FBI Leads International Effort to Seize Domains for Notorious Genesis Market

Written by

The FBI has seized the domains of a popular cybercrime marketplace after receiving a court warrant, in what it will be hoping is a serious blow to the site’s administrators.

The action was the result of the Feds’ “Operation Cookie Monster” – a reference to the cookies sold on Genesis Market in huge volumes over the past five years, along with other data needed for logging in to third-party machines.

As such, the site played a key role in the cybercrime supply chain, enabling threat actors to access victim networks for information theft, ransomware attacks, fraud and more.

The FBI also referenced international law enforcement and private sector cooperation as helping with this operation, citing the UK’s National Crime Agency (NCA), Europol and other agencies as contributing.

A total of 200 searches and close to 100 preventative actions were carried out across the globe, leading to 120 people arrested, including 24  in the UK.

Read more on criminal markets here: US and Euro Police Smash Cybercrime Marketplace.

At any one time there were apparently hundreds of thousands of listings on Genesis Market.

Julia O’Toole, CEO of MyCena Security Solutions, branded the seizures a “big win” for law enforcement.

“The operators of the site would collect data on internet users, including their login credentials, auto-filled passwords and their browser cookies in a bid to bypass MFA and access their online accounts,” she explained.

“When they gained access to these, there would be no alerts the account was compromised as attackers simply logged in, so it was only after fraudulent activity occurred that the victim was made aware.”

The operators of the site monetized their collection of victim account identities by selling them through bot services, with prices depending on the targeted asset(s) and duration of access.

The FBI is still looking for information on the site’s administrators, which suggests that they are still at large. If that is the case, it would be reasonable to assume the site will return in some form or another and/or customers will migrate to rival marketplaces.

The news comes just weeks after BreachForums was shuttered following the arrest of its administrator.

What’s hot on Infosecurity Magazine?