Skip to content
WARNING: The content here only serves educational purpose. You are fully responsible for your actions.
We do not encourage any kind of sensitive activity or crime.

Hacker who used Genesis Market and wanted to join ISIS by contacting an undercover FBI agent

Introduction

Sometimes, people make extremely reckless decisions online, and that is exactly what we will examine today.

In this section, we will explore the story of a hacker who was arrested after attempting to join ISIS through contacts made via Genesis Market, unaware that he was communicating with an undercover federal agent.

This case contains numerous operational security failures and serves as a clear case study of what not to do when it comes to OPSEC.

In this blog post, we will talk about Jibreel Pratt.

What is Genesis Market

Before diving into Pratt's story, it's crucial to understand what Genesis Market is and how it operates.

Genesis Market is a platform primarily designed for illegal activities, particularly identity theft and fraud. The site allows users to purchase access to stolen accounts from popular platforms such as Amazon, Facebook, eBay, and Netflix.

What sets Genesis Market apart is its easy-to-use interface, making it accessible to a wide range of cybercriminals. The platform's real power lies in its malware, which enables stolen accounts to be constantly updated in real time, keeping them active and accessible. This means that the stolen accounts remain usable and valuable long after they are first compromised.

Genesis Market was created in 2017 and quickly gained notoriety within the cybercrime community. The FBI began monitoring the website in 2020, and by 2022, they managed to shut it down, but it resurfaced within weeks on the dark web. According to U.S. authorities, the website was being run from Russia.

What is an undercover agent

Most people have an idea of what an undercover agent is, but what they might not realize is that undercover operations can also take place online, not just in real life. Essentially, these agents infiltrate websites or online communities that are engaged in illegal activities to identify individuals involved and build cases against them.

What makes undercover agents so effective in the digital realm is their ability to operate anonymously. Once they establish their cover, they can continue their operations and gather evidence without revealing their true identity.

It is crucial to understand that undercover agents are present in virtually any online space where illegal activities are happening. This is why maintaining solid OPSEC is paramount. If you can stay anonymous and protect your identity while engaging in sensitive activities online, even these undercover agents won't be able to build a case against you.

What is an ISIS facilitator

Now that we explained what is Genesis Market and reminded what is an undercover fed, we need to explain what is the last major element of our story: an ISIS facilitator. Basically, an ISIS facilitator is a person who provides support, coordination, or logistical assistance to the terrorist organization known as Islamic State of Iraq and Syria (ISIS), but who may not directly participate in combat.

Depending on the case, a facilitator may:

  • Arrange travel for recruits to join ISIS

  • Provide or transfer funding

  • Help with recruitment and radicalization

  • Supply false documents or safe houses

  • Coordinate communications between members

  • Assist with logistics or operational planning

What Jibreel Pratt did

Jibreel Pratt, who portrayed himself online as having strong counterintelligence skills, attempted to join Islamic State of Iraq and the Levant (ISIS) with the stated goal of supporting its terrorist activities. According to court documents, his objective was to help establish a terrorist cell in the United States and operate covertly in support of the organization.

To pursue this plan, Pratt sought contact with what he believed to be an ISIS facilitator through Genesis Market. However, the individual he was communicating with was in fact an undercover federal agent.

During these exchanges, Pratt allegedly sent operational ideas and tactical analyses. These included concepts involving weaponized drones and vehicles, as well as discussions about firearms training and willingness to use weapons against perceived enemies of ISIS. He also recorded and transmitted videos pledging allegiance to ISIS's leader, shared tactical sketches related to armed engagements, and discussed the use of explosives in combat scenarios. In addition, investigators stated that he provided proof of cryptocurrency transfers intended to support ISIS and that he had ordered plane tickets from the United States to the Middle East using his personal email address.

Pratt was eventually arrested by the Federal Bureau of Investigation. During a search of his residence, authorities reported finding weapons consistent with those he had previously displayed in photographs sent to the undercover agent. During their investigation, federal agents also recovered clothing from Pratt's residence that matched the garments he had worn in the videos he sent to the undercover agent.

