The Department of Justice announced April 5 a coordinated international operation against Genesis Market, a criminal online marketplace that advertised and sold packages of account access credentials — like usernames and passwords for email, bank accounts and social media — that were stolen from malware-infected computers around the world.
“Working across 45 of our FBI Field Offices and alongside our international partners, the Justice Department has launched an unprecedented takedown of a major criminal marketplace that enabled cybercriminals to victimize individuals, businesses and governments around the world,” said Attorney General Merrick Garland in a press release.
The DOJ said since its inception in March 2018, Genesis Market has offered access to stolen data from more than 1.5 million compromised computers worldwide containing more than 80 million account access credentials. Account access credentials Genesis Market advertised included ones connected to the financial sector, critical infrastructure and federal, state and local government agencies.
Genesis Market was also one of the most prolific initial access brokers in the cybercrime world, according to the announcement from the DOJ. IABs attract criminals looking to easily infiltrate a victim’s computer system. Genesis Market offered to sell information that ransomware actors often seek to attack networks. The DOJ said Genesis Market also published private-sector reports that indicate the information was used by ransomware actors to attack such systems.
The DOJ noted Genesis Market was user-friendly, providing users with the ability to search for stolen access credentials based on location or account type. Genesis Market also obtained and sold device “fingerprints,” which are unique combinations of device identifiers and browser cookies that circumvent anti-fraud detection systems used by many websites, according to the announcement.
Genesis Market users were located all over the world. The DOJ said federal law enforcement has been working to identify prolific users of Genesis Market who purchased and used stolen access credentials to commit cybercrimes.
“Genesis falsely promised a new age of anonymity and impunity, but in the end only provided a new way for the Department to identify, locate, and arrest on-line criminals,” said Deputy AG Lisa Monaco in a press release.
As part of this operation, dubbed Operation Cookie Monster, the DOJ said law enforcement seized 11 domain names used to support Genesis Market’s infrastructure pursuant to a warrant authorized by the U.S. District Court for the Eastern District of Wisconsin.
“The operation being announced today is the direct result of the hard work, dedication, and exceptional collaborative efforts of the FBI and its partners around the globe,” said U.S. Attorney Gregory Haanstad for the Eastern District of Wisconsin in a press release.
“Today’s takedown of Genesis Market is a demonstration of the FBI’s commitment to disrupting and dismantling key services used by criminals to facilitate cybercrime,” said FBI Director Christopher Wray. “The work in this case is a great example of the FBI’s ability to leverage our technical capabilities and work shoulder-to-shoulder with our international partners to take away the tools cyber criminals rely on to victimize people all across the world.”
According to the announcement, the FBI Milwaukee Field Office investigated the case with assistance from 44 other field offices, the U.K. National Crime Agency, Italy’s Polizia di Stato, Police of Denmark, Australian Federal Police, Royal Canadian Mounted Police, Canada’s Sûreté du Québec, Romanian Police, Cybercrime Sub-directorate of the French Judicial Police, Spain’s Policia Nacional, Spain’s Guardia Civil, Germany’s Federal Criminal Police Service, Swedish Police Authority, Poland’s Central Bureau for Combating Cybercrime, Dutch National Police, Finland’s National Bureau of Investigation, Switzerland’s Office of the Attorney General, Swiss Federal Police, Estonia’s Prosecutor General’s Office, Iceland’s Metropolitan Police, New Zealand Police, Eurojust and Europol.
The DOJ also noted it appreciates the assistance provided by authorities in Bulgaria and Latvia in response to mutual legal assistance requests.
Trial attorneys Benjamin Proctor and Jessica Peck of the criminal division’s computer crime and intellectual property section and assistant U.S. attorney Farris Martini for the Eastern District of Wisconsin are handling the investigation. The DOJ’s Office of International Affairs also provided significant assistance, according to the announcement.
Victim credentials obtained over the course of the investigation have been provided to the website Have I Been Pwned, which is a free resource for people to quickly assess whether their access credentials have been compromised, or “pwned,” in a data breach or other activity. Victims can visit HaveIBeenPwned.com to see whether their credentials were compromised by Genesis Market so they can know whether they need to change or modify passwords and other credentials.
The DOJ said if you’ve been active on Genesis Market, in contact with Genesis Market administrators, or have been a victim and need to report, please email the FBI at [email protected].