Operation Cookie Monster is a real thing and InfoSec Professionals are Children

Posted on Sunday, Apr 16, 2023 by Ned Bellavance

Featured in this episode of Chaos Lever

By which I mean they are curious and fun! But also immature brats who lash out unexpectedly at the smallest perceived slight.

Despite the ridiculous name, Operation Cookie Monster was a multiyear, joint effort between the FBI and other law enforcement agencies across the globe to infiltrate and bring down the Genesis Market, a website that provided Impersonation as a service to would-be cyber criminals.

Impersonation is the process of recreating a client’s unique browser fingerprint and session cookies to hijack an existing client’s session with a given site. By successfully imitating an authenticated client, attackers can circumvent the security controls in place, such as two-factor authentication and risk-based assessment.

In partnership with Have I Been Pwned, the FBI is making available a listing of everyone impacted by the Genesis Market. You can simply go to Have I Been Pwned and select the Notify Me option. The site will validate your email address, and let you know if the records from the FBI contain your email and what information was included.

Amazingly, none of my email addresses were included for the Genesis Market, but it looks like ParkMobile and I might need to have some words.