The FBI has busted a major online criminal database selling millions of user details

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)

The Federal Bureau of Investigation (FBI) has taken down an underground marketplace that was used to sell personally identifiable information on US citizens.

Together with the Department of Justice (DoJ), the Internal Revenue Service (IRS), and the police force of Cyprus, the law enforcement agency seized the servers belonging to SSNDOB, the marketplace that allegedly hosted enough information to steal the identities of 24 million American citizens.

The information included names, dates of birth, and Social Security numbers, and could be acquired for bitcoin.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Four different domains were taken, the agencies said, including ssndob.ws, ssndob.vip, ssndob.club, and blackjob.biz. Apparently, the site has had multiple “mirrors” to help with potential distributed denial of service (DDoS) attacks. The operation brought its owners $19 million in revenue, the DoJ said in a press release, despite the fact that a set of data cost as little as $0.50.

Chainalysis, a blockchain analysis firm, says that it tracked $22 million in bitcoin paid to SSNDOB since April 2015, and that some people were buying the data in bulk, spending as much as $100,000 at a time. They would use the acquired data to mount stage-two attacks, or distribute viruses, sometimes against the people whose identities were stolen, and sometimes against third parties.

Speaking to BleepingComputer, cybersecurity firm Advanced Intel said the data was gotten through data breaches in the healthcare industry. 

The researchers had also discovered that SSNDOB was somehow linked to Joker’s Stash, the longest-running stolen payment card shop that terminated its services early last year. 

The company said that between December 2018, and June 2019, SSNDOB sent more than $100,000 worth of bitcoin to Joker’s Stash. 

Joker’s Stash did shut down on its own, the publication reminds, but the fact remains that it was under immense pressure from law enforcement agencies, Covid-19 disruptions, and eroding quality.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.