Darknet users, beware: If you frequent criminal marketplaces in the internet’s underbelly, think again. Chances are you’re in the FBI’s crosshairs.
The FBI is cracking down on sites that peddle everything from guns to stolen personal data, and it is not only going after the sites’ administrators but also their users.
A recent surge in ransomware attacks and other malicious cyber activities has fueled the effort to shut down services that cater to online criminals.
But the strategy hasn't been always effective. With each takedown, a new iteration pops up drawing users with it. Which is why the FBI is eyeing both the operators and users of these sites.
“We're not only trying to attack the supply side, but we're also attacking the demand side with the users,” a senior FBI official said during a Wednesday briefing on the agency’s takedown of Genesis Market, a large online criminal marketplace. “There's consequences if you're going to be using these types of sites to engage in this type of activity.”
The darknet, the hidden part of the internet that can only be accessed by a special browser, has long been home to various criminal marketplaces and forums.
One type of criminal marketplace there specializes in buying and selling illegal items, such as drugs, firearms and fraudulently obtained gift cards.
Another type of market trades in sensitive data, such as stolen credit cards, bank account details and other information that can be used for criminal activity. These sites are known as “data stores.”
In recent years, a new breed of cyber criminals has emerged. Known as “initial access brokers,” these criminals specialize in selling access to compromised computer networks. Among their customers: ransomware gangs.
The takedown on Tuesday of Genesis Market, a 5-year-old criminal marketplace described by officials as an “initial access broker,” offers a window into this type of cyber-criminal activity.
It also shows how the FBI is increasingly going after users of criminal marketplaces and not just their administrators.
U.S. officials said Genesis Market was not only a seller of stolen account access credentials but was also “one of the most prolific” initial access brokers operating on the darknet.
Describing it as a “key enabler of ransomware,” the Justice Department said Genesis Market sold “the type of access sought by ransomware actors to attack computer networks in the United States and around the world.”
The site went dark on Tuesday after the FBI, working with law enforcement agencies in nearly 20 countries, including the U.K. and Canada, took it offline and arrested nearly 120 people.
In a statement, Attorney General Merrick Garland hailed the operation as “an unprecedented takedown of a major criminal marketplace that enabled cybercriminals to victimize individuals, businesses, and governments around the world.”
Genesis is one of two popular cyber-criminal marketplaces taken down by the FBI in the past month.
In March, the FBI shut down Breach Forums, a criminal forum and marketplace that boasted more than 340,000 members. On the Breach Forums website, users discussed tools and techniques for hacking and exploiting hacked information, according to the Justice Department.
“We're going after the users who leverage a service like Genesis Market, and we are doing that on a global scale,” the FBI official said.
To take down Genesis Market, the FBI and its international law enforcement partners seized its servers and domains.
In doing so, the FBI was able to obtain information about 59,000 individual user accounts, a senior Justice Department official said during the briefing.
The information included usernames, passwords, email accounts, secure messenger accounts and user histories, the official said.
“And those records helped law enforcement uncover the true identities of many of the users,” the official said.
The users ran the gamut from online fraudsters to ransomware criminals.
Some of the users were in the U.S., officials said, declining to provide any other details about them. They were among the 119 people arrested around the world in connection with Genesis Market takedown.