In a worldwide law enforcement crackdown, one of the largest criminal markets where internet fraudsters could purchase passwords was shut down.
Login information, IP addresses, and other information that served as the victims’ “digital fingerprints” were sold by Genesis Market.
The personal data, which was frequently less than $1, allowed scammers to access bank and shopping accounts.
The coordinated raids included participation from law enforcement agencies from all over the globe, including the UK.
The National Crime Agency (NCA) of the UK detained 24 suspect site users during a succession of raids. They include two 34 and 36-year-old males from Grimsby, Lincolnshire, who are being detained on fraud and computer abuse suspicions.
The raids, which got under way at dawn on Tuesday, featured law enforcement agencies from 17 different nations. Together with the NCA in the UK, the Australian Federal Police, and nations throughout Europe, the FBI in the US and the Dutch National Police oversaw the investigation.
120 individuals were detained, and 200 searches were conducted globally.
Anyone visiting the Genesis website on Wednesday would have seen a notice that said, “Operation Cookie Monster. This webpage has been taken down.
Related: Ticketmaster Hearing: Ticketmaster Executive Blames Cyberattack On Taylor Swift Selling Mayhem
The NCA referred to Genesis Market as “an enormous enabler of fraud” because it was offering for sale 80 million pairs of credentials and digital fingerprints.
Director general of the National Economic Crime Centre at the NCA Robert Jones stated, “Criminals have taken credentials from innocent members of the public for far too long.
He continued, “We want criminals to be afraid now that we know who they are, and they should be.”
The public can now verify whether their data has been compromised on a portal that the Dutch police have launched on their website.
In addition to the hidden web, Genesis Market also used the public internet.
It was established in 2017 and distinguished by its user-friendly English-language UI.
Online fraud was made possible by having a single source for registration information. Users could purchase login information, such as passwords, as well as other components of a victim’s “digital fingerprint,” such as their IP address, position, IP history, cookies, and autofill form data.
Due to this, fraudsters were able to access their bank, email, and shopping accounts, redirect deliveries, and even alter their passwords without drawing attention to themselves.
Passwords for accounts with Facebook, PayPal, Netflix, Amazon, eBay, Uber, and Airbnb were among the login details for sale. Even if the passwords changed, Genesis informed the criminals buying the information.
In order to make it appear as though the victim was logging into their account using their usual device in their usual location, Genesis offered its clients a specially designed browser that would use the stolen data to imitate the victim’s computer. As a result, no security warnings were triggered by the access.
It was a very sophisticated website that was also very user-friendly, available on both the open web and the dark web, and had a wiki that provided instructions on how to use it.
So you weren’t required to be a skilled computer actor to get involved. To start committing crimes, all you required was the ability to use a search engine.
Information about a victim could be sold for as little as $1 or as much as hundreds of dollars, depending on the amount of data that was accessible.
The data for sale could be used for ransomware attacks, in which hackers obstruct access to data and demand payment to release it, even though Genesis users were primarily using it for deception.
Data from the person who was involved in the 2021 breach of video game juggernaut Electronic Arts (EA) was sold for just $10.
Additionally, businesses had their information sold on the website, which made it easier to commit fraud, hack into mobile phone numbers, and launch ransomware assaults.
Genesis is “a huge enabler of fraud,” according to Will Lyne, director of cyber intelligence at the NCA, and one of the most important marketplaces for purchasing login information.
According to the NCA, there were tens of thousands of victims in the UK out of an estimated two million victims globally.
Many victims would discover there was a problem for the first time when they noticed fraudulent transactions on their account, or if they were fortunate, they received notification that someone had logged in under their identity.
It’s estimated that thousands of offenders used Genesis, with several hundred of them residing in the UK.
Before they made their purchase, they could look up prospective victims by country and see what information was available.
Internet users are advised to use two-factor authentication (2FA), powerful passwords like ones featuring three random words, and to keep their phone and computer operating systems up-to-date in order to prevent fraud.
Additionally, it is advised that they think about using a password organizer.
Download The Radiant App To Start Watching!
Web: Watch Now
LGTV™: Download
ROKU™: Download
XBox™: Download
Samsung TV™: Download
Amazon Fire TV™: Download
Android TV™: Download