International police action takes down Genesis Market for cybercrimes
Police in Britain have arrested 24 people in connection to an international law enforcement action against 'Genesis Market," an online forum that sold stolen information.
Photo courtesy of U.K. National Crime Agency
April 5 (UPI) -- Law enforcement agencies from 17 nations have taken down Genesis Market, one of the world's largest online marketplaces for stolen financial information.
U.S. and British law enforcement officials made dozens of arrests and seized domain names, and the U.S. Treasury Department sanctioned Genesis Market.
"Working across 45 of our FBI Field Offices and alongside our international partners, the Justice Department has launched an unprecedented takedown of a major criminal marketplace that enabled cybercriminals to victimize individuals, businesses, and governments around the world," U.S. Attorney General Merrick Garland said in a news release Wednesday.
"Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice."
April 5 (UPI) -- Law enforcement agencies from 17 nations have taken down Genesis Market, one of the world's largest online marketplaces for stolen financial information.
U.S. and British law enforcement officials made dozens of arrests and seized domain names, and the U.S. Treasury Department sanctioned Genesis Market.
"Working across 45 of our FBI Field Offices and alongside our international partners, the Justice Department has launched an unprecedented takedown of a major criminal marketplace that enabled cybercriminals to victimize individuals, businesses, and governments around the world," U.S. Attorney General Merrick Garland said in a news release Wednesday.
"Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice."
According to Britain's National Crime Agency, the Genesis Market hosted approximately 80 million stolen credentials. The platform would provide customers with bots that would mimic victims' login information and cookies to allow fraudsters to access victims' accounts, including financial information.
"Genesis Marketplace was unique in that it provided users with a custom browser, which would mimic that of their victim. This allowed the criminals to essentially masquerade as the victim, making it look like they were accessing their accounts from the usual location and operating system, thus not triggering security measures," The National Crime Agency said in a news release Wednesday.
The police operation involved Britain's National Crime Agency and was lead by the FBI and Dutch police.
"Behind every cybercriminal or fraudster is the technical infrastructure that provides then with the tools to execute their attacks and the means to benefit financially from their offending," said Rob Jones of Britain's National Crime Agency.
"Genesis Market was a prime example of such a service and was one of the most significant platforms on the criminal market," he continued.
At least 24 people were arrested in Britain, according to the National Crime Agency. Across multiple countries, over 120 people were arrested in connection with the joint police action.
On Tuesday, U.S. law enforcement seized 11 web domains associated with Genesis Market in an action dubbed "Operation Cookie Monster."
Additionally, the U.S. Treasury Department designated Genesis Market "for being responsible for or complicit in, or having engaged in, directly or indirectly, cyber-enabled activities ... that are reasonably likely to result in, or have materially contributed to, a significant threat to national security, foreign policy, or economic health or financial stability of the United States.
"The United States and our international partners will not allow illicit marketplaces to operate with impunity," said Brian Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence.
Global takedown of cybercriminals behind malware operation
By ERIC TUCKER and FRANK BAJAK
By ERIC TUCKER and FRANK BAJAK
April 5, 2023
WASHINGTON (AP) — Law enforcement agencies in the United States and Europe said Wednesday that they have taken down a major online marketplace for stolen login credentials that had given cybercriminals access to millions of compromised accounts since its 2018 launch.
Officials seized 11 domain names tied to the Genesis Market and arrested about 120 users across the world, including some in the U.S., according to the FBI and Justice Department, which participated in the operation.
The market “falsely promised a new age of anonymity and impunity, but in the end only provided a new way for the Department to identify, locate, and arrest on-line criminals,” Deputy Attorney General Lisa Monaco said in a statement.
Genesis Market had provided users with access to data taken from more than 1.5 million computers infected with malicious software, with over 80 million account access credentials, the Justice Department said.
“Operation Cookie Monster,” the effort by law enforcement agencies in 17 countries, disrupted the largest marketplace of its kind, officials said.
“Cookie” refers to the web browser cookies that let people log onto websites without the need for multifactor authentication. Criminal users of Genesis Market could purchase software scripts from it, including browser cookies and fingerprints that track a user’s online activity.
The market, a “one-stop shop for account takeovers,” was advertised on several predominantly Russian-speaking underground forums, the cybersecurity firm Trellix, which assisted in the investigation, said in a research report.
“While underground marketplaces that sell stolen credentials aren’t a new thing, Genesis Market was one of the first that focused on fingerprints and browser cookies to enable account takeovers despite growing MFA adoption,” the Trellix researchers said. A specialized browser it offered customers made “account takeover child’s play for criminals,” their report says.
Trellix said it observed more than 450,000 infected machines in examining the marketplace.
Trellix’s threat intelligence lead, John Fokker, said the takedown would “have a notable impact on the activities of cybercriminals focused on stolen credential usage for the rest of the year. ”
He said in an online chat that he did not believe the people who ran the site would be arrested because they are in Russia.
Typically after such takedowns, the criminals regroup at other sites.
Dutch police put up a webpage to allow members of the public to enter their email address to determine whether their data was for sale on Genesis Market. The Justice Department said it had provided victim information for a website so that people could check if their accounts had been compromised.
___
Bajak reported from Boston.
WASHINGTON (AP) — Law enforcement agencies in the United States and Europe said Wednesday that they have taken down a major online marketplace for stolen login credentials that had given cybercriminals access to millions of compromised accounts since its 2018 launch.
Officials seized 11 domain names tied to the Genesis Market and arrested about 120 users across the world, including some in the U.S., according to the FBI and Justice Department, which participated in the operation.
The market “falsely promised a new age of anonymity and impunity, but in the end only provided a new way for the Department to identify, locate, and arrest on-line criminals,” Deputy Attorney General Lisa Monaco said in a statement.
Genesis Market had provided users with access to data taken from more than 1.5 million computers infected with malicious software, with over 80 million account access credentials, the Justice Department said.
“Operation Cookie Monster,” the effort by law enforcement agencies in 17 countries, disrupted the largest marketplace of its kind, officials said.
“Cookie” refers to the web browser cookies that let people log onto websites without the need for multifactor authentication. Criminal users of Genesis Market could purchase software scripts from it, including browser cookies and fingerprints that track a user’s online activity.
The market, a “one-stop shop for account takeovers,” was advertised on several predominantly Russian-speaking underground forums, the cybersecurity firm Trellix, which assisted in the investigation, said in a research report.
“While underground marketplaces that sell stolen credentials aren’t a new thing, Genesis Market was one of the first that focused on fingerprints and browser cookies to enable account takeovers despite growing MFA adoption,” the Trellix researchers said. A specialized browser it offered customers made “account takeover child’s play for criminals,” their report says.
Trellix said it observed more than 450,000 infected machines in examining the marketplace.
Trellix’s threat intelligence lead, John Fokker, said the takedown would “have a notable impact on the activities of cybercriminals focused on stolen credential usage for the rest of the year. ”
He said in an online chat that he did not believe the people who ran the site would be arrested because they are in Russia.
Typically after such takedowns, the criminals regroup at other sites.
Dutch police put up a webpage to allow members of the public to enter their email address to determine whether their data was for sale on Genesis Market. The Justice Department said it had provided victim information for a website so that people could check if their accounts had been compromised.
___
Bajak reported from Boston.
No comments:
Post a Comment