At one time “Genesis” might have called to mind a progressive rock band or a video game console, but more recently the name has been associated with one of the biggest dark web markets for trading in stolen identity information. It’s now offline thanks to an international law enforcement operation that involved hundreds of raids across numerous countries.
The dark web market had been operating since 2018 and had become a favorite stop for those looking for stolen login credentials and personal information. Law enforcement agencies have seized its web site, though the operators appear to be based in Russia and will likely pop up again at some point.
Law enforcement conducts raids, arrests hundreds of Genesis users
The victory is another in a recent string for joint international law enforcement efforts, following the 2022 breakup of Hydra Market and several of the biggest ransomware outfits. But though these efforts are appreciated by victims, the good guys are usually playing catch-up as the core baddies hide in Russia and evade prosecution.
The law enforcement raids, some 200 in total around the world, saw users of the dark web market swept up and a message sent that these services are not anonymous or safe for buyers. They are persistent, however, and as long as key figures remain free they will likely re-establish themselves in the coming months.
In the meantime, a dark web market that is thought to have sold around 80 million credentials in its multi-year run is out of business. Far from just being a gathering place, Genesis fed its operation by directly distributing malware to collect fresh victim data to sell to its patrons. Buyers could pay to “subscribe” to the files of individuals, getting notifications when new information was added or the victim changed their passwords.
As operators hide out in Russia, dark web market focus shifts to buyers
“Operation Cookie Monster” was spearheaded by the Federal Bureau of Investigation (FBI), which had assistance from the majority of its field offices. Law enforcement partners in 17 countries tracked down Genesis buyers, with these relatively smaller fish becoming an increasing priority in such operations as the main movers and shakers keep themselves beyond the reach of extradition.
The Genesis operators will likely move to something like Telegram to continue peddling some of their wares, but the full infrastructure will take months to replicate. This at least buys some time for victims to change passwords and secure personal information. Victim information from Genesis has been uploaded to the Have I Been Pwned website, allowing anyone to check and see if their stolen information was up for offer on the dark web market.
While law enforcement is seemingly becoming quicker to respond to and take down major criminal players, it is important to recognize that these campaigns are not a substitute for good security hygiene and organizational best practices such as multi-factor authentication options and endpoint detection methods.