This week, the FBI and a coalition of European police partners took aim at one of the biggest illegal markets on the internet. Genesis, known for selling stolen data to the highest bidder, has officially been dismantled. The crackdown is yet another attempt by the government to disrupt and deter the dark web’s worst cybercriminal offenders.
On Wednesday, Justice Department officials provided details of their recent operation, dubbed “Operation Cookie Monster” (like browser cookies, not Chip’s Ahoy), in which the FBI worked together with an international consortium of foreign cops to go after the market’s admins and users. So far, everything we know about “Cookie Monster” makes it sound like a very big operation. Law enforcement officials in 17 participating countries carried out as many as 200 raids, arresting at least 100 people in connection with the market. Many of the arrestees are said to be people who used the forum to buy stolen data. A number of websites associated with the market have also been seized.
That might sound like a whole lot of manpower for a single dark web market but Genesis appears to have caused a whole lot of damage. Indeed, cops say the site is responsible for having pilfered or sold data connected to over 1.5 million computers and as many as 80 million online accounts.
Attorney General Merrick B. Garland called the operation “unprecedented,” and revealed that a whopping 45 FBI field offices participated in the investigation to smash the criminal platform. “Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice,” Merrick warned.
How Genesis Worked
Genesis, which is believed to be located in Russia, offered a number of services to paying web cretins but one of its most popular was the sale of what the site called “bots.” In this context, bots amount to an aggregate of stolen account information linked to one particular person. Sensitive data—like a person’s browser cookies, as well as passwords for social media, banking, and email accounts—were sold in packages to allow a criminal to surreptitiously invade and manipulate a person’s online life. Cybercriminals used the access provided by bots for a number of different reasons—and sometimes the access could be used to implement more ambitious hacking campaigns targeted at corporate networks, notes cybersecurity journalist Brian Krebs in his write-up about the site’s demise.
Check if Your Passwords Were Stolen
A cool feature of this recent operation is that the FBI has turned over much of the data seized from the Genesis marketplace to Have I Been Pwned, the well-known search engine for compromised account credentials. Troy Hunt, who runs the website, said that the bureau “provided millions of impacted email addresses and passwords” to the site “so that victims of the incident can discover if they have been exposed.” That means that—should you be curious—you can do a quick search of the material to see if some dark web jerk was in the process of selling your precious information when the cops came crashing in.
The Dark Web’s Dark Days Continue
The demise of Genesis is only the latest in a string of high-profile police operations that have targeted some of the dark web’s hottest marketplaces. Many of these takedowns have been the work of the Biden Justice Department, which—over the past several years—has developed an increasingly aggressive posture towards cybercrime. Deputy Attorney General Lisa O. Monaco was happy enough to point this out Wednesday: “The Department of Justice is shining a light on the internet’s darkest corners – in the last year alone, our agents, prosecutors, and partners have dismantled the darknet’s largest marketplaces,” said Monaco, following the Genesis takedown. “Each takedown is yet another blow to the cybercrime ecosystem.”
Last year, authorities notably disrupted the Hydra Market—what had been one of the largest offerings of dark web services. Around the same time, cops also went after “Besa Mafia,” a well-known assassin fraud website. In recent months, the FBI has also undertaken a number of sophisticated operations, including the infiltration and dismantlement of the prominent ransomware gang “Hive,” as well as the bust of a widely used darknet cryptocurrency mixer—ChipMixer—which is alleged to have helped wash some $3 billion in illegal transactions, including some of the loot stolen last year from the Axie Infinity crypto project by North Korea’s “Lazarus” group. The recent take down of the well-known criminal hub “BreachedForums”—long considered one of the most popular dark web marketplaces—was considered a major blow to the cyber underworld.
Of course, while cops are currently kicking butt, conventional wisdom would tend to conclude that this is only a temporary period of adversity for the dark web and that, given due time, new sites will emerge to take the place of the markets that have been taken down.
“Cybercriminals will always try to find or create an alternative to these platforms,” said Yuliya Novikova, with cybersecurity firm Kaspersky, in a statement shared with Gizmodo Wednesday.
Another security professional, Adrianus Warmenhoven, of NordVPN, agreed. “Unfortunately, when one of these sites is removed, it creates a vacuum that could be quickly filled by others,” said Warmenhoven. “One of Genesis’s main rivals was the 2easy marketplace. This mysteriously stopped operating at the start of this year but is rumored to be planning a return to the fold,” he added.
Yes, internet crime—like normal crime—is driven by demand, so as long as there is a desire for seedy digital offerings, it stands to reason that websites will be around to offer them.