36,000 stolen Australian logins for sale on criminal marketplace Genesis Market

Australian police agencies have assisted the FBI in dismantling a global ‘well-known criminal marketplace’ used to sell stolen data, including the login credentials of Australians.

Liam Mendes

@liammendes

2 min read

12:01AMApril 06, 2023.

Updated 6:13AMApril 06, 2023

The seized Genesis Market website.

Australian police agencies have assisted the FBI in dismantling a global “well-known criminal marketplace” used to sell stolen data, including the login credentials of Australians.

The stolen data has also been purchased by Australians to allegedly commit further fraud, with investigators identifying 36,000 compromised Australian devices available for sale on the invitation-only “Genesis Market” online black marketplace.

Genesis Market offered stolen usernames and passwords, browsing history and autofill form data – which often includes credit card details and home addresses – before the FBI seized the domain on Tuesday.

The Australian Federal Police arrested 31-year-old James Chung in March after the Victorian man allegedly spent more than $60,000 to purchase stolen information available on the website.

Upon his arrest, police seized at least 20 one-ounce bars of gold, and at least $80,000 worth of cryptocurrency in the form of Bitcoin and Ethereum. He has been charged with four fraud offences.

It will be alleged in court that Mr Chung purchased the stolen information to commit further fraud offences.

A source said he was also found with identity and bank cards in the names of other people.

Seven other arrests across three states – five on Tuesday, one last week and another in 2022 – have also been made, with 23 search warrants executed.

The AFP said Genesis Market offered access to more than 1.5 million compromised computers, and more than 600 reports had been made to the Australian Cyber Security Centre that matched stolen information available on Genesis Market.

Operation Zinger was launched by the AFP in 2020 hand in hand with domestic law enforcement agencies after receiving information from the FBI regarding potential Australian users buying information from the website.

The FBI investigation also involved Canadian authorities and about a dozen European agencies.

Genesis Market launched in 2017 and by 2020 it had become one of the web’s most popular destinations for cybercriminals to access hacked and stolen data.

The data was stolen via malware that would collect sensitive login and other device information, which would be sold through Genesis Market and then used to commit fraud offences.

A screenshot of the website provided by the AFP showed what appeared to be an Australian user’s credentials, including a username and password for their Google account, available for purchase for $US47 ($70).

A screenshot of an Australians’ stolen credentials for sale. Picture: AFP

Another “resource” included in that purchase price was information for websites including eBay, Gumtree, Telstra, Vodafone, Optus, Uber, Facebook, Netflix, Twitter, Spotify and LinkedIn.

Other personal identifying information including IP addresses was also included.

AFP Assistant Commissioner Cyber Command Scott Lee said Genesis Market could cause almost $50m in harm to the Australian community through the sale of stolen credentials and access to compromised Australian devices.

“Cybercrime is increasing in scale and frequency and it is important the public takes proactive steps to keep their personal information safe,” Mr Lee said.

No company safe from data breach in ‘challenging’ cyber landscape

“For a small cost, individuals with nefarious intentions could purchase a packaged dataset that would allow them to gain access to a victim’s government services and online banking.”

Mr Lee said investigations would be continuing around the country. “If you used this website to purchase stolen information in the belief you’re anonymous or that police don’t take it seriously, you are mistaken,” he said.

“Don’t think that because we haven’t knocked on your door yet, we won’t be. If you have used this website to purchase stolen data to commit cybercrime or fraud offences, we will find you and we will be paying you a visit.”