Hackers Still Active After Takedown by Police

Police have said that they have taken down a hacker marketplace used to steal accounts for services like Amazon, Netflix, and others.

However, the marketplace seems to remain active.

In April, Genesis Market was seized and removed from the mainstream internet after an international police operation.

An identical version of the market was found online, hosted on the darknet.

A post regarding the market said that this unaffected market was “fully functional”.

The Police have described Genesis Market as a “dangerous” site that specialises in selling personal information like login details, IP addresses, etc.

Genesis Market was one of the biggest criminal facilitators as it had over two million stolen online identities up for sale when the police operation took place.

Dubbed ‘Operation Cookie Monster’ the FBI led with the Dutch police and was announced on the 5th of April.

Many agencies across the globe announced that 119 people were arrested and said that the service had been “dismantled”.

However, some researchers at Netacea who speciallise in Cybersecurity, have been monitoring the darknet version of the Genesis Market.

Netacea say that the site had been disrupted but for only around 2 weeks.

Netecea’s principal security officer, Cyril Noel-Tagoe said “Taking down cyber-crim operations is a lot like dealing with weeds. If you leave any roots, they will resurface,”

Cyril Noel-Tagoe did praise the police and the operation as they seized the mainstream internet version of Genesis Market, however, he said it was more of a disruption compared to a takedown.

“The roots of Genesis Market’s operation, namely the administrators, darknet website, and malicious software infrastructure, have survived,”

Updates have been shared by administrators of the criminal market, saying that they have released a new version of their hacking browser.

They also continue to take data from hacked devices, over 2000 new victim devices have been added to their market.

Experts at Trellix, another cybersecurity company, that aided the police in disrupting the market, have agreed that the leaders of this website are still out there.

“It is true that the Genesis Administrators quickly responded on hacking forums stating that they would be back online shortly with improvements, and the darknet site is still accessible,” says Trellix’s head of threat intelligence, John Fokker.

At the time of the disruption, the police did not make any comments regarding the operational darknet website.

A spokesperson for the FBI did say that work was still being done to “make sure that users who leverage a service like Genesis Marketplace face justice”.

The National Crime Agency in the UK still believes that the operation was a “huge blow” to cybercriminals.

Paul Foster the deputy director of the NCA’s National Cyber Crime Unit said “Although a dark web version of the site remains active, the volume of stolen data and users has been significantly reduced. I do not doubt that the operation damaged criminal trust in Genesis Market,”

The police and other experts have agreed that alongside reducing the site’s visibility by removing it from the mainstream internet, the operation would have intimidated hackers that are considering using the site.

The NCA has said only one of 30 people arrested in the UK have been charged with any offenses so far.

Trellix and Netacea’s research on the hacker forums does show some unease within the marketplace after the operation, however, it is hard to tell if cybercriminals have been put off for a short time or permanently.

Comments from users on the marketplace’s news page are still being posted, but significantly less than before the operation.

Taking down sites hosted on the darknet is very difficult as it is hard to find where their servers are, or if they are hosted in countries that don’t respond to Western law enforcement requests.

The US Treasury believes that the site is run in Russia.

This hasn’t been confirmed however, the site does have Russian translations alongside English translations.

We make sure we are always up to date on cybersecurity news, to ensure your business stays safe.

If you need help with your IT cybersecurity, contact our team.

Are you in need of IT Support?

Itek provides IT solutions for your entire IT infrastructure. Your business can experience a cost-effective service at a predictable fixed rate, removing the burden from you and your team and freeing you to focus on your goals.

The Itek Newsletter

Sign up for our weekly newsletter, follow along with tips and tricks as well as best practices straight to your inbox.