A Cyber Crime group called Cyclosa Gang is believed yet to be an active group in Cyber Crime. According to Symantec blog, the group has started an online identity theft store name SSNDOB service is believed to sell SSN, birth records, and credit card background reports of Americans. The price of such data ranges from 50 cents to $2.50 per record and if customers want to check the credit and background-position of any US citizen then it would cost from $5 to $15.
The Origin of SSNDOB:
The group behind this ID theft service is named Cyclosa Gang. They took control of the networks related to numerous consumers, business data collectors and software development firms. Then cyber criminals place these data for sale. Cyclosa gang has breached many firms and Georgian government agency, and a bank. The owner of this gang named Armand Arturovich Ayakimyan, a 24-year-old man belonged to Abkhazia. The other members of the Cyclosa gang were Tojava, JoTalbot, and DarkMessiah, who did numerous cybercrimes. Armand and Tojava have started SSNDOB with many technical features like SSN query scripts, search engines, etc. At the end of 2009, Armand registered SSNDOB’s initial domain with his real first and last name and his phone number. At the beginning of 2010, Armand officially opens the SSNDOB website.
The setback of SSNDOB:
In 2013, a “Krebsonsecurity” exposed SSNDOB store in its investigation report, and after three days, Armand deleted his profile on European social network VK. However, the gang registered a new domain name for SSNDOB and compromised a computer of the Nigerian financial institution. It is believed that the Cyclosa gang did not stop and they will continue to spread cyber attacks in the upcoming years.
The Cyber Crime history of Cyclosa Gang:
Before forming the Cyclosa gang, the owner Armand was involved in fraud, breached Australian Citizen’s financial data. In 2007, he registered an account on the cybercrime forum and appealed to other users to advise him about data theft through an unsecured Wi-Fi connection. In 2008, Armand started to target UK and US citizens to make more money. He also explored the usage of remote access Trojan to steal data from compromised PCs.
In 2009, Armand with three main partners started the Cyclosa gang. He did a number of cybercrime range from malware-based search engine optimization, pay per click scheme, and the hijacking of chat accounts, Botnet traffic, and financial information. They also published 75,000 expired passports of Russian citizens for sale along with FTP accounts and “rights” to a compromised server. In 2010, the gang started the SSNDOB store to sell personal data and SSN of American citizens. In 2012, they breached a US-based credit union, a bank based in California, and a Georgian government agency. In 2013, Cyclosa Gang stole data from data brokers and software development firms. Below is the infographic that shows the evolution of the Cyclosa gang and the numbers of cybercrime they did.
The website named ssndob[dot]ms (referred to SSNDOB) is blocked now, which was an online identity theft service operated by underground cybercrime.