Contrary to the authorities’ assertion of a takedown, the hacker marketplace known as Genesis Market, utilized for stealing accounts from platforms like Netflix and Amazon, remains operational. Despite an international police operation announcing the seizure and removal of Genesis Market from the mainstream internet last month, it is still active.
The darknet-hosted version of the market, identical to the one claimed to be taken down, continues to be accessible online. A recent post on the unaffected version of the market confirmed its full functionality on Monday.
Law enforcement officials have classified Genesis Market as a “dangerous” website specializing in the sale of login credentials, IP addresses, and browsing cookie data, which collectively form the “digital fingerprints” of victims.
During the police operation, the service was recognized as a major facilitator of criminal activities, providing a marketplace for the sale of more than two million stolen online identities.
On April 5th, Operation Cookie Monster was unveiled, spearheaded by the FBI and Dutch police.
Numerous law enforcement agencies worldwide heralded the “takedown” of the website, with reports of 119 arrests and characterizing the dismantling of the criminal service.
According to cyber-security company Netacea, who have been monitoring the darknet version of the market, the website experienced only a brief disruption of approximately two weeks.
Cyril Noel-Tagoe, Principal Security Researcher at Netacea, compares taking down cyber-crime operations to dealing with weeds, emphasizing that if any roots are left, they will resurface.
Although Noel-Tagoe commends the police for seizing the market on the mainstream internet, he perceives the operation as a disruption rather than a complete takedown.
“The core elements of Genesis Market’s operation, including the administrators, darknet website, and malicious software infrastructure, have endured,” he stated.
The criminal administrators have recently shared an update on the marketplace, indicating that they have launched a new version of their specialized hacking browser, resumed gathering data from compromised devices, and incorporated over 2,000 new victim devices into the market.
According to cybersecurity firm Trellix, which assisted in the disruption of certain hacking tools sold on Genesis Market, the website’s leaders remain unidentified.
John Fokker, Head of Threat Intelligence at Trellix, confirmed that the Genesis administrators promptly responded on Exploit forums, indicating their intention to return online with enhancements. He further stated that the darknet site remains accessible.
During the “takedown,” the police did not provide any remarks regarding the darknet site’s continued presence.
However, an FBI spokesperson has now informed the BBC that efforts are ongoing to ensure that individuals utilizing services like Genesis Marketplace are held accountable.
The UK’s National Crime Agency maintains that the operation has inflicted significant damage to cybercriminals.
“The continued existence of a dark web version of the site notwithstanding, there has been a substantial decrease in stolen data and user activity. The operation undoubtedly eroded criminal confidence in Genesis Market,” stated Paul Foster, Deputy Director of the NCA’s National Cyber Crime Unit, in an interview with the BBC.
In addition to removing the marketplace from the mainstream internet, the significant number of user arrests is believed by both law enforcement and experts to have a deterrent effect on potential hackers contemplating the use of the platform.
Source : bbc.com