FBI shuts down notorious cybercrime forum Genesis Market

5 Apr 2023

Image: © monticellllo/Stock.adobe.com

The forum was used by hackers to trade sensitive information and its closure will likely be a significant blow for cybercriminals worldwide.

Genesis Market, a significant platform for cybercriminals, has been seized in an FBI-led operation involving various international security partners.

The site now shows a notification titled Operation Cookie Monster, which states the forum’s domains have been seized thanks to a warrant issued by a US district court.

The statement said the seizures were supported by “international law enforcement and private sector coordination”, including Europol and various security organisations.

A seizure notice with the back of a person wearing a hoodie that has the FBI logo on it. The image contains details about a website seizure and has the logos of various security organisations.

The notice that appears on the Genesis Market website. Image: SiliconRepublic.com

Genesis Market had become notorious as a cybercrime forum, where the sensitive data of victims was sold to help hackers gain further access into individual or corporate networks.

The sold data reportedly included login credentials, cookies, known website vulnerabilities, fingerprints and other sensitive information.

The closure will likely be a significant blow to cybercriminals worldwide due to the popularity of the site. A 2020 report into stolen data on hacker forums claimed Genesis Market was the most popular site.

Mark Lamb, the CEO of cybersecurity company High Ground, said Genesis Market held data on “account holders from almost all major websites”.

“The operators offered customers a pre-made package on victims, enabling them to access accounts and execute attacks quickly, with all the information they needed to commit fraud,” Lamb said.

“Unfortunately, very few victims were aware they had been compromised until money was stolen or goods were purchased, as there was nothing malicious for threat detection tools to alert on.”

The site seizure notice asks anyone who has been on the site or who has information on the administrators to email the FBI.

KrebsOnSecurity reports that the domain seizure coincided with dozens of arrests targeting those who allegedly operated the service, but the FBI has not confirmed these details.

Law enforcement strikes back

International organisations appear to be in a counterattack mode in recent months, targeting criminal websites and gangs in a bid to disrupt their operations.

Last month, US and German authorities took down ChipMixer, a darknet crypto service that is believed to have laundered more than $3bn through illicit transactions since 2017.

In the same month, a Europol-assisted operation saw multiple arrests of individuals that are alleged to be “core members” of the DopplePaymer group. This criminal gang carried out various large-scale ransomware attacks since 2019.

Europol said that in the US alone, more than €40m was paid to this gang by its victims between May 2019 and March 2021.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com