Criminal Website Genesis ‘Still Online’ After Takedown

A dark-web version of the hacking platform Genesis Market is still online and “fully functional” a month after the mainstream version of the site was taken down in a dramatic operation last month, security experts said.

Computer security company Netacea said the international operation led by the FBI and the Netherlands to take down Genesis only disrupted the site for about two weeks.

“Taking down cyber-crime operations is a lot like dealing with weeds. If you leave any roots, they will resurface,” Netacea principal security researcher Cyril Noel-Tagoe told the BBC.

He said the administrators, darknet website and malicious software infrastructure survived the police action.

Site update

Administrators of the criminal site have recently posted an update saying they have released a new version of their specialised hacking browser, resumed collecting data from hacked devices and added more than 2,000 new victim devices to the market.

Genesis facilitates identity fraud by providing stolen credentials for popular websites such as Amazon, eBay, Facebook, PayPal and Netflix, along with other stolen data such as cookies and IP addresses allowing users to impersonate a victim.

At the time of the April takedown the website was offering some 80 million digital profiles of more than two million potential victims.

The market is noted for its user-friendly interface, making it easy for criminals to steal services or log into users’ bank accounts and remove funds.

Disruption

The fact that the site operated on the mainstream internet made it all the easier for criminals to use.

In an interview with cybersecurity firm Recorded Future late last month, Deputy Attorney General Lisa Monaco acknowledged that the enforcement action had prioritised disrupting Genesis’ operations, rather than ensuring effective prosecutions of its operators.

“We’re going to use whatever tool we can to disrupt and prevent. What you saw here is us going after the enablers, the facilitators, the engine that allows so many people to enter into the online criminal marketplace,” she said.

She noted that Genesis had “lowered the barrier to entry for the kind of fraudster looking for easy access”.

‘Criminal trust’

The NCA told the BBC that while Genesis continues to operate on the dark web, the “volume of stolen data and users has been significantly reduced”, with “criminal trust” in the service damaged.

Genesis was previously considered one of the top three fraud websites, along with Russian Market and 2Easy.

US officials have said they believe Genesis is operated from servers based in Russia, making it more difficult to take effective action.