The hacker marketplace was shut down by Cookie Monster

Investigation of a Social-Technical Crime Forum, Genesis Market, based on a New York Man’s “Cookie Monster”

The FBI has seized a popular cybercrime forum accused of facilitating large-scale identity theft, according to an FBI notice posted to the forum’s website on Tuesday.

The law enforcement operation against Genesis Market came just one day after the FBI raided the popular forum, BreachForums, that boasted of being the location of a hack affecting members of congress and thousands of other people. The FBI arrested a 20-year-old New York man accused of being the founder of BreachForums.

The FBI dubbed the takedown as “Operation Cookie Monster,” a play on the forum’s sale of web browser information known as “cookies,” per the seizure notice.

The crime forum was created because of research done on anti-fraud technology used by hundreds of banks and payment systems.

Genesis marketplace gave access to users Cookies and Browser fingerprints, which could let the hackers get around protections like two-factor authentication, which requires a password. Cookies — or login tokens, to be specific — are files that websites store on your computer to show that you’ve already logged in by correctly entering your password and two-factor authentication information. They are the reason you don’t have to log on when you visit a website. (They’re also the reason that the joint effort to take down Genesis was given the delightful codename “Operation Cookie Monster.”)

How to Check If Genesis Was Selling stolen Information: Troy Hunt of HaveIBeenPwned.com and Why You Shouldn’t Click the Verify Email

The FBI seizure is the latest in a series of international law enforcement stings that involve coordinated arrests and raids on multiple continents. The FBI and Europol, the European Union’s law enforcement agency, seized computerservers after identifying more than 100 businesses that were at risk of being hacked.

The demand for stolen data means that other alleged perpetrators often quickly take their place, regardless of whether they’re arrested or not.

The agencies have teamed up with HaveIBeenPwned.com to make it easy for the public to check if their login credentials were stolen, and I’d highly recommend doing so — because of the way Genesis worked, this isn’t the typical “just change your password and you’ll be fine scenario.” Troy Hunt, the owner of HaveIBeenPwned, has a writeup on how to check if Genesis was selling stolen info.

To sign up for the email service with all of your email addresses you should click theVerify email button in the confirmation email. You can’t find out if you were impacted when you search for your email on the site.

They undoubtedly make the web convenient to use, but they pose a security risk if someone were to get a hold of them — say, by getting a user to download a piece of malware and then uploading them to a hacker’s servers. The data was sold on Genesis from over 1.5 million compromised computers around the world.

A quick guide to getting rid of malware on the Mac and Windows computers after the hacker hijacked the YouTube channel Have I Been Pwned

Web developers, however, know about this possibility and will often build in additional protections. One is called fingerprinting, which is a technique that looks at a ton of information about your computer, like what browser you’re using, what fonts you have installed, what hardware you have, etc. If a cookie has been used to access an account on a Windows PC, it is a good idea to use a browser plug-in; it is not uncommon for someone to use a computer to gain access to an account.

The attack was recently used to take over the channel as shown in a breakdown of the technique by YouTuber Linus Tech Tips. (Though, to be clear, it appears the hacker got their credentials by targeting them directly, not via a marketplace like Genesis.)

So you got an email from Have I Been Pwned saying that your data was found in the Genesis dataset. If you want to clear your cookies and cache, it’s important to log out all your accounts on every web browser on your computer. In browsers, you can do that in: Chrome, Edge, Firefox, and Safari. If you’re given the option, be sure to delete the data for all time, not just the past week or so, just to be safe. This will make certain that you are not in everything and that you don’t have any session tokens that aren’t valid.

After this step, you are not done. If your data was stolen, it is possible that it is still running on your device, and you will have to provide new login cookies to access the marketplace. You need to completely reset your computer in order to recover from a harmful virus. Personally, I use Malwarebytes whenever I need to hunt down viruses, but here are some quick guides on how to get rid of malware on Windows and on Macs. (Yes, Macs get viruses, too.)

After that, you should be okay to log back into your accounts. It’s worth checking out security expert Brian Krebs’ Mastodon thread for information on how exactly computers get infected because it’s not always via the obvious, easy-to-spot methods like files named “ClickMe_NOTAVirus.exe.” Being aware of the warning signs to look out for can help make you aware of any potential infections and keep you from getting re-infecting yourself.