News
RCMP’s National Cybercrime Coordination Centre announces Canada’s participation in global day of action against Genesis Market

Apr. 5, 2023, Ottawa, Ont. – On Apr. 4, 2023, 28 Canadian police services participated in a sequenced global day of action against Genesis Market. International partners from 17 countries participated in the targeted operation resulting in domain seizures and enforcement actions against users identified across the world.

Genesis was an online criminal marketplace that traded in advanced stolen credentials that provided access to online accounts and other services. Cybercriminals purchased what the market owners referred to as ‘bots’ that infected victims’ devices through malware or account takeover attacks to gain access, defeat two-factor authentication and other security features as the first steps to commit fraud, hack into corporations, drop ransomware and steal intellectual property. Genesis Market had over 1.5 million bots and over 2 million identities listed when it was shut down, making it one of the largest online criminal facilitators.

Combatting Genesis Market was a priority for law enforcement and partners due to its size. By leveraging domestic and international partnerships, law enforcement demonstrated that its reach can be just as borderless and effective as that of cybercriminals.

The United States Federal Bureau of Investigation (FBI) led this international operation and worked with the RCMP’s National Cybercrime Coordination Centre (NC3) and the Canadian Radio-television and Telecommunications Commission (CRTC) to identify a significant number of Genesis Market users in Canada. Together, they worked with 28 Canadian police services to enable participation in the sequenced global day of action. Europol’s European Cybercrime Centre and Joint Cybercrime Action Taskforce (J-CAT) provided the essential mechanism for sharing this information and target enrichment.

Using the information provided by the FBI and NC3, Canadian police services began leading search warrants, device seizures and cease and desist communications on April 4.

With the majority of Canadian Genesis users residing in Quebec, the CRTC and Sûreté du Québec (SQ) played a significant role in investigating high-level users and executing warrants. The SQ also helped in coordinating with additional Québec-based authorities.

With over 2 million identities listed on Genesis, the FBI has added stolen victim credentials to HaveIBeenPwned and encourage everyone to visit the site to check if their identities were stolen. The Netherlands Police have also developed a portal for people to check their credentials. If you suspect your credentials have been stolen, run an anti-virus check on your device, remove viruses, then change all of your passwords and notify relevant organizations where you would use those credentials to access your online accounts. Canadian victims are encouraged to refer to the Canadian Anti-Fraud Centre for more guidance on what to do if they have been a victim of a cybercrime or fraud.

The RCMP is also asking anyone who has been active on Genesis Market or in contact with Genesis Market administrators to please contact the Canadian Anti-Fraud Centre.

This large-scale operational success can be attributed to strategic partnerships and a willingness of domestic and international partnerships to come together to fight cybercrime.