupted ID theft criminals and helped millions of Americans whose personal information was compromised.”

When they used SSNDOB, buyers were able to browse available PII by country in order to search for specific names and characteristics. The DoJ said the SSNDOB administrators would advertise the website services on darkweb cybercriminal forums and provide customer support functions to website users. The administrators of the site also used various tactics to thwart detection of their activities, including using online monikors, maintaining their servers in various countries and requiring buyers to use bitcoin and other digital payment methods. Overall, the series of websites generated more than $19 million in sales revenues, according to the DoJ.

“Services like SSNDOB enable several different kinds of digital fraud by giving cybercriminals access to stolen PII."

According to Chainalysis, cybercriminals who purchased this information could then use it for a number of malicious purposes, including to conduct phishing attacks and scam campaigns and to create fraudulent online identities.

“Services like SSNDOB enable several different kinds of digital fraud by giving cybercriminals access to stolen PII,” according to Chainalysis researchers. “Not only can this stolen information be exploited to target victims for scamming, it can also be used by cybercriminals to set up online accounts that can’t be traced back to them, which can then form the backbone of other cybercriminal schemes.”

Researchers with Chainalysis also noted that between December 2018 and June 2019 SSNDOB sent over $100,000 in bitcoin to the darknet market Joker’s Stash, also known to sell PII, “suggesting the two markets may have had some relationship to one another, including possibly shared ownership.”

The SSNDOB takedown is the latest in a string of law enforcement crackdowns on illicit platforms used to sell personal data. In April, the DoJ announced the dismantling of Hydra Market, the largest Russian-speaking darknet marketplace, while in 2021 the Slilpp marketplace, DarkMarket and Joker’s Stash were all shut down.

“These closures show that cryptocurrency is far from the anonymous, crime-friendly mode of exchange it’s been characterized as in the past,” according to Chainalysis. “Over and over, illicit services that embrace cryptocurrency have opened themselves up to law enforcement scrutiny and been shut down, in large part because of the inherent transparency of blockchains.”