Rules Navigator

Popular cybercrime Genesis Market shut down by police in Operation Cookie Monster

Police arresting a man
A total of 24 people have been arrested in the UK, including two men in Grimsby. Photo: NCA

Martina Lindberg

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

The criminal marketplace was selling roughly 80 million credentials and digital fingerprints from over two million people.

Genesis Market, one of the biggest online marketplaces selling stolen credentials, has been taken down in an international operation dubbed Operation Cookie Monster. The operation was led by the FBI and Dutch National Police, and involved 17 countries. According to the DOJ, it was also one of the most prolific initial access brokers in the cybercrime world.

The marketplace, which was a go-to service for criminals, was hosting approximately 80 million credentials and digital fingerprints stolen from more than two million people around the world. The credentials included usernames and passwords for email, bank accounts, and social media – which had previously been stolen from malware-infected computers.

“Behind every cyber criminal or fraudster is the technical infrastructure that provides them with the tools to execute their attacks and the means to benefit financially from their offending,” said Rob Jones, NCA Director General NECC and Threat Leadership.

“Genesis Market was a prime example of such a service and was one of the most significant platforms on the criminal market. Its removal will be a huge blow to criminals across the globe.”

Dark web

Genesis Market was set up in 2017 and, unlike other criminal marketplaces on the dark web, also operated on the open web. It was notable for its user-friendly and English-language interface.

Depending on the size and quality of data, the price per bot varied from as little as $0.70 to several hundreds of dollars, and the bots could provide access to data pertaining to an individual identity, like cookies, and saved logins and passwords. By collecting data in real time, the fraudsters would even get updates if the passwords were changed by the victims.

The operation also seized 11 domain names that used to support Genesis Market’s infrastructure. 

UK arrests

By Tuesday 4 April, a total of around 120 people had been arrested, of which 24 were in the UK, and almost 100 pieces of preventative activity have been carried out across the globe.

The UK’s National Crime Agency (NCA) has also identified hundreds of UK-based users of the platform. Its findings have resulted in 31 warrants in coordinated raids by the NCA, Regional Cyber Crime Units and police forces.

The FBI Milwaukee Field Office investigated the case, with assistance from 44 other field offices; the UK National Crime Agency, Italy’s Polizia de Stato, Police of Denmark, Australian Federal Police, Royal Canadian Mounted Police, Canada’s Sûreté du Québec, Romanian Police, Cybercrime Sub-directorate for French judicial police, Spain’s Policia Nacional, Spain’s Guardia Civil, Germany’s Federal Criminal Police Service, Swedish Police Authority, Poland’s Central Bureau for Combating Cybercrime, Dutch National Police, Finland’s National Bureau of Investigation, Switzerland’s Office of the Attorney General, Swiss Federal Police, Estonia’s Prosecutor General’s Office, Iceland’s Metropolitan Police, New Zealand Police, Eurojust, and Europol.

, , , , ,

You may also like