International law enforcement agencies led by the FBI have taken over a sprawling dark web marketplace popular with cybercriminals, where stolen passwords have been sold for $1 each, officials announced Wednesday.
The pirate online bazaar, known as Market Genesis, was taken over in a multinational campaign dubbed “Operation Cookie Monster” after the site specialized in stolen digital fingerprints, known as cookies.
According to the FBI, Genesis Market offered access to stolen data from more than 1.5 million hacked computers around the world, containing more than 80 million account access credentials.
The stolen data included passwords for services such as online banking, Facebook, Amazon, PayPal and Netflix, as well as digital fingerprints that criminals can exploit to bypass online security checks by spoofing a victim’s device.
In coordinated raids around the world, more than 200 searches were carried out and some 120 people were arrested, including 24 arrests in and around the British town of Grimsby, UK law enforcement officials said.
A senior FBI official told DailyMail.com that suspects have also been arrested within the United States in connection with the bust, but did not provide details on the number of arrests or charges.
Visitors to the Genesis Marketplace today are greeted by this removed splash page
The FBI official said that the total estimated losses of the victims of the hacker market amounted to tens of millions of dollars.
Genesis Market users relied on stolen credentials to commit a wide range of frauds, the person said, including identity theft targeting individuals and large-scale ransomware attacks on businesses and other organizations.
“These criminal marketplaces are services that facilitate cybercrime globally, and enable cybercriminal actors to conduct operations against public and private organizations around the world,” the official said.
The US Treasury called Genesis Market “one of the largest illicit markets in the world” in a statement announcing full sanctions against the site.
“Today’s removal of the Genesis Marketplace is evidence of the FBI’s commitment to disrupting and dismantling key services that criminals use to facilitate cybercrime,” FBI Director Christopher Wray said in a statement.
Officials said the investigation into Genesis is ongoing. US Department of Justice Deputy Attorney General Lisa Monaco said in a statement that several users of the forum had been arrested around the world.
The raid on Genesis follows similar US-led enforcement action last year against other pirate marketplaces on the dark web, including Hydra Market and BreachForums.
But experts warn that pirate gangs are often slippery, and similar markets often re-emerge.
“Unfortunately, when you remove one of these sites, it creates a void that others can quickly fill,” Adrianus Warmenhoven, a cybersecurity expert at NordVPN, told DailyMail.com.
Warmenhoven said the Genesis takeover was “a step in the right direction to clamp down on bot markets, but there is a long way to go if the goal is to crack down on the illegal trade in identities on the Internet”.
Genesis was run by a group of hackers, senior officials at the Department of Justice say, who run sophisticated malware that infected millions of users around the world to collect their data.
The marketplace essentially sold subscriptions to compromised computer systems, allowing users to access stolen credentials at will, even if the victim updated their passwords.
“Today’s removal of the Genesis Marketplace is evidence of the FBI’s commitment to disrupting and dismantling key services that criminals use to facilitate cybercrime,” said Christopher Wray, FBI Director (file photo).
Britain’s National Crime Agency said Genesis sold stolen credentials from US$0.70 to up to hundreds of dollars a piece, depending on the available stolen data.
The personal data displayed included account logins, passwords, cookies, search history, and auto-fill form data to enable the scammers to build up a detailed picture of their prey.
Those who wanted to use Genesis could only join by invitation from a former founding member, but these referrals were also available for sale online.
The market could be found using normal internet search engines, as well as on the dark web, and users were given step-by-step instructions on how to purchase stolen details and how to use them in scams.
The site contained easy-to-follow instructions telling offenders how to disguise themselves as their victim, and circumvent banking systems that require biometric data.
It even advised how to buy bitcoin to avoid law enforcement tracking transactions.
Offenders were also able to infiltrate victims’ computers to install covert malware that notified them in real time if their target had changed their passwords.
The agency said 17 countries took part in the operation, which was led by the FBI and the Dutch National Police.
A banner was posted on the Genesis Market website late Tuesday that said the FBI had seized domains belonging to the organization.
Logos of other European, Canadian and Australian police organizations have also been placed across the site, along with those of cybersecurity company Qintel.
Police and NCA arrest a British suspect in connection with the criminal Genesis Market website
The FBI and Dutch police forces led the operation and 17 others, including the UK’s National Crime Agency, made 24 arrests in and around Grimsby.
Contact information for Genesis Market administrators wasn’t immediately clear.
The FBI seemed eager to get information about the site’s owners as well, saying in a notice of the site’s takeover that anyone who had been in contact with them should “email us, we’re interested.”
Genesis specializes in selling digital products, especially “browser fingerprints” taken from computers infected with malware, said Louise Verrett, an analyst at British cybersecurity firm Searchlight Cyber.
Since these fingerprints often include credentials, cookies, IP addresses, and other browser or operating system details, criminals can use them to bypass anti-fraud solutions such as multi-factor authentication or device fingerprinting.
“To get up and work on this, you just have to know the location, and potentially being able to get yourself an invite, given the amount of users, probably wouldn’t be particularly hard,” said Will Lane, NCA’s chief of cyber intelligence.
“Once you become a user, it’s really easy… to commit criminal activity.”
The agency said that the countries participating in the investigation also included Australia, Canada, Denmark, Estonia, Finland, France, Germany, Iceland, Italy, New Zealand, Poland, Romania, Spain, Sweden and Switzerland.
Officials said the Genesis website has been active since 2018.
software company Netasia He had warned about the site two years earlier and wrote a report on its dangers.
“Although it is largely illegal, its operations are professionally run and even user friendly,” she said.
The Genesis Marketplace includes terms and conditions, frequently asked questions, utility software, and even a support desk with a ticket system for customer inquiries.
“Aladdin’s Cave of criminally obtained data is growing at an alarming rate,” the report warned.
People can check if they are victims by visiting this Database created by the Dutch authorities.
