Giant Cybercrime Market Shut Down in International Operation

Genesis Market, one of the world's biggest online platforms for purchase and sale of login details, has been shut down in a global law enforcement crackdown. Notably, Genesis Market was more brazen that most cybercrime operations, operating on the open web, not just the dark web. 80 millions sets of credentials were available for purchase, with login combinations for bank accounts going for as low as US $1.

Data for sale on Genesis Market included passwords, browser history, cookies, and autofill form data for Facebook, PayPal, Netflix, Amazon, eBay, Uber and Airbnb, alongside information pertaining to the individual themselves, such as IP addresses and geolocation data.

120 people suspected of being involved with the site have been arrested in international sting operations over a series of 200 co-ordinated raids dubbed 'Operation Cookie Monster'. The operation was led by the U.S.A.'s FBI, in conjunction with the Dutch National Police, the U.K.'s NCA, and the Australian Federal Police.

One member was identified to reside within New Zealand, with the New Zealand Police carrying out a search warrant on an Auckland address in the early hours of Wednesday morning. "A 30-year-old man located at the address has been arrested and a further search carried out," said Detective Inspector Stuart Mills.

"Cybercrime, particularly cyber-based fraud, continues to be an issue globally for law enforcement and creates a significant deal of harm and distress for its victims," states Mills. The NCA believes there were about two million victims worldwide, and Will Lyne, head of cyber intelligence at the NCA, said Genesis was "an enormous enabler of fraud - one of the largest marketplaces for buying login details."

Robert Jones, Director General of the National Economic Crime Centre at U.K.'s NCA, stated that "for too long, criminals have stolen credentials from innocent members of the public." He followed that "it was a very sophisticated website, very easy to use, with a wiki telling you how to use it, and accessible on the open web and the dark web. So you didn't need to be a sophisticated cyber actor to get into this. You just needed to be able to use a search engine, and then you could start committing crime."

Dutch police have launched a portal on their website, where the public can check whether their data has been compromised. Note that this portal checks against the compromised data itself, so it will work for residents of any country, not just those in the Netherlands.