DOJ seizes Genesis Market, a dark web marketplace known for selling stolen passwords

Posted on : April 5, 2023
DOJ seizes Genesis Market, a dark web marketplace known for selling stolen passwords

U.S. Attorney General Merrick Garland, joined by Director of the Federal Bureau of Investigation Christopher Wray, announcing an international ransomware enforcement action in January 2023. Photo: Kevin Dietsch/Getty Images

The Justice Department announced today that the FBI and its international partners have seized notorious cybercrime marketplace Genesis Market.

Why it matters: Malicious actors often use marketplaces like Genesis Market to buy and sell stolen passwords and other login credentials that can help others in future data breaches.

  • Because users often reuse the same username and passwords across accounts, these stolen credentials are easy ways for malicious hackers to access data beyond the organization that was originally hacked.

The big picture: Today's announcement follows several law enforcement efforts that have prompted the shutdown of a major dark web marketplace in the last year — including the seizure of Hydra Market exactly a year ago and arrest of BreachForums' top administrator last month.

  • 45 FBI field offices and law enforcement partners in a dozen countries, including the United Kingdom, Italy, Denmark, Australia, Canada and Romania assisted in the investigation.

Details: Since March 2018, Genesis Market facilitated the sales of data stolen from more than 1.5 million computers, including login credentials associated with more than 80 million accounts, the DOJ estimates.

  • Genesis Market also sold so-called "device fingerprints" that provide a combination of someone's device identifiers and browser cookies to circumvent anti-fraud detection software.
  • Law enforcement officials seized 11 domain names used to keep Genesis Market online as part of an FBI investigation dubbed "Operation Cookie Monster."
  • The FBI handed over the stolen login credentials obtained during the investigation to the website, "Have I Been Pwned," which helps people track whether their information has been exposed during data breaches.
  • The Treasury Department also placed sanctions on Genesis Market on Wednesday that bar U.S. people and entities from conducting transactions on the site.

What they're saying: “Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: The Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice," Attorney General Merrick Garland said in a statement.

Between the lines: The action follows federal law enforcement's existing strategy to not only target the perpetrators of high-profile cyberattacks, including ransomware gangs, but also the tools and internet infrastructure they rely on.

  • Going after the digital infrastructure underpinning the cybercriminal world allows law enforcement to circumvent one of their biggest problems: Perpetrators of these crimes are often based in countries that don't have an extradition agreement with the United States, such as Russia.

Yes, but: Cybercriminals are known for their ability to quickly adapt and find new tools for their operations, and several forums exists online that provide alternatives to Genesis Market's services.

  • Genesis Market had been experiencing technical issues and was "frequently unavailable" in the last few months, Roman Faithfull, cyber threat intelligence analyst at ReliaQuest, told Axios in an email, so many malicious actors probably already started migrating to other resources.

Sign up for Axios’ cybersecurity newsletter Codebook here

Source: Read Full Article