An online criminal marketplace selling millions of stolen identities for as little as 56 pence has been taken down in an international crackdown.
The sting operation, led by the FBI and Dutch police with the involvement of law enforcement agencies in 18 countries, including the UK’s National Crime Agency (NCA), took Genesis Market offline Tuesday night.
Users trying to access the site now see a page with the FBI investigation name “Operation Cookie Monster.”
The marketplace had 80 million sets of personal credentials available for sale, covering 2 million people.
Account information for online banking, Facebook, Amazon, PayPal and Netflix were up for sale along with so-called fingerprints containing data from the victims’ devices. This allowed criminals to bypass online security checks by posing as the victim.
The NCA carried out a series of raids on Tuesday and arrested 19 suspected users of the site, while around the world they arrested about 120 people and conducted more than 200 searches.
The NCA estimates that there were hundreds of UK users of the site and that tens of thousands of British victims have been attacked.
Will Lyne, NCA’s head of cyber intelligence, said: “Genesis Market is one of the leading marketplaces for criminal access anywhere in the world. Genesis Market is a great enabler of fraud and a variety of other criminal activities online by facilitating that initial access to victims, which is a critical part of the business model across a wide range of nefarious activities.”
The marketplace could be found using normal internet search engines as well as on the dark web, and users were offered step-by-step guides on how to buy stolen details and how to use them for fraud.
Prices started as low as 70 US cents (56 pence) and went up to several hundred dollars, depending on the type of information available.
Rob Jones, CEO of the National Economic Crime Center, said it was “very, very easy” for anyone to access Genesis Market to commit crime.
“This is the problem for us in the online world: You don’t have to know a criminal to get started,” he said. “Then you can start with yourself and go find this and get everything you need to commit a crime.
“And that’s why this is so harmful. You don’t have to go meet someone, you don’t have to go into an obscure forum; you can go in, pay your money and then you have the tools to commit a crime. And that’s why it’s so harmful, and it’s very, very easy.”
Both companies and individuals sold their information on the Genesis Market, facilitating fraud, ransomware attacks (where hackers block access to data and demand payment to release it), sim swapping (where mobile phone numbers) and source code theft. of companies
NCA researchers have already set up fake distributed denial-of-service sites, which flood servers with requests, to harvest the criminals’ details and may use similar tactics when dealing with fraudulent sites.
