Threat Management, Identity, Critical Infrastructure Security

Genesis Market seizure a warning that cybercrime no longer anonymous

A colorful keyboard and handcuffs.

The takedown of Genesis Marketplace earlier this month signaled a changing tide in joint federal operations. And while the cybercriminals will evolve and work to revive the dark web forum on another platform, federal law enforcement is tightening the noose on these operations.

It’s likely law enforcement was able to obtain some of the actors’ identities with the Genesis seizure, which imposes a “meaningful consequence” for the actors who may believe it's a cost-free, anonymous activity, “when, in fact, it’s not,” Alex Iftimie, Morrison Foerster privacy and security partner and global risk and crisis management co-chair, told SC Media.

“With each of these disruptions, the government learns more about who the actors are, and these actors have to recognize that engaging in this kind of activity means they may never be able to travel to [certain] jurisdictions… because there is a significant risk that they have been identified and will one day be brought to justice,” he added.

As reported, Genesis Market was the “most prolific initial access broker in the cybercrime world,” offering access to stolen data tied to over 1.5 million compromised devices and more than 80 million account access credentials at the time of the seizure.

It was the second major joint effort against dark web activity announced in early April. To take down illegal Cobalt Strike, Microsoft partnered with Fortra and Health-ISAC and created a collaboration with the FBI, the National Cyber Investigative Joint Task Force and Europol’s European Cybercrime Centre on related cases.

About the same time last year, another joint effort led to the seizure of the Russian dark web marketplace Hydra, which was known for contributing to an estimated 80% of all dark web market-related cryptocurrency transactions in 2021.

The difference between the marketplace shutdowns was the size of the efforts. While Hydra was brought down by the U.S. and Germany, Genesis was thwarted by 45 FBI field offices and approximately 20 other global law enforcement bodies, including Denmark, Europol, Canada and Spain.

It’s one of the largest examples of international cooperation seen in cybercriminal enforcement. 

“It’s striking,” said Iftimie.

The speed and scope of their effort reflects the improved coordination of international law enforcement organizations and their joint enforcement, he continued, adding that there isn't any significant disruption that isn’t based on very careful cooperation at this point.

“That wasn’t the case five or 10 years ago,” Iftimie said. As a result, these seizures may increase, given the improved coordination of allies “to bring people to justice and to shut down servers.”

As seen with previous seizures, Iftimie said the takedown will likely lead to a splintering of both the actors and their cybercriminal activities. It’s possible some of the actors will work to rebuild the success of Genesis in another forum, but it will certainly take time for a new forum to emerge to “the same level of preeminence that the Genesis Marketplace held.”

“In that respect, it's a significant disruption,” said Iftimie, who’s also a former Department of Justice counselor to the attorney general and former prosecutor in the National Security and Cybercrime Units of the U.S. Attorney’s Office for the Eastern District of Virginia.

While an important enforcement action, the criminals will find a way to reconstitute themselves. As Iftimie explained, “it’s a cat and mouse game” when it comes to cybercrime, just as it is with drug trafficking.

What can be expected is a massive cost increase for participating in cybercrime.

“These types of disruptions do a lot to raise the costs for the actors conducting these kinds of operations,” Iftimie continued. “It’s not easy to rebuild a marketplace that is of the size and scale of the Genesis marketplace, or a marketplace like Hydra… so there is meaningful impact” in terms of costs to rebuild and recreate “the connective tissue” that enabled the market’s creation.

The scope of the global effort may have a chilling effect, even briefly, as criminal groups begin to realize cybercrime is no longer anonymous.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.