POLICE from 17 countries have taken down “Genesis Market” – described as by Europol as “one of the most dangerous marketplaces selling stolen account credentials to hackers worldwide.”
The illegal service was shut down and its infrastructure seized, with 119 people arrested, 208 property searches and 97 knock and talk measures. The international sweep took place on April 4, police agencies announced.
Genesis Market was considered one of the biggest criminal facilitators, with over 1.5 million bot listings totalling over 2 million identities at the time of its takedown.
The operation was led by the FBI and the Dutch National Police (Politie), with a command post set up at Europol’s headquarters on the action day to coordinate the different enforcement measures being carried out across the globe.
Genesis Market’s main criminal commodity was digital identities. This marketplace would offer for sale what the market owners referred to as ‘bots’ that had infected victims’ devices through malware or account takeovers attacks.
“Upon purchase of such a bot, criminals would get access to all the data harvested by it such as fingerprints, cookies, saved logins and autofill form data. This information was collected in real time – the buyers would be notified of any change of passwords, etc,” a Europol spokesperson said today.
“The price per bot would range from as little as USD 0.70 up to several hundreds of dollars depending on the amount and nature of the stolen data. The most expensive would contain financial information which would allow access to online banking accounts.
“The criminals buying these special bots were not only provided with stolen data, but also with the means of using it. Buyers were provided with a custom browser which would mimic the one of their victim. This allowed the criminals to access their victim’s account without triggering any of the security measures from the platform the account was on,” the spokesperson said.
These security measures include recognising a different log-in location, a different browser fingerprint or a different operating system.
Unlike other criminal marketplaces, Genesis Market was accessible on the open web, although obscured from law enforcement behind an invitation-only veil. Its accessibility and cheap prices greatly lowered the barrier of entry for buyers, making it a popular resource among hackers.
“The takedown of Genesis Market was a priority for law enforcement given the platform’s ability to facilitate all types of cybercrime,” Europol said in a statement.
Europol’s European Cybercrime Centre (EC3) at the Hague was involved in the operation and a command post was also set-up at the agency’s headquarters in The Hague, the Netherlands to ensure the smooth running of the action day across the world.
Commenting on this operation, the Head of Europol’s European Cybercrime Centre, Edvardas Šileris, said: “Through the combined efforts of all the law enforcement authorities involved, we have severely disrupted the criminal cyber ecosystem by removing one of its key enablers. With victims located across the globe, the strong relationships with our international partners were critical in the success of this case.”
How to tell whether your data was stolen
With over 1.5 million bots listed on Genesis Market, chances are that your credentials have already ended up for sale on this criminal marketplace.
The Dutch Police has developed a portal to check whether your information has been compromised. Visit https://www.politie.nl/checkyourhack and fill in your email address to control whether it is part of a Genesis Market leak.
If your digital identity has been stolen, here are the steps you should take:
- Run your antivirus programme. In most cases, your antivirus will catch the malware and remove it. Only then should you change all your passwords – not before if you do not want the cybercriminals getting their hands on them.
- Notify relevant stakeholders. Your bank, insurance company and any other important third party should be made aware of your identify theft.
Remember that cybercriminals are quick at adapting their techniques to benefit from any opportunity. There are simple preventive actions you can take to make it more difficult for them to access your devices and data:
• If available, use antivirus software on all your electronic devices.
• Keep your software updated, including your browser, antivirus and operating system.
• Browse and download only official versions of software and always from trusted websites.
• Be wary while browsing the internet and do not click on suspicious links, pop-ups or dialog boxes.
• Think twice before clicking on links or attachments within unexpected emails.
• Set up unique passwords. Generate strong passwords or passphrases for each individual website and service. This is where the use of a password manager comes in handy.
• Activate multifactor authentication functionality whenever possible for all of your accounts.