The US Department of Justice, FBI and Internal Revenue Services, with help from the Cyprus and Latvian law enforcement authorities, have taken down the SSNDOB marketplace, which was selling names, social security numbers and birthdates of around 24 million US citizens and had generated over $19 million in revenue.
The following four domains were seized:
The marketplace was operating with multiple sites acting as mirrors as a precaution against DDoS attacks and law enforcement actions. SSNDOB sold out information about US citizens for as low as $0.50, paid in Bitcoin. While British citizens’ birth dates were also sold on the marketplace, the primary targets were US citizens.
BleepingComputer reports via Advanced Intel that a significant amount of data sold on the marketplace came from healthcare and hospital data breaches. In turn, this information was used by other attackers to commit financial fraud mostly.
Chainanalysis released a report alongside the US Department of Justice’s press release stating that SSNDOB’s Bitcoin payment processing system has been active since April 2015. The service has received nearly $22 million worth of Bitcoin over 100,000 transactions.
These numbers come down to an average of $80 per individual purchase, which is in the ballpark for individual PII purchases. However, transfers as large as $100,000 worth of Bitcoin suggest that some threat actors might be buying data in bulk.
The firm also reported seeing activity between SSNDOB and Joker’s Stash, a darknet market focused on selling stolen credit card information and other PII, which shut down voluntarily in January 2021. While the link doesn’t prove anything concrete, it does suggest that the two markets might have some relationship or even shared ownership.