The Justice Department says US and international law enforcement agencies teamed up to take down the criminal online Genesis Market which advertised and sold stolen information online. Among the site’s offerings are usernames and passwords for email, bank accounts, and social media.
These crooks most often obtained the information by infecting computers with malware.
“Working across 45 of our FBI Field Offices and alongside our international partners, the Justice Department has launched an unprecedented takedown of a major criminal marketplace that enabled cybercriminals to victimize individuals, businesses, and governments around the world,” said Attorney General Merrick B. Garland. “Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice.”
The government says that Genesis Market was founded back in 2018, and offered access to stolen data from over 80 million users.
According to the Justice Department, “Genesis Market was user-friendly, providing users with the ability to search for stolen access credentials based on location and/or account type (e.g., banking, social media, email, etc.). In addition to access credentials, Genesis Market obtained and sold device “fingerprints,” which are unique combinations of device identifiers and browser cookies that circumvent anti-fraud detection systems used by many websites. The combination of stolen access credentials, fingerprints, and cookies allowed purchasers to assume the identity of the victim by tricking third-party websites into thinking the Genesis Market user was the actual owner of the account.”
The government said the market had customers from all over the world. The FBI Milwaukee Field Office investigated the case, with assistance from 44 other field offices, the U.K. National Crime Agency, Italy’s Polizia de Stato, Police of Denmark, Australian Federal Police, Royal Canadian Mounted Police, Canada’s Sûreté du Québec, Romanian Police, Cybercrime Sub-directorate for French judicial police, Spain’s Policia Nacional, Spain’s Guardia Civil, Germany’s Federal Criminal Police Service, Swedish Police Authority, Poland’s Central Bureau for Combating Cybercrime, Dutch National Police, Finland’s National Bureau of Investigation, Switzerland’s Office of the Attorney General, Swiss Federal Police, Estonia’s Prosecutor General’s Office, Iceland’s Metropolitan Police, New Zealand Police, Eurojust, and Europol.
Victim credentials obtained over the course of the investigation have been provided to the website Have I Been Pwned, which is a free resource for people to quickly assess whether their access credentials have been compromised (or “pwned”) in a data breach or other activity. Victims can visit HaveIBeenPwned.com to see whether their credentials were compromised by Genesis Market so that they can know whether to change or modify passwords and other authentication credentials that may have been compromised.