Operation Cookie Monster: police shut huge cybercrime site

Operation Cookie Monster: police shut huge cybercrime site

Europol said the operation against Genesis Market was 'unprecedented'
Europol said the operation against Genesis Market was 'unprecedented'. Photo: Remko de Waal / ANP/AFP/File
Source: AFP

PAY ATTENTION: Celebrate South African innovators, leaders and trailblazers with us! Click to check out Women of Wonder 2022 by Briefly News!

A global police operation has shut down one of the world's largest online marketplaces where cybercriminals can buy stolen identities and passwords, international law enforcement said on Wednesday.

Genesis Market sold the identities of over two million people for as little as $0.70, allowing hackers to target bank accounts and carry out online fraud, officials in several countries said.

Police arrested 119 people in the huge crackdown, dubbed "Operation Cookie Monster", which was led by the US Federal Bureau of Investigation (FBI) and Dutch police and involved 17 countries.

The website was based in Russia, according to the US Treasury, which said it had imposed sanctions against Genesis Market.

Europol said the "unprecedented law enforcement operation" had taken down "one of the most dangerous marketplaces selling stolen account credentials to hackers worldwide."

Read also

AI bot ChatGPT faces growing scrutiny in Europe

"Genesis Market listed for sale the identities of over two million people when it was shut down," the EU's policing agency said.

PAY ATTENTION: Follow us on Instagram - get the most important news directly in your favourite app!

Action against criminals took place in countries including Australia, Britain, Canada, the United States and more than 10 countries in Europe.

Britain's National Crime Agency said 24 people were arrested in Britain. Another 17 people were arrested in the Netherlands.

'Most dangerous'

People trying to access Genesis Market on Wednesday saw a screen saying, "This website has been seized" and "Operation Cookie Monster", along with a picture of a person in an FBI hoodie in front of a computer.

A cookie is a piece of computer data that makes it easier to reopen web pages.

Europol said the site offered "bots" for sale that had infected victims' devices through malware or other methods.

Read also

Australia bans TikTok on government devices

"Upon purchase of such a bot, criminals would get access to all the data harvested by it such as fingerprints, cookies, saved logins and autofill form data," it said.

The information was collected in real time so buyers would be notified of any change of passwords.

Prices for bots ranged from as little as $0.70 to several hundred dollars in the case of valuable bank account information, Europol said.

Unlike so-called "dark web" services, Genesis was available on the open web "although obscured from law enforcement behind an invitation-only veil", the agency said.

"Its accessibility and cheap prices greatly lowered the barrier of entry for buyers, making it a popular resource among hackers."

'Invitation only'

Dutch police said Genesis not only sold account information, but also copies of people's online "fingerprints", or unique digital information, allowing hackers to take over the victim's life, he said.

"The Genesis criminal trading market... was one of the most dangerous," added Ruben van Well, Dutch police cyber team leader based in Rotterdam.

Read also

Paris votes on whether to ban e-scooters for hire

"For example, it was possible to order and pay for things in web shops in the name of victims or, in certain cases, even to plunder entire bank, crypto or investment accounts," Van Well said.

He gave the example of a 71-year-old man who lost almost 70,000 euros from his investment account, with items ordered from web shops in his name.

"The victim told us he felt like treading water in a massive swimming pool with no idea how to get out," Van Well said.

The site had a worldwide reach, said the EU's judicial agency, Eurojust, which is also based in The Hague.

"Genesis Market customers were located all over the world and actively purchasing stolen packages of victim data until this takedown," it said.

The US Treasury Department in a statement said Genesis is believed to be located in Russia.

"This action was coordinated with the U.S. Department of Justice (DOJ) and international partners from a dozen countries," it said.

PAY ATTENTION: Сheck out news that is picked exactly for YOU ➡️ click on “Recommended for you” and enjoy!

Source: AFP

Authors:
AFP avatar

AFP AFP text, photo, graphic, audio or video material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP news material may not be stored in whole or in part in a computer or otherwise except for personal and non-commercial use. AFP will not be held liable for any delays, inaccuracies, errors or omissions in any AFP news material or in transmission or delivery of all or any part thereof or for any damages whatsoever. As a newswire service, AFP does not obtain releases from subjects, individuals, groups or entities contained in its photographs, videos, graphics or quoted in its texts. Further, no clearance is obtained from the owners of any trademarks or copyrighted materials whose marks and materials are included in AFP material. Therefore you will be solely responsible for obtaining any and all necessary releases from whatever individuals and/or entities necessary for any uses of AFP material.