Dark web marketplace Genesis, which specialised in selling stolen credentials, has been taken offline in an international sting. The bust, which involved officers from the UK’s National Crime Agency, resulted in 120 people being arrested
The operation was led by the FBI and the Dutch National Police Corps, as well as law enforcement teams from the UK and 16 other countries.
Dark web credentials market Genesis taken offline
The Genesis market was the primary source for stolen credentials for criminals seeking to defraud their victims. At its height, the platform hosted approximately 80 million credentials and digital fingerprints, the NCA said.
Officers in the UK arrested 24 people, including two men who were detained in Grimsby, Lincolnshire under suspicion of violating the Computer Misuse Act. Hundreds of UK-based users of the platform were identified as part of the investigation.
Around the world, more than 200 searches were carried out. In the UK, activity is likely to continue in the form of arrests and preventative action, the NCA said, with site users set to be contacted about their illicit activities.
Rob Jones, director general at the NCA, said: “Behind every cybercriminal or fraudster is the technical infrastructure that provides them with the tools to execute their attacks and the means to benefit financially from their offending.
“Genesis Market was a prime example of such a service and was one of the most significant platforms on the criminal market. Its removal will be a huge blow to criminals across the globe.”
Jones added: “Targeting this infrastructure is at the core of the NCA’s efforts to disrupt the highest-harm offenders and protect the public from those seeking to infiltrate their lives, stealing their identities and their money.”
How did Genesis Market operate?
The Genesis Market sold bots containing stolen credentials, some costing as little as $0.70 cents and others trading for hundreds of dollars.
The data was collected from cookies, saved logins and autofill form data. “This information was collected in real-time, meaning the buyers would be notified of any change of passwords,” the NCA said.
Cybercriminals can use this information to access funds from bank accounts and launch social engineering attacks.
While the takedown of Genesis is being hailed by police as a triumph, alternative platforms are available and criminals are used to switching to new ones, explains Roman Faithfull, cyber threat intelligence analyst at Reliaquest. “Viable alternatives to Genesis do exist, including gated sites that require a monetary deposit to use the site,” he says. “It is likely that former users for Genesis will turn to these services to purchase stolen logs and credentials.”
It is also possible that criminals will turn to purchasing or creating their own info-stealing malware to harvest credentials directly, “until a trusted and viable Genesis alternative returns,” Faithfull adds.