A Ukrainian national is facing an eight year prison sentence for running an online marketplace that sold the personal data of approximately 24 million US citizens.
Vitalii Chychasov, 37, was sentenced on Tuesday after pleading guilty to conspiracy to commit access device fraud and trafficking in unauthorized access devices. In addition to the prison sentence he will forfeit $5 million in assets, the proceeds of fraud, and his control of the various marketplace domains.
Attempting to enter Hungary at the time, Chychasov was arrested in March 2022 for running the SSNDOB Marketplace, which stands for “social security number, date of birth” and operated over various domains including blackjob.biz, ssndob.club, ssndob.vip, and ssndob.ws.
He was later extradited to the US in July 2022, a month after SSNDOB was shut down by US, Latvian, and Cypriot authorities.
The SSNDOB Marketplace dates back more than a decade and was operating as early as 2013, then on the domain ssndob.ru.
At the time, full records (fulls), which included full names, addresses, phone numbers, dates of birth (DoB), and social security numbers (SSNs) were sold for $0.50 per individual. If these “fulls” were located by DoB, they cost $1, and if they were located by ZIP code, they cost $1.50.
Consumer credit reports were also available for a loftier $15, as were background reports for $12, and driver’s license records for $4.
The research, led by infosec investigative journalist Brian Krebs at the time, suggested that the criminals had access to at least five different systems at US-based consumer and business data aggregators. These allegedly included Lexis-Nexis, Dun & Bradstreet, and Kroll Background America.
US authorities estimate that SSNDOB alone has generated more than $19 million in sales over the source of its operation.
“According to court records, Chychasov and other marketplace administrators advertised on dark web criminal forums for the marketplace’s services, provided customer support functions, and regularly monitored the activities of the sites, including monitoring when purchasers deposited money into their accounts,” said the US Attorney’s Office, Middle District of Florida.
“The administrators also employed various techniques to protect their anonymity and to thwart detection of their activities, including strategically maintaining servers in various countries, and requiring buyers to use digital payment methods.”
SSNs were bought from the marketplace and used to commit various types of fraud: Tax fraud, unemployment insurance fraud, loan fraud, and credit card fraud.
One buyer, authorities noted, used the stolen personal data to steal and later launder a sum close to $10 million.
SSNDOB saw particular success during the COVID-19 pandemic, a time when the US established a number of initiatives to issue relief funds to both individuals and businesses under financial strain.
“Identity theft can have a devastating impact on a victim’s long-term emotional and financial health,” said Special Agent in Charge Darrell Waldon, IRS-CI Washington, D.C. Field Office at the time of the takedown. “Taking down the SSNDOB website disrupted ID theft criminals and helped millions of Americans whose personal information was compromised.”
As reported by El Reg when SSNDOB was shuttered, connection attempts to all four of Chychasov’s domains were either denied or met with the authorities’ seizure notice.
Yet, then and still to this day, the SSNDOB brand continues to live on through what appear to be copycat sites. Domains for ssndob.pro, ssndob.rg, and ssndob24.com are still alive and accepting new accounts but their legitimacy is unknown; those we tested require a minimum deposit of $20 to begin searching their records.
The Justice Department previously said, however, these copycats aren’t believed to be related to the SSNDOB operation administered by Chychasov. ®