beebright - stock.adobe.com

Slilpp marketplace goes dark following government takedown

Slilpp, a massive dark web emporium for buying and selling stolen credentials, has been pulled offline by an international law enforcement takedown.

One of the largest dark web marketplaces for buying and selling stolen account credentials is now offline, thanks to a massive effort from law enforcement agencies from across the globe.

The U.S. Department of Justice (DOJ) confirmed that the Tor-based market known as 'Slilpp' is, for the time being at least, no more. It is estimated that, at the time of its demise, Slilpp offered its users access to as many as 80 million accounts for an estimated 1,400 sites and services worldwide, making it likely one of, if not the biggest, such markets on the dark web.

"With today's coordinated disruption of the Slilpp marketplace, the FBI and our international partners sent a clear message to those who, as alleged, would steal and traffic in stolen identities: we will not allow cyber threats to go unchecked," said Channing Phillips, acting U.S. Attorney from the District of Columbia, in a DOJ announcement. "We applaud the efforts of the FBI and our international partners who contributed to the effort to mitigate this global threat."

While many of the accounts and credentials on the now-former Slilpp marketplace have likely been re-shared and made available on other dark web markets, getting the site offline could make it more difficult for cybercriminals to find, buy and sell credentials for everything from network intrusion and spear phishing attacks to account theft for online services and apps as well as banks.

The DOJ reckons that, at the time the service was pulled offline, Slilpp's criminal clientele had used the service to buy and sell account credentials causing as much as $200 million in damages and that "the full impact of Slilpp is not yet known."

As with most cybercrime marketplace takedowns, pulling Slilpp offline required a coordinated international effort; in this case, a number of law enforcement agencies in Europe were required in order to wipe out the various servers and domains used for the illicit market.

In addition to U.S. courts, the takedown included contributions from the Netherlands' National High Tech Crime Unit, the German Bundeskriminalamt, and the Romanian Directorate for the Investigation of Organized Crime and Terrorism.

"The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims," said Nicholas McQuaid, acting assistant Attorney General for the Justice Department's Criminal Division, in the DOJ statement.

"The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located."

While large-scale takedowns of markets and botnets across international lines are not an everyday occurrence, there have been notable efforts in recent years from both law enforcement and private technology firms. Earlier this year, an international law enforcement coalition knocked DarkMarket, believed to be one of the largest dark web markets, offline.

Last year, a team lead by Microsoft helped to remove the Necurs botnet from the internet, and in 2016 an unprecedented effort to that point helped to get the Mirai botnet removed.

Dig Deeper on Threats and vulnerabilities

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close