{"id":88692,"date":"2023-04-05T08:00:00","date_gmt":"2023-04-05T08:00:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=88692"},"modified":"2023-04-05T08:00:00","modified_gmt":"2023-04-05T08:00:00","slug":"cops-bust-genesis-cyber-crime-marketplace","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=88692","title":{"rendered":"Cops bust Genesis cyber crime marketplace"},"content":{"rendered":"

Genesis Market, one of the largest global suppliers of stolen personal data<\/a> to the cyber criminal underground, has been taken down and more than 120 arrests made in Operation Cookie Monster, a multinational effort led by the Dutch National Police and the United States\u2019 FBI, which included the UK\u2019s National Crime Agency<\/a> (NCA) and law enforcement from 14 other countries.<\/p>\n

The operation saw the Genesis Market website taken down on the evening of Tuesday 4 April, but to guarantee its operational security the action has not officially been made public until now.<\/p>\n

Over the past 36 hours, the NCA, working with Regional Cyber Crime Units and police forces around the UK, has executed 47 search warrants and conducted coordinated raids in connection with Genesis. Two men, aged 34 and 36, were arrested in Grimsby, and 19 others have been arrested in the UK.<\/p>\n

More arrests are likely to take place, with charges sought for a range of offences covered by the Fraud and Computer Misuse Acts. Many others will be contacted under the auspices of the national Cyber Prevent strategy<\/a>, which aims to conduct early interventions to guide likely offenders away from a life of cyber crime.<\/p>\n

Rob Jones, NCA director general for the National Economic Crime Centre and threat leadership, said: \u201cBehind every cyber criminal or fraudster is the technical infrastructure that provides them with the tools to execute their attacks and the means to benefit financially from their offending.<\/p>\n

\u201cGenesis Market was a prime example of such a service and was one of the most significant platforms on the criminal market. Its removal will be a huge blow to criminals across the globe.<\/p>\n

\u201cTargeting this infrastructure is at the core of the NCA\u2019s efforts to disrupt the highest harm offenders and protect the public from those seeking to infiltrate their lives, stealing their identities and their money,\u201d he said.<\/p>\n

\"Seizure
<\/i>The Genesis Market website was taken down on the evening of Tuesday 4 April 2023 <\/figcaption><\/figure>\n

Genesis Market was one of the top criminal marketplaces around the world, and access was granted by invitation only. It specialised in selling digital fingerprints and compromised credentials \u2013 harvested using infostealing malware \u2013 that allowed its users to masquerade as their victims to bypass online security checks.<\/p>\n

A digital fingerprint, also sometimes referred to as a bot, is defined as something that is unique to an individual\u2019s computer and encompasses a vast array of potential data points. This can include technical information such as software versions, and location, display and language settings, but more pertinently here, the cookies, service logon credentials, and personal and financial data that users store in their web browsers.<\/p>\n

During the course of the investigation, authorities uncovered approximately 80 million sets of credentials relating to two million individuals, tens of thousands of them in the UK.<\/p>\n

The cost of these bots varied from as low as about 50 pence up to several hundred pounds, depending on the amount and nature of the data available on a particular individual. In general, profiles that contained online banking credentials fetched a higher price.<\/p>\n

Genesis Market was hosted on both the public internet and the dark web and was run as a highly \u201cprofessional\u201d operation, with cyber criminals able to take advantage of an internal wiki to answer any questions they might have and advanced search tools to let them break down available data by country or website.<\/p>\n

Uniquely among its peers, Genesis Market then supplied its users with browser plugins that allowed them to use the internet while appearing, to every site they visited, whether it be a bank, retailer or social media site, to be the compromised user.<\/p>\n

\n

<\/i>Useful tool for ransomware crews<\/h3>\n

The majority of Genesis Market usage related to fraud, money laundering and theft, but more disturbingly from a cyber security point of view, the NCA has obtained evidence that Genesis Market also offered digital fingerprints that enabled cyber criminals to access their victims\u2019 workplace networks, systems and cloud services remotely, making it a valuable tool for ransomware operators<\/a>.<\/p>\n

The NCA said it had evidence that Genesis Market had facilitated ransomware attacks, as some of the credentials included remote logons to corporate systems that would have offered easy initial access into target systems to ransomware operators. It is currently unable to attribute any known incidents to activity.<\/p>\n

Computer Weekly understands that data sold via Genesis Market has also been linked to SIM-swapping attacks and the theft of source code from technology companies.<\/p>\n<\/section>\n

\n

<\/i>Turning the tables<\/h3>\n

The NCA said the operation represented a sea change in how it approaches the problem of fraud \u2013 which accounts for over 40% of reported crime in the UK \u2013 by appropriating the tactics used against ordinary victims and using them on the cyber criminals responsible.<\/p>\n

Echoing methods used in a March 2023 operation against DDoS-for-hire websites<\/a>, the NCA has itself \u201cstolen\u201d the credentials used by the criminals that accessed those sites, and will be using them to identify and track down even more offenders.<\/p>\n

Ultimately, it wants to undermine trust in the cyber criminal underground by making criminals understand that, just as an ordinary victim won\u2019t know their credentials have been compromised until their bank accounts are emptied, the criminals themselves won\u2019t know they are being watched until the police kick their front door in at six in the morning.<\/p>\n

\u201cCyber crime is a key enabler of the vast majority of fraud, which is now the single largest crime type in the UK, affecting more people than any other. The NCA is attacking criminal infrastructure from all angles<\/a> and those seeking to use such services should be aware that we are coming after them,\u201d said Jones.<\/p>\n<\/section>\n

\n

<\/i>Advice for victims<\/h3>\n

The NCA is today encouraging members of the public to take action to find out if their devices or accounts have been compromised. You can check if your data has been compromised and accessed by users of Genesis Market by entering your email address at Check Your Hack<\/a>, a certified website set up by the Dutch authorities.<\/p>\n

If you find you have been affected, the NCA has worked with the National Cyber Security Centre (NCSC) and the City of London Police to provide further advice and guidance on what to do next, which can be accessed on the NCA\u2019s website<\/a>.<\/p>\n

If you have been a victim of any form of digitally enabled fraud or cyber crime, you can report it at any time via Action Fraud<\/a>, or in Scotland, by calling Police Scotland on 101. You should also report incidents to your bank. If you choose to report as a victim of Genesis Market, quote \u201cGenesis\u201d in the \u201cAdditional Information\u201d box on the Action Fraud report, or mention it to the police.<\/p>\n

If you are contacted by a law enforcement officer in relation to a suspected fraud, you can verify their identity by calling 101, or the NCA Control Centre on 0370 496 7622.<\/p>\n

Suspicious emails and phishing attempts can also be forwarded to the NCSC\u2019s reporting inbox at [email protected]<\/span><\/a>.<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

Genesis Market, one of the largest global suppliers of stolen personal data to the cyber criminal underground, has been taken down and more than 120 arrests made in Operation Cookie Monster, a multinational effort led by the Dutch National Police and the United States\u2019 FBI, which included the UK\u2019s National Crime Agency (NCA) and law […]<\/p>\n","protected":false},"author":1,"featured_media":88693,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-88692","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88692","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=88692"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88692\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/88693"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=88692"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=88692"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=88692"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}