A seal reading “Department of Justice Federal Bureau of Investigation” is displayed on the FBI’s J. Edgar Hoover Building in Washington, DC on August 9, 2022.
Stefani Reynolds | AFP | Getty Images
The FBI and other law enforcement agencies on Tuesday seized the domain names of Genesis Market, a cybercrime marketplace that allowed criminals to impersonate customers on websites ranging from Amazon For loyalty.
On Tuesday, the normal Genesis login page was replaced with a takedown notice, urging users to contact the FBI if they had any further information about the administrators or operations of Genesis.
Genesis was a “big fish,” said cybersecurity researcher Matthew Gracey-McMinn of Netacea, and its shutdown was a blow to other threat actors in space.
The takedown, dubbed Operation Cookie Monster, targeted an online marketplace that allowed users to buy and sell data that would allow them to impersonate legitimate users of major platforms, including drop box, PayPal, MicrosoftTwitter and a number of cryptocurrency exchanges.
These platforms have not been hacked or compromised. Instead, criminals could buy digital “robots” that used data that hackers stole from users’ devices, including information from autofill forms, saved login credentials, and small digital files. called cookies that companies use to track user activity online.
Genesis then provided customers with a custom browser based on Google’s Chromium project that allowed bad actors to adopt the internet persona of hacked individuals, by loading unique data stored in cookies and auto-filled passwords to impersonate the user.
In 2021, at least 350,000 “bots” were available on the Genesis platform, according to a Netacea report.
Gracey-McMinn told CNBC that robots sold on Genesis were high quality and could fetch up to $450 each. Lower-quality hacked data that’s still on the market can cost as little as $4 or $5, Gracey-McMinn said.
But while the FBI and international law enforcement may have arrested Genesis, it’s unclear whether they will be able to detain Genesis’s owners and directors, who are likely located in Russia or a Russian-speaking region, according to Gracey-McMinn. But it’s undeniably a “boost to the ease of identity fraud,” he said.
The FBI Field Office in Milwaukee referred the comments to the Bureau’s Main Press Office, which did not immediately respond to CNBC’s request for comment.
In addition to the FBI, the effort involved law enforcement agencies from Australia, Canada, Germany, Poland, Sweden and the European Union.