U.S. law enforcement authorities along with international partners have disrupted a “criminal online marketplace” that stole data from millions of computers infected with malware.
Founded in March 2018, Genesis Market was an online platform that offered access to data stolen from more than 1.5 million compromised computers containing over 80 million account access credentials. In an operation dubbed “Cookie Monster,” American law enforcement officials seized 11 domain names used to support the online marketplace, according to an April 5 press release by the Department of Justice (DOJ).
“Working across 45 of our FBI Field Offices and alongside our international partners, the Justice Department has launched an unprecedented takedown of a major criminal marketplace that enabled cybercriminals to victimize individuals, businesses, and governments around the world,” said Attorney General Merrick B. Garland.
The marketplace offered for sale the type of access sought after by ransomware criminals to attack computer systems worldwide, including the United States.
At Genesis Market, a variety of account access credentials were offered, including usernames and passwords for bank accounts, emails, and social media. The data was stolen from malware-infected computers. The stolen data that was put up for sale included those connected to local, state, and federal agencies as well as critical infrastructure.
In addition, Genesis also offered “fingerprints,” referring to a unique combination of browser cookies and device identifiers used to circumvent fraud detection systems.
The stolen access credentials as well as “fingerprints” allowed criminals to assume the identity of victims and trick websites into thinking that they were the real owner of the account.
Genesis ‘Bots’
According to an April 5 press release by Europol, the European Union agency for law enforcement cooperation, the operation against Genesis Market was an international effort involving 17 nations that brought down the criminal marketplace on April 4.
The operation resulted in 119 arrests worldwide and 208 property searches. It was led by the FBI and the Dutch National Police, with a command post set up at the Europol headquarters on the action day.
At the time of takedown, Genesis Market listed more than 1.5 million “bots” totaling over 2 million identities. At Genesis, “bots” refer to individual compromised systems.
The price of a bot ranged from as low as 70 cents to hundreds of dollars depending on the nature and amount of stolen data, the most expensive of which contained financial information allowing criminals to access online banking accounts.
Buyers of stolen data were also provided with the means of using it, which involved a custom browser that mimics the victims. This enabled criminals to access the victim’s account without alerting security measures on the platform where the victim had the account.
“Through the combined efforts of all the law enforcement authorities involved, we have severely disrupted the criminal cyber ecosystem by removing one of its key enablers,” said Edvardas Sileris, head of Europol’s European Cybercrime Centre.
“With victims located across the globe, the strong relationships with our international partners were critical in the success of this case.”
Bringing Down Criminal Platforms
The seizure of Genesis Market comes only weeks after the FBI arrested Conor Brian Fitzpatrick, founder of BreachForums, a hacker forum where users posted stolen and hacked data. According to the DOJ, the marketplace had over 340,000 members.
Alleged victims of the platform included hundreds of American and foreign firms as well as millions of U.S. citizens. Stolen data commonly sold on the BreachForums included Social Security numbers, bank account information, hacking tools, and account login information for compromised online accounts.
On Jan. 4, a BreachForums user posted the names and contact information of about 200 million users of a U.S. social networking site. On Dec. 18, 2022, another user posted details of about 87,760 members of InfraGard, which is a partnership between the FBI and private firms.
Fitzpatrick’s arrest came about one year after U.S. authorities cracked down on RaidForums, a predecessor of BreachForums.
Mimi Nguyen Ly contributed to this report.