Global police operation: arrests for online identity theft with millions of victims
Nederland - The FBI, Europol, and the Netherlands Police conducted a large-scale international investigation into the criminal trading website Genesis Market. On this website, millions of user profiles containing users’ online fingerprints were being sold. Hackers use this data to take over the digital life of their victims. On 4 April 2023, the website was taken offline by the FBI with operation Cookiemonster. Hundreds of suspects were visited across 17 countries. In the Netherlands, 17 arrests have been made so far.
‘Most people know that there are online trading websites on which login credentials are sold’, says Ruben van Well, Team Leader of the Rotterdam Cybercrime Team. ‘But criminal trading website Genesis Market, which has now been taken offline by the FBI, was one of the most dangerous. The website was used to sell not only account data, but also copies of victims’ online fingerprints. These are unique digital fingerprints that hackers can use to effectively take over someone’s digital life, allowing them to place orders in the victim’s name, make payments in webshops, or – in some cases – even empty out entire bank, crypto currency, and investment accounts.’
The FBI’s Legal Attaché Andrew Ne, stationed in The Hague, commented ´We have previously cooperated with the Netherlands Police on many cases, and this time around the knowledge and support of our Dutch partners again proved of great importance´. After their first contact with the FBI about website Genesis Market, Dutch cybercrime investigators soon discovered that both victims and perpetrators could be found in the Netherlands too. According to Europol, Genesis Market was one of the biggest facilitators for cybercriminals globally. Extensive investigation into the now dismantled trading website revealed that the number of traded user accounts worldwide amounted to at least 1.5 million information packages, and that there were probably over two million victims infected, including approximately fifty thousand people in the Netherlands.
´Several of these victims did actually fall victim to fraud’, adds Van Well. ‘There are cases of social media profiles being stolen, or of webshop orders being placed via a victim’s account. Some victims even had their entire investment portfolio, bank account, or crypto wallet emptied out. In short, victims lost control over their entire online life.’ Van Well cites the example of a 71-year-old victim from the Netherlands. ‘This man contacted the police various times to report several distinct offences. Webshop orders were made in his name, almost 70,000 euro disappeared from his investment account, and various bank accounts were opened in his name at different banks. As you can imagine, this had a huge impact on him. The victim told us that he had the feeling he was treading water in a big swimming pool without any way of getting out.’
‘In these cases we normally advise people to change all their passwords. However, this malware was built in such a way that just changing passwords is not enough’, explains Van Well. ‘Until the malware is removed, the criminal who bought your data will simply be notified of your new password.’ It is vital that the police and cybersecurity companies cooperate to make the Netherlands as digitally secure as possible. For this reason, the Netherlands Police cooperates extensively with public and private partners. From within the High-Tech Crime Team network, antivirus companies Trellix and Computest joined the investigation. ‘Together we made sure that this malware would be detected by all antivirus software’, says Van Well. ‘Further cooperation with Microsoft led to the creation of a software update that allows Windows Defender to remove the malware from your computer. We advise everyone to regularly update their computer. To stop people from falling victim to fraud again, it is vital that they update all passwords after the malware has been removed.’’
Was my computer infected?
This malware could have entered your computer in several ways, such as after you downloaded something that contained the virus. There are also fake websites where cyber criminals lure you to download software that appears legal at first sight.
You can check if your data was offered for sale on Genesis Market. Protect yourself against fraud and immediately check if you were hacked on www.politie.nl/checkyourhack. If your email address was offered for sale on Genesis Market, within minutes the police will notify you at that email address. You will only receive this email if you were hacked. Check both your inbox and your spambox for an email from the police. The email contains information on what to do next. Van Well emphasises: “It is extremely important that everyone does this check. In the coming period, we will also have a video campaign on social media to urge people to do this check. So, check your hack now!’
The Genesis Market website marketed itself to criminals as a reliable platform. Van Well: ‘This turned out to be false. The marketplace did not adhere to its own terms and conditions and was badly accessible at times. Users falsely believed they could operate anonymously on the platform, but users always leave traces online, even if they use a VPN.’ The police call users of the platform to account and warn them via online and in-person confrontations. Van Well stresses that the Netherlands Police and the FBI have a wealth of information about buyers who were active on the platform. ‘Persons who made use of this marketplace to defraud others will be arrested. If people have bought data but have not yet used it to defraud people, so far we have just given them an official warning, but they should not assume that we will forget about them. The investigation is still ongoing.’