Our digital era has brought forth both incredible conveniences and potent threats, one of the most severe being data breaches. In a recent multinational police operation, an ID marketplace notorious for selling stolen credentials was shut down. The operation, aptly named “Operation Cookie Monster,” resulted in 120 arrests, including ten Australians. The scope of the operation, which spanned 17 countries and conducted over 200 searches, underscored the global nature of cyber crime.
What’s Being Sold?
The marketplace, known as the Genesis Market, was a hub for cyber criminals dealing in stolen credentials. It housed roughly 80 million credentials and device fingerprints pilfered from over 2 million people. Among these were “browser fingerprints,” particularly sought-after data stolen from computers infected with malicious software.
These browser fingerprints are highly valued in the cyber crime ecosystem. They often contain credentials, cookies, internet protocol addresses, and other browser or operating system details that criminals can use to bypass anti-fraud solutions such as multifactor authentication or device fingerprinting.
The Danger of Data Marketplaces
Genesis Market’s activity dated back to 2018, giving it ample time to cause substantial harm to individuals and communities alike. One estimate suggested that the potential harm to the Australian community alone could amount to $46 million, highlighting the massive scale of damage these data marketplaces can inflict.
Why This Matters
Data marketplaces like Genesis are dangerous not just because of the stolen information they peddle, but because they lower the barrier to entry for other cyber criminals. By offering easy access to stolen data, they enable cyber criminals to quickly scale their operations and carry out targeted attacks for immediate financial gain.
Even more concerning, these operations can be carried out at relatively low cost, with credentials selling for as little as $US0.70, depending on the data’s value.
In the wake of the Genesis Market’s shutdown, it’s crucial to recognise the steps individuals can take to secure their data. Experts urge people to enhance their cyber security measures, like enabling multifactor authentication, training staff and staying vigilant for any suspicious activity on their accounts.
Authorities have also provided resources for individuals to check if their personal details were compromised and appeared on Genesis. The repercussions of such data breaches are ongoing, with further police action around the globe expected as investigators continue to identify alleged offenders.
The takeaway is clear: understanding what happens to your data when it’s stolen is the first step towards proactive data protection. Cyber security is not a luxury, but a necessity in our digitised world. It’s not just about protecting your data; it’s about guarding your identity, your finances, and your peace of mind.