One New Yorker has been busy buying stolen data and defrauding the state


A Buffalo man pleaded guilty to possessing over 15 unauthorized access devices containing stolen data, which he bought from Genesis Market. The man also obtained roughly $25,000 from the New York State Department of Labor without authorization.

Wul Isaac Chol, 27, of Buffalo, New York, pleaded guilty to possessing unauthorized access devices with the intent to defraud.

Genesis Market is an online marketplace where operators compile stolen data, which is then sold in packages to users.

This illegal marketplace, known in the hacker community as an invitation-only dark web forum, has existed since March 2018 and has users worldwide.

The market is estimated to have offered up over 1.5 million compromised computers worldwide containing over 80 million account access credentials.

Like other darknet criminal forums, Genesis Market is a go-to dark market for cybercriminals to purchase all kinds of illegally obtained access credentials stolen from malware-infected computers around the world.

The marketplace was previously seized by the FBI in Operation Cookie Monster back in 2023.

The FBI’s Milwaukee Field Office led the complex international investigation, which involved 44 other FBI field offices, law enforcement organizations worldwide, including Europol, and private sector coordination.

The information included in the packages bought by Chol could include computer and mobile device identifiers, email addresses, usernames, and passwords from malware-infected computers

To obtain packages from Genesis Market, a user has to deal in Bitcoin. Between 2019 and 2021, Chol deposited Bitcoin into his Genesis account and used these funds to buy 21 packages of unauthorized access devices, the United States Attorney’s Office said.

These packages contained approximately 778 unauthorized access devices.

Furthermore, Chol admitted that he had stolen approximately $25,000 from the New York State Department of Labor.

Chol could be looking at a maximum penalty of 10 years in prison alongside a fine of $250,000.


More from Cybernews:

Russian cyber operations are largest threat to Olympics, Google warns

IKEA opens its first store in the Roblox universe

Canada demands revenue cut from Netflix, Spotify, and other streaming services

Meta faces EU complaints over use of personal posts and photos to train AI

Dubai government suffers alleged ransomware attack

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked