The Department of Justice today announced a coordinated international operation against Genesis Market, an online criminal marketplace that advertised and sold packages of account access credentials, such as usernames and passwords for email, bank and social media accounts, that were stolen from the computers of infected with malware around. The world.

Working across our 45 FBI field offices and together with our international partners, the Department of Justice has launched an unprecedented takedown of a massive criminal marketplace that enabled cybercriminals to victimize individuals, businesses and governments around the world , said Attorney General Merrick B. Garland. Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal markets: The Department of Justice and our international partners will shut down your illegal activities, find you, and bring you to justice .

Yesterday, the Justice Department and its partners dismantled the Genesis Marketplace and arrested many of its users around the world, Deputy Attorney General Lisa O. Monaco said. Genesis falsely promised a new era of anonymity and impunity, but ultimately provided only a new way for the Department to identify, track down and arrest online criminals. The Department of Justice is shining a light on the darkest corners of the Internet In just the past year, our agents, prosecutors, and partners have dismantled the largest dark web marketplaces Hydra Market, BreachForums, and now Genesis. Each takedown is another blow to the cybercrime ecosystem.

Since its launch in March 2018, Genesis Market has provided access to data stolen from over 1.5 million compromised computers worldwide containing over 80 million account access credentials. Account access credentials advertised for sale on Genesis Market included those associated with the financial sector, critical infrastructure, and federal, state, and local government agencies. Genesis Market was also one of the most prolific initial access brokers (IAB) in the world of cybercrime. IABs attract criminals looking to easily break into a victim’s computer system. Genesis Market offered for sale the type of access required by ransomware actors to attack computer networks in the United States and around the world, and published private sector reports indicate that they have indeed been used by ransomware actors to attack systems Like that.

Genesis Market was user-friendly, offering users the ability to search for stolen access credentials based on location and/or account type (eg, bank, social media, email, etc.). In addition to access credentials, Genesis Market collected and sold device fingerprints, which are unique combinations of device identifiers and browser cookies that bypass anti-fraud detection systems used by many websites. The combination of stolen access credentials, fingerprints, and personalization files allowed buyers to assume the victim’s identity by tricking third-party websites into thinking the Genesis Market user was the actual account owner.

Genesis Market users were located all over the world. Federal law enforcement has been working to identify prolific Genesis Market users who purchased and used stolen access credentials to commit fraud and other cybercrimes. This effort resulted in sending hundreds of pieces of information to FBI offices across the United States, as well as to foreign law enforcement partners. Further, as part of this operation, dubbed Operation Cookie Monster, law enforcement seized 11 domain names used to support Genesis Markets’ infrastructure pursuant to a warrant authorized by the U.S. District Court for the Eastern District of Wisconsin.

The operation announced today is a direct result of the hard work, dedication and extraordinary collaborative efforts of the FBI and its partners around the globe, said US Attorney Gregory J. Haanstad for the Eastern District of Wisconsin. Along with our investigative partners and Justice Department colleagues, my office remains committed to using all available tools to protect individuals from cybercriminals like those who operate these types of online marketplaces.

Today’s takedown of Genesis Market is a demonstration of the FBI’s commitment to disrupting and dismantling key services used by criminals to facilitate cybercrime, said FBI Director Christopher Wray. The work on this case is an excellent example of the FBI’s ability to leverage our technical capabilities and work hand-in-hand with our international partners to take down the tools cybercriminals rely on to victimize people around the world.

The FBI’s Milwaukee office investigated the case, with the assistance of 44 other field offices, the United Kingdom’s National Crime Agency, Italy’s Polizia de Stato, Denmark’s police, the Australian Federal Police, the Royal Canadian Mounted Police, Canadas Sret du Qubec, Romanian Police, Cybercrime French Judicial Police Sub-Directorate, Spain National Police, Spain Guardia Civil, Germany’s Federal Criminal Police Service, Swedish Police Authority, Poland’s Central Bureau for Combating Cybercrime, Dutch National Police, The National Bureau of Investigation of Finland, the Office of the Prosecutor General of Switzerland, the Swiss Federal Police, the Office of the Prosecutor General of Estonia, the Metropolitan Police of Iceland, the New Zealand Police, Eurojust and Europol.

The Department appreciates the assistance provided by the authorities in Bulgaria and Latvia in response to requests for Mutual Legal Assistance.

District Attorneys Benjamin Proctor and Jessica Peck of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Farris Martini for the Eastern District of Wisconsin are handling the investigation. The Department of Justice’s Office of International Affairs provided substantial assistance.

Victims’ credentials obtained during the investigation have been provided to the Have I Been Pwned website, which is a free resource for people to quickly assess whether their access credentials have been compromised (or compromised) due to a data breach or activity. others. Victims can visit HaveIBeenPwned.com to see if their credentials have been compromised by Genesis Market so they know if they need to change or modify passwords and other authentication credentials that may have been compromised.

If you have been active in Genesis Market, in contact with Genesis Market administrators, or have been a victim and need to report, please email the FBI at FBIMW-Genesis@fbi.gov.