The United States Department of Justice has announced a major takedown of a criminal marketplace that traded Personally Identifiable Information (PII). Not just any old marketplace; this was a major, years-long operation with several failsafes to prevent permanent takedown. It took quite the assortment of law enforcement worldwide to shut this one down for good.

SSNDOB (Social Security Number, Date of Birth) marketplace was seized as the result of an international operation involving the FBI, Department of Justice, the IRS, and authorities in both Latvia and Cyprus.

A big underground business

According to the press release, the ring of sites associated with SSNDOB:

…were used to sell personal information, including the names, dates of birth, and Social Security numbers belonging to individuals in the United States. The SSNDOB Marketplace has listed the personal information for approximately 24 million individuals in the United States, generating more than $19 million USD in sales revenue.

Social Security numbers are hugely popular on underground portals. They’re frequently cheap to buy, stolen in large numbers, and can be bundled with other documents such as passport, driver’s licence, email, and more.

SSNDOB attempted to ward off a permanent shut down by spreading the data across four different URLs. As Bleeping Computer notes, this is one tactic to get around attempts to shut down the service. DDoS attacks from rivals are common, so several domains working together keeps things ticking over. Shutdowns generally via abuse reports or law enforcement raids are also less of a threat as a result.

SSNDOB advertised its services on dark web forums and offered customer support for buyers. Digital payment methods such as Bitcoin were used to preserve the operator’s anonymity.

The Bitcoin boon

According to research from Chainalysis, SSNDOB received “$22 million worth of Bitcoin across over 100,000 transactions” since 2015. We’ve noted the gradual emergence of Bitcoin ATMs in scams previously; here, cryptocurrency ATMs are more popular as a payment method to SSNDOB than other dubious online services.

Chainalysis also notes a potential connection between SSNDOB and another dark web market trading in credit cards which called it quits in 2021. Joker’s Stash, trading since 2014, received more than $100,000 in Bitcoin from SSNDOB.

The threat of stolen PII

Once your data is out there, you can’t get it back. Criminals will make use of it however they can to make money. You run the risk of being targeted for spear phishing, or having your personal information used for fraudulent applications.

Data breaches are so common that multiple services exist to check if you’ve been impacted. Password reuse is one big reason for credential stuffing (using stolen data across additional sites) being so popular. One breach taking your login from a gaming forum can quickly become something that exposes Government service logins or bank accounts. The data exposure risk creeps ever upwards and one small mistake can have severe consequences.

Tips for locking down after an SSN breach

This is a great result for law enforcement, but still a drop in the ocean of underground sales portals. If you’re a victim of Social Security number fraud, there are some steps you can take according to Experian:

Stay safe out there!