6 Apr 2023

New Zealand police help shut down cybercrime site Genesis Market in international operation

8:41 am on 6 April 2023
Police generic

A 30-year-old man has been arrested in New Zealand and is facing multiple charges of accessing a computer for a dishonest purpose. (file image) Photo: RNZ / Richard Tindiller

New Zealand police have revealed they have been involved in the international operation to dismantle one of the biggest online criminal marketplaces.

Law enforcement agencies around the world have closed down Genesis Market, used by online fraudsters to buy passwords.

The operation was led by the US Federal Bureau of Investigation (FBI) and the Dutch National Police, and coordinated from Europol.

The website offered up the online credentials of victims whose devices had been infected by malware or account takeover attacks.

Information such as cookies, saved logins, and autofill form data could be bought from the site.

At the time of the close down, it had listed for sale the identities of more than 2 million people around the globe.

Detective inspector Stuart Mills said the New Zealand phase of the operation got underway in the early hours of Wednesday morning in central Auckland.

"Investigation staff from Auckland City's Financial Crime Unit and the national Cybercrime Unit, supported by other specialist staff, terminated a search warrant at an address," Mills said.

"A 30-year-old man located at the address has been arrested and a further search carried out."

The man was facing multiple charges of accessing a computer for a dishonest purpose, and additional charges were being considered.

Police would allege the man had purchased stolen credentials from Genesis Market, Mills said. Investigations were continuing to establish how those had been used.

"This was a significant global operation which has seen a large number of law enforcement agencies from around the world take part in dismantling this illicit marketplace," Mills said.

How Genesis Market worked

Law enforcement agencies from 17 countries were involved in the raids, the BBC reported. Globally, 200 searches were carried out and 120 people were arrested.

On Wednesday, anyone logging onto the Genesis website saw a message which read: "Operation Cookie Monster. This website has been seized."

Genesis Market operated on the open web, not just the dark web.

Set up in 2017, it was notable for its user-friendly, English-language interface.

It was a one-stop shop for login data that enabled online fraud. Users could buy login information, including passwords, and other pieces of a victim's "digital fingerprint", such as their browser history, cookies, autofill form data, IP address and location.

This allowed fraudsters to log in to bank, email and shopping accounts, re-direct deliveries and even change passwords without raising suspicion.

Login information on sale included passwords for Facebook, PayPal, Netflix, Amazon, eBay, Uber and Airbnb accounts. Criminals buying the information were even notified by Genesis if the passwords changed.

Genesis provided its customers with a purpose-built browser which would use the stolen data to mimic the victim's computer so it looked as if they were accessing their account using their usual device in their usual location. So the access did not trigger any security alerts.

Depending on how much data was available, a victim's information would sell for less than US$1, or for hundreds of dollars.

While Genesis users were mostly accessing it for fraud, the data on sale could also be used for ransomware attacks - where hackers block access to data and demand payment to release it.

The individual's data that led to the 2021 hack of gaming giant Electronic Arts (EA) sold for just US$10.

- RNZ / BBC