back to article Admin of $19M marketplace that sold social security numbers gets 8 years in jail

A Ukrainian national is facing an eight year prison sentence for running an online marketplace that sold the personal data of approximately 24 million US citizens. Vitalii Chychasov, 37, was sentenced on Tuesday after pleading guilty to conspiracy to commit access device fraud and trafficking in unauthorized access devices. In …

  1. Doctor Syntax Silver badge

    Perhaps it would be worth setting and publicising a standard tariff, say 1 day inside for each record sold. That way there'd be no expectation of just getting a few years. Just work out your life expectancy, what's the maximum proportion of that you're prepared to spend and set the maximum number you'll sell based on that. Making that calculation might give even those who think they'll never get caught have a few sobering moments.

    1. Michael Wojcik Silver badge

      Even if the operators are rationalists — and my guess is they aren't, because actually making life choices rationally carries high cognitive and affective load — I doubt that calculation works. Most operators are never brought to trial, so probable risk is low; and these behaviors indicate a risk-friendly personality in the first place.

      Also, isn't the present carceral state bad enough? Frankly, I think it's unethical to advocate for longer sentences without significant prison reform first.

  2. Anonymous Coward
    Anonymous Coward

    > A Ukrainian national is

    > Attempting to enter Hungary at the time, Chychasov was arrested in March 2022

    > US in July 2022, a month after SSNDOB was shut down by US, Latvian, and Cypriot authorities.

    Well, that was one fortunate side effect of Putins invasion then.

    Maybe our criminal mastermind should not have picked on US nationals thinking he was safe and beyond reach.

  3. Hanin Elias
    Facepalm

    10 years?

    It took them 10 years to stop this guy?

    1. ecofeco Silver badge

      Re: 10 years?

      D you know just how underfunded most U.S. watchdog agencies are?

      And care to guess why?

  4. Kev99 Silver badge

    According to the Social Security Act of 1934, the director of the social security administration was to create a method to identify beneficiaries of the social security benefits. Nowhere did the Act say the system was to be used for anything else. Yet, the SSN is still used by everyone and his brother to identify people for reasons completely unrelated to social security, and the federal government is one of the biggest culprits. At least Medicare switched an unfathomable string of letters and numbers a few years ago. Too bad all this entities using the SSN can't be held liable.

    1. Michael Wojcik Silver badge

      This is a myth — or more precisely, the implication that the situation established by SSA 1934 remains in force is a myth.

      See for example the Background section of the FTC's 2008 report on the use of SSNs in private industry, which notes:

      Many SSN uses have also been legally mandated. The Internal Revenue Service (“IRS”), for example, requires private sector entities, including banks, insurance companies, and employers, to collect SSNs for income and tax-related purposes....

      There appears to be broad consensus [among the experts consulted by the Commission] that the use of the SSN as an identifier – to match individuals to information about them both within an organization and between organizations – is prevalent and, in many contexts, beneficial.

      The report concludes that while SSN use in private business has been a major contributor to identify theft, it's too late to "put the genie back in the bottle" and instead urges better protection of SSN data by businesses.

      Of course numerous other groups and individuals have long campaigned for eliminating uses of SSNs not required by law (or with the force of law by empowered regulatory agencies and the like), and it's difficult not to sympathize with them, though we do have the problem of legitimate, consumer-serving business coordination without the use of SSNs.

  5. ecofeco Silver badge

    Call me crazy

    But maybe companies requiring SS numbers from customers should be outlawed.

    1. doublelayer Silver badge

      Re: Call me crazy

      And instead they will use what? They want something that uniquely identifies people. If they can't use that number, they'll find something else, and chances are that won't be any harder to compromise. If you ban them from using every government-issued identifier, then you'll probably see them come up with a private identifier that, in practice, everyone will have to register for because employers and financial institutions will demand it. I'm not supporting this number or the similar ones used in various other countries, but if we're going to ask for its replacement, we may want to have some idea of what we make them replace it with before they decide on their own.

      1. Dave@Home

        Re: Call me crazy

        Well we manage to operate over here without handing over our National Insurance number to anyone but our employers

    2. Michael Wojcik Silver badge

      Re: Call me crazy

      The FTC formed a commission to look into this in 2008 and deemed it infeasible. See my post in another thread.

      You may not be crazy, but apparently you didn't bother doing any research before you made that suggestion. Tip: Whatever bright idea you have for reforming things, it's possible other people have considered it already.

  6. Anonymous Coward
    Anonymous Coward

    What to do with seized domain?

    How about keep it running for a bit, but with bogus SSNs DOBs, etc., and continue to charge criminals in bitcoin for access? Then that money can be returned to some of the victims.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like