Twenty-four people have been arrested in the UK after an international operation took down one of the world’s biggest online criminal marketplaces.
Genesis Market hosted 80 million account credentials and digital footprints stolen from devices of more than two million people, and users could buy “bots” containing the information.
The most expensive of them would contain financial information, such as access to online banking accounts.
Hundreds of people in the UK were among those who used it to target individuals and businesses.
The arrests came in raids by the National Crime Agency (NCA), regional cyber crime units, and police on Tuesday.
They coincided with the marketplace being taken offline.
Seventeen countries were involved in the investigation, led by America‘s FBI and authorities in the Netherlands.
It led to more than 200 searches and around 120 people taken into custody around the world.
The NCA said its work was not done, however, with more arrests expected and other users to be contacted and warned about their potentially criminal activity.
Genesis Market’s unique capabilities
Genesis Market provided its users with a custom web browser mimicking that of their victim.
It meant they could make it look as though they were accessing their accounts from usual locations and devices, therefore not triggering the “suspicious activity” notifications you get from services like banking apps.
Criminals may also have used the information they obtained about a victim, such as names of family and friends, to manipulate them into handing over money.
YouTube warns of new email scam
Ofcom ‘concerned’ about UK cloud market
CYBER CRIME TACTICS TO LOOK OUT FOR
Phishing emails and texts will try to draw you in by looking remarkably legitimate, closely resembling messages you might be used to from retailers and other services.
But they will contain links that may send you to a fake website that asks you to input account details that could then be stolen.
Look out for suspicious email addresses, odd formatting and misspellings, and just go straight to the relevant website if you’re at all unsure.
Any legitimate website should have a valid security certificate – that means looking out for a little padlock icon next to the URL.
You should also avoid typing in any personal information while connected to a public network, no matter how convenient that train Wi-Fi might be, because they don’t always have strong safety protocols in place.
If you do suspect trouble, change your passwords, don’t reuse them across different accounts, and keep an eye on your bank accounts.
To make the password situation easier on you, do use a password manager. Most smartphones and web browsers should have these built in, and they are easy to set up and manage.
‘A huge blow to criminals’
The NCA’s director general of the NECC and threat leadership Rob Jones said taking the marketplace offline would be “a huge blow to criminals across the globe”.
“Behind every cyber criminal or fraudster is the technical infrastructure that provides them with the tools to execute their attacks and the means to benefit financially from their offending,” he said.
“Genesis Market was a prime example of such a service – and it was one of the most significant platforms on the criminal market.
“Targeting this infrastructure is at the core of the NCA’s efforts to disrupt the highest harm offenders and protect the public from those seeking to infiltrate their lives, stealing their identities and their money.”
How to know if you’ve been affected
You can check if your data has been stolen and shared on Genesis Market by visiting politie.nl/checkyourhack and inputting your email address.
If you find you have been affected, you should contact Action Fraud.