How 'Operation Cookie Monster' took down a major dark web marketplace

Genesis Market, one the world’s largest illicit online marketplaces, was shut down this month in a police operation that involved over a dozen international law enforcement agencies.

Dubbed “Operation Cookie Monster,” the crackdown resulted in the seizure of hundreds of thousands of stolen identities and online access credentials that were for sale on the platform. The operation, which also led to over 100 arrests worldwide, was headed by the US FBI and the Dutch National Police and served a major blow to global cybercrime efforts, according to officials and experts.

“Through the combined efforts of all the law enforcement authorities involved, we have severely disrupted the criminal cyber ecosystem by removing one of its key enablers,” Edvardas Šileris, the Head of Europol’s European Cybercrime Centre, said in a statement.

Founded in 2018, Genesis Market advertised and sold stolen data such as usernames, passwords, bank account details and device “fingerprints” like computer and mobile phone identifiers. The data was often harvested by malicious software deployed into computer networks by cybercriminals.

The platform had offered over 80 million account access credentials from more than 1.5 million compromised computers worldwide since its inception, according to law enforcement agencies. This includes thousands of credentials stolen from over 460,000 computer devices that were advertised for sale at the time “Operation Cookie Monster” took down the site.

“Behind every cyber criminal or fraudster is the technical infrastructure that provides them with the tools to execute their attacks and the means to benefit financially from their offending,” Rob Jones, the Director General and Threat Leadership of Britain's National Crime Agency (NCA), added in a statement. “Genesis Market was a prime example of such a service and was one of the most significant platforms on the criminal market.”

Aside from facilitating consumer identity theft and fraud, Genesis Market sold access credentials connected to a variety of important sectors such as finance, critical infrastructure and government agencies, authorities said. The platform often sold the data to ransomware actors and other types of cybercriminals that would then infiltrate and exploit computer networks around the world.

In 2021, for example, hackers successfully breached the network of an unnamed US company using stolen data and source code purchased on Genesis Market, according to the US Treasury. The agency also said Genesis Market had been used by cybercriminals to target the US government.

“Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice,” US Attorney General Merrick Garland said in a statement.

Cyber experts and law enforcement agencies have been increasingly calling for international cooperation to disrupt cybercrime.

At the World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland, Jürgen Stock, the Secretary-General of the International Criminal Police Organization (INTERPOL), stated that tackling cybercrime requires a “global response” with “enhanced and coordinated” enforcement efforts. “The key to winning the battle against cybercrime is, of course, to work together to make it a priority across the geopolitical fault lines,” Stock said.

The takedown of Genesis Market also comes as experts urge private and public organizations to better protect themselves against cybercrimes.

“As the global cost of cybercrime continues to rise, and professionalized cybercriminal groups are continuing to create new attack types, governments and private organizations must remain vigilant in their efforts to prevent cybercrime, and work together across national borders to disrupt these criminal networks,” said Gretchen Bueermann, a Research and Analysis Specialist at the Forum's Centre for Cybersecurity.

In 2020, the World Economic Forum launched its Partnership against Cybercrime initiative to explore ways to amplify public-private cooperation and confront the increasing and evolving threat of cybercrime. As the Forum’s Global Cybersecurity Outlook 2023 report notes, “Professionalized cybercriminal groups have continued to grow and create a higher volume of new attack types.”

Following Operation Cookie Monster, Dutch police created a portal for internet users to check whether their online identity had been posted on the platform. Visit the portal here to confirm your information is secure.