Security news that informs and inspires

FBI Takes Down Genesis Market

The Department of Justice has taken down another online criminal marketplace, this time the Genesis Market, which is known for selling large volumes of stolen user credentials and serving as an initial access broker for cybercriminals.

Genesis Market has been in operation for about five years and was one of the major hubs for people looking to buy stolen usernames and passwords or initial access to a given network. The Justice Department announced Tuesday that it had taken down the market and said that Genesis had offered more than 80 million sets of credentials for sale, including those for financial companies, federal, state and local government agencies, and critical infrastructure operators.

“Yesterday, the Department of Justice and its partners dismantled the Genesis Market and arrested many of its users around the world,” said Deputy Attorney General Lisa Monaco.

“Genesis falsely promised a new age of anonymity and impunity, but in the end only provided a new way for the Department to identify, locate, and arrest on-line criminals. The Department of Justice is shining a light on the internet’s darkest corners – in the last year alone, our agents, prosecutors, and partners have dismantled the darknet’s largest marketplaces – Hydra Market, BreachForums, and now Genesis. Each takedown is yet another blow to the cybercrime ecosystem.”

The takedown of Genesis Market follows closely on the heels of a similar disruption of BreachForums on March 24, which included the arrest of the alleged operator of that platform, Conor Fitzpatrick. BreachForums was a similar market, selling stolen data such as bank credentials and Social Security numbers, as well as hacking tools. The Justice Department also has disrupted several other darknet markets and hacking forums recently, including the Hydra market last year.

Disrupting darknet markets that sell stolen data and hacking tools has become a major focus of United States law enforcement agencies, along with the takedown of illegal cryptocurrency operations or exchanges that serve as money laundering hubs for stolen cryptocurrency. While these takedowns and disruptions sometimes result in arrests and short-term problems for the users who have to find another platform to buy and sell stolen information, there is always another marketplace ready to take the last one’s place. Setting up the market and getting the infrastructure is relatively simple. What’s more difficult is earning the trust of the cybercrime underground customer base and remaining off of law enforcement’s radar.

“Genesis Market was user-friendly, providing users with the ability to search for stolen access credentials based on location and/or account type (e.g., banking, social media, email, etc.). In addition to access credentials, Genesis Market obtained and sold device “fingerprints,” which are unique combinations of device identifiers and browser cookies that circumvent anti-fraud detection systems used by many websites,” the Justice Department said.

“The combination of stolen access credentials, fingerprints, and cookies allowed purchasers to assume the identity of the victim by tricking third party websites into thinking the Genesis Market user was the actual owner of the account.”

The department did not announce any arrests in connection with the Genesis takedown.