Notorious stolen credential warehouse Genesis Market seized by FBI
Operation Cookie Monster crumbles stolen data-as-a-service vendor
A notorious source of stolen credentials, genesis.market, has had its website seized by the FBI.
Security vendor Sophos has identified genesis.market as "an invitation-only marketplace" from which buyers can acquire "stolen credentials, cookies, and digital fingerprints that are gathered from compromised systems."
Sophos described the stolen data souk as an initial access broker (IAB) – a business that compromises systems and services, steals data, and sells it. Genesis.market specialized in lifting "credentials, cookies, and digital fingerprints" and not only sold that data but offered a subscription service to provide up-to-date information on individuals it tracked.
The security firm also found Genesis offered "customer-service features that let bad actors concentrate on doing crimes, not tech" including a "polished interface with good data-correlation capabilities; effective and well-maintained tools for customers, including a robust search function; and mainstream accoutrements such as an FAQ, user support, pricing in dollars (though payment is in Bitcoin), and competent copyediting."
Some of our favorite ecommerce sites could perhaps learn a thing or two.
- Bank rewrote ads for infosec jobs to stop scaring away women
- 3CX thought supply chain attack was a false positive
- British govt tech supplier Capita crippled by 'IT issue'
- Leaked IT contractor files detail Kremlin's stockpile of cyber-weapons
At the time of writing neither the FBI nor its parent agency, the Department of Justice, had published a statement about the seizure.
But visitors to genesis.market were left in no doubt about the site's fate because all content other than the following splash screen has disappeared.
The Register notes that the FBI appears to be entirely happy depicting its infosec operatives as faceless hoodie-wearers. Thanks for that, folks given it's a known disincentive to legit would-be infosec workers.
But we digress – we should really be focusing on the flock of law enforcement logos surrounding the unhelpfully hoodie-wearing chap depicted above, because they indicate that the FBI acted with its peers from around the world. That assistance was probably made necessary by Genesis Market using several domain names. Whacking them all would have required cross-border collaboration with multiple law enforcement agencies from different nations.
All of which leaves the world a little safer thanks to the demise of this outlet.
But there is of course plenty of personal data still in the hands of hoodie-wearing miscreants. Meanwhile, state-sponsored baddies in a variety of outerwear poison software supply chains, steal crypto, plant ransomware and worse. ®