EU Police Arrest Suspected PhishersCross-Border Cybercrime Gang Tied to $6.7 Million in Fraud
An international police effort dubbed "Operation Triangle" has resulted in the arrest of 49 suspected members of a malware-using cybercrime gang that's been accused of committing fraud totaling 6 million euros ($6.7 million).
See Also: Data Security Risk: A CISO's Perspective
Europol this week announced that its European Cybercrime Center (EC3), together with Eurojust - the EU agency that handles judicial cooperation relating to criminal matters - coordinated the takedown effort, which targeted cybercriminals active in Italy, Spain, Poland, the United Kingdom, Belgium and Georgia.
"The modus operandi used by this criminal group is the so-called man-in-the-middle [attack] and involved repeated computer intrusions against medium and large European companies through hacking - malware - and social engineering techniques," Europol says.
Officials say they suspect that gang members - principally located in Nigeria, Cameroon and Spain - committed financial fraud by hacking into corporate email accounts and then issuing bogus payment routing information to the victim companies' customers.
"Once access to companies' corporate email accounts was secured, the offenders monitored communications to detect payment requests. The company's customers were then requested by the cybercriminals to send their payments to bank accounts controlled by the criminal group," Europol says. "These payments were immediately cashed out through different means," and the money moved to outside the European Union via "a sophisticated network of money laundering transactions."
Europol says the related investigation was led by police in Italy, Spain and Poland, with the support of U.K. law enforcement agencies. It adds that the Joint Cybercrime Action Taskforce (J-CAT), a cross-border group launched in September that includes representatives from the EU, United States and elsewhere, also played a key role in helping to coordinate the investigation.
Speaking at last week's InfoSec Europe conference in London, Wil van Gemert, Europol's deputy director of operations and acting head of EC3, said that international cooperation was increasingly essential for helping Europe's police forces to better battle and disrupt cybercrime (see How Do We Catch Cybercrime Kingpins?).
U.K. Police Demand Greater Cooperation
To help combat the increased use of online attacks by criminals, many European law enforcement agencies are also attempting to form closer partnerships with the private sector and promote greater information sharing (see In Britain, Malware No. 1 Cyberthreat). Just in the United Kingdom, for example, officials estimate there are more than 5,000 organized crime gangs, and that they are increasingly adding online crime to their repertoire.
But not all such efforts appear to be proceeding smoothly. In December, for example, Adrian Leppard, commissioner of the City of London Police - the U.K.'s lead police force for fraud - cited Office for National Statistics figures estimating that 80 percent of fraud went unreported. He also accused the country's financial firms of contributing to that problem by underreporting "plastic card fraud" and "bank and building society fraud" (see UK Urges Banks: Share Threat Intel).
"Banks are sitting on millions of crimes that will never be investigated, letting criminals get off scot free," he said. "It is time for legislation to ensure the true extent of fraud is revealed for the first time."
Banks, U.K. Police to Meet
Banking officials are now due to meet with Leppard June 15 to discuss improved cyberthreat information sharing. But Alex Grant, the head of fraud prevention at Barclays bank, told The Yorkshire Post that banks are already coordinating their anti-fraud moves via the Financial Fraud Action UK group. He also said police must do a better job of disrupting the criminals behind the most damaging financial-malware campaigns.
Grant further warned that criminals continue to reinvest a large portion of the estimated Â£390 million ($605 million) that the U.K. loses each year to fraudulent credit and debit-card transactions. "That Â£390 million, a lot of it goes in research and development. It's not that they are buying castles in eastern Europe; they are investing in the next malware and dreaming up the latest scam and they just keep coming back," he said.