In a historic operation, law enforcement agencies from 18 countries, including the US Federal Bureau of Investigation (FBI) and the Dutch National Police (Politie), shut down Genesis Market, one of the largest online marketplaces where cybercriminals sold stolen identities, The Guardian reports.
The operation has been touted as unprecedented in its scale and success.
80 Million Stolen Identities Discovered
Europol announced in a post that the notorious online marketplace sold over 1.5 million bot listings containing personal credentials for two million people, with a total of 80 million credentials for sale.
With these credentials, cybercriminals could gain access to information from accounts such as online banking, Facebook, Amazon, PayPal, and Netflix, among others.
The marketplace sold digital fingerprints of victims' devices in addition to personal credentials, allowing cybercriminals to bypass online security checks by impersonating the victim.
What is the Genesis Market? Why is it dangerous?
The impact of the criminal activity facilitated by Genesis Market was far-reaching, with businesses' information being sold on the platform as well.
The marketplace enabled criminal activities such as fraud, ransomware attacks, sim-swapping, and the theft of source code from companies.
Buyers of bots were given not only access to stolen data but also custom browsers that mimicked the browsers of their victims. This allowed the criminals to gain access to the victim's account while bypassing the platform's security measures.
How Users Access the Illegal Site
Genesis Market was accessible on both the open and dark web, but it was hidden from law enforcement behind an invitation-only veil.
According to reports, users were given step-by-step instructions on purchasing stolen information and using it for fraud. Depending on the type of information available, prices ranged from as little as 70 US cents (56p) to several hundreds of dollars.
Successful Sting Operation
The operation, which resulted in over 120 arrests and over 200 searches worldwide, was led by the UK's National Crime Agency (NCA), which conducted a series of raids on Tuesday, April 4. In the United Kingdom, 19 suspected site users were apprehended.
Reuters reports that countries involved in the investigation included Australia, Canada, Denmark, Estonia, Finland, France, the United States, the UK, Germany, Iceland, Italy, New Zealand, Poland, Romania, Spain, Sweden, and Switzerland.
Will Lyne, the head of cyberintelligence for the UK's National Crime Agency, commented that Genesis Market was "an enormous enabler of fraud and a range of other criminal activity online by facilitating that initial access to victims, which is a critical part of the business model in a whole range of nefarious activity."
Rob Jones, the director-general of the National Economic Crime Centre, highlighted the ease with which anyone could access the marketplace to commit a crime.
Know If You've Been A Victim
Global law enforcement agencies have shown their ability to collaborate to combat the international nature of cybercrime. Investigators have already set up spoof distributed denial-of-service sites to harvest criminal information, and they may use similar tactics with fraud sites.
The shutdown of Genesis Market sends a clear message to cybercriminals that their actions will not go unpunished.
Visit https://www.politie.nl/checkyourhack to see if you were a victim.