Washington — A sophisticated cybercrime marketplace that sold the “digital fingerprints” of breached computer systems was toppled on Tuesday after more than 100 alleged users were arrested in a coordinated international seizure operation, the Justice Department and FBI announced Wednesday.
Genesis Market — a darknet site that sold data containing login credentials for bank accounts, social media passwords and IP addresses from identity theft and data breach victims — sold 80 million sets of identifying information from more than 1.5 compromised million computers, according to investigators.
Dubbed “Operation Cookie Monster” — a nod to the identifying data known as “cookies” collected on individual computers — the international law enforcement action spearheaded by the FBI and European partners resulted in the arrest of nearly 120 suspected users of the illegal exchange and the seizure of Genesis’ domain. In all, 15 countries including the United Kingdom and Australia joined the operation.
Some suspects were arrested in the United States, according to senior law enforcement officials, and the investigation is ongoing.
In the more than five years since its inception, Genesis acted as one of the most prolific initial access brokers of stolen information, allegedly selling data that was later used by ransomware attackers to gain access to computer networks in the U.S. and around the world. The stolen data that the marketplace advertised for sale included credentials related to the financial sector, critical infrastructure and all levels of government, the Justice Department said.
Users in nearly every country in the world could essentially shop online for the type of personal information they wanted to buy. Genesis’ website made it easy to search, based on location or account type. Operating on an invitation-only status, senior law enforcement officials said Genesis sold bots that essentially acted as a “subscription” service to access compromised systems, at times updating the log-in credentials as victims changed their passwords. This ensured continued access to the targeted systems.
“We aren’t just going after administrators or taking the sight down. We are going after the users,” the officials said in announcing the Gensis takedown.
The Genesis seizure is the latest in recent operations by U.S. investigators and their partners across the globe to target bad actors on the internet. Last month, the FBI arrested the founder of BreachForums, one of the world’s largest exchanges for cybercriminals to buy, sell, and trade hacked or stolen data, including bank accounts and special security numbers. And in January, the FBI and international law enforcement partners toppled a ransomware group after more than a year of spying on the cybercriminals from inside the network. The criminal enterprise, known as Hive, targeted more than 1,500 institutions in over 80 countries since June 2021, amassing over $100 million from its victims.
“Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice,” Attorney General Merrick Garland said in a written statement Wednesday.
Federal investigators advise potential victims of Gensis’ sale of personal data to visit HaveIBeenPwned.com, a free service that determines whether their information was compromised in the scheme and, if necessary, changes their login credentials.