An international coalition of law enforcement agencies has taken down one of the most user-friendly digital marketplaces for hacked data — responsible for accessing some 80 million user credentials in the past five years — the Justice Department said this week.
U.S. officials said Genesis offered a menu of online access to information, including ongoing updates of hacked data, as well as information needed for ransomware attacks.
“Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice,” Attorney General Merrick Garland said in a news release Wednesday.
Officials suspect that Genesis operated out of Russia, the Treasury Department said in its own statement, noting that it had a presence on the dark web, a corner of the internet where users can operate anonymously. As of February, Genesis listed about 460,000 packages of stolen information, including passwords to email accounts, video streaming and social media accounts, according to the agency.
The marketplace offered programs that continued to update users’ personal information as it changed on their devices, amounting to a “de facto subscription to the victim’s information,” the cybersecurity firm Sophos wrote in an August analysis.
The Sophos report characterized Genesis’s interface as “slick” and its services as “polished,” with a platform that offered multilingual tech support, easily searchable data and a user dashboard that provided updates on which compromised systems had been changed since their last visit.
Since it launched in March 2018, Genesis Market has offered access to data stolen from more than 1.5 million computers worldwide and containing over 80 million account access credentials, according to the Justice Department.
During a news briefing Wednesday, senior FBI and Justice Department officials said there were 119 arrests around the world, following the investigation that drew in law enforcement agencies from at least 15 countries.
The officials, who spoke on the condition of anonymity under ground rules set by the agencies, said some arrests were made in the United States, but they declined to offer specific numbers. The officials said $8.7 million in cryptocurrency had been made from selling users’ online credentials, and they estimated tens of millions of dollars in overall financial losses.
Genesis was a particularly prolific and user-friendly “initial access broker” whose services were used as a means for online fraud and ransomware attacks, according to the Justice Department.
Ransomware attacks involve hackers locking up critical computer systems and demanding payment to free them up, and in recent years they have become increasingly frequent and damaging. Genesis sold the kind of system access sought by ransomware hackers who attack U.S. computer networks, and that data may have been used in past attacks, the Justice Department said.
Last month, the FBI arrested Conor Brian Fitzpatrick, whom the Justice Department charged with conspiracy to commit fraud and accused of starting BreachForums, another online marketplace where personal information was bought and sold. Hackers on the site claimed to offer sensitive data from a recent breach of the D.C. health service, which included information on members of Congress.
Days after Fitzpatrick’s arrest, a BreachForums administrator shut the forum down.
