Operation Cookie Monster: Feds seize “infamous hacker market”


A screenshot from the Genesis Market domain that says,
Enlarge / Area seizure message at genesis.market.

A global regulation enforcement operation shut down a “infamous hacker market” that offered entry to contaminated gadgets and stolen account credentials, the US Division of Justice and Europol introduced at present. The operation focusing on Genesis Market concerned 17 nations, seized the platform’s infrastructure, and resulted in “119 arrests, 208 property searches, and 97 knock-and-talk measures,” Europol mentioned.

The now-shuttered Genesis Market “marketed and offered packages of account entry credentials—reminiscent of usernames and passwords for electronic mail, financial institution accounts, and social media—that had been stolen from malware-infected computer systems all over the world,” the Justice Division mentioned. The so-called “Operation Cookie Monster” seized 11 domains pursuant to a warrant licensed by the US District Courtroom for the Jap District of Wisconsin.

Whereas Genesis Market’s public web site was taken down, its .onion area was nonetheless accessible on the darkish net utilizing Tor at present. Legislation enforcement is outwardly nonetheless in search of no less than among the folks behind the platform, because the area seizure message seeks suggestions from anybody who’s been involved with Genesis Market directors. The US Treasury Division mentioned Genesis Market “is believed to be positioned in Russia.”

Europol mentioned that “in contrast to different legal marketplaces, Genesis Market was accessible on the open net, though obscured from regulation enforcement behind an invitation-only veil. Its accessibility and low-cost costs enormously lowered the barrier of entry for consumers, making it a preferred useful resource amongst hackers.”

Genesis Market reportedly had about 59,000 registered customers. In response to Europol, the market’s “principal legal commodity was digital identities” or “what the market homeowners known as ‘bots’ that had contaminated victims’ gadgets by malware or account takeovers.”

Operation Cookie Monster was led by the FBI and Dutch Nationwide Police, with coordination by Europol.

“Customized browser” mimicked victims’ gadgets

Genesis Market emerged in March 2018 and since then “has provided entry to knowledge stolen from over 1.5 million compromised computer systems all over the world containing over 80 million account entry credentials,” the Justice Division mentioned.

Upon buying a bot from Genesis Market, “criminals would get entry to all the info harvested by it reminiscent of fingerprints, cookies, saved logins and autofill kind knowledge,” Europol mentioned. The most affordable bots offered for lower than a greenback every however others fetched a whole bunch of {dollars} and supplied entry to on-line banking accounts.

Europol mentioned that Genesis Market consumers have been “supplied with a customized browser which might mimic the one among their sufferer,” letting them entry victims’ accounts “with out triggering any of the safety measures from the platform the account was on. These safety measures embody recognizing a special log-in location, a special browser fingerprint or a special working system.”

A Brian Krebs report described the Genesis providing as “a customized Internet browser plugin which may load a Genesis bot profile in order that the browser mimics just about each essential facet of the sufferer’s system, from display dimension and refresh fee to the distinctive person agent string tied to the sufferer’s net browser.”

The DOJ mentioned it accessed Genesis Market’s person database. “The database contained the acquisition and exercise historical past on all customers, which the feds say helped them uncover the true identities of many customers,” Krebs wrote.

Three massive takedowns previously 12 months

The Genesis Market takedown follows comparable actions in opposition to Hydra Market in April 2022 and BreachForums in March 2023. The DOJ claims it has “dismantled the darknet’s largest marketplaces” because of these three operations over the past 12 months.

The Justice Division mentioned sufferer credentials obtained throughout Operation Cookie Monster have been supplied to HaveIBeenPwned.com, which helps you examine whether or not you have been concerned in a knowledge breach.

The Treasury Workplace of Overseas Property Management (OFAC) mentioned it designated Genesis Market, which means that “all property and pursuits in property of the entity which can be in the US or within the possession or management of US individuals have to be blocked and reported to OFAC.” Moreover, anybody who “interact[s] in sure transactions with the entity designated at present could themselves be uncovered to sanctions.”



Please enter your comment!
Please enter your name here