On April 4, 2023, the most prominent black market for stolen digital identities, Genesis Market, collapsed due to the three-year-long “Cookie Monster” operation. The investigation involved the FBI, Dutch police, Europol, and 17 countries, resulting in 208 searches worldwide and 119 arrests.
An efficient and accessible tool
Genesis Market offered digital identities for sale at prices ranging from less than a dollar to a few hundred, depending on the quantity and type of information. Some identities included access to victims’ social networks and streaming platforms, while others allowed customers to make fraudulent online purchases or even empty victims’ bank accounts. At its dismantling, the US Department of Justice and Europol’s European Cybercrime Center estimated that Genesis Market compromised 1.5 million computers, 2 million identities, and 80 million access credentials.
The platform generated $4 million in revenue in just two years of operation, according to John Fokker, head of threat intelligence at Trellix Research Center. What made Genesis Market unique was its focus on a specific method of bypassing two-factor authentication, which is becoming increasingly common.
Genesis Market monetized digital traces of identifications, device fingerprints, and browser cookies. When a user connects to a network and passes multi-factor authentication, the system stores specific data locally on their device. Genesis Market gained access to this data, allowing it to usurp an identity on a user’s favorite sites. The platform’s creators went to great lengths to attract new customers, offering access to the Dark Web and classic Web, a neat interface, and even their browser, Genesium.
The market was mainly used for fraudulent purposes but could also have been used for more elaborate cybercriminal projects, such as ransomware attacks targeting corporate credentials. The platform was named one of the most prolific access brokers in the world of cybercrime, with credentials for sale, including those related to the financial industry, critical infrastructure, and federal, state, and local government agencies.
The disappearance of Genesis: a blow in the water or a real setback to cybercrime?
The head of EC3, Edvardas Šileris, praised the international collaboration that led to the success of the “Cookie Monster” operation, which seriously disrupted the cybercriminal ecosystem by removing one of its main catalysts. However, as with similar cases, a successor to Genesis Market may already be in preparation. Despite this, John Fokker believes that the operation is a great victory because it breaks the trust of the ecosystem and discourages other hackers from using similar services.
The operation warns cybercriminals that they will be found and brought to justice, as US Attorney General Merrick B. Garland stated. For potential victims, the Dutch police have set up a tool to check for possible compromises using their email addresses. HaveIBeenPwned.com has also updated its data with information from Genesis Market.