Genesis Market, a Russia-linked marketplace where tens of millions of hacked accounts were sold to bad actors around the world, was seized as part of a larger fight against illicit state-backed cybercrime, senior U.S. government officials confirmed Wednesday.
The effort, dubbed Operation Cookie Monster, is the largest ever operation of its kind, officials said.
The FBI and the Justice Department led the operation with cooperation from an international consortium of law enforcement authorities, which executed hundreds of law enforcement operations Tuesday. The Treasury Department’s Office of Foreign Assets Control on Wednesday also announced sanctions against Genesis Market.
Government officials described Genesis as one of the two largest venues for the purchase and sale of hacked accounts, with a sophisticated, globe-spanning infrastructure that was able to compromise over one million devices. The other, BreachForums, was apparently taken down in an operation in late March.
“Today’s takedown of Genesis Market is a demonstration of the FBI’s commitment to disrupting and dismantling key services used by criminals to facilitate cybercrime,” FBI Director Christopher Wray said in a statement. Those key services are part of an effort to put pressure on state-backed cybercrime and an unnamed adversary, senior government officials said in a briefing Wednesday, an apparent reference to Russia.
CNBC reported on Tuesday that Genesis’ domain names had been taken down and replaced with a seizure notice from the FBI. Four hundred law enforcement operations, including 208 searches, took place in a more than a dozen different countries at the same time the domains were taken down, senior government officials said.
They also said law enforcement operations were conducted in the U.S. but did not specify whether any arrests had been made.
The globe-spanning operations targeted both the operators of the service and its users, government officials said. The illicit behavior resulted in losses estimated in the tens of millions, according to the officials. The market capitalizes on malware-infected computer systems to compile stolen private data, such as mobile device identifiers, email addresses, usernames and passwords to sell to cybercriminals, according to Treasury. Genesis also sold unauthorized access to computer systems.
Records show that Genesis domain names were linked to nameservers in Russia and China, two nations that have been named as loci for state-sponsored hacking. Treasury said it believes Genesis to be located in Russia. Genesis’ user base was spread across dozens of countries, senior government officials said, emphasizing that the international cooperation was crucial.
Earlier this year, the Justice Department took action against crypto exchange Bitzlato, describing it as an alleged haven for criminal activity with overt links to a Russian dark web marketplace. Senior Justice Department and FBI officials described Operation Cookie Monster as a continuation of that work.
Approximately 460,000 packages of stolen private information were listed for sale on the marketplace as of Feb. 1, according to the Treasury.
“Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice,” Attorney General Merrick Garland said in a statement.
“The United States, along with our international partners, will not allow illicit marketplaces to operate with impunity,” Brian E. Nelson, undersecretary of the Treasury for Terrorism and Financial Intelligence, said in a release. “Treasury will continue to work closely with our law enforcement colleagues to disrupt this activity and hold malign cyber actors accountable.”
Chelsey Cox reported from Washington, and Rohan Goswami reported from Englewood Cliffs, N.J.