In a significant blow to the hacker community, the FBI recently seized Genesis Market, a major online marketplace for stolen logins, as part of an international effort called “Operation Cookie Monster.” TechCrunch reports that the UK’s National Crime Agency confirms the arrest of approximately 120 people worldwide, including 19 site users in the UK alone.
A multinational crackdown
We have reached out to the FBI and the Justice Department for comment. In a statement, the Justice Department called the seizure a takedown of a “key enabler” of ransomware. The international campaign involved law enforcement agencies from the US, UK, Australia, Canada, Denmark, Sweden, Germany, Poland, Europol, and the EU’s Eurojust.
Launched in March 2018, Genesis Market sold logins, cookies, and browser fingerprints obtained from breached systems. This allowed hackers to not only sign into accounts but also impersonate web browsers to access those accounts without requiring a password or two-factor authentication token. As long as Genesis could access a victim’s devices, it could provide real-time data from that victim, making it a highly valuable resource for hackers who often have to rely on outdated or useless data.
Genesis Market has been linked to high-profile cybercrime incidents in the past. Motherboard reported that the culprits behind the 2021 EA hack claimed to have purchased a $10 bot from Genesis to take over a Slack account at the game publisher.
While the seizure and arrests may not completely stop the sale of stolen logins on other sites, this significant action could make it more difficult for attackers to acquire the necessary login data. Many of Genesis Market’s customers may turn to smaller marketplaces in its absence. This crackdown comes as law enforcement agencies worldwide are increasing efforts to disrupt ransomware networks. Consequently, digital extortion has become a more challenging endeavor than just a few months ago.
{{user}} {{datetime}}
{{text}}