BUFFALO, N.Y. — The FBI Office in Buffalo is part of a major worldwide investigation involving hackers and other criminals seeking our personal and financial information.
That information has been up for sale on the so-called dark web, on a site called Genesis Market which was seized by federal officials this week.
"This is definitely one to watch because of the national and international nexus here," said former FBI agent Holly Hubert.
That nexus according to former agent Hubert involved a law enforcement investigation dubbed "Operation Cookie Monster" with agents from 45 FBI field offices around the country including Buffalo, and some 20 countries, who all took part in a joint series of raids at various worldwide locations.
One of those raids turned out to be at a home on West Ferry Street where FBI agents were seen Tuesday morning gathering and removing apparent evidence.
No neighbors would speak on camera with 2 On Your Side Thursday. One person said they thought it was a drug raid.
The FBI says Genesis Market started in 2018 and had compromised data from over 1.5 million computers worldwide, including stolen 80 million account credentials for information such as personal passwords and other details for authentication and access.
Protecting Yourself Online
Hubert, who actually helped set up the FBI Buffalo Cyber Task Force, told 2 On Your Side: "I don't think the average user understands the magnitude of the dark web, and so there are many, many forums that really are just all nefarious in nature."
"It's my understanding that the scope of Genesis marketplace really was a massive identity theft operation to include the theft of credentials, passwords, and unique ways to access your computer."
The FBI says it was all for sale to the highest bidder, and they even grabbed so-called "fingerprints" for sale to others.
"A fingerprint is essentially a unique device ID in combination with the cookies from your browser, gives you a unique identifier for your computer," Hubert said.
Some of this activity may also involve ransomware attacks, such as those which we have seen locally hit the Buffalo School District and ECMC.
As for who could be behind it?
"The government of China and the government of Russia have very, very good hacking skills and it is a methodology for them to attack America on all fronts," Hubert said.
As for what could have happened in the home on West Ferry Street? Hubert said criminals may have been "IP hopping" where they pass from computer to computer trying to disguise their actual location.
"It's also a possibility that whoever was there was actively involved in that forum and you know trading. So again, that's speculative," Hubert said.
An FBI spokesperson said there have been no arrests made here in Western New York, but their investigation with all the other FBI offices and agencies is continuing.
The FBI has shared all the data accessed on Genesis Market with the website "Have I Been Pwned.com."
Anyone can submit their email for examination to see if their information was taken by cybercriminals. If it was you should consider changing your passwords and start using multi-factor authentication.
"These arrests will not change the fact that you may have malware still. They won't change the fact that those credentials are somewhere out there," said Kumal Anand, Chief Technology Officer at the Cybersecurity Firm Imperva.
Rather than prompt fear, Hubert said takedowns like this should prompt people to clean up their cyber hygiene, as she calls it.
Dirty practices include using duplicate passwords and user names, cleaner ones include the use of password phrases or stowing sensitive information in a safe.
"Really it's very important for all of us to use unique credentials, unique passwords, and definitely multi-factor authentication to protect ourselves," said Hubert.
And while Hubert says personal protection is key in a cyber world, she feels that companies that hold user data also need to be responsible.