The Federal Bureau of Investigation (FBI) and European law enforcement agencies have taken down the domains and infrastructure of Genesis Market, one of the world’s most prolific marketplaces for stolen credentials from malware infected computers belonging to consumers and businesses.
Law enforcement from 17 countries, including the U.K., Australia, Canada, Denmark, France, Italy, the Netherlands and Romania, assisted in the sting that included raids and other activities to smoke out the alleged cyber criminals. The website was reportedly located in Russia.
1.5 Million Computers Impacted
Genesis users are located all over the world. Since March 2018, Genesis has facilitated the sales of data stolen from more than 1.5 million computers, including login credentials associated with more than 80 million accounts, the DOJ said. Genesis offered for sale the type of access used by ransomware hijackers to attack computer networks, the DOJ said.
At this point, police have arrested 119 people in 17 countries, with 208 raids worldwide, officials said. U.S. Attorney General Merrick Garland said in a statement that 45 of 56 FBI field offices across the country were involved in the operation. Eleven domain names have been shuttered. A banner across Genesis’ site said domains belonging to the organization had been seized by the FBI.
Commenting on the case, Garland said:
“Our seizure of Genesis Market should serve as a warning to cyber criminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice."
Some of the arrests occurred in the U.S. but officials were hesitant to provide any details as the investigation is ongoing, CNN reported. Victims of Genesis incurred losses that “exceed tens of millions of dollars,” an FBI official said.
Operation Cookie Monster Successful
The surprise attack, dubbed Operation Cookie Monster, is a serious blow to the cybercriminal underground, which last year saw the Hydra Market takedown, the Emotet syndicate dismantled two years ago, and just last week witnessed the dismantling of BreachForums, a cyber apparatus boasting of some 340,000 members from which hackers could buy, sell and trade stolen materials from the sole operative.
At this point, the administrators of the marketplace have not been caught or identified. It seems clear that whoever is behind Genesis has successfully kept a low enough profile to duck attempts to apprehend them.
Unlike other dark web forums, Genesis operated as invitation-only crime forum on the open web. Account access credentials advertised for sale on Genesis included those connected to the financial sector, critical infrastructure, and federal, state, and local government agencies.
Europol said that the bots Genesis offered for sale that had infected victims’ systems were sold on the cheap, ranging from $.70 to hundreds of dollars for more valuable information.
"Upon purchase of such a bot, criminals would get access to all the data harvested by it such as fingerprints, cookies, saved logins and autofill form data," Europol said.