Web marketing

Feds raid dark web market where data of 24 Americans was sold

US law enforcement shut down another dark web market, seizing and taking down SSNDOB, a site dealing with stolen personal information.

Led by the Criminal Investigation Division of the IRS, the DOJ and the FBI, the investigation took control of four of SSNDOB’s domains, hampering its ability to generate money. Agents said it has grossed over $19 million since it went live in 2015.

SSNDOB Affiliate Websites Grab Banner

Identity as a service

Prior to the takedown, SSNDOB reportedly had 24 million individual records available for purchase, which it regularly advertised on dark web forums. Personal identifying information available on SSNDOB included email addresses, passwords, credit card numbers, SSNs and more.

The team behind SSNDOB also offered customer support, indicating that it was, at a minimum, somewhat sophisticated. “Administrators also used various techniques to protect their anonymity…including using online nicknames separate from their true identities, strategically maintaining servers in various countries, and requiring buyers to use payment methods. digital devices, such as bitcoin,” the Department of Justice said. in a report.

Due to the international nature of the SSNDOB, Latvian and Cypriot police were also involved in the operation.

Chainalysis released its own report on the SSNDOB investigation that found a link between SSNDOB and Joker’s Stash, a dark web marketplace that migrated to blockchain hosting to avoid law enforcement action.

Between late 2018 and mid-2019, Chainalysis said, SSNDOB sent over $100,000 worth of Bitcoin to wallets associated with Joker’s Stash “suggesting the two markets may have had a relationship with each other, including possibly shared ownership”.

Joker’s Stash voluntarily closed in early 2021.

SSNDOB’s shutdown marks another in a string of dark web seizures over the past year. Hydra, one of the oldest dark web marketplaces, recently faced a coordinated effort by US and German law enforcement that took it offline and resulted in the seizure of $25 million in Bitcoin.

“Identity theft can have a devastating impact on a victim’s long-term emotional and financial health. The removal of the SSNDOB website has disrupted identity thieves and helped millions of Americans whose personal information has been compromised. been compromised,” said Special Agent in Charge Darrell Waldon, IRS-CI local office in Washington, DC.

Has SSNDOB really disappeared?

Trying to visit any of the four sites seized by the DOJ during its raid results in landing on a page with a banner message that the site has been seized, and the other three just won’t connect or deceive. Doing a search for SSNDOB reveals that it’s not exactly gone, however: a .com address with the same name, offering what appear to be the same services, is still live and operational.

An attempt to create a .com account was successful with no errors and searches yielded positive results. It is unclear, however, whether the site is affiliated with the SSNDOB sites seized by the DOJ.

A whois search of the seized sites and the still-functioning .com shows several different registrars as well as redacted or obviously false information. Nicenic International Group, a Hong Kong-based domain provider, is listed as the registrar of one of the closed sites, as well as .com. However, a DOJ spokesperson said The register that the .com site “is not known to be related to the sites we entered”. ®