Home / News

FBI Takes Down ‘Genesis Market’ Cybercrime Store: Dozens Arrested Worldwide

Photo: Kristina Blokhin / Adobe Stock

Today’s FBI action against Genesis Market is the latest in a string of coordinated efforts to take down bot shops and other services that enable cybercrime. Earlier this year, the FBI seized Webstresser.org, a DDoS-for-hire service that was thought to be responsible for launching a massive attack against the City of Atlanta in 2018.

U.S. Federal Bureau of Investigation (FBI) seized multiple domain names associated with the cybercrime store Genesis Market. This store had been selling access to passwords and other data stolen from millions of computers infected with malicious software since 2018. FBI action coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data, reports Brian Krebs.

The seizure notice includes the seals of law enforcement entities from several countries, including Australia, Canada, Denmark, Germany, the Netherlands, Spain, Sweden and the United Kingdom. Customers of Genesis Market could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials. They could purchase a bot with a real fingerprint, access to e-mail, social networks, bank accounts, payment systems, and all previous digital life (history) of the bot.

The pricing for Genesis bots ranged quite a bit, but in general bots with large amounts of passwords and authentication cookies—or those with access to specific financial websites such as PayPal and Coinbase—tended to fetch far higher prices. New York based cyber intelligence firm Flashpoint says that in addition to containing a large number of resources, the most expensive bots overwhelmingly seem to have access to accounts that are easy to monetize.

One feature of Genesis that sets it apart from other bot shops is that customers can retain access to infected systems in real-time, so that if the rightful owner of an infected system creates a new account online, those new credentials will get stolen and displayed in the web-based panel of the Genesis customer who purchased that bot.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix