Digital Identity Theft: On the Dark Web

To counter fraud attempts and better protect customers, e-commerce companies have turned to Digital Identities for safe login, matching customers’ accounts with technical information such as their device ID, fingerprint, and cookies. Yet, fraudsters have gotten creative in bypassing new online security standards. This has led to the rise of the Dark Web marketplace “Genesis.”

Digital identity’s promise to limit online fraud

With the intensification of mechanisms such as multi-factor authentication, credentials alone are not sufficient to access users’ accounts anymore. Most websites and applications now require more than a password to prove one’s identity.  With multi-factor authentication spreading, some dark web marketplaces have found success in selling stolen legitimate digital identities helping fraudsters evade automatic detection systems. In April 2019, Kaspersky Lab researchers announced they had discovered a new underground marketplace, “Genesis Darknet.” For sale were over 60,000 compromised digital identities from all around the world.

The rise of Genesis

Starting in 2018, Genesis opened as a cybercriminal store selling stolen device fingerprints. Those fingerprints are acquired by infecting a victim’s machine with a stealer, a malware that records keystrokes when attempting to log in and collects data from browsers’ saved logins and cookies.   Device fingerprints contain information like a user’s credentials, IP addresses, user-agent strings, and other operating system details. Once purchased and activated, the botnet allows fraudsters to generate a fingerprint replicating a victim’s web browser or smartphone.  As long as the malware is present in the victim’s machine, the bot will be effective. If the victim changes their passwords, the bot will automatically get access to the new credentials. While malicious actors need an invitation to join the marketplace, the platform is easy to use. It allows fraudsters to choose specific parameters for their bots, such as the country or the browser used by the victim. Since its launch, Genesis has become one of the biggest online dark markets to buy stolen data. 

Can Genesis be defeated?

Although the fraud originates on the customer’s side, as the theft of digital identity occurs through the infection of their own device, fraud still results in a loss of customers’ trust for companies. Customers may not realize how fingerprinting and Genesis work. They could easily blame the company for having poor anti-fraud systems. The outcome will be to abandon an application or website. It is difficult for companies to prevent online fraud as hackers are increasingly creative in bypassing all types of anti-fraud systems. It is too late to do anything once fraudsters have succeeded in deceiving customers to give away their private data. Technology alone will be ineffective without improved consumer awareness of online impersonation and fraud.  As for companies, multi-factor authentication appears to remain the best approach so far, but factors that are difficult to reproduce by browser imitation technologies, such as knowledge or possession, should be prioritized.

About CybelAngel

CybelAngel uses comprehensive IP scanning to locate data leaks, compromised credentials, insecure connected devices, and other cyber threats. We offer various protective solutions, including Account Takeover Prevention, Dark Web Monitoring, and Data Breach Prevention, that can help provide safety for companies and customers alike. You can get a free exposure dashboard here. Leaks are inevitable. Damage is optional.