(WFRV) – Dozens of people worldwide were arrested after a coordinated international operation dismantled a criminal marketplace accessible on the dark web and clear web.
According to a release from the U.S. Attorney’s Office Eastern District of Wisconsin, U.S. Attorney Gregory Haanstad joined the Attorney General and other Justice Department officials in announcing the dismantlement of Genesis Market.
Genesis Market allegedly advertised and sold packages of account access credentials, such as usernames and passwords for email, bank accounts, and social media, that had previously been stolen from malware-infected computers around the world.
“Working across 45 of our FBI Field Offices and alongside our international partners, the Justice Department has launched an unprecedented takedown of a major criminal marketplace that enabled cybercriminals to victimize individuals, businesses, and governments around the world,” said Attorney General Merrick B. Garland.
Garland continued to say that the seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces.
“The Justice Department and our international partners will shut down your legal activities, find you, and bring you to justice,” added Garland.
Since Genesis Market’s inception in March 2018, it has offered access to stolen data from over 1.5 million compromised computers around the world, containing over 80 million account access credentials.
Account access credentials advertised for sale on Genesis Market included those connected to the financial sector, critical infrastructure, and federal, state, and local government agencies.
In addition to selling personal information, Genesis Market was one of the most prolific locations for initial access brokers (IABs). IABs attract criminals looking to easily infiltrate a victim’s computer system.
Genesis Market offered for sale the type of access sought by ransomware actors to attack computer networks in the United States and around the world.
“Genesis falsely promised a new age of anonymity and impunity, but in the end, only provided a new way for the Department to identify, locate, and arrest online criminals,” said Deputy Attorney General Lisa Monaco.
The combination of stolen access credentials, fingerprints, and cookies allowed purchasers to assume the identity of the victim by tricking third-party websites into thinking the Genesis Market user was the actual owner of the account.
Genesis Market had users all around the world, and several of them were taken into custody following the shutdown of the website.
“The operation being announced today is the direct result of the hard work, dedication, and exceptional collaborative efforts of the FBI and its partners around the globe,” stated U.S. Attorney Haanstad. “Along with investigative partners and our Justice Department colleagues, my office remains committed to using all available tools to protect individuals from cybercriminals like those who operate these types of online marketplaces.”
Victim credentials obtained over the course of the investigation have been provided to the website Have I Been Pwned, which is a free resource for people to quickly assess whether their access credentials have been compromised (or “pwned”) in a data breach or other activity.
Victims can visit HaveIBeenPwned.com to see whether their credentials were compromised by Genesis Market so that they can know whether to change or modify passwords and other authentication credentials that may have been compromised.
If you have been active on Genesis Market, are in contact with Genesis Market administrators, or have been a victim and have a need to report, please email the FBI at FBIMW-Genesis@fbi.gov.
The FBI Milwaukee Field Office investigated the case, with assistance from the U.K. National Crime Agency, Italy’s Polizia de Stato, Police of Denmark, Australian Federal Police, Royal Canadian Mounted Police, Canada’s Sûreté du Québec, Romanian Police, French Police Cybercrime Central Bureau, Spain’s Policia Nacional, Spain’s Guardia Civil, Germany’s Federal Criminal Police Service, Swedish Police Authority, Poland’s Central Bureau for Combating Cybercrime, Dutch National Police, Finland’s National Bureau of Investigation, Switzerland’s Office of the Attorney General, Swiss Federal Police, Estonia’s Prosecutor General’s Office, Iceland’s Metropolitan Police, and Eurojust.
