49 Corporate Email Phishers arrested in Operation Triangle
The Europen Union’s Judicial Cooperation Unit, EUROJUST, along with Europol’s European Cybercrime Center (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) have announced one of their most successful cyber actions to date. The case, known internally as Operation Triangle, involves three lead agencies – Italy’s Postal and Telecommunications Police through its office in Perugia, Spain’s Investigative Court no. 24 in Barcelona, and Poland. (EUROJUST Press Release: “Eurojust and Europol in massive joint action against cybercriminals”)
58 search warrants were executed in Spain, Poland, Italy, Belgium, Georgia, and the United Kingdom, resulting in 20 arrests in Italy, 18 arrests in Poland, 10 arrests in Spain, and 1 arrest in Belgium. Most of those arrested were from Nigeria and Cameroon.
By gaining control of the email accounts of well-placed individuals in corporations across Europe, the criminals were able to alter requests for payment to send the payments to themselves rather than the business bank accounts that were the intended destinations. In a short period of time, more than 6 million euros were transferred to accounts controlled by the criminals.
In the United Kingdom, where the J-CAT task force is headquartered, recent government reports indicated that 81% of large businesses (>250 employees) and 60% of small businesses (less than 50 employees) experienced an information security breach in 2013.
Next week, many European governments will be represented in the Octopus Conference 2015: Cooperation Against Cybercrime. Through the work of Octopus and others, European agencies are gradually coming into agreement on how to address multi-jurisdictional cybercrime. At last year’s Octopus conference, delegates were encouraged to work together through 18 Cybercrime Scenarios. Fascinating puzzles that we NEED agreement on if we are truly going to stand a chance against the multi-national criminals who steal from our citizens.
For the convenience of my mostly English-speaking readers, I offer an English translation via Google Translate below. This article is available to the Italian reader by clicking the story headline in Italian:
Phishing contro aziende: 62 arresti in Italia e all’estero, smantellata rete internazionale
Phishing Against Companies: 62 arrested in Italy and Abroad, International network dismantled:
An operation that goes from Perugia to Turin and expands throughout Europe. Here’s how the scammers did it.
An operation that goes from Perugia to Turin and expands throughout Europe. Here’s how the scammers did it.
Via “LaStampa” journalist Carola Frediani and Google Translate —
It all started with a payment of 33 thousand euro. A routine, a transfer made by a company of the Venetian food, which through its Spanish subsidiary had paid a supplier. Or rather, what he thought to be a provider, not suspecting that behind the request for a change of code Iban which paid the money was concealed an organization dedicated to computer fraud to the detriment of businesses and recycling. He had before hacked supplier and now he was impersonating online through email.
So that money, rather than to the real suppliers of the Veneto, end up on a postal account in Perugia made out to a citizen of Cameroon. Which in turn has contacts with a criminal group based in Turin, specializes in money laundering and run by Nigerians, as revealed recently in an investigation of Europol and the Guardia di Finanza Piedmont.
So that money, rather than to the real suppliers of the Veneto, end up on a postal account in Perugia made out to a citizen of Cameroon. Which in turn has contacts with a criminal group based in Turin, specializes in money laundering and run by Nigerians, as revealed recently in an investigation of Europol and the Guardia di Finanza Piedmont.
Operation Phishing 2.0
This episode started then the footage of another Italian international investigation, codenamed Phishing 2.0, which has once again at the center of the fraud against companies, and this morning has resulted in 62 arrest warrants in various countries, including 29 issued by prosecutors in Perugia.
An investigation then born and coordinated in Perugia, bounced on Turin had already been identified where a hub of illicit proceeds, and extended between Italy, Spain and Poland, with the support of Europol and Eurojust, the judicial cooperation unit of ‘European Union.
An investigation then born and coordinated in Perugia, bounced on Turin had already been identified where a hub of illicit proceeds, and extended between Italy, Spain and Poland, with the support of Europol and Eurojust, the judicial cooperation unit of ‘European Union.
