120 Arrested as Cybercrime Website Genesis Market Seized by FBI

The Genesis Market cybercrime website appears to have been taken down as part of an international law enforcement operation.

The domains associated with Genesis Market currently display an image informing visitors that the website has been seized by the FBI based on a warrant issued by a Wisconsin court.

The new Genesis Market homepage reveals that the domains were seized as part of an operation named ‘Cookie Monster’, with over a dozen European and North American law enforcement agencies being credited for their role in the takedown. 

Authorities in the US and Europe have yet to issue a statement on the seizure of Genesis Market. 

Security blogger Brian Krebs reported that the law enforcement operation also involved dozens of arrests in the United States and other countries.

However, the message posted by the FBI on seized domains — which instructs those who have been in contact with Genesis administrators to contact the agency — suggests that the site’s operators have yet to be identified or captured. 

The Genesis marketplace has been around since late 2018, offering cybercriminals access to hundreds of thousands of so-called ‘bots’ that could be used to carry out malicious activities and bypass anti-fraud systems. 

These bots, which are actually browser fingerprints obtained by information-stealing malware, provide cybercriminals the credentials needed to access various services and systems while making it seem like the access request is coming from the legitimate user’s machine, thus avoiding triggering any alarms. 

“Genesis marketplace was an invite-only cybercrime institution that held data on account holders from almost all major websites,” said Mark Lamb, CEO of HighGround.io. “The operators offered customers a pre-made package on victims, enabling them to access accounts and execute attacks quickly, with all the information they needed to commit fraud. Unfortunately, very few victims were aware they had been compromised until money was stolen or goods were purchased, as there was nothing malicious for threat detection tools to alert on.”

“This is another coup for the FBI that follows a long string of recent takedowns. It will be interesting to see if the operators of Genesis are caught, because given the scale of the operation they were running, the FBI will not let them off lightly,” Lamb added.

The Genesis Market takedown was announced roughly two months after law enforcement announced shutting down the Hive ransomware operation. 

UPDATE: Europol, the UK’s National Crime Agency (NCA) and others have started releasing information on Operation Cookie Monster. Law enforcement agencies said 120 individuals were arrested and over 200 searches have been caried out across several countries. Dutch police have released an online tool that tells users whether their data was sold on Genesis Market.

Related: Authorities Seize Online Marketplace for Stolen Credentials

Related: US Charges Six in Operation Targeting 48 DDoS-for-Hire Websites

Related: VPNLab Goes Down After Servers Seized in Law Enforcement Operation