The US Federal Bureau of Investigations (FBI) has shared millions of compromised email addresses and passwords, seized from cybercrime facilitation website Genesis Market, with Have I Been Pwned (HIBP) website so that Internet users can check their safety status online.
This follows last week's operation against Genesis Market, the world’s largest cybercrime facilitation website, led by international law enforcement agencies across 17 countries including FBI, Europol, the Australian Federal Police and the Dutch Police.
The criminal website, which was shut down, was used by fraudsters to purchase stolen credentials, fingerprints and browser cookies.
The Dutch police have also opened a portal for users to check if their data has been compromised.
Announcing the takedown, dubbed “Operation Cookie Monster” through a display notice on the site, Interpol said the agencies had carried out 119 arrests and 208 property searches following the online infrastructure seizure.
The FBI said that Genesis Market, since its inception in 2018, has offered access to data stolen from more than 1.5 million compromised computers worldwide containing over 80 million account access credentials.
It quickly became the one-stop shop for account takeovers, catering to cybercriminals by providing access to “bots” or “browser fingerprints” that enabled them to impersonate victims’ devices through malware or account takeovers attacks.
This would get them all access to stolen data in real-time including notifications on any password changes without triggering security warnings. Moreover, the criminals purchasing these bots were also provided with a Wiki explaining how to commit fraud.
Invite only site
Genesis Market was an invite-only site but was discoverable on the dark web and regular web. It had over 1.5 million bot listings totalling over 2 million identities up for sale at the time of its takedown.
As overall financial losses remain undetermined, Interpol estimates that Genesis has made at least US$8.7 million (S$11.6 million) from the sale of stolen credentials and the total losses of the victims are likely to exceed tens of millions of dollars.
According to a research report from cybersecurity firm Trellix, “Genesis Market was one of the first to focus on fingerprints and browser cookies to enable account takeovers despite growing multi-factor-authentication (MFA) adoption.”
It has observed over 450,000 infected machines in the market.
Trellix Advanced Research Center’s head of threat intelligence, John Fokker warned enterprises and organisations to enforce strict password management and MFA for remote employees, ensuring employees leverage VPNs on their work devices to protect from such frauds.