What mistakes were made

Pratt made so many OPSEC mistakes that going into each one in detail would make this blog post far too long. Instead, I will list some of them here and focus in more depth on the most interesting ones.

General mistakes

  • Sharing illegal behaviors without being anonymous.
  • Sending videos of him alleging to a terrorist group. This kind of issue was already covered in this blog post.
  • Demonstrating capacities to technically support a terrorist group without being anonymous.
  • Demonstrating funding a terrorist group. Once again covered in this blog post.
  • Sharing information about personal weapons online.
  • Keeping the clothes he used in his videos.
  • Send photos of all the needed evidences to be arrested.

As you can see, most of the mistakes he made were related to a lack of anonymity or to directly providing evidence to his interlocutor.

Do not take his background in consideration

There is a very important principle to remember when discussing operational security: if you are arrested or investigated for any offense, you should reasonably assume that you may be placed under close surveillance afterward.

In Pratt's case, he had already been arrested in 2023 for alleged offenses related to a computer fraud scheme that took place between December 2019 and July 2021. Those activities were connected to Genesis Market. This means that law enforcement was already aware of his involvement with that ecosystem.

Despite this prior arrest, he allegedly continued engaging in high-risk activity on the same platform, this time attempting to establish contact to support ISIS. Once someone has come to the attention of federal authorities, especially in cybercrime-related matters, continued activity in the same space significantly increases the likelihood of monitoring, investigation, and evidence collection. That risk becomes even greater when communications involve extremist organizations or threats against the government.

While it is difficult to speculate on his motivations, the pattern suggests a serious failure in risk assessment and judgment. From an analytical standpoint, the case illustrates how prior law enforcement contact dramatically changes one's threat model, and ignoring that shift can have severe consequences.

If you are under federal supervision, there are not many options available. You must stop all sensitive activities, delete all your identities, create new ones, and wait until you are certain that the surveillance has ended before starting sensitive activities again under your new identities.

Using Whatsapp

We have already discussed this point in several previous blog posts. WhatsApp is not a secure solution for sensitive communications. As it is owned by Meta, a company known for cooperating with governments when legally required, messages sent through it cannot be considered fully private in every context.

Moreover, WhatsApp does not provide anonymity. If you simply want to send a message to your grandmother to wish her a happy birthday, it may be an acceptable option. However, if you intend to send messages that could expose you to legal consequences, stick to SimpleX.

It is crucial to understand that closed-source software, especially when owned by large corporations, can't be trusted. We wrote this blog post on telegram, which applies to WhatsApp as well.

In this case, it is surprising that someone presenting himself as skilled in counterintelligence would make such errors. It is widely known that mainstream messaging services are not designed to guarantee anonymity, and that remaining both private and anonymous online is far more complex than simply choosing a popular application.

Moreover, using WhatsApp requires a phone number linked to the account. This means that a registered number is necessary to send messages, which can represent an additional risk to anonymity. In many cases, phone numbers are connected to a real identity, making it possible to associate an account with a specific individual.

Additionally, if law enforcement authorities are aware of the phone number being used, they may be able, through legal processes, to request subscriber information, access certain metadata, or obtain location data from telecommunications providers. Depending on the jurisdiction and the applicable laws, this can also include lawful interception of communications.

For these reasons, relying on a phone-number-based service significantly reduces anonymity compared to platforms specifically designed to minimize identity linkage.

Sending handwritten plans

We saw while examining the case that Pratt sent handwritten plans to the undercover agent, explaining how he intended to support ISIS. This represents a critical mistake.

The foundations of stylometry were published in 1897 by Wincenty LutosΕ‚awski in his book "On Stylometry". Stylometry refers to the analysis of writing style in order to attribute authorship. Over time, these analytical techniques have evolved significantly and can be applied not only to typed text but also to handwritten material.

In practical terms, this means that handwriting can serve as identifying evidence. Characteristics such as letter formation, spacing, pressure, and stylistic habits may be examined and compared. Sending handwritten documents in a sensitive context therefore creates a direct evidentiary link between the author and the content.

