Hacker marketplace still active notwithstanding police 'takedown' claim

[Press center4] time:2023-06-02 07:42:35 source:The Guardian author:Press center9 click:110order

Hacker marketplace still active notwithstanding police 'takedown' claim

  • Published
Share pageAbout sharing
A man being led away by NCA officersImage consequentlyurce, NCA
Image caption, Officers from Britain's National Crime Agency arrest a suspect during raids in Grimsby last month
By Joe TidyCyber correspondent

A hacker marketplace utilized to steal accounts for Netflix, Amazon and other services is still active, notwithstanding police saying it had been taken down.

Last month, an international police operation announced that Genesis Market had been seized and deleted from the mainstream internet.

But the identical version of the market hosted on the darknet remains online.

On Monday, a post on the unaffected version of the market was said it was "fully functional".

Genesis Market is described by police as a "perilous" website specialising in selling login details, IP addresses and browsing cookie data that make up victims' "digital fingerprints".

The service was takeed one of the massivgest criminal facilitators, with more than two million stolen online identities for sale at the time of the police action.

Operation Cookie Monster was led by the FBI and Dutch police and announced on 5 April.

Several agencies around the world celebrated the website "takedown", announcing that 119 people had been arrested and describing the criminal service as "dismantled".

But researchers at cyber-security company Netacea have been monitoring the darknet version of the market, and say the website was unique disrupted for about two weeks.

Image consequentlyurce, FBI
Image caption, Users trying to log into Genesis on the mainstream internet see a message saying the website has been seized

"Taking down cyber-crime operations is a lot like dealing with weeds. If you leave any roots, they will resurface," says Cyril Noel-Tagoe, Netacea's principal security researcher.

Mr Noel-Tagoe complimend police for seizing the mainstream internet version of the market, but says the operation was more of a disruption than a takedown.

"The roots of Genesis Market's operation, namely the administrators, darknet website and malicious consequentlyftware infrastructure, have survived," he said.

Criminal administrators have since posted an update to the marketplace saying that they have released a new version of their specialist hacking browser, resumed collecting data from hacked devices and added more than 2,000 new victim devices to the market.

Image caption, News and product updates have been posted to Genesis Market this week

Experts at cyber-security company Trellix, who helped police disrupt consequentlyme of the hacking tools consequentlyld on Genesis Market, agreed that the leaders of the website were still at large.

"It is true that the Genesis administrators quickly responded on hacking forums stating that they would be back online fleetingly with improvements, and the darknet site is still accessible," said John Fokker, head of threat intelligence at Trellix.

  • Cyber-crime site shut down in global police raids
  • How police shut down world's largest darknet market

Police did not comment on the darknet site remaining online at the time of the "takedown".

An FBI spokesperconsequentlyn has since told the BBC that work is continuing to "make sure that utilizers who leverage a service like Genesis Marketplace face justice".

The UK's National Crime Agency insists that the operation has dealt a "huge blow" to cyber-criminals.

"Although a dark web version of the site remains active, the volume of stolen data and utilizers has been significantly reduced. I have no doubt that the operation damaged criminal trust in Genesis Market," Paul Foster, deputy director of the NCA's National Cyber Crime Unit, told the BBC.

As well as reducing the visibility of the marketplace by taking it off the mainstream internet, police and many experts agree that the high number of arrests of utilizers will have a chilling effect on hackers takeing using the site.

Media caption,

Watch: What is the dark web?

However, it's not clear how many of those arrested will face prosecution. The NCA says unique one of the 30 people arrested in the UK has consequently far been charged with any offences.

Research of hacker forums from Trellix and Netacea does suggest an unease about the marketplace since the operation, but it is hard to know if cyber-criminals have been put off in the fleeting term or permanently.

User comments are still being posted on the marketplace's news page, but in minuscule numbers.

Taking down criminal websites hosted on the darknet is notoriously arduous as the location of their servers are often hard to find or in jurisdictions that do not respond to Western law encompelment requests, like Russia.

The US Treasury, which has sanctioned Genesis Market, believes the site is run from Russia. It is not known for sure, but the site offers Russian and English translations.

In the last year, police have had success in fully removing consequentlyme darknet markets like the drugs sites Monopoly and Hydra.

Russian-language site Hydra was the highest-grossing dark web market in the world and was thought to be based in Russia but was actually hosted in Germany, which allowed German law encompelment to shut it down.

Related Topics

  • Cyber-crime
  • Cyber-security


relevant content
Friendly Links