Dubbed “Operation Cookie Monster,” a global police investigation has shut down Genesis Market, one of the world's largest online marketplaces, long believed to be a platform where cybercriminals can buy stolen identities and passwords.
Read: Surface Under Attack: Addressing Digital Safety
Claimed to be one of the most dangerous marketplaces selling stolen account credentials to hackers worldwide, the Russia-based website has been taken down after selling the identities of over two million people for as little as $0.70.
Managing to be hidden in plain sight on the open web, the “invitation-only” website offered "bots" for sale that had infected victims' devices through malware or other methods, gaining access to private data such as fingerprints, cookies and saved logins. This attracted criminals through "accessibility and cheap prices."
The FBI and Dutch-led operation arrested a total of 119 people, involving law enforcement in 17 countries and over 200 raids worldwide. Suspects were targeted in the US, Australia, Britain, Canada, France and the Netherlands, to name a few.
Through the blacklisted site, it was possible to order and pay for things in web shops in the name of victims without their knowledge. The leader of the Dutch police cybercrime team gave the example of a 71-year-old man who lost almost 70,000 euros from his investment account after unauthorized web purchases were made under his name.
Since April 5, 2023, those who tried to access Genesis Market saw a screen with an image of a person wearing an FBI hoodie in front of a computer and a text that confirms that the “website has been seized.”
