Users visiting Genesis Market's website today are greeted with a takedown image stating "This website has been seized".
Genesis Market played a central role in giving cybercriminals access to hacked computers, enabling identity theft and facilitating ransomware attacks. The marketplace sold access to a wide range of sites from across the world. Sites like Netflix, Amazon, PayPal, Ebay and many more.
The takedown operation was named: Operation COOKIE MONSTER, which is possibly a play on the fact that stolen victim browser cookies are sold on the marketplace. Customers of the market would buy a bot which would load all of the victim's authentication cookies into the attacker's browser. This would enable the attacker to gain unbridled access to the victim's accounts without requiring a password and often without two-factor authentication.
Genesis Market sold access to a wide range of sites from across the world. Sites like Netflix, Amazon, PayPal, eBay and many more.
The FBI’s Milwaukee Field Office led the investigation, which involved 44 other FBI offices, global law enforcement organisations such as Europol and the UK's National Crime Agency, and private sector support. The FBI was able to acquire a forensic image of the server hosting the Genesis backend. This server contained Genesis' customer usernames, passwords, email accounts, Jabber accounts, search histories, purchase histories, and even BTC addresses, according to official documents.
It appears that the FBI hasn't been able to identify the administrators of the site as their takedown notice asks:
"In contact with Genesis Market administrators? Email us, we're interested: FBIMW-Genesis@fbi.gov".
The FBI hasn't yet responded to TEARLINE's request for comment. The NCA has provided an official statement on their part in the operation. This statement also includes a link to a site where individuals can input their email addresses to check if they may have been affected by Genesis Market.
Update 7th Feb 2023: Added information from the US District Court and a statement from the NCA.