An international operation facilitating large-scale identity theft was shut down Wednesday in a joint operation involving the FBI and Dutch National Police.
Dubbed “Operation Cookie Monster,” the sweeping law enforcement effort spanned 17 countries and culminated in 119 arrests. Officials said the sprawling actions were the focus of 45 FBI field offices and authorities in several nations.
Genesis Market, as the dark web site was known, specialized in advertising and providing packages of illicit information to buyers. The Justice Department said it peddled “account access credentials — such as usernames and passwords for email, bank accounts, and social media.”
This personal information was gleaned from malware-infected computers across the globe. Officials reported the site began operations in 2018.
Genesis market, the infamous initial access brokerage forum, has been seized by the United States Department of Justice in cooperation with EUROPOL in what was named "Operation Cookie Monster". pic.twitter.com/sKt24UH4Ci
— vx-underground (@vxunderground) April 4, 2023
Genesis Market boasted around 59,000 registered users. Through data gathered by malware, the site offered key information from over 1.5 million infected computers worldwide and featured more than 80 million account access credentials.
The site looks markedly different now.
There is a banner plastered across the web page announcing that domains belonging to Genesis Market are now seized by the FBI. Visitors are greeted by logos of European, Canadian, and Australian law enforcement as well as that of cybersecurity provider Qintel.
Lisa Monaco, deputy attorney general for the U.S. Justice Department, released a statement saying many U.S. users of the forum were arrested Tuesday. The U.S. Treasury Department called the operation “one of the most prominent brokers of stolen credentials” and other unlawful data.
A British cybersecurity analyst, Louise Ferrett, reported that Genesis marketed digital products on the dark web. In particular, the illegal outfit sold “browser fingerprints” gathered from systems harboring malicious software.
These “fingerprints” many times include specific details of a user’s browser and identification activities. Therefore, they may enable cybercriminals to work around security barriers including multi-factor authentication or device fingerprinting.
According to Europol, criminals would purchase a “bot” from Genesis Market and thereby gain access to all the data illegally gathered from its activities. Some bots cost under a dollar while others sold for hundreds each.
They could contain anything from access to financial institutions to passwords for streaming apps such as Netflix and others.