The FBI and European law enforcement agencies have arrested more than 100 people as part of a global crackdown on a cybercrime forum that facilitated large-scale identity theft, officials said Wednesday.
The operation targeted Genesis Market, an invitation-only crime forum that for the last five years, according to the US Justice Department, has offered data stolen from more than 1.5 million computers around the world containing login details for more than 80 million user accounts.
The FBI on Tuesday took one of the main websites used by the cybercrime forum offline, and more than a dozen countries, from the Netherlands to Australia, were involved in raids and other measures against the alleged cybercriminals.
At least some of the arrests occurred in the US, a senior FBI official told reporters Wednesday, declining to give further details because of an ongoing investigation. Victims of Genesis incurred losses that “exceed tens of millions of dollars,” the FBI official said.
In a statement Wednesday, Attorney General Merrick Garland called the cybercrime sting against Genesis “unprecedented” for law enforcement, adding that 45 of 56 FBI field offices across the US were involved in the operation.
The bureau seized the web domains of Genesis Market pursuant to a court order from the US District Court for the Eastern District of Wisconsin, according to the seizure notice viewed by CNN. The FBI dubbed the takedown as “Operation Cookie Monster,” a play on the forum’s sale of web browser information known as “cookies,” per the seizure notice.
Genesis Market has played a key role in giving cybercriminals access to hacked computers for carrying out other forms of fraud such as identity theft and ransomware attacks.
The crime forum, which has advertised login details for personal bank accounts, grew out of research that hackers did on anti-fraud technologies used by hundreds of banks and payment systems, according to cybersecurity researchers.
In February, Genesis Market “started to actively recruit” data sellers to the forum, likely to keep up with growing demand for stolen data from customers, according to US cybersecurity firm Trellix.
Genesis Market also sells “digital fingerprints” – the set of data collected from computers that identifies individual users online. Advertisements on Genesis Market have claimed that as long as someone has access to a hacked computer, the computer’s fingerprints will be kept up to date, according to researchers at cybersecurity firm Sophos.
“In other words, Genesis customers aren’t making a one-time buy of stolen information of unknown vintage; they’re paying for a de facto subscription to the victim’s information, even if that information changes,” Sophos said in an analysis of Genesis Market last year.
The FBI’s seizure is the latest in a series of international law enforcement stings that increasingly involve coordinated arrests and raids on multiple continents. The FBI and Europol, the European Union’s law enforcement agency, in January 2022 seized computer servers after identifying “more than 100 businesses” that were at risk of being hacked by cybercriminals.
The law enforcement operation against Genesis Market comes on the heels of the FBI’s raid of another popular criminal forum, BreachForums, that had touted data stolen in a hack affecting members of Congress and thousands of other people. The FBI arrested a 20-year-old New York man accused of being the founder of BreachForums.
While arrests take some alleged cybercriminals offline, the acute demand for stolen personal data means that other alleged hackers often quickly spring up to take their place.
Data sellers that used Genesis Market could turn to other platforms such as Telegram or Discord, until a successor to Genesis emerges, according to Azim Khodjibaev, senior threat intelligence analyst at Cisco Talos.
Genesis Market “was one of the most, if not the most popular marketplace for stolen network and user information,” Khodjibaev told CNN. “Based on my experience, the void will be filled by those who were not arrested.”
This story has been updated with additional information.