JAKARTA - The British National Criminal Agency (NCA) announced that the international law enforcement agency had seized the black market on a dark web popular among cybercriminals in a multinational operation called the Monster Cake Operation on Wednesday, April 5.
Banner, which spread widely on the Genesis Market website on Tuesday night April 4, stated that the organization's domain had been seized by the FBI. The European, Canadian and Australian police organization logos are also emblazoned on the site, along with the logo of cybersecurity firm Qintel.
"We consider that Genesis is one of the most significant access markets anywhere in the world," said Rob Jones, Director General of NCA for Threat Leadership.
NCA estimates the service has around 80 million credentials and digital fingerprints stolen from more than 2 million people.
Deputy Attorney General of the US Department of Justice Lisa Monaco said in a statement that many of the forum users were arrested last Tuesday. A senior FBI official said an arrest had been made in the United States but declined to provide further details. Investigations into Genesis are still ongoing.
The US Treasury Department in a statement announcing sanctions against the market called it "one of the most prominent brokers of stolen credentials and sensitive information."
British authorities said 17 countries were involved in the operation, led by the FBI and the Dutch National Police and resulted in about 120 arrests, more than 200 searches, and nearly 100 "preventions" measures.
Qintel did not immediately respond to a message seeking comment and Reuters could not immediately find details of contacts for the Genesis Market administrator, which the US Treasury said was believed to be operating from Russia.
"Genesis specializes in the sale of digital products, especially the "browser finger" taken from computers infected with malicious software," said Louise Ferrett, an analyst at Britain's cybersecurity firm Searchlight Cyber.
Since these fingerprints often include credentials, cookies, internet protocol addresses, and browser details or other operating systems, they can be used by criminals to avoid anti-fraud solutions such as multi-factor authentication or device fingerprinting, Ferrett said.
This site has been active since 2018.
The NCA says that Genesis operates by selling credentials ranging from 70 cents to hundreds of dollars depending on the stolen data available.
"To start and use this site, you just need to know the site, and maybe get an invitation that, given the user's volume, won't be too difficult," said Will Lyne, NCA's Head of Cyber Intelligence. "Once you become a user, it's very easy to do criminal activities."
The NCA said that the countries involved in the investigation included Australia, Canada, Denmark, Estonia, Finland, France, the United States, Britain, Germany, Iceland, Italy, New Zealand, Poland, Romania, Spain, Sweden, and Switzerland.
"The Genesis market lowered entry barriers for ransomware groups and allowed many cybercriminals to quickly increase their operations and carry out targeted attacks for direct financial gain," said John Fokker, head of threat intelligence for US cybersecurity firm Trellix.
"Without considering the arrest of members of the Genesis Market, simply removing this large cybercriminal market from the web will significantly slow down cybercriminal activity," he added.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
