An illicit online marketplace where users sold stolen passwords, bank account information and other sensitive data was shut down by US, UK, Dutch and other law enforcement agencies.
Authorities on Tuesday seized the site, known as Genesis Market, as part of an effort dubbed “Operation Cookie Monster.” The site began in 2018 and has offered access to data stolen from more than 1.5 million compromised computers, amounting to more than 80 million credentials that could be used to access accounts, according to the Department of Justice. Law enforcement arrested 119 people in connection with the site, according to the European police agency Europol.
The operation targeted the site’s administrators as well as customers located around the world, a senior US Justice Department official said Wednesday. The official also said the overall financial losses to victims likely ran into tens of millions of dollars, with cybercriminals making $8.7 million in cryptocurrency from the sale of stolen credentials.
The Treasury Department also imposed sanctions on the market, believed to be based in Russia. It described Genesis Market as one of the world’s largest illicit marketplaces.
Attorney General Merrick Garland said Wednesday that law enforcement had “launched an unprecedented takedown of a major criminal marketplace that enabled cybercriminals to victimize individuals, businesses and governments around the world.”
At the start of February, there were approximately 460,000 listings on Genesis Market, according to the Treasury statement. Stolen credentials purchased from the site enabled hackers to breach a US company in June 2021, according to the Treasury Department.
The action is the latest international effort to disrupt cybercrime and apprehend alleged hackers. In January, an international sting by US and German authorities shut down the Hive ransomware group. Last month, the FBI arrested a New York man that prosecutors say ran the notorious dark web site BreachForums, which allegedly hosted databases stolen from some 1,000 companies and websites, including personal information, such as names, emails and passwords.
