A global strike took place Tuesday in 18 countries against buyers who obtained, on the Genesis Market website, identifying information giving access to the online accounts of many victims. The stolen data sold there could facilitate the commission of international fraud. The cybercrime investigation division of the Sûreté du Québec (SQ) took charge of operations on Quebec soil, with the support of the FBI: it arrested six people in addition to carrying out four searches.
“It was the largest cyber operation carried out in Canada, in all history,” said Wednesday morning SQ Lieutenant Jean Le Bel, head of the cybercrime investigations division, in an interview with The duty.
On Tuesday, in countries in Europe, America and Australia, arrests were made almost simultaneously against users of Genesis Market, one of the largest criminal shopping sites in the world, popular with computer fraudsters.
Those who log on now will see this notice: “This website has been seized” by the FBI, which is behind the international operation it has dubbed “Cookie Monster.” »
Several police forces participated, including Europol and 28 Canadian police forces.
The majority of Canadian users were in Quebec, said the SQ, which could not say why at this stage of the investigation.
Superusers versus “cyberdog”
In the province, more than 175 SQ agents were deployed on the ground on Tuesday. In addition to the six arrests in Quebec – four men and two women, superusers of Genesis Market – 59 people qualified as “subjects of interest” were visited by police officers who gave them warnings. Other arrests thus remain possible, said the SQ.
Iris, a “cyberdog” trained to detect computer equipment, including USB keys, was even loaned by the FBI to the SQ for the occasion. There are only seven such canine detectors in the world, according to the FBI. The sniffer black Labrador took part in the four searches carried out on Tuesday in the greater Montreal area and in Quebec City. It was only the second time he came to Canada, said SQ spokesman Benoît Richard.
Searches in Quebec led to the seizure of computer equipment and equipment used to produce false documents.
On Genesis Market, it was possible to buy stolen “account login details”, including usernames and passwords, which could enable fraudsters to gain access to bank accounts, etc., avoiding various measures protection such as “double identification”, explained SQ sergeant Marc-André Piché, who is part of the cybercrime investigation unit.
And yet, to carry out these transactions, it was not necessary to have very high technical knowledge, commented Sergeant Piché. The site was not housed in the Dark Web, but it was only accessible “by invitation”.
A not-so-anonymous platform
Genesis Market had more than 1.5 million search bots that infected victims’ devices through ransomware or account takeover, and more than 2 million identities when it was taken down, claims the Royal Canadian Mounted Police (RCMP), which also participated in the operation. “Making it one of the most important online criminal tools. »
The heads of Genesis Market would be in Russia, as would most of its computer servers, reports the SQ, which says it has the information from the FBI. The location of the servers changed every two days or so, to complicate the work of the police, described Sergeant Piché.
Genesis Market promised a new era of anonymity and impunity to its users: the arrests demonstrated that these were false promises, launched the FBI, scathingly, in a press release.
It is also the federal police force of the United States which had carried out a long-term monitoring of the site, and which gave the SQ a list of important Quebec users. These would have bought thousands of stolen user profiles, reported Lieutenant Le Bel. The SQ will determine, after investigation and analysis, if this data was indeed used to commit thefts or other criminal offences.
The six Quebecers arrested could be charged with unauthorized use of computers, as well as possession of devices allowing the unauthorized use of computers. Some of these people knew each other and had criminal histories, Piché said.
On Wednesday, the FBI congratulated itself on having “disrupted” this online criminal market which had facilitated fraud since 2018.