An international police operation called “Operation Cookie Monster” has taken down a notorious dark web marketplace, Genesis Market. Involving dozens of law enforcement agencies from around the world, the shutdown also resulted in the arrest of hundreds of users worldwide.
What was Genesis Market?
Genesis Market was founded in 2018 and sold a slew of stolen data, such as the usual usernames, passwords, and bank account numbers. Its main appeal, however, was its offering of device fingerprints. Typically harvested from computers through malicious software, fingerprints can be more insidious than stolen credentials because they can help bad actors bypass things like multi-factor authentication and other fraud-prevention software. Fingerprints can include browser’s cookies, internet protocol addresses, and other device details. With this information, hackers can effectively use a victim’s logged-in broswer session to convince their own browser that they’re the user in question. Then they can do whatever they want.
According to the World Economic Forum, Genesis was offering thousands of credentials stolen from over 460,000 computers worldwide at the time of its shutdown. This included not just private consumers but credentials for government agencies and critical infrastructure. Since its inception, it had offered over 80 million account access credentials from over 1.5 million compromised devices. Prices ranged from 70 cents to $100, depending on the kind of data available.
The shutdown
The investigation comprised 44 field offices across 17 countries, led by the FBI in the US and Dutch National Police. Simultaneous actions were carried out worldwide on April 4, according to Europol, such as 119 arrests, 208 property searches, and 97 knock-and-talk measures. This all culminated in the shutdown of the dark web site.
How to check if you’re affected
There are a few ways to check if your credentials or fingerprints have been impacted. One way is searching for your email address in the Dutch police database. It will email you within five minutes to tell you if your email has been compromised.
Investigators have also teamed up with Have I Been Pwned, a site that you can sign up to to be alerted if your credentials have ever been compromised across the web. Simply sign up for its email notification service to determine if you’ve been impacted.
If it turns out your credentials have been stolen, here are some steps you can take:
- Run an antivirus and malware scanner on your device
- Sign out of every site in your browser
- Clear the cache and cookies
- Change all your passwords
- Notify any relevant, impacted stakeholders like your bank or insurance company
Even if you weren’t impacted, it’s never a bad idea to take preventative measures and protect yourself from credential theft. Here are some basic tips:
- Use a VPN to encrypt your traffic and hide your IP address
- Disable cookies and clear your cache regularly
- Disable Javascript in your browser if possible (it is needed for device fingerprinting)
- Only use sites with an SSL certificate — the encryption will secure your data in transit