Police shut Genesis Market, 'one of world's largest' online sites for stolen identities

An international operation has taken down one of the biggest online marketplaces for stolen identities and account details in the world. Genesis Market was shut following the sting, which involved 17 countries and led to 199 arrests, the EU's policing agency said. The operation was led by the US FBI and the Dutch police but involved others such as the UK's National Crime Agency (NCA). Action against criminals took place in countries such as Australia, Britain, Canada, the US and more than 10 countries in Europe. "An unprecedented law enforcement operation involving 17 countries has resulted in the takedown of Genesis Market, one of the most dangerous marketplaces selling stolen account credentials to hackers worldwide," Europol said. "Genesis Market listed for sale the identities of over two million people when it was shut down," the agency In The Hague said. Visitors to the website on Wednesday encountered a message saying “this website has been seized” in bold capital letters, along with the FBI investigation name Operation Cookie Monster. The marketplace was offering 80 million sets of credentials for sale, affecting two million victims. Europol said the Genesis Market offered "bots" for sale that had infected victims' devices through malware or other cyber methods. "Upon purchase of such a bot, criminals would get access to all the data harvested by it such as fingerprints, cookies, saved logins and autofill form data," it said. The information was collected in real time so buyers would be notified of any change of passwords. Details including online banking, Facebook, Amazon, PayPal and Netflix account information were up for sale alongside so-called digital fingerprints containing data from the victims' devices. This enabled criminals to bypass online security checks by pretending to be the victim. NCA investigators carried out a series of raids on Tuesday and arrested 24 suspected users of the site. More than 200 searches were carried out worldwide. "Through the combined efforts of all the law enforcement authorities involved, we have severely disrupted the criminal cyber ecosystem by removing one of its key enablers," said Edvardas Sileris, who heads Europol's European Cybercrime Centre, which assisted in the operation. The EU's judicial agency, Eurojust, which is also based in The Hague, said it was a "multi-country effort dubbed Operation Cookie Monster". "Genesis Market customers were located all over the world and actively purchasing stolen packages of victim data until this takedown," it said. The NCA said 24 people were arrested in Britain and another 17 in the Netherlands. It estimates tens of thousands of British victims have been targeted. Will Lyne, head of cyber intelligence for the NCA, said: "Genesis Market is one of the top criminal access marketplaces anywhere in the world. "Genesis Market is an enormous enabler of fraud and a range of other criminal activity online by facilitating that initial access to victims, which is a critical part of the business model in a whole range of nefarious activity." The marketplace could be found using normal internet search engines, as well as on the dark web, and users were offered step-by-step guides on how to buy stolen details as well as how to use them for fraud. Prices started from 70 US cents (£0.56) and went up to several hundreds of dollars, depending on the type of information available. Rob Jones, director general of the National Economic Crime Centre, said it was "very, very easy" for anyone to access Genesis Market to commit crime. "This is the problem for us in the online world — you don't need to know a criminal to start," he said. "So you can completely self-start and go looking for this and get everything you need to perpetrate a crime. "And so that is why this is so damaging. You don't have to go and meet somebody, you don't have to go into a shadowy forum; you can get into it, pay your money, and then you've got the tools to commit a crime. "And that's why it is so damaging and it is very, very easy." Businesses as well as individuals had their information sold on Genesis Market, which facilitated fraud; ransomware attacks — where hackers block access to data and demand payment to release it; sim-swapping, where mobile phone numbers are hijacked; and the theft of source codes from companies. NCA investigators have already set up spoof distributed denial-of-service sites, which bring down servers by flooding them with requests, to harvest the details of criminals, and may use similar tactics when it comes to fraud sites. Mr Jones said: "Our approach to tackling the criminal marketplace is that cyber criminals won't know who they're interacting with and won't know for certain that they are dealing with a criminal. And that could be a site that a partner or the NCA has access to and we're getting their credentials. "If you're a cyber criminal, you're not going to know whether we've got your credentials and whether you're going to get a knock on the door in the morning." Members of the public can check whether their details were listed on Genesis Market by visiting a Dutch police website . Users are asked to enter their email address. They receive a reply if it is found on a data set of the racket’s victims.

Police shut Genesis Market, 'one of world's largest' online sites for stolen identities

Marketplace was closed following the sting, which involved 17 countries and led to 199 arrests