An “unprecedented” police operation was announced Wednesday, April 5, which resulted in the dismantling of a platform for selling stolen account credentials to cybercriminals around the world.
At least 100 people were arrested during an international operation that mobilized 17 countries, including Spain, led by the United States and the Netherlands, which succeeded in dismantling the Genesis Market platform, one of the most dangerous marketplaces for selling stolen account credentials to cybercriminals worldwide.
As announced on Wednesday, April 5 by Europol and Eurojust, the “unprecedented” police operation concluded with the dismantling of Genesis Market, which means the closure of this illegal service and the seizure of its infrastructure.
It is one of “the largest criminal facilitators” of personal account access credential packages (from emails to bank accounts and social networks), with more than 1.5 million “‘bots’ listings totaling more than 2 million identities” at the time of this international operation.
During this operation, simultaneous raids were conducted worldwide against users of this platform, resulting in 119 arrests and 208 property searches in 13 countries. The operation was coordinated from a command post established at Europol headquarters in The Hague.
The director of Europol’s European Cybercrime Center, Edvardas Šileris, welcomed the fact that the authorities involved in the operation had “severely disrupted the cybercrime ecosystem by removing one of its key facilitators,” and stressed that, with victims located all over the world, “strong relationships” with international partners Europol and Eurojust were “fundamental to the success of this case.”
The countries involved in the operation are Australia, Canada, Denmark, Estonia, Finland, France, Germany, Italy, the Netherlands, New Zealand, Poland, Romania, Spain, Switzerland, Sweden, the United Kingdom and the United States.
The main criminal product offered by Genesis Market was digital identities: it sold what are called “bots”, which were basically bundles of stolen credentials collected from infected computers around the world through “malware” or account takeover attacks.
The criminals gained access to all the data collected by this bot, such as fingerprints, cookie history, saved login and autofill form data, and this information was collected in real time, meaning that buyers were notified of any password or information changes that occurred.
At the time of the takedown, Genesis Market advertised the sale of stolen account credentials from approximately 460,000 computing devices located in almost every country in the world.
The price of the “bot” ranged from $0.70 to several hundred dollars, depending on the amount and nature of the stolen data, with the most expensive price for those containing financial information allowing access to online bank accounts.
Unlike other similar marketplaces, access to Genesis Market was also via an open website, but by invitation only, and criminals who purchased the bots were also given the means to use them, with a customized browser that would mimic that of their victim’s even in security settings, Europol notes.
Created in 2018, its accessibility and low prices greatly reduced the barrier to entry for buyers, making it a popular resource among hackers.