Notorious Genesis Market cybercrime forum seized in international law enforcement operation - CyberScoop
2023-04-04 19:58 (EST) - Aj Vicens
More than a dozen international law enforcement agencies took down a notorious cybercrime marketplace on Tuesday, shuttering an illicit website called the Genesis Market known for selling compromised credentials and biometric data for digital fraudsters to carry out attacks or commit identity theft.
The FBI-led effort known as “Operation Cookie Monster” also included “a large number of arrests,” according to The Record, which first reported the news. Genesis Market had been linked to “millions of financially motivated cyber incidents globally,” according to The Record.
The seizure is just the latest in a wave of aggressive U.S. government cybercrime operations targeting the infrastructure supporting the criminal digital underworld. Last month, the FBI arrested the owner and administrator of BreachForums, and the remaining administrator decided to shutter the site down after documents revealed the FBI had access to internal site data. In January, the FBI and the Department of Justice announced it had hacked into and spent months inside the Hive ransomware networks before seizing the site.
A takedown notice appeared on the Genesis front page on Tuesday showing a hooded FBI agent working at a computer. “This website has been seized,” the notice read, noting that a seizure warrant was issued by a federal court in the Eastern District of Wisconsin. The notice included a note to the site’s users: “Been active on Genesis Market? In contact with Genesis Market administrators? Email us, we’re interested,” the note read, followed by an FBI-related email address.
Advertisement
Neither the FBI nor the Department of Justice immediately responded to a request for comment.
Alexander Leslie, an associate threat intelligence analyst with Recorded Future, wrote in a Twitter thread Tuesday that Genesis was “one of the world’s largest ‘log’ shops,” and explained that the type of data and tools sold on the site could be used to assume the identity of an actual person’s browser, making “multi-factor authentication (MFA) bypass incredibly effective.”
In an February 2020 analysis, Israeli security researcher Alon Gal reported that, at the time, the site was offering 230,000 “infected computers you can buy the logs from.” The analysis demonstrated how Gal could have purchased multiple login credentials for multiple sites obtained from the browser of one infected computer. User experience on the site was “professional, much like what one would expect to see on any ecommerce site,” researchers with cybersecurity firm F5 Labs wrote in November 2020. A user could search for “specific brands, credentials from a particular website, or specific data types like a credit card,” the researchers wrote.
In June 2021, hackers who claimed to be involved in the Electronic Arts hack told Vice’s Joseph Cox that they purchased a $10 browser cookie that let them log in to an EA Slack account, a key step in the process that enabled the theft of at least 780 gigabytes of data.
