Operation Cookie Monster And Genesis Market

Operation Cookie Monster and Genesis Market

Blog Credit: Trupti Thakur

Image Courtesy: Google

 

The FBI and the Justice Department recently led a massive operation to combat illicit state-backed cybercrime. Dubbed “Operation Cookie Monster,” the effort involved an international consortium of law enforcement authorities and resulted in the seizure of Genesis Market, a Russia-linked marketplace that sold tens of millions of hacked accounts to cybercriminals around the world. The effort also included 400 law enforcement operations and 208 searches across more than a dozen countries.

 

Genesis Market: A sophisticated, globe-spanning infrastructure

Genesis Market was one of the two largest venues for the purchase and sale of hacked accounts. It had a sophisticated, globe-spanning infrastructure that compromised some 1 million devices. The market profited out of malware-infected computer systems by compiling stolen private data, like email addresses, mobile device identifiers, usernames, and passwords. It also sold unauthorized access to computer systems. According to estimates of the Treasury, the cost of the illegal activities of the Genesis Market is around tens of millions of dollars.

The largest operation of its kind

The takedown of Genesis Market is the largest ever operation of its kind. The FBI’s commitment to disrupting and dismantling key services used by cybercriminals to facilitate cybercrime is demonstrated by the success of Operation Cookie Monster. The effort targeted both the operators of the service and its users.

International cooperation is crucial

Records show that Genesis domain names were linked to nameservers in Russia and China, two nations that have been named as loci for state-sponsored hacking. Treasury said it believes Genesis to be located in Russia. Genesis’ user base was spread across dozens of countries, emphasizing the importance of international cooperation in the fight against cybercrime.

Sanctions against Genesis Market

The Treasury Department’s Office of Foreign Assets Control announced sanctions against Genesis Market, along with the takedown of its domain names. The effort is a continuation of the Justice Department’s work against crypto exchange Bitzlato earlier this year. Bitzlato was described as an alleged haven for criminal activity with overt links to a Russian dark web marketplace.

• Operation Cookie Monster, an international police operation, took down a major dark web criminal marketplace.
• The illicit platform sold access credentials that were stolen from compromised computer networks.
• The takedown comes as experts urge private and public organizations to better protect themselves against cybercrimes.

Genesis Market, one the world’s largest illicit online marketplaces, was shut down this month in a police operation that involved over a dozen international law enforcement agencies.

Dubbed “Operation Cookie Monster,” the crackdown resulted in the seizure of hundreds of thousands of stolen identities and online access credentials that were for sale on the platform. The operation, which also led to over 100 arrests worldwide, was headed by the US FBI and the Dutch National Police and served a major blow to global cybercrime efforts, according to officials and experts.

“Through the combined efforts of all the law enforcement authorities involved, we have severely disrupted the criminal cyber ecosystem by removing one of its key enablers,” Edvardas Šileris, the Head of Europol’s European Cybercrime Centre, said in a statement.

Founded in 2018, Genesis Market advertised and sold stolen data such as usernames, passwords, bank account details and device “fingerprints” like computer and mobile phone identifiers. The data was often harvested by malicious software deployed into computer networks by cybercriminals.

The platform had offered over 80 million account access credentials from more than 1.5 million compromised computers worldwide since its inception, according to law enforcement agencies. This includes thousands of credentials stolen from over 460,000 computer devices that were advertised for sale at the time “Operation Cookie Monster” took down the site.

“Behind every cyber criminal or fraudster is the technical infrastructure that provides them with the tools to execute their attacks and the means to benefit financially from their offending,” Rob Jones, the Director General and Threat Leadership of Britain’s National Crime Agency (NCA), added in a statement. “Genesis Market was a prime example of such a service and was one of the most significant platforms on the criminal market.”

 

The Genesis Market website after ‘Operation Cookie Monster’ took down the site. Image: Europol

Aside from facilitating consumer identity theft and fraud, Genesis Market sold access credentials connected to a variety of important sectors such as finance, critical infrastructure and government agencies, authorities said. The platform often sold the data to ransomware actors and other types of cybercriminals that would then infiltrate and exploit computer networks around the world.

In 2021, for example, hackers successfully breached the network of an unnamed US company using stolen data and source code purchased on Genesis Market, according to the US Treasury. The agency also said Genesis Market had been used by cybercriminals to target the US government.

“Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice,” US Attorney General Merrick Garland said in a statement.

 

Blog By: Trupti Thakur