Last month, the FBI solemnly announced that the cybercrime infrastructure of the Genesis Market had been taken down and that the market itself had been removed from public access on the public internet. However, an identical version of the marketplace hosted on the dark web, remains active to this day.
The site administrators only “added fuel to the fire” when they placed in the header of the site information that the market is “fully functioning”, encouraging potential buyers not to be afraid to purchase the necessary data and services.
Genesis Market is described by police as a "dangerous" website that specializes in selling logins, IP addresses and cookies that make up the "fingerprints" of victims. At the time of the shutdown of the Genesis Market public website, more than two million stolen identities had been sold there.
Operation Cookie Monster, launched in April of this year, was spearheaded by the FBI and the Dutch police. The result was the announcement of law enforcement officers about the liquidation of the site and the arrest of 119 cybercriminals.
However, researchers from Netacea, who tracked the dark web version of the market, said the site was only down for a couple of weeks, after which it was fully restored.
“Fighting cybercrime is very similar to fighting weeds. If you leave some roots, they will grow again,” said Cyril Noel-Tagoe, principal security researcher at Netacea.
Noel-Tagoe also praised the police for shutting down the regular internet version of the market, but was forced to admit that the operation was more of a disruption to the activity of the attackers than a complete liquidation of the site.
Experts from Trellix, who assisted the police in disrupting some of the hacking tools sold on the Genesis Market, also agreed that the site's administrators and managers are still at large.
American and Dutch law enforcement officers have not yet commented on the fact why the darknet version of the market is still available even after its “liquidation”, however, Paul Foster, deputy director of the cybercrime division of the British NCA, noted the following: “Although the darknet version of the site remains active, the volume of stolen data and active users of the market has decreased significantly. I have no doubt that the operation undermined the credibility of the criminals in Genesis Market.”
Police and many experts agree that a large number of arrests will also have some deterrent effect on cybercriminals involved in the exchange of any data or services on the Genesis Market.
All in all, shutting down cybercrime sites hosted on the dark web is a truly challenging task. After all, the location of the attackers' servers is often difficult to determine, and sometimes they are even located in jurisdictions that do not respond to requests from foreign law enforcement agencies and do not contribute to the investigation in any way.