International raid seizes dark web marketplace for stolen passwords

International law enforcement agencies led by the FBI have seized a sprawling dark web marketplace popular with cybercriminals, where stolen passwords were sold for as little as $1 each, officials announced Wednesday.

The hacker cyber-bazaar, known as Genesis Market, was seized in a multinational crackdown dubbed 'Operation Cookie Monster' after the site's specialization in stolen digital fingerprints, known as cookies. 

According to the FBI, Genesis Market offered access to data stolen from more than 1.5 million compromised computers around the world, containing over 80 million account access credentials. 

The stolen data included passwords for services such as online banking, Facebook, Amazon, PayPal and Netflix, as well as digital fingerprints that can be exploited by criminals to bypass online security checks by spoofing the victim's device. 

In coordinated raids around the world, more than 200 searches were carried out and about 120 people were arrested, including 24 arrests in and around the British town of Grimsby, UK law enforcement officials said.   

A senior FBI official told DailyMail.com that suspects were also arrested within the US in connection with the bust, but did not offer details on the number of arrests or the charges.  

Visitors to the Genesis marketplace today are greeted by this splash page after the takedown

The FBI official said the total estimated losses to victims of the hacker marketplace ran in the tens of millions of dollars.

The person said that Genesis Market users relied on stolen credentials to perpetrate a wide range of scams, including identity theft targeting individuals, and large-scale ransomware attacks on companies and other organizations.  

'These criminal marketplaces are services that facilitate cybercrime globally, and enable criminal cyber actors to conduct operations against public and private organizations worldwide,' the official said. 

The US Treasury Department called the Genesis Market 'one of the world's largest illicit marketplaces' in a statement announcing full blocking sanctions against the site. 

'Today's takedown of Genesis Market is a demonstration of the FBI's commitment to disrupting and dismantling key services used by criminals to facilitate cybercrime,' said FBI Director Christopher Wray in a statement. 

The investigation into Genesis is ongoing, officials said. US Justice Department Deputy Attorney General Lisa Monaco said in a statement that many of the forum's users around the world had been arrested.

The raid on Genesis follows similar US-led enforcement actions in the past year against other darknet hacker marketplaces, including Hydra Market and BreachForums.

But experts warned that hacker gangs are often slippery, and similar markets often soon re-emerge.

'Unfortunately, when one of these sites is removed, it creates a vacuum that could be quickly filled by others,' Adrianus Warmenhoven, a cybersecurity expert at NordVPN, told DailyMail.com.

Warmenhoven said the seizure of Genesis was 'a step in the right direction for clamping down on bot markets, but there is a long way to go if the goal is to eradicate the illegal trade in online identities.'  

Senior DOJ officials say Genesis was operated by a group of hackers, who ran a sophisticated malware program which infected millions of users over the world to harvest their data.

The marketplace essentially sold subscriptions to the compromised computer systems, allowing users to access stolen credentials at will, even if the victim updated their passwords.

'Today's takedown of Genesis Market is a demonstration of the FBI's commitment to disrupting and dismantling key services used by criminals to facilitate cybercrime,' said FBI Director Christopher Wray (file photo)

Britain's National Crime Agency said Genesis sold stolen credentials from as little as $0.70 USD, to as much as hundreds of dollars apiece, depending on the stolen data available. 

Personal data on sale included account log-ins, passwords, cookies, search history and autofill form data enabling fraudsters to build up a detailed picture about their prey. 

Those who wanted to use Genesis could only join by invite from a previously established member, however those referrals were also available for sale online. 

The marketplace could be found using normal internet search engines, as well as on the dark web, and users were offered step-by-step guides on how to buy stolen details as well as how to use them for fraud.

The site contained easy-to-follow instructions telling offenders how to masquerade as their victim, getting around banking systems that require biometric data.

It even advised how to buy bitcoin to avoid law enforcement tracing transactions.

Offenders were also able to infiltrate victims' computers to install secret malware which notified them in real-time if their target changed their passwords.

The NCA said 17 countries were involved in the operation, which was led by the FBI and Dutch National Police. 

A banner plastered across Genesis Market's site late on Tuesday said domains belonging to the organization had been seized by the FBI. 

Logos of other European, Canadian, and Australian police organizations were also emblazoned across the site, along with that of cybersecurity firm Qintel. 

Police and the NCA arresting a UK suspect in connection with the criminal Genesis Market site

Operation was led by the FBI and Dutch police forces and 17 other countries, including the UK's National Crime Agency, who made 24 arrests in and around Grimsby

Contact information for Genesis Market's administrators was not immediately clear. 

The FBI seemed eager for information about the site's owners as well, saying in its seizure notice that anyone who had been in touch with them should 'Email us, we're interested.'

Genesis specialized in the sale of digital products, especially 'browser fingerprints' harvested from computers infected with malicious software, said Louise Ferrett, an analyst at British cybersecurity firm Searchlight Cyber.

Because those fingerprints often include credentials, cookies, internet protocol addresses and other browser or operating system details, they can be used by criminals to bypass anti-fraud solutions such as multi-factor authentication or device fingerprinting, she said.

'To get up and running on this you just have to know of the site, potentially be able to get yourself an invite which given the volume of users probably wouldn't be particularly difficult,' said Will Lyne, NCA Head of Cyber Intelligence.

'Once you become a user, it's really easy to then ... perpetrate criminal activity.'

The NCA said countries involved in the investigation also included Australia, Canada, Denmark, Estonia, Finland, France, Germany, Iceland, Italy, New Zealand, Poland, Romania, Spain, Sweden, and Switzerland.

The Genesis site had been active since 2018, officials said.

Software company Netacea had warned about the site two years ago and had even written a report about its dangers.

It said: 'Although highly illegal, its operations are run in a professional and even user-friendly manner.

'The Genesis marketplace includes terms and conditions, an FAQ, frequently updated utility software, and even a support desk with ticket system for customer queries.

'This Aladdin's cave of criminally obtained data is growing at an alarming rate,' the report warned.

People can check if they were victims by visiting this database created by Dutch authorities.