International Europol operation successfully dismantles financial cyber fraud gang

Cyber fraudsters have been stopped in their tracks thanks to a law enforcement operation co-ordinated by Europol

Cyber fraudsters have been stopped in their tracks thanks to a law enforcement operation co-ordinated by Europol

On Wednesday 10 June, a joint international operation led to the dismantling of a group of cyber criminals active in Italy, Spain, Poland, the UK, Belgium and Georgia, the members of which are suspected of committing financial fraud involving e-mail account intrusions.

The operation resulted in the arrest of 49 suspected members of the criminal group. In total, 58 properties were searched and enforcement officers seized laptops, hard disks, telephones, tablets, credit cards and cash, SIM cards, memory sticks, forged documents and a raft of bank account documents.

This joint operation was co-ordinated by Europol’s European Cyber Crime Centre (EC3) and Eurojust, led by the Italian Polizia di Stato (Postal and Communications Police), the Spanish National Police and the Polish Police Central Bureau of Investigation and supported by law enforcement bodies from the UK.

Parallel investigations revealed an international fraud totalling six million Euros accumulated within a very short time-frame.

The modus operandi used by this criminal group was the so-called ‘Man-in-the-Middle’ approach and involved repeated computer intrusions against medium and large-scale European companies through hacking (malware) and social engineering techniques. Once access to various companies’ corporate e-mail accounts had been secured, the suspected offenders monitored communications in order to detect payment requests.

The companies’ customers were then requested by the cyber criminals to send their payments to bank accounts controlled by the criminal group. These payments were immediately cashed out through different means.

Mainly emanating from Nigeria, Cameroon and Spain, the suspects then transferred their illicit profits outside of the European Union through a sophisticated network of money laundering transactions.

To enable swift co-ordination and communication between the different officers involved in this transnational operation, a co-ordination centre was established at Europol’s headquarters in The Hague. Representatives from law enforcement agencies participating in the action day were present in the centre, in turn facilitating important international information exchange procedures along with Eurojust.

At the same time, dedicated Europol specialists provided operational support on the ground in Italy and Spain through the deployment of Europol mobile offices.

The Joint Cyber Crime Action Taskforce (J-CAT) – hosted at the European Cybercrime Centre at Europol – played a key role in the co-ordination of this investigation.

Memorandum of Understanding signed with EAST

EC3 managers have also signed a Memorandum of Understanding with EAST*, the European ATM Security Team, in order to further strengthen co-operation in combating all types of payment crime, including card-not-present fraud, card present fraud and high-technology crime as well as ATM malware and physical attacks.

Wil van Gemert (Europol’s deputy director of operations) explained: “Europol’s EC3 is pleased to further increase its co-operation with EAST, creating additional capacity specifically designed to combat the threats posed by payment crime. We look forward to a continued engagement with EAST and its stakeholders such that we can combat new payment industry threats.”

Lachlan Gunn, executive director at EAST, responded: “Europol attended our inaugural meeting in February 2004 and we’ve been working closely together ever since. The signing of this agreement further strengthens our working relationship. Over the past eleven years, ATM-related payment card fraud has been the major fraud issue faced by many of our national members, but logical and malware attacks are now recognised as an increasing threat. Our national members represent 31 countries and operate a total of 655,398 ATMs. Our working relationship with the European Cyber Crime Centre is of great strategic importance to both the public and private sectors.”

The Memorandum of Understanding allows Europol and EAST to exchange strategic data and other non-operational information.

One of EAST’s tri-annual national member meetings is organised and hosted by Europol. The 36th EAST Meeting took place at Europol’s headquarters in The Hague this week.

Europol's headquarters at The Hague

Europol’s headquarters at The Hague

Europol recognises the severity of the threat presented by logical and malware-based ATM attacks and has duly prepared a set of guidelines. The production of this document has been co-ordinated by the EAST Expert Group on ATM Fraud and is a first of its kind.

‘Guidance and Recommendations on Logical Attacks on ATMs’, which also covers ATM malware attacks, is officially released at the second annual EAST Financial Crime and Security Forum taking place on 11-12 June.

The document is a great example of a co-ordinated central response from both law enforcement and the industry when it comes to fighting ATM malware threats, representing as it does a concerted effort to respond much more quickly than was the case with the card skimming threat when it first materialised.

The first ATM malware incidents were reported in Western Europe last year. According to EAST’s statistics, these were ‘cash out’ or ‘jackpotting’ attacks. In 2014, 51 such incidents were reported with significant related losses.

Europol points out that the issuance of this new document is being restricted to law enforcement officials and the payment card/banking industry only.

*Founded in February 2004, EAST is a ‘not-for-profit’ organisation whose members are committed to gathering information from – and disseminating EAST outputs to – ATM deployers and networks within their countries/regions

 

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts