Contents:
A global law enforcement crackdown, dubbed Operation Cookie Monster, has led to the take down of one of the world’s biggest criminal marketplaces used by online fraudsters to buy passwords – Genesis Market.
An FBI-led operation involving more than a dozen international partners seized Genesis Market on Tuesday, scuttling one of the most significant online criminal platforms. From fraud to ransomware, Genesis served as a one-stop shop for criminals, selling stolen credentials and the tools to weaponize them.
Working across 45 of our FBI Field Offices and alongside our international partners, the Justice Department has launched an unprecedented takedown of a major criminal marketplace that enabled cybercriminals to victimize individuals, businesses, and governments around the world. Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice.
Attorney General Merrick B. Garland – Source
What Was Genesis Market?
Genesis Market was known as one of the most dangerous marketplaces selling stolen account credentials to hackers worldwide. Unlike its competitors, such as Russian Market or 2easy Shop, Genesis Market provided criminals with access to bots or “browser fingerprints” that allowed them to impersonate victims’ web browsers – including IP addresses, session cookies, operating system information, and plugins.
According to Europol, upon purchasing of such a bot, threat actors would get access to all the data harvested by it such as fingerprints, cookies, saved logins and autofill form data. This information was collected in real time – the buyers would be notified of any change of passwords, etc.
A bot could cost as little as USD 0.70 up to hundreds of dollars depending on the amount and nature of the stolen data. The most expensive would contain financial information allowing access to online banking accounts. Buyers were provided with a custom browser that would mimic the browser of their victim. With this, the criminals managed to access their victim’s account without triggering any security measures on the platform where the account was located.
It was also accessible on the open web but obscured from law enforcement by an invitation-only veil, unlike other criminal marketplaces. Due to its accessibility and low prices, it became a popular resource among hackers as a result of its low entry barriers.
Law Enforcement Response
Law enforcement agencies around the world were part of the coordinated raids. According to BBC, the UK’s National Crime Agency (NCA) arrested 24 people suspected to have used the site.
On top of that, agencies from 17 countries were involved in the raids, which took place on Tuesday. The operation was led by the FBI in the US and the Dutch National Police, working alongside the NCA in the UK, the Australian Federal Police, and countries across Europe. Following a raid on a suspected cybercriminal that used Genesis Market, the Romanian Police seized more than $200.000 in cash and over 9 kilograms of gold.
Globally, 200 searches were carried out and 120 people were arrested.
On Wednesday, anyone logging onto the Genesis website could read the following message: “Operation Cookie Monster. This website has been seized.”
Commenting on this operation, the Head of Europol’s European Cybercrime Centre, Edvardas Šileris, said:
Through the combined efforts of all the law enforcement authorities involved, we have severely disrupted the criminal cyber ecosystem by removing one of its key enablers. With victims located across the globe, the strong relationships with our international partners were critical in the success of this case.
By the time of the operation, the market had more than 1.5 million bot listings representing more than 2 million identities, with one victim lost almost EUR 70,000 when a Genesis Market customer used his digital identity to make various online purchases.
Was Your Data Stolen?
With over 1.5 million listings on Genesis Market, chances are that your credentials have already ended up for sale.
The Dutch Police has developed a portal to check whether your information has been compromised. Visit https://www.politie.nl/checkyourhack and fill in your email address to control whether it is part of a Genesis Market leak.
Read more about the steps you can follow in Europol`s statement here.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.