Operation Cookie Monster: FBI dismantles largest forum due to stolen passwords

A heavy blow to cybercrime. Dismemberment of the largest forum on stolen passwords, genesis.market, were the latest news in the world of cybersecurity. This market It has been active since 2017 and allowed cybercriminals not only to sell access to stolen credentials from infected systems, but also to gain direct access to those systems through the parallel sale of cookies and session tokens.

Last Wednesday, the FBI announced that it had seized his web domains, deactivating the forum and dismantling the criminal organization that supported it. This intervention took place as part of Operation Cookie Monster, which involved various European, Canadian and American institutions.

Now, when you enter these sites, the description “This website has been changed” appears, a message posted by the FBI on the pages it tampers with.

“Through the combined efforts of all involved law enforcement agencies, we have seriously disrupted the cybercrime ecosystem by removing one of its main drivers,” mentions Edvardas Šileris, head of the Europol European Cybercrime Center. “With victims all over the world, strong relationships with our international partners have been critical to the success of this case.”

Genesis.Market how dangerous was this group?

Genesis Market was primarily in the business of selling stolen digital identities. The marketplace offered for sale what the owners called “bots” that would infect victims’ devices with malware or account takeover attacks.

By purchasing one of these bots, the criminals gained access to all the data it collects, such as fingerprints, cookies, saved passwords, and autofill form data. This information was collected in real time and buyers were notified of any password changes, etc.

The price of each bot ranged from $0.70 to several hundred dollars, depending on the amount and nature of the stolen data. The most expensive contained financial information that allowed access to online banking accounts.

The criminals who bought these special bots received not only the stolen data, but also the funds to use it. They were given their own browser that mimicked their victim’s browser, allowing them to access their account without activating any of the security measures of the platform that hosted the credentials to be used. These security measures include recognizing different login locations, a different browser fingerprint, or a different operating system.

My account was hacked?

If you are concerned that your data has been affected, the Netherlands Police have set up a website where users can check if their Genesis.market access credentials have been sold. Just enter your email address and if the answer is yes, you will receive a message in the corresponding account’s inbox.

If you suspect that your accounts have been stolen, here are some recommendations:

change your passwords right away and make sure they are secure and unique for each account.

Enable two-factor authentication on all your accounts, which allow you to add an extra layer of security.

Monitor your accounts regularly to detect any suspicious activity.

Consider using a password manager to create and manage strong passwords for all your accounts.