In a landmark international crackdown led by the FBI, authorities in several countries have shut down Genesis Market, one of the world’s biggest marketplaces used by online fraudsters to purchase passwords and login credentials.
Genesis harvests data from compromised sites to sell to cyber criminals, who use the information to gain access to users’ accounts.
Since it was founded in 2017, the company has become notorious for selling login details, IP addresses and other personal data that help hackers to access people’s accounts across all platforms, including banks, sometimes, for less than $1.
Tekedia Mini-MBA edition 14 (June 3 – Sept 2, 2024) begins registrations; get massive discounts with early registration here.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
In the notorious June 2021 breach of Electronic Arts, the hackers who breached the gaming giant said they gained access by purchasing a $10 bot from Genesis Market that let them log into a company Slack account.
Information such as passwords, browser history, cookies, autofill form data and location are always available for sale on Genesis. These, the authorities say, allowed fraudsters to log in to bank, email and shopping accounts, re-direct deliveries and even change passwords without raising suspicion.
The criminals could search for potential victims by country, and see what data was available before they made their purchase.
The coordinated raid dubbed “Operation Cookie Monster,” which involved 17 countries, including the UK, Australia and countries across Europe, involved 200 searches and resulted in 120 arrests.
“Genesis Market’s domains have been seized by the FBI pursuant to a seizure warrant issued by the United States District Court for the Eastern District of Wisconsin,” the message appearing on the site on Wednesday reads.
The FBI said that Genesis Market, since its inception, offered access to data stolen from over 1.5 million compromised computers worldwide containing over 80 million account access credentials. The bureau said Genesis has made at least $8.7 million from the sale of stolen credentials, noting that complete total losses are likely to exceed tens of millions of dollars when it’s determined.
The UK’s National Crime Agency (NCA), which arrested 24 people during the raid, described Genesis as “enabler of fraud.”
“For too long criminals have stolen credentials from innocent members of the public,” Robert Jones, director general of the National Economic Crime Centre at the NCA, said.
“We now want criminals to be afraid that we have their credentials, and they should be,” he added.
A senior FBI official told TechCrunch that arrests have also been made in the United States, without giving details.
“This is the biggest operation of its kind. We’re not just going after administrators or taking sites down; we’re going after users on a global scale,” the official said. They added that by obtaining Genesis Market’s computer systems, officials have identified approximately 59,000 users of the marketplace.
Internet users have been advised to keep their computer and phone operating systems up-to-date, using two-factor authentication (2FA) and strong passwords, if they want to avoid fraud. They are also urged to consider using a password manager.
Cyril Noel-Tagoe, principal researcher at cybersecurity and bot management company Netacea, told TechCrunch that Genesis shutdown will have significant impact on the operation of cybercriminals.
“As a result of the Genesis Market’s seizure, we expect to see an exodus of sellers and customers to competitor marketplaces,” Noel-Tagoe said. “There are multiple other illicit marketplaces selling logs and credentials, although not on the scale of the Genesis Market. Alternatively, if a significant core of the Genesis Market administrators evade law enforcement, they may splinter off and create a new version of the site.”