A Cyber Crime group called Cyclosa Gang is believed yet to be active group in Cyber Crime. According to Symantec blog, the group has started an online identity theft store name SSNDOB service is believed to sell SSN, birth records, and credit card background reports of Americans. The price of such data ranges from 50 cents to $2.50 per record and if customers want to check credit and background position of any US citizen then it would cost from $5 to $15.
The Origin of SSNDOB:
The group behind this ID theft service is named Cyclosa Gang. They took control of the networks related numerous consumers, business data collectors and software development firms. Then cyber criminals place these data for sale. Cyclosa gang has breached many firms and Georgian government agency, and a bank. The owner of this gang named Armand Arturovich Ayakimyan, a 24-year-old man belonged to Abkhazia. The other members of Cyclosa gang were Tojava, JoTalbot, and DarkMessiah, who did numerous cyber crimes. Armand and Tojava have started SSNDOB with many technical features like SSN query scripts, search engine, etc. At the end of 2009, Armand registered SSNDOB’s initial domain with his real first and last name and his phone number. In the beginning of 2010, Armand officially open the SSNDOB website.
The setback of SSNDOB:
In 2013, a “Krebsonsecurity” exposed SSNDOB store in its investigation report, and after three days, Armand deleted his profile on European social network VK. However, the gang registered a new domain name for SSNDOB and compromised a computer of the Nigerian financial institution. It is believed that Cyclosa gang did not stop and they will continue to spread cyber attack in the upcoming years.
The Cyber Crime history of Cyclosa Gang:
Before forming Cyclosa gang, the owner Armand was involved in fraud, breached Australian Citizen’s financial data. In 2007, he registered an account on cyber crime forum and appealed other users to advise him about data theft through unsecure Wi-Fi connection. In 2008, Armand started to target UK and US citizens to make more money. He also explored the usage of remote access Trojan to steal data from compromised PCs.
In 2009, Armand with three main partners started Cyclosa gang. He did numbers of cyber crime range from malware based search engine optimization, pay per click scheme, and hijacking of chat accounts, Botnet traffic, and financial information. They also published 75,000 expired passports of Russian citizens for sale along with FTP accounts and “rights” to a compromised server. In 2010, the gang started SSNDOB store to sell personal data and SSN of American citizen. In 2012, they breached a US based credit union, a bank based at California, and Georgian government agency. In 2013, Cyclosa Gang stole data from data brokers and software development firms. Below is the infographic that shows the evolution of Cyclosa gang and the numbers of cyber crime they did.
The website named ssndob[dot]ms (referred to SSNDOB) is blocked now, which was an online identity theft service operated by underground cyber crime.