View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
April 5, 2023updated 06 Apr 2023 9:53am

Dark web marketplace Genesis taken offline in global sting

Law enforcement agencies worked together to take down the market, but a successor is likely to spring up soon.

By Claudia Glover

Dark web marketplace Genesis, which specialised in selling stolen credentials, has been taken offline in an international sting. The bust, which involved officers from the UK’s National Crime Agency, resulted in 120 people being arrested

NCA arrests 24 UK cybercriminals in relation to the takedown of dark web market Genesis. (Photo by William Barton/Shutterstock)

The operation was led by the FBI and the Dutch National Police Corps, as well as law enforcement teams from the UK and 16 other countries.

Dark web credentials market Genesis taken offline

The Genesis market was the primary source for stolen credentials for criminals seeking to defraud their victims. At its height, the platform hosted approximately 80 million credentials and digital fingerprints, the NCA said

Officers in the UK arrested 24 people, including two men who were detained in Grimsby, Lincolnshire under suspicion of violating the Computer Misuse Act. Hundreds of UK-based users of the platform were identified as part of the investigation.

Around the world, more than 200 searches were carried out. In the UK, activity is likely to continue in the form of arrests and preventative action, the NCA said, with site users set to be contacted about their illicit activities.

Rob Jones, director general at the NCA, said: “Behind every cybercriminal or fraudster is the technical infrastructure that provides them with the tools to execute their attacks and the means to benefit financially from their offending.

“Genesis Market was a prime example of such a service and was one of the most significant platforms on the criminal market. Its removal will be a huge blow to criminals across the globe.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Jones added: “Targeting this infrastructure is at the core of the NCA’s efforts to disrupt the highest-harm offenders and protect the public from those seeking to infiltrate their lives, stealing their identities and their money.”

How did Genesis Market operate?

The Genesis Market sold bots containing stolen credentials, some costing as little as $0.70 cents and others trading for hundreds of dollars.

The data was collected from cookies, saved logins and autofill form data. “This information was collected in real-time, meaning the buyers would be notified of any change of passwords,” the NCA said.

Cybercriminals can use this information to access funds from bank accounts and launch social engineering attacks.

While the takedown of Genesis is being hailed by police as a triumph, alternative platforms are available and criminals are used to switching to new ones, explains Roman Faithfull, cyber threat intelligence analyst at Reliaquest. “Viable alternatives to Genesis do exist, including gated sites that require a monetary deposit to use the site,” he says. “It is likely that former users for Genesis will turn to these services to purchase stolen logs and credentials.”

It is also possible that criminals will turn to purchasing or creating their own info-stealing malware to harvest credentials directly, “until a trusted and viable Genesis alternative returns,” Faithfull adds.

Read more: Hydra market shuts down, but what will take its place?

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.