The Federal Bureau of Investigation and numerous international authorities have seized the websites belonging to Genesis Market, an infamous source of stolen account data for hackers worldwide, alongside numerous arrests worldwide.
The law enforcement action, dubbed “Operation Cookie Monster,” occurred on Tuesday and Europol confirmed today that the combined efforts in 17 countries led to 119 arrests and 208 property searches.
Launched in 2018, Genesis Market became a one-stop-shop for stolen passwords, hijacking cookies, and “digital fingerprints” of users that would enable hackers to impersonate them on retail websites, banks and more.
To do this the marketplace used malware that would compromise users’ computers to collect login information, along with personalized “fingerprint” data about them, which would allow the market to sell bots that would allow a hacker to impersonate them. These bots could then stream this data in real time from the victim’s computer to allow the hacker to pretend to be the user on a given website and hijack sessions.
With the assistance of a bot, the hacker is getting access to all the authentication information stored in a user’s browser. That means they can immediately bypass all the safeguards that most websites use, such as passwords and in some cases two-factor authentication.
The prices of Genesis bots ranged enormously depending on the type of passwords and data they contained. However, the more passwords or sensitive data it had access to, the higher-priced the bot. For example, a bot that might give a hacker the opportunity to take over a PayPal, Coinbase or bank account could command hundreds of dollars.
“The price per bot would range from as little as USD 0.70 up to several hundreds of dollars depending on the amount and nature of the stolen data,” Europol noted in its announcement. “The most expensive would contain financial information which would allow access to online banking accounts.”
Criminals with these bots could then use that access to do anything they wanted on the websites they wanted. They could steal directly from victims by moving money out of their accounts, using their credit cards to make purchases on retail websites, reading their email and more.
According to authorities, over the past five years, Genesis Market had become one of the most prominent facilitators of stolen credentials with more than 1.5 million bot listings and more than 2 million identities at the time of its takedown.