Carr announces investigation into suspected users of Genesis Dark Web Marketplace following FBI takedown of illicit site

Marietta Daily Journal, Ga.
Updated ·6 min read

Apr. 10—Attorney General Chris Carr announced on April 5 that the Office of the Attorney General's Prosecution Division is participating in a nationwide investigation into suspected users of Genesis Market, a dark net marketplace that is known to traffic in the stolen credentials of victims whose computers have been infected with malware.

Over the course of their investigation into the illicit online marketplace, federal law enforcement worked to identify those who purchased and used these stolen access credentials to commit fraud and other cybercrimes. This effort resulted in hundreds of leads being sent to law enforcement throughout the U.S., including the Georgia Office of the Attorney General. Federal authorities also recently announced the seizure of 11 domain names used to support Genesis Market's infrastructure.

"As with any dark web marketplace, Genesis only exists because there are people out there willing to purchase a stolen product and further perpetrate a fraudulent scheme," said Carr. "We are proud to work with our federal partners to investigate those who may be committing these costly crimes here in Georgia, so we can ensure they are held accountable for their actions. As we continue with our case, we would encourage all Georgians to remain vigilant when conducting business online."

The FBI's investigation into Genesis Market revealed that the illicit online marketplace was hosted on the dark web. Its operators compiled stolen data from malware-infected computers around the globe and packaged it for sale on the market. The packages sold on the market, referred to as "bots," allowed the purchaser to access various online accounts harvested from the computers of the victims.

Some of the bots include a "fingerprint" or unique identifier used by applications or websites to identify a computer or device. These fingerprints allow the application or website to confirm that the device is a trusted source. By using the Genesis Market proprietary plugin (i.e., an Internet browser extension that provides additional functionality), the purchaser had amplified ability to control and access the bot's data and masquerade as the victim device.

Victim credentials obtained over the course of the investigation have been provided to the website Have I Been Pwned, which is a free resource for people to quickly assess whether their access credentials have been compromised (or "pwned") in a data breach or other activity. Victims can visit HaveIBeenPwned.com to see whether their credentials were compromised by Genesis Market, so they can change or modify passwords and other authentication credentials that may have been compromised.

Additional Tips and Resources

According to the FBI's Internet Crime Complaint Center, Georgians lost more than $322 million to internet crimes last year alone. Nationwide, those losses topped $10 billion.

To help small businesses, non-profits and places of worship safeguard their data and devices, the Attorney General's Consumer Protection Division created Cybersecurity in Georgia — a comprehensive guide that includes critical tips and information on the different types of cyber threats, employee training and cyber insurance. The guide is available online and free for download at https://consumer.georgia.gov/consumer-topics/cybersecurity-georgia.

The Consumer Protection Division also offers the following tips to everyone who uses technology:

— Be wary of emails and text messages asking one to take action. Don't click on links, open file attachments or provide sensitive information in response to texts, emails or social media messages, particularly if one doesn't recognize the sender, as it could download malware onto one's device or place sensitive information in the hands of a scammer. Be especially wary if the sender asks for money to be sent. Even if the message appears to come from a person or business one knows, refrain from interacting with the message and instead contact the entity through a verified phone number, email address or website.

— Use strong passwords. The longer the password, the tougher it is to crack. Mix letters, numbers and special characters. Don't use one's name, birthdate or pet's name in the password. Use a different password for each account so that if one account is hacked, the perpetrator cannot take over all of one's accounts.

— Enable multi-factor authentication. Multi-factor or two-factor authentication increases the security of online accounts by requiring an additional means of verifying an identity beyond the username and password. This could come in the form of a PIN number, security question, facial recognition, fingerprint or requiring one to enter a code that is texted or emailed. Always opt-in if given the choice to set-up multi-factor authentication, particularly for sensitive accounts, such as online banking or retail accounts that store payment information.

— Update one's system and software frequently. Computer and software companies frequently update their programs to include protection against new security threats. Simply updating the operating system and software whenever new versions become available gives an added measure of security.

— Install reputable security software on one's computer. Make sure the computer has anti-virus and anti-spyware software, a pop-up blocker and that the firewall is enabled. For lists of security tools from legitimate security vendors, visit staysafeonline.org.

— Lock one's phone. Use at least a six-digit passcode on the device or use the pattern lock or fingerprint scanner. Set the device to lock when it's not in use.

In the event that one loses their mobile device:

— Enable Find My iPhone (iOS) or Find My Device (Android). These apps could help locate the device if lost. If the phone is stolen, these apps also let one remotely issue a command to erase the device — even if an identity thief turns it off.

— Alert the wireless provider as soon as one knows the device is missing. They can permanently or temporarily disable the SIM card to stop someone from using the device for calls or the internet.

— Change passwords for the accounts if the device is compromised. Many people set their devices to remember passwords, which means that if the device ends up in the wrong hands, someone could gain access to the accounts and personal information. If one loses their device, immediately change the passwords to the online accounts.

— Backup important data. No system is completely secure. Copy files onto a removable disc, external hard drive or to the Cloud so that if the device is compromised, one will still have access to their files.

— If one has fallen victim to a cyber fraud scheme, report the suspected fraud to the bank, local law enforcement agency and IC3 at www.ic3.gov.

For more information, visit the Office of the Attorney General's Consumer Protection Division at www.consumer.ga.gov.