A seal reading “Department of Justice Federal Bureau of Investigation” is displayed on the J. Edgar Hoover FBI building in Washington, DC, August 9, 2022.
Stefani Reynolds | AFP | Getty Images
The FBI and other law enforcement agencies on Tuesday seized the domain names for Genesis Market, a cybercrime marketplace which allowed criminals to impersonate customers on websites ranging from Amazon to Fidelity.
On Tuesday, Genesis’ normal login page was replaced with a takedown notice, urging users to contact the FBI if they had further information about Genesis’ administrators or operations.
Genesis was a “big fish,” said cybersecurity researcher Matthew Gracey-McMinn at Netacea, and its shutdown was a shot across the bow to other threat actors in the space.
The takedown, dubbed Operation Cookie Monster, targeted an online marketplace that allowed users to buy and sell data that would let them impersonate legitimate users of major platforms, including Dropbox, PayPal, Microsoft, Twitter, and a number of cryptocurrency exchanges.
Those platforms weren’t hacked or compromised. Instead, criminals could purchase digital “bots” that employed data that hackers had stolen from users’ devices, including information from autofill forms, saved login information, and small digital files known as cookies that companies use to track users’ activity online.
Genesis then provided its customers with a custom browser based on Google’s Chromium project that allowed bad actors to adopt the internet persona of hacked individuals, loading the unique data stored in cookies and autofilled passwords to masquerade as the user.
In 2021, at least 350,000 “bots” were available on Genesis’ platform, according to a Netacea report.
Gracey-McMinn told CNBC that the bots sold on Genesis were high quality and could fetch as much as $450 apiece. Lower-quality hacked data that is still on the market can go for as little as $4 or $5, Gracey-McMinn said.
But while the FBI and international law enforcement may have taken down Genesis, it’s unclear whether they’ll be able to detain Genesis’ owners and administrators, who are likely located in Russia or a Russian-speaking region, according to Gracey-McMinn. But it’s undeniably a “big blow to the ease of identity fraud,” he said.
The FBI’s Milwaukee field office referred comments to the Bureau’s main press office, which did not immediately respond to CNBC’s request for comment.
In addition to the FBI, the effort involved law enforcement agencies from Australia, Canada, Germany, Poland, Sweden, and the European Union.