Genesis Market: dark web fraud site shut down by FBI - how to use HaveIBeenPwned to check your data security

A criminal online marketplace that offered millions of sets of stolen personal information for as little as 56p per entry has been shut down in an international crackdown.

Genesis Market was taken offline on Tuesday (4 April) night as a result of the sting, which was coordinated by the FBI and Dutch police, and involved law enforcement organisations from 17 different countries, including the UK's National Crime Agency (NCA).

Now, when visitors attempt to access the website, they are greeted by a page bearing the name of the FBI investigation: “Operation Cookie Monster”. Here is everything you need to know about it.

What was Genesis Market?

The marketplace, one of the biggest of its kind in the world, had 80 million sets of credentials available for sale, affecting two million victims.

Account information for online banking, Facebook, Amazon, PayPal, and Netflix, as well as so-called "digital fingerprints" made up of information from victims' devices, were among the details for sale. This enabled criminals to bypass online security checks by pretending to be the victim.

The NCA estimates that tens of thousands of British victims have been targeted, and there were hundreds of users of the site in the UK. Will Lyne, head of cyber intelligence for the NCA, said: “Genesis Market is one of the top criminal access marketplaces anywhere in the world.

“Genesis Market is an enormous enabler of fraud and a range of other criminal activity online by facilitating that initial access to victims, which is a critical part of the business model in a whole range of nefarious activity.”

The site - which could be found on both the dark web and regular search engines - offered users step-by-step instructions on how to buy stolen information and how to use it for fraud.

The marketplace could be found using normal internet search engines, as well as on the dark web, and users were offered step-by-step guides on how to buy stolen details as well as how to use them for fraud. Depending on the type of information available, prices ranged from 70 cents (56p) to several hundreds of dollars.

Businesses as well as individuals had their information sold on Genesis Market, which facilitated fraud; ransomware attacks – where hackers block access to data and demand payment to release it; sim-swapping, where mobile phone numbers are hijacked; and the theft of source code from companies.

How was it shut down?

A sting coordinated by the FBI and Dutch police and involving law enforcement agencies from 17 different countries, including the UK's National Crime Agency, resulted in the shutdown of Genesis Market on Tuesday night (4 April).

Users trying to access the site are now greeted with a page emblazoned with the FBI investigation name Operation Cookie Monster.

Investigators from the National Crime Agency carried out a series of raids on Tuesday and arrested 24 suspected users of the site. Globally about 120 people were arrested and more than 200 searches carried out.

NCA investigators have already set up spoof distributed denial-of-service sites, which bring down servers by flooding them with requests, to harvest the details of criminals, and may use similar tactics when it comes to fraud sites.

Rob Jones, director-general of the National Economic Crime Centre, said: “Our approach to tackling the criminal marketplace is that cyber criminals won’t know who they’re interacting with and won’t know for certain that they are dealing with a criminal.

He added: “And that could be a site that a partner or the NCA has access to and we’re getting their credentials. If you’re a cyber criminal, you’re not going to know whether we’ve got your credentials and whether you’re going to get a knock on the door in the morning.”

How can I check if my details were stolen?

Members of the public can check whether their details were listed on Genesis Market by visiting a Dutch police website at politie.nl/checkyourhack. Additionally, websites like haveibeenpwned.com allow you to search across multiple data breaches to see if your email address or phone number has been compromised.

Further advice on how to protect your devices and online accounts is available at bit.ly/GenesisMarket.