The victims
Fifty (7 of which are Italian) companies all over the world were victims of digital fraud, 800 scam transfers were identified, 800 thousand euro taken away from businesses and recovered during the investigation, around 5 million euro estimate of the economic damage caused by the group in its business that dates back to 2012. The offenses: unauthorized access to computer systems, impersonation, aggravated fraud, and receiving stolen property.
How did it work
The mechanism of the scam started with a series of computer intrusions in the mailboxes of the companies targeted – characterized by having many foreign relations – through an advanced form of phishing, a technique that consists of sending email fake trying to trick the recipient, and then infect and / or [carpirgli] information. After obtaining the credentials of the emails of employees of a company, cybercriminals were monitoring the exchange of mail identifying commercial relationships, creditors and debtors; then they sent an email to the debtor to turn communicating a change of Iban [online payment destination address?]. Iban that actually corresponded to an account managed by a member of the organization.
To manage the assets of phishing was a network of Nigerians, Cameroonians and Senegalese, some of whom were residents in Italy. Once at the bank, also on many giro Italian, the money were taken quickly and redistributed abroad through various systems, including money transfer. “There was a division of roles,” he told La Stampa Anna Lisa Lillini, assistant chief of the police post Umbrian added. “Who identified the victims took 50 percent of the amount; who was offering the bill received 30%; and the mediator that the hacker got in touch and took the 20%. “ The amount stolen went from 800 up to 250 thousand euro. “In one case we have intercepted one wire of 300 thousand euro from America to Turin,” explains Lillini.
To manage the assets of phishing was a network of Nigerians, Cameroonians and Senegalese, some of whom were residents in Italy. Once at the bank, also on many giro Italian, the money were taken quickly and redistributed abroad through various systems, including money transfer. “There was a division of roles,” he told La Stampa Anna Lisa Lillini, assistant chief of the police post Umbrian added. “Who identified the victims took 50 percent of the amount; who was offering the bill received 30%; and the mediator that the hacker got in touch and took the 20%. “ The amount stolen went from 800 up to 250 thousand euro. “In one case we have intercepted one wire of 300 thousand euro from America to Turin,” explains Lillini.
Between Umbria and Piedmont
Turin made from recycling center, and here the investigation Perugia converges with what we previously reported from Turin, [LaStampa’s article “Nigerian Drops: Women and Companies Cheated Online“] . In that system, the money stolen from the companies were sent to other parties, with dozens of credit transfers and of people involved, up to a stage where cash was taken piecemeal. A branched system, which were scattered in many streams ([ribattezzatto] precisely Nigerian Drops by investigators) and that has been traced through some specific analysis tools used by Europol. “In one case, one person has taken 150 thousand euro in eight hours making dozens of drops in different branches,” says La Stampa Captain David Giangiorgi of the Financial Police of Turin. “The fraud was perpetrated by persons residing in Nigeria. The money was sent in the form of assets purchased with the proceeds of the scam and then shipped to the African country. “
A growing phenomenon
This kind of scams are increasingly common. “Just this week, carrying out a survey of defense on behalf of an Italian company that had lost many thousands of euro through a similar system, we were able to triangulate who had sent the phishing emails, and these seem to come just from Lagos (Nigeria) “, explains Paolo Dal Checco, the Turin studio of computer forensics, Digital Forensics Bureau (Di. Fo. B) that has long followed precisely such cases.
The interesting aspect is that the story in question fraudsters had been in touch with the company through Skype, as well as email. And through the program of VoIP (and with some tracking systems of the email), computer forensic experts have identified the IP address of the interlocutors.“By now using increasingly sophisticated techniques,” says Dal Checco. “In some cases they go even to call pretending to be a creditor of the company contacted.
”
The interesting aspect is that the story in question fraudsters had been in touch with the company through Skype, as well as email. And through the program of VoIP (and with some tracking systems of the email), computer forensic experts have identified the IP address of the interlocutors.“By now using increasingly sophisticated techniques,” says Dal Checco. “In some cases they go even to call pretending to be a creditor of the company contacted.
”
0 comments:
Post a Comment