The FBI, working with multiple other law enforcement agencies have have seized and closed down a website which acted as a place for individuals to buy and sell data that would let them impersonate legitimate users of major online platforms. such as Dropbox, PayPal, Twitter, Amazon and other popular sites as well as a number of cryptocurrency exchanges.
The website – known as Genesis Market – was classified as an Initial Access Brokerage Forum and allowed people to purchase bots that used stolen data, including information from browser auto-fill forms, saved login information, and cookies to adopt the Internet persona of hacked individuals
Genesium
The stolen data was offered to buyers as either a plug-in for their existing browser, or loaded into a bespoke browser called Genesium which was based on the Google Chromium open-source browser, to allow the criminals to masquerade as the user and then access their accounts.
According to a report produced by cyber security company Netacea, The Genesis Market had at least 350,000 bots in 2021.
As is often the case, the seized domain is currently displaying the usual FBI take-down image.
The FBI have not yet divulged how they gained access to the servers hosting the website, although unusually the notice says that law enforcement worked with private sector organisations to achieve their success.
If the FBI have physical access to the servers, then it will be currently undergoing forensic examination to try to extract and identify those who have used the site to purchase bots, so criminals will be looking over their shoulders for a while, awaiting a knock on the door.
Whilst the FBI and their international law enforcement partners may have taken down Genesis Market, it’s doubtful they will be able to detain Genesis’ owners and administrators, who are likely located in Russia or a Russian-speaking region.
Online posts by those behind the site appear to show that they are not phased by the domain seizure and that they will have a new site up and running soon.
The UK’s National Crime Agency (NCA) have released their own report into their part in arresting individuals suspected of using the site for illegal activites.
As part of the investigation, the NCA identified hundreds of UK-based users of the platform and information was passed to policing partners across the country. This resulted in 47 warrants being executed yesterday(04/04/23) and this morning (05/04/23) in coordinated raids by the NCA, Regional Cyber Crime Units and police forces.
19 people were arrested in the UK, including two men, aged 34 and 36, who were detained by the NCA in Grimsby on suspicion of Computer Misuse Act and fraud offences.
Check your data
If you are concerned about whether your data was being traded on Genesis Market, you can enter your email address here – If your data has been found in the market place, you will receive an email from the Police informing you of the fact. No email means no breach!
Final comment…
Sorry, this is a serious cyber event, but due to the name of the OP, I couldn’t miss the opportunity to get AI to build an image of Cookie Monster as a police officer!
