The FBI and other foreign law enforcement organizations conducted “Operation Cookie Monster,” effectively taking offline a stolen password site.
According to a report, police shut down Genesis Market last Tuesday after discovering stolen user names, passwords, and session tokens.
According to a U.S. Department of Justice news statement, over 80 million account login credentials were stolen from malware-infected machines worldwide and unlawfully posted on the marketplace website.
In March 2018, the Genesis Market was launched, where users could buy and trade information stolen from 1.5 million infected devices. This website promoted data from the financial industry, essential infrastructure, and federal, state, and local government agencies.
The marketplace also has involvement in allowing hackers to overcome two-factor authentication measures by gaining access to users’ cookies and browser fingerprinting.
To prove that a user has logged in after providing valid authentication credentials, websites often utilize “cookies,” which are small files stored on a user’s device. Put Cookies allow websites to remember users and keep them logged-in between visits. They’re handy, but they also represent a safety concern.
Digital identities were the primary illicit commodity sold on Genesis Market. The ‘bots,’ as the market’s founders called the malware and account takeover tools they sold, infected victims’ machines and were offered for sale.
The information gathered by the bot, such as autofill form data, fingerprints, stored logins, cookies, and, would be available to criminals after the bot was purchased. All of this data was gathered in real-time, so if a password were changed, they would be told immediately.
Depending on the quantity and value of the information stolen, the cost per bot might be as little as $0.70 or as high as several hundred dollars. The priciest would have banking details that would provide access to electronic wallets.
According to Europol, 17 different nations collaborated to seize Genesis Market.
In a coordinated multinational operation at Europol’s headquarters, the FBI and the Netherlands National Police made 119 arrests, conducted 208 property searches, and launched 97 knock-and-talk procedures.