How police in Canada helped the FBI in crackdown on the stolen data market

A massive online marketplace selling packaged and stolen data is no longer operating after an international four-year investigation dubbed Operation Cookie Monster culminated in a coordinated day of action this week.

Across the globe, search warrants were executed, devices were seized and cease and desist communications were issued on Tuesday, including at three locations in Ontario, two in the Greater Toronto Area and one in London.

“Investigators seized electronic devices during those search warrants and those will undergo a detailed analysis,” Ontario Provincial Police spokesperson Bill Dickson said.

“We cannot speculate on what charges might be laid. That will rely on the outcome of the investigation.”

Operation Cookie Monster centred on Genesis Market, a massive illegal online marketplace that packaged and sold stolen data. The investigation was led by the Federal Bureau of Investigation in the United States with assistance from police in 17 countries, including 28 forces in Canada.

The RCMP’s National Cybercrime Coordination Centre (NC3) said Genesis Market sold “’bots’ that infected victims’ devices through malware or account takeover attacks … to commit fraud, hack into corporations, drop ransomware and steal intellectual property.”

NC3 director general Chris Lynam, who also leads the Canadian Anti-Fraud Centre within the RCMP, said there were 79 “distinct law enforcement actions, including arrests, the execution of search warrants and direct engagement of suspected users” in Canada on Tuesday, but would not say how many individuals were arrested or engaged with. However, he did note that more than half of the actions involved individuals in Quebec.

“For that reason, the Sûreté du Québec had a major role along with some other municipal police services in Quebec in doing this law enforcement action against the users (of the market).”

A splash page put up by the FBI. Users trying to access Genesis Market would see this page stating that the website has been seized due to Operation Cookie Monster.

Users trying to reach Genesis Market saw this splash page showing it was seized following Operation Cookie Monster.

genesis.market via Internet Archive Wayback Machine

By the time it was shut down, Genesis Market had over 1.5 million bots and two million identities listed, “making it one of the largest online criminal facilitators,” according to NC3. Lynam explained that the two million identities do not necessarily equate to two million individuals impacted.

“If access to your Amazon and your PayPal account was being advertised there that may be one (identity), but if you use a different email, maybe for a different account like your banking or what have you, you might be the same person behind the scene but from the site, those might be advertised for sale as two different things.”

It’s also unclear how many of the two million identities were associated with Canadians.

“As this investigation was widespread and involved many international partners, it is difficult to say how many Canadians might have been affected,” a Canadian Radio-television and Telecommunications Commission spokesperson told Global News on Wednesday.

“The CRTC is committed to working with our partners, both domestically and internationally, to enhance information sharing, improve target identification and coordinate enforcement.”

Lynam said Canadians can check online to see if their data was compromised, either through HaveIBeenPwned or the Netherlands Police’s online portal. If your information comes up, the RCMP suggests you change your passwords, run antivirus software on your devices and contact the organization associated with the information taken. If you’ve lost money or believe you’ve been victimized, Lynam said you should report it to the Canadian Anti-Fraud Centre.

The investigation is ongoing and RCMP ask that anyone who had been active on Genesis Market or in contact with its administrators to contact the Canadian Anti-Fraud Centre.

“We do have an ability through the Canadian Anti-Fraud Centre for people to report anonymously,” Lynam added.

Post a Comment

Previous Post Next Post