A coordinated federal effort between agencies including the Federal Bureau of Investigation and Department of Justice spearheaded the takedown of a major online black market that proliferated and sold stolen access credential data across the internet.
Operating since March 2018, Genesis Market was formally dismantled following an investigation spanning domestic and international law enforcement agencies. Within the U.S., Justice worked in tandem alongside 45 FBI field offices to identify accounts used within Genesis Market to sell stolen identity credentials, normally secured through the deployment of malware.
These credentials were linked to individuals as well as staff in private and public sectors across the world.
“Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice,” said U.S. Attorney General Merrick Garland in a statement.
Law enforcement reports that since its inception, Genesis Market has offered access to information stolen from private networks in 1.5 million computers globally. Some of the industries whose credentials ended up for sale on the platform were in the financial services, critical infrastructure and government sectors.
Individuals who wished to purchase stolen login data had access to a search engine on the platform to easily find information based on a sector or specific type of account. Genesis Market also sold unique combinations of device identifiers with browser cookies to form a “fingerprint” that could evade fraud detection protocols installed in many digital systems and networks for illegal, undetected account access.
The FBI and Justice took steps to take down Genesis with help from law enforcement agencies in a plethora of ally nations, including Poland, Spain, the Netherlands, Australia and Germany.
“Today’s takedown of Genesis Market is a demonstration of the FBI’s commitment to disrupting and dismantling key services used by criminals to facilitate cybercrime,” said FBI Director Christopher Wray. “The work in this case is a great example of the FBI’s ability to leverage our technical capabilities and work shoulder-to-shoulder with our international partners to take away the tools cyber criminals rely on to victimize people all across the world.”
Credentials secured during this operation, known internally as Operation Cookie Monster, are currently being posted on a nonprofit website called “Have I Been Pwned,” a free service available to verify if personal information has been compromised in a data breach.
In conjunction with federal law enforcement’s seizure, the U.S. Treasury formally sanctioned Genesis Market for its facilitation of the sale of stolen data.
“The United States, along with our international partners, will not allow illicit marketplaces to operate with impunity,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson. “Treasury will continue to work closely with our law enforcement colleagues to disrupt this activity and hold malign cyber actors accountable.”
Industry players noted that while the takedown of Genesis is a good step, its absence stands to create a vacuum in the black market data landscape.
“Unfortunately, when one of these sites is removed, it creates a vacuum that could be quickly filled by others,” said Adrianus Warmenhoven, a cybersecurity advisor for NordVPN. He highlighted 2easy as a rival platform for the illegal sale of stolen credentials, which, despite ceasing activity at the start of 2023, may stage a comeback.
“There is a long way to go if the goal is to eradicate the illegal trade in online identities,” he said.