Who Built The ID Theft Service SSNDOB.ru?

[Turk.]

By Brian Krebs 27 March 2014

The administration page of ssndob[dot]ru. Note the logged in user, ssndob@ssa.gov, is the administrator.

Last summer, ssndob[dot]ru (hereafter referred to as ?SSNDOB?) was compromised by multiple attackers, its own database plundered. A copy of the SSNDOB database was exhaustively reviewed by KrebsOnSecurity.com. The database shows that the site?s 1,300 customers have spent hundreds of thousands of dollars looking up SSNs, birthdays, drivers license records, and obtaining unauthorized credit and background reports on more than four million Americans.

Private messages and postings on various crime forums show that the service offered at ssndob[dot]ru was originally registered in 2009 at a domain called ssndob-search.info. A historic records lookup purchased from domaintools.com shows that ssndob-search was first registered to an Armand Ayakimyan from Apsheronsk, Russia. This registrant used the email address lxg89@rambler.ru.
I created the following mind map to keep track of various identities and contact addresses apparently used by Ayakimyan over the years.

As I mentioned at the top of this post, sometime in 2013, SSNDOB was hacked ? its entire store of four million consumer records plundered (these were merely the records that customers of SSNDOB had paid the service to look up). According to information obtained by KrebsOnSecurity, the database and service was compromised by the same group of young American hackers responsible for launching exposed[dot]su, a site erected to leak the personal data of celebrities and public figures, including First Lady Michelle Obama, then-director of the FBI Robert Mueller, and U.S. Attorney General Eric Holder, among many others (see screen shot below).

Exposed[dot]su was built with the help of identity information obtained and/or stolen from ssndob[dot]ru.

Full Article