A Ukrainian has been arrested and charged for running the (now defunct) fraudulent SSNDOB Marketplace. The individual played a pivotal role in the sale of approximately 24 million people’s personal data and earned upwards of $19 million for doing so. After a lengthy operation, he is now arrested and faces at least 15 years in prison.
SSNDOB Rise And Fall
Between November 2015 and June 7, 2022, Vitalii Chychasov and his partner Sergey Pugach ran a top-tier fraud shop website known as SSNDOB. The website changed domains on multiple occasions during its lifetime and primarily sold personal information, including names, dates of birth, Social Security numbers, etc. Almost all data belonged to United States citizens.
Hence the name SSNDOB [Social Security Number, Date of Birth]
The website was a massive success and sold information on atleast 24 million generating more than $19 million in sales revenue. A single hot wallet used by the pair received 989 bitcoin between August 2017 and October 2021. The website advertised itself heavily on various Darknet forums such as Dread and BreachForums, gaining popularity every step of the way.
By 2022, multiple alternative fraud and data shops had been seized or retired, making SSNDOB arguably the largest across the dark net. During its operation, the domain changed from BLACKJOB.BIZ to SSNDOB.CLUB, to SSNDOB.VIP, and finally, SSNDOB.WS until the FBI set its eyes on the website and captured its servers.
The IRS Criminal Investigation Cyber Crimes Unit worked with the FBI to take the websites down and found that its admin failed to keep their OPSEC in check during its initial stages.
“Identity theft can have a devastating impact on a victim’s long-term emotional and financial health. Taking down the SSNDOB website disrupted I.D. theft criminals and helped millions of Americans whose personal information was compromised,”
Special Agent in Charge Darrell Waldon, IRS-CI Washington, D.C. Field Office.
On June 7, 2022, seizure orders were executed against the domain names of the SSNDOB Marketplace, effectively ceasing the website’s operation. But the operation continued until they captured the duo behind the website.
“These seizures demonstrate the FBI’s strong working relationship with our international partners in disrupting malicious cyber activity. Dismantling illicit marketplaces that threaten the privacy and security of the American public is a priority of the FBI.”
FBI Tampa Special Agent in Charge David Walker.
Tracing Vitalii Chychasov
In May 2020, IRS-CBU and FBI purchased some data from SSNDOB.Club as a means to trace Bitcoin back to the website owners. After paying to an empty address, the investigations continued and were traced back to a rather large Bitcoin wallet. This particular wallet received over 989 bitcoin between August 2017 and October 2021.
This information was naturally quite valuable to the investigators. Now it was a matter of tracing what would happen to funds leaving the wallet. There’s no evidence to say that Chychasov used any Bitcoin cleaning services; this wallet would transfer 46 BTC to a single HitBTC account in over separate 19 transactions. The first of many OpSec failures.
The FBI acquired information on the HitBTC account from its administrators and linked it to a man named Vitalii Chychasov. Chychasov was kind enough to provide his Ukranian passport as KYC verification when opening the account.
This information alone wasn’t enough, though. The team needed concrete evidence to link Chychasov to SSNDOB.
The investigations led to other centralised exchanges Chychasov had accounts on. One particular account that stood out was his Bitfinex under the username “ramashka.” This Bitfinex received 53.6 BTC, which could be traced to the original wallet mentioned.
Chychasov registered the account with [email protected]. This was the evidence needed to take Chychasov away. It was the same email address used to register one of the first market domains created on November 4, 2015; SSNDOB.ws.
However, the final piece of the puzzle was put together when they found “ramashka’s” Jabber accounts linked to the SSNDOB server admin accounts ([email protected] and [email protected])
The SSNDOB servers were located at multiple data centres in Cyprus, Ukraine, Latvia, and Switzerland and contained dozens of compressed files containing the stolen personal information.
According to court documents, each of the files had the information of exactly one million individuals. In March 2022, while attempting to enter Hungary, Chychasov was arrested.
Verdict
On July 25, 2023, Vitalii Chychasov received a maximum penalty of 15 years in federal prison. In addition. Chychasov will forfeit the $5 million in sales revenue remaining.
“Stolen Social Security numbers can be used to commit a variety of frauds, including United States tax fraud, unemployment insurance fraud, loan fraud, credit card fraud, and the like. Investigators determined that a single buyer from the site used stolen personal identifying information that he purchased to steal and launder nearly $10 million.”
United States Attorney Roger B. Handberg
Hey there, I’m a dark web geek who’s been around for the last 8 years. More precisely, I’m livedarknet’s senior content writer who’s been writing about darknet marketplaces, tutorials, and cybersecurity stuff for educational purposes.