MKE FBI Office Heads International Ransomware Takedown

On Wednesday, April 5th, Attorney General Merrick Garland announced the FBI had seized Genesis Market, a criminal ransomware marketplace offering names and passwords stolen from millions of computers worldwide.

Working across 45 of our FBI Field Offices and alongside our [at least 11] international partners, the Justice Department has launched an unprecedented takedown of a major criminal marketplace that enabled cybercriminals to victimize individuals, businesses, and governments around the world. Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice.

The national police and justice agencies in the “coordinated international operation” represented Italy, the U.K., Denmark, Australia, Canada, Romania, France, Spain, Germany, Sweden, Poland, Netherlands, Finland, Switzerland, Estonia, Iceland, New Zealand, Bulgaria and Latvia.

International Takedown Based in Milwaukee

Where was this global investigation headquartered?

From the DOJ Press Release:

The FBI Milwaukee Field Office investigated the case, with assistance from 44 other field offices.

The release went on:

Further, as part of this operation, dubbed Operation Cookie Monster, law enforcement seized 11 domain names used to support Genesis Market’s infrastructure pursuant to a warrant authorized by the U.S. District Court for the Eastern District of Wisconsin.

Gregory J. Haanstad, U.S. Attorney for the Eastern District of Wisconsin, was then quoted:

“The operation being announced today is the direct result of the hard work, dedication, and exceptional collaborative efforts of the FBI and its partners around the globe”

Why In The World Milwaukee?

The Milwaukee connection struck me somewhat by surprise. We’re not widely known as an international cybersecurity center (yet that may change with this announcement.) Since cybercrime knows no international border — Genesis Market is believed to be located in Russia — it can be investigated and dismantled from anywhere with the right tools and skills, as FBI Director Christopher Wray announced:

The work in this case is a great example of the FBI’s ability to leverage our technical capabilities and work shoulder-to-shoulder with our international partners to take away the tools cyber criminals rely on to victimize people all across the world.

I struggled to imagine the answer to my question: Why in the world Milwaukee?

I sent an email to the Milwaukee FBI office and received a terse response:

Please direct your inquiry to our National Press Office.

A Cryptic Response

I did so, and received this reply on Friday:

Thank you for your inquiry.  We can provide the following statement, attributable to the FBI:

‘While we are unable to go into specifics on how a field office begins an investigation, the FBI Milwaukee field office and its employees worked tirelessly on this investigation, and this week’s actions are a direct result of their dedication to protect the people of Milwaukee and the United States.’

Notice “the people of Milwaukee” are mentioned first. This leaves open the possibility that the investigation originated here and burgeoned to the point that it became the lead agency.

A source who spoke to some local FBI agents Thursday gave me the impression that was the case:

Why Milwaukee? The Special Agent who cracked the caper is based in the MKE office and specializes in Cyber Crime. The amazing thing to me is the amount of cooperation among such diverse international communities. With the magnitude of the operation he should receive the Director’s Award for his tenacity.

Deputy Attorney General Lisa O. Monaco summarized the Milwaukee-led investigation:

Genesis falsely promised a new age of anonymity and impunity, but in the end only provided a new way for the Department to identify, locate, and arrest on-line criminals.

Local FBI Office Hosted Cybercrime Conference last July

Last July, Fox6 news hosted a segment on an FBI Cybercrime conference held at the Milwaukee Field Office in St. Francis.

Michael Hensle, the Special Agent in Charge of the Milwaukee, cautioned the public against cyberthreats and ransomware, much of which originates in foreign countries like Russia and China, but impacts people everywhere:

It’s easy to think that this doesn’t happen in Wisconsin, or that you don’t know anyone who hasn’t been compromised. It happens every day.”

Have You Been Pwned?

Did Genesis Market own and possibly sell your user data? The FBI has partnered with a free site to check your status.:

“Victims can visit HaveIBeenPwned.com to see whether their credentials were compromised by Genesis Market so that they can know whether to change or modify passwords and other authentication credentials that may have been compromised.

“If you have been active on Genesis Market, in contact with Genesis Market administrators, or have been a victim and need to report, please email the FBI at FBIMW-Genesis@fbi.gov.”