The Genesis Market Crime Forum is Shutdown. Now What?

Learn more about the U.S. Department of Justice’s recent takedown of the popular cybercrime forum Genesis Market.

The cybersecurity world is filled with raids on cybercrime rings and indictments by the FBI and other government agencies.

These raids and indictments often include the assistance and partnership of foreign agencies, some of which I had the pleasure of participating in during my time with the FBI.

A recent example is Operation Cookie Monster. The operation targeted Genesis Market, a known online criminal marketplace, that advertised and sold account access credentials from malware attacks worldwide.

The operation successfully targeted the main websites used by the cybercrime forum, resulting in the website being shutdown and more than 100 arrests around the globe.

“Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice,” said Attorney General Merrick B. Garland.

According to the U.S. Justice Department, Genesis Market offered data stolen from more than 1.5 million computers worldwide containing login details for more than 80 million user accounts. The forum used these credentials to facilitate fraud, such as ransomware and identity theft, and inflicted tens of millions of dollars in losses on its victims.

So, What Does The Seizure and Raids on Genesis Market Really Mean?

When it comes to an operation like Operation Cookie Monster, I think it’s difficult to decipher what the press releases really mean or even grasp the vast amount of work and time it takes to bring down these cybercriminals. In this case, the endpoint was the website shutdown and subsequent arrests of the perpetrators.

Coordinated operations, especially international ones, such as Operation Cookie Monster, take a lot of time, preparation and planning – it is not as simple as mainstream media sources make it out to be.

Launching an operation goes far beyond simply breaking out a laptop and identifying a cybercriminal ring to investigate. In fact, many operations take months or even years to fully get underway, depending on the complexity and scope, which makes the end result much more satisfying for those involved from the start.

I also believe the perceptions of whether these operations are truly beneficial vary greatly depending on whom you talk to and how you define the term “beneficial”.

Is taking down a website beneficial when the criminals just spin up another one?  Or when other criminals fill the void left and replace the ones who were just arrested? While it may be accurate to conclude the cycle seems never-ending, the fact is that these criminal operations take time themselves to develop and slowing that process down, in aggregate, can ultimately reduce the frequency of future attacks.

Another important impact to consider is when physical arrests are made, as they were in Operation Cookie Monster. Since many cybercrimes don’t result in arrests and jail times, which can embolden cyber criminals the fact that law enforcement is realizing  more success in identifying and incarcerating threat actors can serve as a strong deterrent for future cyber related criminal activities. .

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe.

 To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected].