A Kaspersky Lab researcher here today revealed his team’s discovery of the so-called Genesis darknet market that deals in these digital doppelgangers. Genesis sells more than 60,000 stolen, legitimate digital identities for anywhere from $5 to $200 each. It uses stolen information about the users’ online digital characteristics – such as their devices’ operating system, browser, GPU, DNS, and online behavior patterns – from financial institutions’ anti-fraud systems to confirm that online transactions are being conducted by account owners and not fraudsters.
These so-called digital masks, used together with the victim’s login and passwords for his or her online accounts, allow a criminal to pose as that very user: an evil online doppelganger that can then cheat anti-fraud systems. Genesis is a Russian-speaking operation that to date deals in mostly stolen US and Canadian consumer online accounts, as well as from Europe, said Sergey Lozhkin, a Kaspersky Lab security researcher who headed up the investigation of Genesis.
Lozhkin said this combination of stolen logins with the victim’s digital “mask” is not really a new cybercriminal technique – the capability was traded in small, private forums in the past – but Genesis represents the first large criminal enterprise to sell them commodity-style. “This is the first big operation coming from this … it’s the next generation of carding,” he said.
Read More.. Source Dark Reading