top of page

Cyber Bites

FBI as Cookie Monster

The FBI and Dutch police take down the stolen identity marketplace Genesis with operation Cookie Monster. Genesis was an initial access broker with over 80 million compromised accounts available for sale.

From the Department of Justice:

Genesis Market was user-friendly, providing users with the ability to search for stolen access credentials based on location and/or account type (e.g., banking, social media, email, etc.). In addition to access credentials, they obtained and sold device “fingerprints,” which are unique combinations of device identifiers and browser cookies that circumvent anti-fraud detection systems used by many websites.

The combination of stolen access credentials, fingerprints, and cookies allowed purchasers to assume the identity of the victim by tricking third party websites into thinking the Genesis Market user was the actual owner of the account.

Here’s a screenshot of the console before the takedown:


Victim credentials obtained from the investigation have been provided to the website “Have I Been Pwned”, a free resource for people to assess whether their access credentials have been compromised in a data breach or other activity. You can visit HaveIBeenPwned [.] com to see whether your credentials were compromised by Genesis.

Suggested actions if you were compromised.

  • Log out of all open sessions in all web browsers on your computer.

  • Remove all cookies and temporary internet files.

  • Then choose one of the following two options:

  • Update the virus scanner on your computer.

  • Then carry out a virus scan on your computer.

  • The malware will be removed.

  • Then (and only then) change all your passwords. Don’t do this any earlier, as otherwise the cybercriminals will see the new passwords.

OR

  • Reset the infected computer to the factory default settings:

  • Then (and only then) change all your passwords. Don’t do this any earlier, as otherwise the cybercriminals will see the new passwords.

  • How can I prevent my data being stolen (again)?

  • Use a virus scanner and keep it up to date.

  • Use strong passwords that are unique for each account/website.

  • Use multifactor authentication. If you use a fingerprint, facial recognition, or approval on another device (such as a phone) to confirm your identity on login, it is harder for someone to access your accounts.

  • Never download or install illegal software. This is a very common source of malware infection.

  • When installing legal software, always check that the website is genuine.

Here’s the Genesis site after the FBI makeover. Extra credit to those that can find evidence of the FBI’s sense of humor.


Sources: The Department of Justice, troyhunt.com


Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.

Comments


bottom of page