Australian police join worldwide raid that brings down ‘dark web’ marketplace
International law enforcement agencies have seized a sprawling dark web marketplace popular with cybercriminals, Britain’s National Crime Agency says, in a multinational crackdown dubbed Operation Cookie Monster.
A TV screen displays Hive ransomware's website on the so-called dark-web after its seizure by the FBI, during a press conference at the Justice Department in Washington, DC, USA, 26 January. EPA/JIM LO SCALZO
A banner plastered across Genesis Market’s site late on Tuesday said domains belonging to the organisation had been seized by the FBI.
Logos of other European, Canadian and Australian police organisations were also emblazoned across the site, along with that of cybersecurity firm Qintel.
“We assess that the Genesis is one of the most significant access marketplaces anywhere in the world,” the NCA’s Director General of Threat Leadership Rob Jones said.
The NCA estimated the service hosted about 80 million credentials and digital fingerprints stolen from more than two million people.
It said Australia was one of 17 countries involved in the operation, which was led by the FBI and Dutch National Police and had resulted in about 120 arrests, more than 200 searches and almost 100 pieces of “preventative activity”.
Qintel did not immediately return messages seeking comment and Reuters could not immediately locate contact details for Genesis Market’s administrators.
The FBI seemed eager for information about them as well, saying in its seizure notice that anyone who had been in touch with them should “Email us, we’re interested”.
Genesis specialised in the sale of digital products, especially “browser fingerprints” harvested from computers infected with malicious software, said Louise Ferrett, an analyst at British cybersecurity firm Searchlight Cyber.
Because those fingerprints often include credentials, cookies, internet protocol addresses and other browser or operating system details, they can be used by criminals to bypass anti-fraud solutions such as multi-factor authentication or device fingerprinting, she said.
The site had been active since 2018.
The NCA said Genesis had operated by selling credentials from as little as $US0.7 ($A1) to hundreds of dollars depending on the stolen data available.
“To get up and running on this you just have to know of the site, potentially be able to get yourself an invite which given the volume of users probably wouldn’t be particularly difficult,” NCA Head of Cyber Intelligence Will Lyne said.
“Once you become a user, it’s really easy to then … Perpetrate criminal activity.”
The NCA said countries involved in the investigation also included Australia, Canada, Denmark, Estonia, Finland, France, Germany, Iceland, Italy, New Zealand, Poland, Romania, Spain, Sweden, and Switzerland.
