Law enforcement agencies from around the world, including the UK’s National Crime Agency (NCA), have been involved in a global crackdown on Genesis Market, one of the world’s largest criminal marketplaces. The website, which was used by fraudsters to buy login details, IP addresses, and other data that made up victims’ “digital fingerprints,” has been closed down, and 120 people have been arrested as a result of the coordinated raids.
During the operation, the NCA arrested 24 suspected users of the site, including two men in Grimsby who are being held on suspicion of fraud and computer misuse. Law enforcement agencies from 17 countries were involved in the raids, which began at dawn on Tuesday. The operation was led by the FBI in the US and the Dutch National Police, working alongside the NCA in the UK, the Australian Federal Police, and countries across Europe.
Genesis Market had 80 million sets of credentials and digital fingerprints up for sale, and the NCA has called it “an enormous enabler of fraud.” The website operated on the open web, not just the dark web, and was notable for its user-friendly, English-language interface. It was a one-stop shop for login data that enabled online fraud.
Users could buy login information, including passwords, and other pieces of a victim’s “digital fingerprint,” such as their browser history, cookies, autofill form data, IP address, and location. This allowed fraudsters to log in to bank, email, and shopping accounts, redirect deliveries, and even change passwords without raising suspicion.
Login information on sale included passwords for Facebook, PayPal, Netflix, Amazon, eBay, Uber, and Airbnb accounts. Criminals buying the information were even notified by Genesis if the passwords changed.
Genesis provided its customers with a purpose-built browser, which would use the stolen data to mimic the victim’s computer so that it looked as if they were accessing their account using their usual device in their usual location. So the access did not trigger any security alerts.
Depending on how much data was available, a victim’s information would sell for less than $1, or for hundreds of dollars. While Genesis users were mostly accessing it for fraud, the data on sale could also be used for ransomware attacks – where hackers block access to data and demand payment to release it.
The NCA believes there were about two million victims worldwide, with tens of thousands of them in the UK. Many victims would first know something was wrong when they saw fraudulent transactions on their account or if they were lucky, they got a message saying someone had logged in as them.
Businesses also had their information sold on the website, which facilitated fraud, mobile phone number hacking, and ransomware attacks. Will Lyne, head of cyber intelligence at the NCA, said Genesis was “an enormous enabler of fraud” and one of the most significant marketplaces for buying login information.
Internet users who want to avoid fraud are advised to keep their computer and phone operating systems up-to-date, to use two-factor authentication (2FA) and strong passwords such as ones involving three random words. They are also being urged to consider using a password manager.
