On Wednesday 10 June, a joint international operation led to the dismantling of a group of cyber criminals active in Italy, Spain, Poland, the UK, Belgium and Georgia, the members of which are suspected of committing financial fraud involving e-mail account intrusions.
The operation resulted in the arrest of 49 suspected members of the criminal group. In total, 58 properties were searched and enforcement officers seized laptops, hard disks, telephones, tablets, credit cards and cash, SIM cards, memory sticks, forged documents and a raft of bank account documents.
This joint operation was co-ordinated by Europol’s European Cyber Crime Centre (EC3) and Eurojust, led by the Italian Polizia di Stato (Postal and Communications Police), the Spanish National Police and the Polish Police Central Bureau of Investigation and supported by law enforcement bodies from the UK.
Parallel investigations revealed an international fraud totalling six million Euros accumulated within a very short time-frame.
The modus operandi used by this criminal group was the so-called ‘Man-in-the-Middle’ approach and involved repeated computer intrusions against medium and large-scale European companies through hacking (malware) and social engineering techniques. Once access to various companies’ corporate e-mail accounts had been secured, the suspected offenders monitored communications in order to detect payment requests.
The companies’ customers were then requested by the cyber criminals to send their payments to bank accounts controlled by the criminal group. These payments were immediately cashed out through different means.
Mainly emanating from Nigeria, Cameroon and Spain, the suspects then transferred their illicit profits outside of the European Union through a sophisticated network of money laundering transactions.
To enable swift co-ordination and communication between the different officers involved in this transnational operation, a co-ordination centre was established at Europol’s headquarters in The Hague. Representatives from law enforcement agencies participating in the action day were present in the centre, in turn facilitating important international information exchange procedures along with Eurojust.
At the same time, dedicated Europol specialists provided operational support on the ground in Italy and Spain through the deployment of Europol mobile offices.
The Joint Cyber Crime Action Taskforce (J-CAT) – hosted at the European Cybercrime Centre at Europol – played a key role in the co-ordination of this investigation.
Memorandum of Understanding signed with EAST
EC3 managers have also signed a Memorandum of Understanding with EAST*, the European ATM Security Team, in order to further strengthen co-operation in combating all types of payment crime, including card-not-present fraud, card present fraud and high-technology crime as well as ATM malware and physical attacks.
Wil van Gemert (Europol’s deputy director of operations) explained: “Europol’s EC3 is pleased to further increase its co-operation with EAST, creating additional capacity specifically designed to combat the threats posed by payment crime. We look forward to a continued engagement with EAST and its stakeholders such that we can combat new payment industry threats.”
Lachlan Gunn, executive director at EAST, responded: “Europol attended our inaugural meeting in February 2004 and we’ve been working closely together ever since. The signing of this agreement further strengthens our working relationship. Over the past eleven years, ATM-related payment card fraud has been the major fraud issue faced by many of our national members, but logical and malware attacks are now recognised as an increasing threat. Our national members represent 31 countries and operate a total of 655,398 ATMs. Our working relationship with the European Cyber Crime Centre is of great strategic importance to both the public and private sectors.”
The Memorandum of Understanding allows Europol and EAST to exchange strategic data and other non-operational information.
One of EAST’s tri-annual national member meetings is organised and hosted by Europol. The 36th EAST Meeting took place at Europol’s headquarters in The Hague this week.
Europol recognises the severity of the threat presented by logical and malware-based ATM attacks and has duly prepared a set of guidelines. The production of this document has been co-ordinated by the EAST Expert Group on ATM Fraud and is a first of its kind.
‘Guidance and Recommendations on Logical Attacks on ATMs’, which also covers ATM malware attacks, is officially released at the second annual EAST Financial Crime and Security Forum taking place on 11-12 June.
The document is a great example of a co-ordinated central response from both law enforcement and the industry when it comes to fighting ATM malware threats, representing as it does a concerted effort to respond much more quickly than was the case with the card skimming threat when it first materialised.
The first ATM malware incidents were reported in Western Europe last year. According to EAST’s statistics, these were ‘cash out’ or ‘jackpotting’ attacks. In 2014, 51 such incidents were reported with significant related losses.
Europol points out that the issuance of this new document is being restricted to law enforcement officials and the payment card/banking industry only.
*Founded in February 2004, EAST is a ‘not-for-profit’ organisation whose members are committed to gathering information from – and disseminating EAST outputs to – ATM deployers and networks within their countries/regions