ATLANTA, GA – Attorney General Chris Carr today announced that the Office of the Attorney General’s Prosecution Division is participating in a nationwide investigation into suspected users of Genesis Market, a dark net marketplace that is known to traffic in the stolen credentials of victims whose computers have been infected with malware. Over the course of their investigation into the illicit online marketplace, federal law enforcement worked to identify those who purchased and used these stolen access credentials to commit fraud and other cybercrimes. This effort resulted in hundreds of leads being sent to law enforcement throughout the United States, including the Georgia Office of the Attorney General. Federal authorities also recently announced the seizure of 11 domain names used to support Genesis Market’s infrastructure.
“As with any dark web marketplace, Genesis only exists because there are people out there willing to purchase a stolen product and further perpetrate a fraudulent scheme,” said Carr. “We are proud to work with our federal partners to investigate those who may be committing these costly crimes here in Georgia, so we can ensure they are held accountable for their actions. As we continue with our case, we would encourage all Georgians to remain vigilant when conducting business online.”
The FBI’s investigation into Genesis Market revealed that the illicit online market was hosted on the dark web. Its operators compiled stolen data from malware-infected computers around the globe and packaged it for sale on the market. The packages sold on the market, referred to as “bots,” allowed the purchaser to access various online accounts harvested from the computers of the victims. Some of the bots include a “fingerprint” or unique identifier used by applications or websites to identify a computer or device. These fingerprints allow the application or website to confirm that the device is a trusted source. By using the Genesis Market proprietary plugin (i.e., an Internet browser extension that provides additional functionality), the purchaser had amplified ability to control and access the bot’s data and masquerade as the victim device.
Victim credentials obtained over the course of the investigation have been provided to the website Have I Been Pwned, which is a free resource for people to quickly assess whether their access credentials have been compromised (or “pwned”) in a data breach or other activity. Victims can visit HaveIBeenPwned.com to see whether their credentials were compromised by Genesis Market so that they can know whether to change or modify passwords and other authentication credentials that may have been compromised.
Additional Tips and Resources
According to the FBI’s Internet Crime Complaint Center (IC3), Georgians lost more than $322 million to internet crimes last year alone. Nationwide, those losses topped $10 billion.
To help small businesses, non-profits, and places of worship safeguard their data and devices, the Attorney General’s Consumer Protection Division created Cybersecurity in Georgia – a comprehensive guide that includes critical tips and information on the different types of cyber threats, employee training, cyber insurance, and more. The guide is available online and free for download here.
The Consumer Protection Division also offers the following tips to everyone who uses technology:
- Be wary of emails and text messages asking you to take action. Don’t click on links, open file attachments or provide sensitive information in response to texts, emails or social media messages, particularly if you don’t recognize the sender, as it could download malware onto your device or place your sensitive information in the hands of a scammer. Be especially wary if the sender asks you to send money. Even if the message appears to come from a person or business you know, refrain from interacting with the message and instead contact the entity through a verified phone number, email address or website.
- Use strong passwords. The longer the password, the tougher it is to crack. Mix letters, numbers and special characters. Don’t use your name, birthdate or pet’s name in your password. Use a different password for each of your accounts so that if one account is hacked, the perpetrator cannot take over all of your accounts.
- Enable multi-factor authentication. Multi-factor or two-factor authentication increases the security of your online accounts by requiring an additional means of verifying your identity beyond your username and password. This could come in the form of a PIN number, security question, facial recognition, fingerprint, or requiring you to enter a code that is texted or emailed to you. Always opt-in if given the choice to set-up multi-factor authentication, particularly for sensitive accounts, such as online banking or retail accounts that store your payment information.
- Update your system and software frequently. Computer and software companies frequently update their programs to include protection against new security threats. Simply updating your operating system and software whenever new versions become available gives you an added measure of security.
- Install reputable security software on your computer. Make sure your computer has anti-virus and anti-spyware software, a pop-up blocker, and that the firewall is enabled. For lists of security tools from legitimate security vendors, visit staysafeonline.org.
- Lock your phone. Use at least a six-digit passcode on your device, or use the pattern lock or fingerprint scanner. Set the device to lock when it’s not in use.
- Protect yourself in the event that you lose your mobile device:
- Enable Find My iPhone (iOS) or Find My Device (Android). These apps could help you locate your device if you lose it. If your phone is stolen, these apps also let you remotely issue a command to erase your device – even if an identity thief turns it off.
- Alert your wireless provider as soon as you know your device is missing. They can permanently or temporarily disable the SIM card to stop someone from using the device for calls or the internet.
- Change passwords for your accounts if your device is compromised. Many of us set our devices to remember passwords, which means that if your device ends up in the wrong hands, someone could gain access to your accounts and personal information. If you lose your device, immediately change the passwords to your online accounts.
- Backup important data. No system is completely secure. Copy files onto a removable disc, external hard drive, or to the Cloud so that if your device is compromised, you will still have access to your files.
If you have fallen victim to a cyber fraud scheme, report the suspected fraud to your bank, your local law enforcement agency, and IC3 at www.ic3.gov.