The FBI, DOJ and other international law enforcement agencies have taken down Genesis Market, a notorious cybercrime marketplace in “Operation Cookie Monster”, the Bureau announced. The site was used to sell compromised credentials and biometric data for digital fraudsters to carry out attacks or commit identity theft. The operation resulted in the arrest of 119 people in 17 countries, including the United States.
The takedown was first reported by The Record. Genesis Market had been linked to “millions of financially motivated cyber incidents globally,” according to The Record. It was the most prolific initial access broker (IAB) in the cybercrime world (among other cybercrime assets), according to the Bureau. It provided key ransomware services available for cybercriminals to leverage as well.
Genesis Market was a dark web marketplace that operated on the Tor network. It was one of the largest and most popular dark web marketplaces, with over 100,000 users and 10,000 vendors.
According to the Bureau, “Since March 2018, Genesis Market has offered access to data stolen from over 1.5 million compromised computers around the world containing over 80 million account access credentials.”
Genesis Market: The most prolific initial access brokers (IABs) in the cybercrime world
Unlike other dark web marketplaces, Genesis Market provided criminals access to “bots” or “browser fingerprints” that allowed them to impersonate victims’ web browsers. Misattribution services provided cybercriminals with full identity theft mechanisms to impersonate a victim using their IP addresses, session cookies, operating system information, and plugins.
This provided cybercriminals incredibly effective techniques to utilize to bypass multi-factor authentication (MFA), as indicated by CTI Analyst Alexander Leslie of The Record.
Stolen identities and account access for sale included platforms such as Netflix, Amazon, Facebook and eBay, according to The Record.
The FBI and other law enforcement agencies began investigating Genesis Market in 2021. Eleven domain name seizures and 119 arrests occurred as a result of Operation Cookie Monster. A Europol news release said the operation also included “208 property searches and 97 knock and talk measures.”
In addition to the arrests and seizures, the FBI also obtained copies of back-end servers related to Genesis Market. This data will provide law enforcement with valuable insights into the inner workings of the cybercrime marketplace and the identities of its users. The FBI is working to analyze this data and to identify additional suspects.
FBI, DOJ continue taking down Dark Web Marketplaces
The seizure of Genesis Market is a significant victory for law enforcement. It is the latest in a series of successful operations targeting dark web marketplaces.
Last month, the FBI arrested Pompompurin, the owner and administrator of BreachForums. Remaining co-administrators of BreachForums inevitably shut the forum down within days after realizing the FBI had access to Pompompurin’s laptop and BreachForums servers.
In January, the FBI and DOJ announced it had hacked into and had been monitoring the Hive ransomware network for months before seizing the domains.
The FBI and other law enforcement agencies are committed to disrupting the cybercrime ecosystem.
Attorney General Merrick B. Garland was quoted in the Bureau’s announcement, “Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice.”
