On April 4, 2023, 28 Canadian police services participated in a sequenced global day of action against Genesis Market. International partners from 17 countries participated in the targeted operation resulting in domain seizures and enforcement actions against users identified across the world.
Genesis was an online criminal marketplace that traded in advanced stolen credentials that provided access to online accounts and other services. Cybercriminals purchased what the market owners referred to as 'bots' that infected victims' devices through malware or account takeover attacks to gain access, defeat two-factor authentication and other security features as the first steps to commit fraud, hack into corporations, drop ransomware and steal intellectual property. Genesis Market had over 1.5 million bots and over 2 million identities listed when it was shut down, making it one of the largest online criminal facilitators.
Combatting Genesis Market was a priority for law enforcement and partners due to its size. By leveraging domestic and international partnerships, law enforcement demonstrated that its reach can be just as borderless and effective as that of cybercriminals.
The United States Federal Bureau of Investigation led this international operation and worked with the RCMP's National Cybercrime Coordination Centre and the Canadian Radio-television and Telecommunications Commission to identify a significant number of Genesis Market users in Canada. Together, they worked with 28 Canadian police services to enable participation in the sequenced global day of action. Europol's European Cybercrime Centre and Joint Cybercrime Action Taskforce provided the essential mechanism for sharing this information and target enrichment.
Using the information provided by the United States Federal Bureau of Investigation and National Cybercrime Coordination Centre, Canadian police services began leading search warrants, device seizures and cease and desist communications on April 4.
With the majority of Canadian Genesis users residing in Quebec, the Canadian Radio-Television and Telecommunications Commission and Sûreté du Québec played a significant role in investigating high-level users and executing warrants. The Sûreté du Québec also helped in coordinating with additional Québec-based authorities.
With over 2 million identities listed on Genesis, the United States Federal Bureau of Investigation has added stolen victim credentials to HaveIBeenPwned and encourage everyone to visit the site to check if their identities were stolen. The Netherlands Police have also developed a portal for people to check their credentials. If you suspect your credentials have been stolen, run an anti-virus check on your device, remove viruses, then change all of your passwords and notify relevant organizations where you would use those credentials to access your online accounts. Canadian victims are encouraged to refer to the Canadian Anti-Fraud Centre for more guidance on what to do if they have been a victim of a cybercrime or fraud.
The RCMP is also asking anyone who has been active on Genesis Market or in contact with Genesis Market administrators to please contact the Canadian Anti-Fraud Centre.
This large-scale operational success can be attributed to strategic partnerships and a willingness of domestic and international partnerships to come together to fight cybercrime. We would like to thank the following partners for their assistance with enabling Canadian participation and for their contributions to the operation:
- United States Federal Bureau of Investigation
- EUROPOL's European Cybercrime Centre
- EUROJUST
- Joint Cybercrime Action Taskforce
- Canadian Radio-Television and Telecommunications Commission
- Germany
- Netherlands
- Romania
- United Kingdom
- Switzerland
- Australia
- Sweden
- Denmark
- Italy
- Spain
- Poland
- France
- Finland
- New Zealand
- Estonia
The RCMP's National Cybercrime Coordination Centre would also like to thank the following Canadian law enforcement for their invaluable cooperation as part of the operation and global action day:
- Sûreté du Québec
- Toronto Police Service
- Victoria Police Department
- Medicine Hat Police Service
- Service de police de Mascouche
- Service de police L'Assomption/St-Sulpice
- Ontario Provincial Police
- H Division - Port Hawkesbury RCMP
- E Division - Coquitlam RCMP
- Service de Police de Terrebonne
- Service de police de la Ville de Repentigny
- Régie intermunicipale de police Thérèse-De Blainville
- York Regional Police
- Peel Regional Police
- Service de police de Laval
- Service de Police de la Ville de Montréal
- Calgary Police Service
- Service de police de Mirabel
- Sûreté du Québec MRC de D'Autray
- Waterloo Regional Police Service
- Woodstock Police Service
- Peel Regional Police
- Service de police de Trois-Rivières
- Edmonton Police Service
- Service de police de l'agglomération de Longueuil
- London Police Service
- Blainville Police
- Canadian Anti-Fraud Centre
- C Division - RCMP
Quick facts
- Genesis Market had over 1.5 million bots and over 2 million identities listed when it was shut down.
- In 2022, the Canadian Anti-Fraud Centre received fraud and cybercrime reports totalling $530 million in victim losses - nearly a 40% increase from the unprecedented $380 million reported in 2021.
- In 2022, reports to the Canadian Anti-Fraud Centre showed that cyber-enabled fraud stole $371,147,332, which accounted for 70% of overall reported losses.
- The National Cybercrime Coordination Centre reached initial operating capability in April 2020. Since then, it has assisted in a number of operations with both domestic and international police and will continue to ramp up activities towards full operational capability in 2024.
- The Canadian Radio-Television and Telecommunications Commission promotes and enforces compliance with sections of Canada's Anti-Spam Legislation. This includes allowing the Canadian Radio-Television and Telecommunications Commission to obtain warrants to seize physical devices, online accounts and cryptocurrency wallets for examination by their forensic teams.
- Since Canada's Anti-Spam Legislation came into force, the Canadian Radio-Television and Telecommunications Commission's enforcement efforts have resulted in penalties of more than $1.9 million.
Quotes
"Cybercriminals often operate with the confidence that they're anonymous online and won't be held accountable for crimes committed in other countries. As this operation demonstrates, these assumptions are not true. The Genesis Market takedown proves the impact that law enforcement and partners can have when working together. The work doesn't stop here; we look forward to continued collaboration and future successes."
"While the NC3 is still in its early days, we are pleased to add this milestone operation on Genesis to the growing catalogue of successful operations, but no successes can be accomplished alone in the cybercrime environment. We are hugely appreciative of not only the excellent work amongst international partners but also the invaluable cooperation by our Canadian police services. Together, we have dealt a blow to perpetrators of cybercrime, as well as cyber-enabled fraud, at the local, national and international levels."
"The CRTC works closely with national and international partners to protect Canadians from online threats. The actions taken by the CRTC's enforcement partners to disrupt this illicit online activity will have a significant impact in preventing Canadians' stolen information from falling into the wrong hands. I applaud all our partners for their collaboration in this operation."
"The Sûreté du Québec attaches great importance to collaboration between police organizations, in Quebec, in Canada, but also around the world, especially knowing that cybercrime is not limited by borders. Thanks to this collaboration, the investigations into these crimes will not be either, and this is what yesterday's operations prove."
Related links
- Takedown of notorious hacker marketplace selling your identity to criminals
- National Cybercrime Coordination Centre
- Enforcing Canada's Anti-Spam Legislation | Canadian Radio-Television and Telecommunications Commission
- How to spot an online scam | Canadian Radio-Television and Telecommunications Commission