“The Most Dangerous Marketplace” Genesis Market Shut Down in Unprecedented Police Op
Read also: Germany dismantles DDoS-friendly host ‘FlyHosting,’ Spanish hacker ‘Alcasec’ arrested, and more.
Thursday, April 6, 2023
Police seize Genesis Market, one of the world’s largest cybercrime stores
The infrastructure and main domains of Genesis Market, one of the world’s largest cybercrime shops that sold stolen credentials, were dismantled as part of a joint law enforcement operation codenamed “Operation Cookie Monster.” The effort led by the US Federal Bureau of Investigation (FBI) and the Dutch National Police (Politie) involved law enforcement agencies from over 15 countries and led to the arrest of 119 suspects across 13 countries.
Genesis Market has been around since 2018 and was accessible both on dark web and “clear” web. The platform’s main commodity was digital identities. More specifically, Genesis Market offered for sale so-called bots - packages of credentials and information (browser fingerprints, cookies, saved logins, etc.) gathered from breached computers worldwide.
The US Department of Justice says that the marketplace offered access to data stolen from over 1.5 million infected machines containing more than 80 million login credentials.
Spanish police arrest hacker Alcasec regarded as a “national security threat”
Spanish authorities announced the arrest of a 19-year-old man allegedly responsible for multiple high-profile cyber-attacks against Spain’s government agencies.
José Luis Huertas aka “Alcasec” came under close scrutiny after the police linked him to a November 2022 cyber-attack on Spain's national council of the judiciary (CGPJ), which also impacted a number of other government entities, including the Tax Administration Agency (Agencia Tributaria), exposing personal and financial data.
Huertas is also suspected to be behind a service named Udyat (“the Eye of Horus”) used by malicious actors to obtain personal and sensitive information. In YouTube videos advertising the service, Alcasec boasted that the platform contained data on nearly 90% of Spain’s population.
Germany dismantles DDoS-friendly hosting provider ‘FlyHosting’
German authorities seized servers of FlyHosting, a dark web hosting provider that has been in operation since November 2022, offering services to cyber crooks and operators of DDoS-for-Hire sites.
According to investigative reporter and cybersecurity expert Brian Krebs, the police served eight search warrants and identified five people aged 16-24 who allegedly have been running the service since mid-2021.
During raids computer equipment, storage media and handwritten notes from the suspects were confiscated, as well as servers located in Germany, the Netherlands, and Finland.
US authorities seize $112 million linked to crypto investment scams
The US Department of Justice seized $112 million worth in cryptocurrency linked to crypto investment scams as part of a broader effort to address confidence or romance fraud known as “pig butchering.” This type of scam involves fraudsters developing long-term relationships with victims online to entice them to invest in phony cryptocurrency trading platforms.
The seized money were held in six separate virtual currency accounts used to launder funds of various cryptocurrency confidence scams.
According to the FBI’s 2022 Internet Crime Report, investment fraud accounted for $2.57 billion worth of losses for 2022, a 183% increase from 2021.
Multimillion dollar cyber fraud gang busted in Ukraine
Ukrainian cyber police in collaboration with law enforcement officers from the Czech Republic arrested suspected members of a cyber criminal group that defrauded over one thousand people across Europe of roughly $4.3 million (₴160 million).
The fraudsters set up more than 100 phishing sites targeting users in France, Spain, Poland, the Czech Republic, Portugal, and other European countries that lured victims by offering goods lower than market prices. The cyber crooks used the pilfered credit card data to make online purchases.
As part of the operation the police officers conducted more than 30 searches and confiscated mobile phones, SIM cards, and computer equipment.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Cybercrime Prosecution Weekly is a digest of most important events related to cybercrime investigation and prosecution, cyber law, as well as to new data breaches and security incidents that deserve attention of our customers and partners. 
