FBI seizes criminal marketplace Genesis in fight against state-backed cybercrime

In a bid to fight illicit state-backed cybercrime, senior U.S. government officials confirmed Wednesday that Genesis Market, a Russian-linked marketplace where tens of millions of hacked accounts were sold to bad actors around the world, had been seized as part of an ongoing investigation into such crimes.

‍

Operation Cookie Monster, as it is called, is the largest operation of its kind in history, according to officials.

‍

Hundreds of law enforcement operations were carried out by the FBI and the Justice Department on Tuesday, in cooperation with an international consortium of law enforcement authorities, who worked together to lead the operation. Genesis Market was also sanctioned by the Treasury Department's Office of Foreign Assets Control on Wednesday as part of a sweeping anti-terrorist campaign.

‍

Government officials described Genesis as one of the two largest venues for purchasing and selling hacked accounts, with a sophisticated, globe-spanning infrastructure capable of compromising over one million devices, according to the officials. One of the other sites, BreachForums, was apparently taken down in late March as part of a security operation.

‍

"It has been taken down today as a demonstration of the FBI's commitment to disrupting and dismantling key services that are used by criminals to facilitate cybercrime," according to a statement from FBI Director Christopher Wray. The services are part of a push to put pressure on state-backed cybercrime and an unnamed adversary, senior government officials stated in a briefing on Wednesday, an apparent reference to Russia, in order to put pressure on state-backed cybercrime.

‍

Genesis' domain names were taken down by the FBI and replaced with a seizure notice by the FBI, according to a report released on Tuesday. There were 400 law enforcement operations, including 208 searches, carried out in over a dozen countries at the same time the domains were taken down, according to senior government officials.

‍

In addition, they claimed law enforcement operations had been conducted in the U.S., but they did not specify whether any arrests had been made as a result of those operations.

‍

Officials from the government said that the operations spanned the globe and targeted both the operators of the service and its users. It is estimated that the illicit behavior resulted in losses of tens of millions of dollars, according to the officials. Cybercriminals, according to Treasury Department statistics, are taking advantage of malware-infected computer systems to gather stolen private data, such as mobile device identifiers, email addresses, usernames, and passwords, which are then sold to cyber-criminals for profit. The Genesis company also sold access to computer systems that were not authorized.

‍

Several records indicate that Genesis domain names were associated with nameservers located in Russia and China, two nations that have been implicated in state-sponsored hacking in the past. It is believed that Genesis is located in Russia, according to the Treasury Department. Government officials said that Genesis' user base was spread out across dozens of countries, underlining the importance of international cooperation in ensuring the success of the project.

‍

Bitzlato, a cryptocurrency exchange whose alleged links to a Russian dark web marketplace have been overtly linked to criminal activity, was the target of a Justice Department action taken earlier this year against it. According to senior Justice Department and FBI officials, Operation Cookie Monster is a continuation of that effort.

‍

As of Feb. 1, the Treasury Department estimates that there were approximately 460,000 packages of stolen private information listed for sale on the marketplace.

‍

“As a warning to cybercriminals who operate or use these criminal marketplaces, our seizure of Genesis Market should serve as a reminder to them that the Justice Department and our international partners will shut down the illegal activities of these cybercriminals, find them, and prosecute them,” Attorney General Merrick Garland said.

‍

"The United States, in conjunction with our international partners, will not allow illicit marketplaces to operate with impunity," Undersecretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson, said in a press statement. "We will continue to work closely with the Federal Bureau of Investigation and other law enforcement agencies in order to disrupt this kind of activity and hold the malign actors responsible for their actions."