Genesis Market, a Darknet marketplace for stolen information, was reportedly seized by the FBI on Tuesday, April 4, 2023. The operation was likely preceded by the detainment of the market’s significant actors. The overall operation is called “Cookie Monster”.
What is Genesis Market?
Genesis is a Darknet marketplace that has been active since 2018. Aside from data leaked from infected systems, visitors could also consider having direct access to these systems – for a separate pay. The bot (i.e. the machine infected with malware) was provided with the whole amount of data needed to use it to impersonate the real machine owner. Among this information are cookies, session tokens and login credentials. Additionally, the buyers could fit someone’s personality to their own browser.
Actually, Genesis was not just a market, but a malware-as-a-service program. Hackers were offering credentials gathered by their own malware, and application software for victim impersonation. The latter were allowed to completely replicate the victims’ systems. This program (exactly, browser plugin) was spoofing the information about the system, up to user agent information. All of this is needed to circumvent even the most sophisticated security measures present on online services. It was obvious that such a tremendously developed system will attract the attention of law enforcement at some point.
Operation Cookie Monster Shuts Down the Genesis Market
On April 4, 2023, several sources simultaneously notified about the seizure of Genesis. It was pretty spontaneous, as the main Onion website of the marketplace remained working. However, a row of its auxiliary services went down, displaying the typical FBI placeholder instead of a page. As far as these banners say, the sites were shut down to the warrant of the U.S. District Court for the Eastern District of Wisconsin.
Most probably, we observe the repeating of a BreachForums story. In brief, the largest hacking forum was seized by the FBI after the arrest of one of its administrators in late March 2023. Arrest and seizure did not happen simultaneously: another admin uncovered the compromising of network infrastructure only 3 days after the arrest. Main site of Genesis is still running, at least in the Darknet. The surface web instance is already down, showing the aforementioned banner. However, it is only a matter of time whether hackers will make a decision to go offline.
The overall situation in the underground network is now pretty interesting. The biggest forum and a pretty big marketplace are seized. Massive arrests of cybercriminals and related persons is backed with accusing Binance – one of the biggest crypto exchanges – with money laundering. Is it a domino effect? Or the only thing that unites all these events is the timeline? This jigsaw is about to be accomplished in recent weeks, if not days.