Law enforcement agencies from multiple countries, including the Federal Bureau of Investigation, have seized a sprawling dark web marketplace popular with cybercriminals, arresting dozens, the United Kingdom’s National Crime Agency (NCA) said Wednesday, in an operation called by the FBI “Operation Cookie”. Sample”.
British authorities said 17 countries were involved in the operation, led by the FBI and Dutch police, which resulted in about 120 arrests, more than 200 house searches and nearly 100 “preventive activities”.
Genesis Market, an online forum, hosted about 80 million credentials and digital fingerprints stolen from more than two million people, the NCA estimated.
“We believe the Genesis is one of the most important entry markets in the world,” said Rob Jones, the NCA’s director general for threat leadership.
Deputy Attorney General of the US Department of Justice Lisa Monaco said in a statement that many of the forum’s users were arrested Tuesday. A senior FBI official said arrests had been made in the US, but declined to provide further details. The investigation into Genesis is still ongoing.
The US Treasury Department called it “one of the most prominent brokers of stolen credentials and other sensitive information” in a statement announcing sanctions against the market.
A banner plastered on the Genesis Market site late Tuesday said that domains belonging to the organization had been seized by the FBI. Logos from other European, Canadian and Australian police organizations were also featured on the site, along with those of cybersecurity company Qintel.
🚨BREAKING🚨
An international operation involving the National Crime Agency has brought down one of the largest online marketplaces selling stolen credentials to criminals around the world.
FULL STORY ➡️ https://t.co/Owo1p2A2ku pic.twitter.com/nHuKI9kXxc
— National Crime Organization (NCA) (@NCA_UK) April 5, 2023
Operation Cookie Monster
Qintel did not immediately return messages seeking comment, and Reuters news agency was unable to find contact information for the administrators of Genesis Market, which the US Treasury Department said operated out of Russia.
Genesis specializes in selling digital products, specifically “browser fingerprints” collected from computers infected with malicious software, said Louise Ferrett, an analyst at British cybersecurity firm Searchlight Cyber.
Because those fingerprints often contain credentials, cookies, Internet protocol addresses and other browser or operating system data, they can be used by criminals to evade fraud-fighting solutions such as multi-factor authentication or device fingerprinting, she said.
The site has been active since 2018.
The NCA said Genesis had operated by selling credentials from as little as 70 cents to hundreds of dollars, depending on the stolen data available.
“To get started with this, you just need to know the site, possibly be able to get yourself an invite, which probably wouldn’t be particularly difficult considering the number of users,” said Will Lyne, NCA chief of cyber intelligence.
“Once you’ve become a user, it’s very easy to then… commit criminal activity.”
The NCA said countries involved in the investigation included Australia, Canada, Denmark, Estonia, Finland, France, US, UK, Germany, Iceland, Italy, New Zealand, Poland, Romania, Spain, Sweden and Switzerland .
“The Genesis market lowered the barrier to entry for ransomware groups and enabled many cybercriminals to rapidly scale their operations and launch targeted attacks for immediate financial gain,” said John Fokker, head of threat intelligence for US cybersecurity firm Trellix.
“Without even considering the arrests of Genesis Market members, simply removing this immense cybercriminal marketplace from the Internet will significantly slow down cybercrime activity.”
Have you been targeted by criminals using #Genesis Market ?
In the wake of an operation to take down the global online platform selling stolen identities, people are being urged to check whether they have been affected.
Find out how on our website ➡️ https://t.co/dBtnwpzwp7 pic.twitter.com/PTyLDOxbsR
— National Crime Organization (NCA) (@NCA_UK) April 5, 2023