In a joint effort, the United States Attorney’s Office, the Internal Revenue Service (IRS), and the Federal Bureau of Investigation (FBI) announced the seizure of the SSNDOB Marketplace, a collection of websites that listed more than 20 million Americans’ Social Security Numbers. The domestic agencies, mostly based out of Florida, reportedly worked in close coordination with their law enforcement counterparts in Cyprus and Latvia to end the criminal enterprise.
According to Tuesday’s press release, SSNDOB administrators advertised on dark web criminal forums, provided customer support functions, and monitored the activities of the sites, including purchasers’ deposit of funds. The administrators, who the agencies did not say were in custody, were said to have employed various techniques to protect their identities by using monikers distinct from their real names, strategically using servers in various countries, and requiring buyers to use digital payment methods, such as bitcoin.
The SSNDOB Marketplace offered information including the names, dates of birth, and Social Security Numbers and has existed for years, the press release said. Approximately 24 million Americans’ information has shown up there, generating more than $19 million in sales.
In conjunction with the announcement, seizure orders against several domains, ssndob.ws, ssndob.vip, ssndob.club, and blackjob.biz, were executed, effectively ceasing their operation. Speaking about the shutdown, an IRS special agent commended the agencies for disrupting the identity theft criminals’ operations. The agent noted that it would help millions of Americans’ whose information was compromised and who, as victims of identity theft, often suffer serious financial and emotional hardship.
Data breaches are frequently the source of personally identifying information found on such dark web hubs, and are often the subject of lawsuits. Examples include the sprawling multidistrict suit against Equifax over a 2017 hack that leaked 147 million Americans’ information and resulted in a sizable settlement and criminal charges against four Chinese hackers. More recently, T-Mobile customers and prospective customers said that the wireless carrier failed to protect their information after a breach exposed the information of more than 75 million individuals.