"Operation Cookie Monster" smashes Genesis Market: The world's largest platform of its kind offered special services, such as stolen access data to various e-commerce and online payment services, access to bank accounts or social networks of all kinds. The international action was made much more European by the FBI, Europol and German police carried out.
According to the FBI, the dark web platform Genesis Market offered access to data that had been stolen from more than 1,5 million compromised computers worldwide and was therefore also a key factor in ransomware. The U.S. Department of Justice reported on the international operation against Genesis Market, a criminal online marketplace that promoted and sold bundles of account credentials -- such as usernames and passwords for email, bank accounts, and social media -- obtained from malware-infected computers on the had been stolen from all over the world.
According to Spiegel.de, the police in Germany searched 62 objects belonging to 58 suspects in a concerted action that affected all federal states. It was about a large number of fraudulent offenses, such as spying on data, data stolen goods and money laundering, as reported by the Federal Criminal Police Office (BKA) and the Frankfurt Public Prosecutor's Office.
🔎 Many websites connected to Genesis Market and their domain have been confiscated (Image: B2B-CS).
Operation Cookie Monster was successful
Since its inception in March 2018, Genesis Market has offered access to stolen data containing over 80 million account credentials. These also included credentials for the financial sector, critical infrastructure, and federal, state, and local governments. Genesis Market has also been one of the most prolific Initial Access Brokers (IABs) in the cybercrime world. IABs attract criminals who want to easily infiltrate a victim's computer system. Ransomware actors also use Genesis Market offerings to attack computer networks in the United States and around the world.
The perfidious: Genesis Market was designed to be user-friendly, offering users the ability to search for stolen credentials based on location and/or account type (e.g., banking, social media, email, etc.). In addition to credentials, Genesis Market has obtained and sold device "fingerprints," which are unique combinations of device identifiers and browser cookies used by many website systems for fraud detection. The combination of stolen credentials, fingerprints and cookies allowed shoppers to impersonate the victim.
Globally coordinated access
Before the authorities struck, Genesis Market users around the world who used the purchased credentials for cybercrimes were identified for an extended period of time. These efforts resulted in hundreds of tips being sent to FBI field offices across the United States, as well as international law enforcement partners. Additionally, as part of this operation dubbed Operation Cookie Monster, law enforcement seized 11 domain names used to support Genesis Market's infrastructure.
Check for Have I Been Pwned
The victim's credentials, obtained during the investigation, were made available to the Have I Been Pwned website, a free resource that allows people to quickly determine if their credentials were stolen (or "pwned") in a data breach or other activity. sacrifice can HaveIBeenPwned.com visit and check their data. This allows them to quickly see whether their passwords and other authentication data are known and need to be changed.
More at Justice.gov