London and Woodstock police were part of a four-year long, FBI-led cybercrime investigation.
Known as “Operation Cookie Monster,” the probe looked into an illicit online criminal network known as Genesis Market which dealt in the theft and sale of data. The FBI estimates 1.5 million devices connected to financial sectors, critical infrastructure and various governments around the world were infected with malware that stole data including email addresses, usernames and passwords. That information would then be packaged for sale.
More than two million identities were listed on the market when it was shut down, making it one of the largest online criminal facilitators, according to police.
The potential number of victims in Ontario is not known.
The FBI shared information with the National Cybercrime Coordination Centre (NC3), as well as 28 police services in Canada and international partners from 17 countries, identifying several individuals, in their respective jurisdictions, believed to have purchased data through the illicit platform. On Tuesday, investigators launched a number of raids, including three search warrants at various locations in Ontario. A number of electronic devices were seized during the searches and will now undergo detailed examinations, police said.
“Cybercriminals often operate with the confidence that they’re anonymous online and won’t be held accountable for crimes committed in other countries,” Bryan Larkin, the RCMP’s deputy commissioner for specialized policing services, said in a statement. “As this operation demonstrates, these assumptions are not true. The Genesis Market takedown proves the impact that law enforcement and partners can have when working together.”
The majority of Canadian Genesis users are from Quebec, according to the RCMP.
Canadians are now being encouraged to check to see if their identities were stolen by visiting haveibeenpwned.com. Anyone who suspects their credentials have been stolen is also encouraged to run an antivirus check on their device, remove viruses, then change all of their passwords and notify relevant organizations.
