A Ukrainian man, Vitalii Chychasov, has pleaded guilty in the United States to conspiracy to commit access device fraud and trafficking in unauthorized access devices through the now-shutdown SSNDOB Marketplace.
The man was the administrator of the SSNDOB Marketplace, a series of websites that sold sensitive personal information of people in the United States, including their full names, dates of birth, and Social Security Numbers (SSNs).
A law enforcement operation led to the seizure of the marketplace domains on June 7th, 2022. Before that, the SSNDOB platform listed and sold the personal details of 24 million people, generating a sales revenue of over $19,000,000.
“Stolen Social Security numbers can be used to commit a variety of frauds, including United States tax fraud, unemployment insurance fraud, loan fraud, credit card fraud, and the like,” reads the U.S. DoJ announcement.
“Investigators determined that a single buyer from the site used stolen personal identifying information that he purchased to steal and launder nearly $10 million.”
Chychasov was arrested in March 2022 while he attempted to enter Hungary and was subsequently extradited to the U.S. in July 2022.
Along with the guilty plea, the man also agreed to hand over the domains “blackjob.biz”, “ssndob.club”, and “ssndob.vip”, which were used for committing the offenses.
A second SSNDOB administrator, Sergey Pugach, was also arrested in May 2022.
The U.S. authorities identified the two admins thanks to an investigation led by the cybercrime unit of the IRS and the FBI, and assisted by the U.S. DoJ and the authorities in Latvia and Cyprus.
Court documents reveal that the admins promoted SSNDOB via advertisements they created on various sites on the dark web, such as other cybercrime marketplaces and hacker forums.
To prevent the authorities from identifying them, the administrators only accepted payments in hard-to-trace cryptocurrency and maintained servers for the website in strategically selected locations across the globe.
Chychasov now faces a maximum imprisonment penalty of 15 years and has also agreed to forfeit the amount of $5,000,000, that are the estimated crime proceeds.
Source: https://www.bleepingcomputer.com/news/security/ssndob-cybercrime-market-admin-faces-15-years-after-pleading-guilty/