Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Hackers Marketplace. Show all posts

Hacker Marketplace Remains Operational Despite Police 'Takedown' Claim

 

A hacker marketplace notorious for stealing accounts from popular services such as Netflix and Amazon is still operational despite claims by authorities that it had been shut down. Last month, an international police operation declared that Genesis Market had been seized and removed from the regular internet. However, an identical version of the marketplace is still accessible on the darknet. 

Recently, a post on the unaffected darknet version of Genesis Market stated that it was fully functional. Genesis Market, characterized by law enforcement as a dangerous website, specializes in selling login credentials, IP addresses, and browsing cookie data that comprise victims' "digital fingerprints." Prior to the police operation, the service was regarded as one of the largest facilitators of criminal activities, with over two million stolen online identities available for sale. 

Dubbed Operation Cookie Monster, the initiative was led by the FBI and Dutch police and was publicly announced on April 5th. Multiple agencies worldwide celebrated the takedown of the website, revealing that 119 individuals had been apprehended and claiming that the criminal service had been dismantled. However, cybersecurity company Netacea has been closely monitoring the darknet version of Genesis Market and reports that the website experienced only a brief disruption of approximately two weeks.

"Taking down cyber-crime operations is a lot like dealing with weeds. If you leave any roots, they will resurface," says Cyril Noel-Tagoe, Netacea's principal security researcher.

"The roots of Genesis Market's operation, namely the administrators, darknet website and malicious software infrastructure, have survived," he said.

Since then, criminal administrators have updated the marketplace, stating that they have launched a new version of their specialist hacking browser, resumed data collection from hacked devices, and added over 2,000 new victim devices to the market. Trellix experts, who assisted authorities in disrupting some of the hacking tools provided on Genesis Market, concurred that the website's founders were still at large.

"It is true that the Genesis administrators quickly responded on Exploit [hacker] forums stating that they would be back online shortly with improvements," said John Fokker, head of threat intelligence at Trellix, adding that the darknet site was still accessible. 

An FBI spokesperson has told the BBC that efforts are being made to "ensure that users who use services like Genesis Marketplace face justice."

According to the UK's National Crime Agency, the operation struck a "huge blow" to cyber criminals. "Although a dark web version of the site remains active, the volume of stolen data and users has been significantly reduced. I have no doubt that the operation damaged criminal trust in Genesis Market," Paul Foster, deputy director of the NCA's National Cyber Crime Unit, told the BBC.

In addition to lowering the marketplace's exposure by removing it from the mainstream internet, authorities and many experts agree that the high number of arrests of users will have a chilling effect on hackers considering utilizing the site.

However, it is unclear how many of those arrested will face charges. According to the NCA, just one of the 30 people apprehended in the UK has been charged with any crime.

Research from Trellix and Netacea hacker forums indicates apprehension about the market following the operation, although it is unclear whether cyber-criminals have been deterred in the short term or permanently. User comments are still appearing on the marketplace's news page, but in limited numbers.

Taking down illicit websites hosted on the darknet is widely challenging since their servers are either difficult to locate or are located in places that do not respond to Western law enforcement requests, such as Russia.

Genesis Market has been sanctioned by the US Treasury, which believes it is run from Russia. It is unknown for certain, however, the website provides Russian and English translations. Over the previous year, police have been successful in completely eradicating some darknet markets, such as the drug websites Monopoly and Hydra. Website in Russian Hydra was the world's highest-grossing dark web market, supposed to be based in Russia but actually housed in Germany, allowing German law authorities to shut it down.