This is not a recent discovery. The fact that writing style and handwriting can be analyzed for identification purposes has been known for decades.

This suggests that Pratt was not taking even basic OPSEC principles into account while communicating with the person he believed to be an ISIS facilitator. Handwritten material, in particular, creates a strong forensic link to its author and can be used as supporting evidence in court.

There are various methods commonly used to reduce the risk of authorship attribution, but the broader issue here is not the specific countermeasures. Rather, it is the apparent absence of risk awareness. As with many of the other mistakes in this case, it seems that fundamental precautions were simply ignored.

If you have ever watched a movie involving a ransom demand, you have probably noticed that handwriting is often portrayed as a mistake. Even in fiction, characters are warned that handwritten notes can be traced or analyzed.

While movies simplify reality, the underlying principle is accurate: handwriting can serve as identifying evidence. In real investigations, forensic document examiners may compare writing samples to determine authorship.

The broader point is that this is not an obscure or highly technical concept. The risks associated with handwritten communication in sensitive contexts have been widely understood for a long time.

Buying plane tickets with personal email address

The last mistake I would like to examine is the fact that Pratt purchased plane tickets to travel to the Middle East using his personal email address. Once again, he created additional evidence that directly linked his online intentions to his real identity.

Just like a phone number, an email address can often be traced back to an individual, especially when it is personally identifiable or connected to other services. Using a personal email account for such arrangements significantly reduces any claim to anonymity and provides investigators with another clear evidentiary trail.

However, the issue goes beyond the email address itself. Air travel is not anonymous. Airlines and airport security authorities require verified identity information, and passenger data is routinely recorded and, in many jurisdictions, shared with government agencies. Even if a different email address had been used, the act of purchasing and attempting to use a plane ticket would still have required identity verification.

In other words, the email was an additional mistake, but the broader reality is that certain actions, such as international travel, are inherently tied to identity and documentation. This case again illustrates a fundamental failure to understand how easily digital and real-world evidence can converge.

A better plan could have been to take a flight to Europe and then use cars and private boats to reach the Middle East. By doing so, the authorities would only have known that Pratt was traveling to Europe, without any formal evidence regarding his final destination. Even if it is a better plan, it is far from perfect. Internation travel involves border controls, CCTV coverage, financial traces, and, in many regions, data sharing between agencies. Investigations often rely on the combination of these data points rather than a single record.

The psychological aspect of this story

The psychological aspect of this story is just as important as the technical and operational mistakes. Pratt's decisions reveal patterns of overconfidence, impulsivity, and a lack of risk awareness. Despite having prior arrests and being under federal scrutiny, he continued high-risk behavior, suggesting that he either underestimated the consequences or overestimated his own abilities.

Another key factor is how cognitive biases likely influenced his judgment. For example:

  • Overconfidence bias: Pratt believed his counterintelligence skills were sufficient to evade detection, even when engaging with an unknown and potentially dangerous online contact.

  • Confirmation bias: He may have focused on evidence that supported his belief in being able to operate undetected, while ignoring signs of risk or prior warnings.

  • Impulsivity and thrill-seeking: The extreme nature of his planned activities, combined with ongoing high-risk communications, indicates a possible psychological drive toward excitement and action, even when logically dangerous.

In these kinds of environments, many of the people involved exhibit fanatical behavior. Fanaticism is well known for impairing judgment and reducing attention to detail, making individuals more prone to taking unnecessary risks and overlooking critical precautions.

Finally, Pratt's repeated OPSEC failures suggest a lack of disciplined self-regulation. In operational security, success often depends on patience, attention to detail, and consistently following strict procedures, qualities that appear to have been compromised by psychological factors in this case.

In short, this case is not only a lesson in technical mistakes, but also in how human psychology can undermine even someone with specialized knowledge.


Suggest changes
Crabmeat 2026-03-01
Donate XMR to the author:
89aWkJ8yabjWTDYcHYhS3ZCrNZiwurptzRZsEpuBLFpJgUfAK2aj74CPDSNZDRnRqeKNGTgrsi9LwGJiaQBQP4Yg5YtJw2U