Europol and the FBI have just taken down Genesis Market, one of the Dark Net’s largest cybercriminal platforms, where hackers sold credentials and sensitive data of millions of victims.
Genesis Market just went down. In a special operation called Cookie Monster and carried out jointly in 17 countries, Europol and the FBI carried out some 119 arrests and 208 searches worldwide on Tuesday April 4, 2023. A spectacular crackdown aimed at dismantling one of the largest marketplaces on the Dark Net, where hackers were selling sensitive and personal data of more than two million victims (usernames, passwords, online accounts, line, cookies, etc.), as indicated by Europol in its official press release published on April 5which specifies that the platform was immediately decommissioned.
Genesis Market: a platform specializing in the sale of bots
Genesis Market’s main criminal activity involved digital identities. The platform provided bots – software robots – capable of recovering all kinds of private information from Internet users through malware, with instructions for using them and files containing all kinds of personal data ready to use. employment – no less than 1,500 bots were listed on the platform. Indeed, as explained by Europol’s European Cybercrime Center (EC3) – which has participated in the survey since 2017 – users “were given a personalized web browser that perfectly replicated the victim’s. This allowed them to avoid triggering security alerts on the corrupted platform”as reported The Parisian.
Thanks to Genesis Market, customers could recover email addresses, usernames and passwords, as often, but also cookies, fingerprints, connection history, IP addresses, information on the operating system and plug-ins and form autofill data! Incredible loot to indulge in, especially when combined with malware, all manner of impersonations, hacks, and scams. Worse still, this information was collected in real time, the hackers being even warned of any change in password or parameter on the accounts of their victims! Of course, all this information allowed hackers to bypass the protections of different platforms – including banking! –, where the recognition of a place of connection, of a browser fingerprint or of a different operating system can lead to the temporary blocking of access until the Internet user has proven his identity.
Genesis Market: the gateway to cybercrime
But what makes Genesis Market a go-to place for cybercrime is its accessibility. Already, unlike other criminal marketplaces, Genesis Market was accessible on the open web and offered cheap prices – the less sophisticated bots cost less than a dollar. Something to facilitate entry into the world of cyber-maliciousness! To help neophytes who would have little technical baggage, the black market even offered a subscription formula and tools to facilitate the use of purchased data, as revealed the Sophos investigation. The hackers had a specific web browser, named Genesis Security, which allowed the bot to load the information intended to deceive the vigilance of the platforms.
Popular bot targets include Amazon, Gmail, eBay, Facebook, LinkedIn, Netflix, Spotify, WordPress, PayPal, Reddit, Cloudflare, Twitter, and Zoom. Moreover, according to Europol, “chances are your credentials have already been listed for sale” on Genesis Market. The Dutch police have therefore provided a portal to check whether your information has been compromised. Just go to the site https://www.politie.nl/checkyourhack and provide your email address to check if it is part of a leak on Genesis Market.
Dismantling of Genesis Market: a coordinated operation in 17 countries
All forum domain names were seized through international law enforcement cooperation, with Europol and the FIB working with law enforcement in Australia, Canada, Germany, Poland and Sweden. According The Parisian, this unprecedented operation would have led to the arrest by the judicial police of three French people in Île-de-France and in the Lyon region. Note that the owners of Genesis Market have not yet been arrested by the authorities.
“We have severely disrupted the cybercriminal ecosystem by removing one of its key enablers”, rejoiced Edvardas Sileris, who heads the European Center for the Fight against Cybercrime at Europol. For his part, John Fokker, head of threat intelligence at the research center of the cybersecurity company Trellix – which participated in the dismantling of Genesis Market – explains that the dismantling “will have a significant impact on the activities of cybercriminals in the months to come. Indeed, this platform has enabled many cybercriminals to enter the world of cybercrime, while others have been able to accelerate their operations and achieve targeted attacks to quickly obtain financial gains. Beyond the arrest of the individuals behind Genesis Market, the laying off of the platform will therefore necessarily lead to a decrease in cybercriminal activity.” But another platform could quickly take over, because the Internet is like a hydra: when you cut off one head, two grow back…