'Operation Cookie Monster': Authorities seize dark web marketplace

Sold stolen logins, cookies, browser fingerprints and other information

'Operation Cookie Monster': Authorities seize dark web marketplace

The action comes as a significant blow to the cybercriminal community, which used Genesis Market to sell and purchase compromised credentials and digital browser fingerprints.

A message now displayed on the seized domain shows that the FBI has taken control of the platform (pursuant to a seizure warrant from the US District Court for the Eastern District of Wisconsin).

The site also displays logos of various European, Canadian and Australian law enforcement organisations, in addition to that of cybersecurity firm Qintel.

Authorities arrested approximately 120 individuals and conducted around 200 searches worldwide as part of the operation.

The UK's National Crime Agency confirmed that it had arrested 24 suspected Genesis Market users. The FBI also said arrests had taken place in the USA.

Law enforcement agencies from various countries, including the UK, USA, Australia, Canada, Denmark, Germany, Poland and Sweden, worked together on the operation. Europol and the EU's Eurojust also played a significant role.

Founded in 2018, Genesis Market was a platform where cybercriminals could purchase stolen logins, cookies and browser fingerprints. Hackers could then use these assets to gain unauthorised access to accounts and even impersonate web browsers, bypassing the need for a password or two-factor authentication token.

The stolen assets were collected in real-time, allowing buyers to receive notifications of any changes made to the accounts. With this information, cybercriminals could carry out fraudulent activities such as directly transferring money out of the victim's account or making unauthorised purchases.

The UK's National Crime Agency (NCA) noted that Genesis Market offered "bots" for sale that had already infected devices, and could be used to access victims' personal information.

The bots were available at prices ranging from as little as $0.70 to several hundred dollars, depending on the value of the bank account information.

The NCA estimated that Genesis Market hosted around 80 million stolen credentials and digital fingerprints, belonging to over 2 million individuals.

"UK activity will continue in the form of arrests and preventative action, where many users will be contacted by law enforcement and warned about their potentially criminal activity," the NCA added.

Rob Jones, NCA Director General NECC and Threat Leadership, said: "Behind every cyber criminal or fraudster is the technical infrastructure that provides them with the tools to execute their attacks and the means to benefit financially from their offending.

"Genesis Market was a prime example of such a service and was one of the most significant platforms on the criminal market. Its removal will be a huge blow to criminals across the globe."

The takedown of Genesis Market comes just a few weeks after the FBI arrested a 20-year-old man from New York accused of operating BreachForums, notorious hacking community site.

Last month, a threat actor utilised BreachForums to try to sell personal data of US lawmakers taken in a breach on DC Health Link, a healthcare provider for US House members, their employees, and their families.

BreachForums surfaced last year, about three weeks after a coordinated law enforcement effort took control of another cybercrime site, RaidForums, in March 2022.