A global law enforcement operation last month declared ‘Genesis Market‘, notorious for stealing accounts from services such as Netflix and Amazon, had been seized and deleted, but an identical version of the market is continuing to operate, with the dark net version described in a recent post as “fully functional”.
‘Genesis Market’ specialises in selling login details, IP addresses, and browsing cookie data, with police warning it was “dangerous” after more than two million stolen online identities were put up for sale.
Cyril Noel-Tagoe, principal security researcher from hacking researchers Netacea, told BBC News: “Taking down cyber-crime operations is a lot like dealing with weeds.
“If you leave any roots, they will resurface.”
Mr Noel-Tagoe praised police for seizing the mainstream internet version of the market, but said the operation amounted to more of a disruption than a takedown.
He warned: “The roots of Genesis Market's operation, namely the administrators, darknet website and malicious software infrastructure, have survived.”
The takedown operation was led by the FBI and Dutch police and resulted in arrests and the removal of the mainstream internet version.
Criminal administrators of ‘Genesis Market’ posted an update confirming the release of a new version of their hacking browser, continued data collection from hacked devices, and the addition of over 2,000 new victim devices to the market.
Leaders of the site, who are still at large, quickly responded on hacking forums, stating their intention to return online with improvements.
Axing websites hosted on the dark net is notoriously difficult as the location of their servers are often hard to find or in jurisdictions that do not respond to Western law enforcement requests, such as Russia.
The US Treasury, which has sanctioned Genesis Market, believes the site is run from Russia as it offers Russian and English translations.