Law enforcement agencies from around the world, including the UK’s National Crime Agency (NCA), have successfully taken down Genesis Market, a notorious cybercrime website. The site, which operated on the open web and not just the dark web, sold login details, IP addresses, and other data that made up victims’ “digital fingerprints” for as little as $1. This information allowed fraudsters to log into bank, email, and shopping accounts, redirect deliveries, and change passwords without raising suspicion.
During a coordinated series of raids across 17 countries, including the US, UK, Australia, and various European countries, a total of 200 searches were conducted and 120 people were arrested. In the UK, 24 individuals suspected of being users of the Genesis Market, including two men in Grimsby, Lincolnshire, aged 34 and 36, were arrested on suspicion of fraud and computer misuse.
Genesis Market, which was set up in 2017 and had 80 million sets of credentials and digital fingerprints up for sale, was known for its user-friendly English-language interface. It was a one-stop shop for login data, including passwords, browser history, cookies, autofill form data, IP addresses, and locations, enabling online fraud on a massive scale. Criminals could buy information for popular accounts such as Facebook, PayPal, Netflix, Amazon, eBay, Uber, and Airbnb, and were even notified by Genesis if the passwords changed.
One of the notable features of Genesis Market was its purpose-built browser that mimicked the victim’s computer, making it appear as if the account was being accessed from the usual device and location, thus bypassing security alerts. This made it accessible to even those with limited technical expertise, as all that was needed was a search engine to start committing crimes.
Apart from fraud, the data sold on Genesis Market could also be used for ransomware attacks, where hackers block access to data and demand payment for its release. The site also facilitated the sale of information of businesses, leading to fraud, mobile phone number hacking, and ransomware attacks.
The NCA described Genesis Market as “an enormous enabler of fraud” and believed that there were around two million victims worldwide, with tens of thousands of them in the UK alone. Many victims only discovered something was wrong when they noticed fraudulent transactions on their accounts or received notifications of unauthorized logins.
To protect against such cybercrime, internet users are advised to keep their computer and phone operating systems up-to-date, use two-factor authentication (2FA), and create strong passwords involving three random words. Using a password manager is also recommended to enhance security and prevent unauthorized access to personal accounts.
Source: bbc.com