International attack on ‘world’s largest fraudster’s paradise’ stealing YOUR passwords: criminal ‘online market’ where hackers sell banking, eBay, Amazon and Facebook logins for as little as $1 is shut down. How to find out if you are targeted
- Genesis Market was taken offline during an international police raid
- Multinational crackdown nicknamed ‘Operation Cookie Monster’
- Authorities have created a database to check for compromised credentials
International law enforcement agencies seized a sprawling dark web marketplace popular with cybercriminals, where stolen passwords were sold for as little as $1 each.
The criminal cyber bazaar known as Genesis Market was seized in a multinational crackdown dubbed “Operation Cookie Monster,” Britain’s National Crime Agency (NCA) said on Wednesday.
“We believe the Genesis is one of the most important entry markets in the world,” said Rob Jones, the NCA’s Director General of Threat Leadership.
The NCA estimated that the service hosted about 80 million credentials and digital fingerprints stolen from more than two million people.
A banner plastered on the Genesis Market site late Tuesday said that domains belonging to the organization had been seized by the FBI.
Visitors to the Genesis marketplace today are greeted by this post-removal splash page
Logos from other European, Canadian and Australian police organizations were also featured on the site, along with those of cybersecurity company Qintel.
The NCA said 17 countries were involved in the operation, which was led by the FBI and the Dutch National Police and had resulted in about 120 arrests, more than 200 house searches and nearly 100 “preventative activities.”
Qintel did not immediately return messages requesting comment, and Reuters was unable to immediately locate the contact details of Genesis Market administrators.
The FBI also seemed eager to get information on them, saying in the notice of seizure that anyone who had been in contact with them should “email us, we’re interested.”
Genesis specialized in selling digital products, specifically “browser fingerprints” collected from computers infected with malicious software, said Louise Ferrett, an analyst at British cybersecurity firm Searchlight Cyber.
Because those fingerprints often contain credentials, cookies, Internet protocol addresses and other browser or operating system data, they can be used by criminals to evade anti-fraud solutions such as multi-factor authentication or device fingerprinting, she said.
The site has been active since 2018.
Police and the NCA arrest a British suspect in connection with the criminal Genesis Market site
The operation was led by the FBI and Dutch police and 17 other countries, including the UK’s National Crime Agency, who made 24 arrests in and around Grimsby
The NCA said Genesis had operated by selling credentials from as little as 70 cents and even hundreds of dollars, depending on the stolen data available.
“To get started with this, you just need to know the site, possibly be able to get yourself an invite, which probably wouldn’t be particularly difficult given the number of users,” said Will Lyne, NCA Head of Cyber Intelligence.
“Once you’re a user, it’s very easy to… commit criminal activity.”
The NCA said countries involved in the investigation also included Australia, Canada, Denmark, Estonia, Finland, France, Germany, Iceland, Italy, New Zealand, Poland, Romania, Spain, Sweden and Switzerland.
People can check if they were a victim by visiting a database created by the Dutch authorities.
Developing story, more to come.