Category: Cybercrime

Auto Added by WPeMatico

Posted on

Eurojust and Council of Europe co-host workshop on spontaneous information sharing

Source: Eurojust

01 October 2024|

On 25-26 September, Eurojust and the Council of Europe co-hosted a workshop on the spontaneous exchange of information obtained during criminal investigations. More than 70 participants from approximately 40 countries joined the annual event, which took place at Eurojust’s headquarters.

Often, in cybercrime investigations authorities obtain valuable information that may assist another country in its criminal proceedings. Parties to the Council of Europe’s Convention on Cybercrime (Budapest Convention) may spontaneously share information on the basis of Article 26, and there are a variety of ways of doing this in practice. During the two-day workshop, participants had lively debates on the practical use of Article 26 in various jurisdictions, which included sharing interpretations and applications based on national contexts.

The often borderless nature of cyber- and cyber-related crime makes effective cross-border cooperation essential to investigate and prosecute perpetrators. Participants of the event stressed the use of existing legal frameworks and channels to enhance cooperation in this crime area.

The outcomes of this workshop will also feed into the development of a Guidance Note on spontaneous information by the Cybercrime Convention Committee (T-CY).

Posted on

51 arrests in wide-scale operation to take down encrypted communication platform used by organised crime groups

Source: Eurojust

Investigations into the communication platform started when authorities were alerted of a new encrypted service being used in Sweden, France, Spain and the Netherlands. Due to servers being located in France, French authorities started investigations into the platform. The platform’s robust encryption made it ideal for criminal networks to use for their activities. It was mostly used for drug trafficking but also for other criminal activities, such as arms trading, homicide, robbery, kidnapping, and money laundering.

The communication platform is a fully anonymised service. Users can purchase the solution without any personal information. The platform uses three encryption standards and offers the option to send a message followed by a specific code that results in the self-destruction of all messages on the target phone. By using multiple private servers around the world, third party or government agencies have difficulty tracking the communication solution.

As servers were found in France and Iceland, the platform was administered from Australia and Canada, and financial assets were located in the United States, a global operation against the phone service started. A joint investigation team (JIT) between authorities from France and the United States was set up at Eurojust, the second-ever JIT with the United States. This allowed them to exchange information and evidence in real time. Authorities from the Netherlands, Sweden, Canada and Australia were also involved in the investigations. Through coordination among the authorities, hosted by Eurojust, a strategy to take down the encrypted phone solution was defined.

To facilitate investigations into the illegal activities using this communication platform, an Operational Taskforce (OTF) was established at Europol in March 2022 involving law enforcement authorities from Australia, Canada, France, Ireland, Italy, the Netherlands, Sweden and the United States.

A Joint Operational Centre was also established at Europol’s headquarters, where representatives from the OTF members and Europol’s officers provided support and facilitated the coordination of the simultaneous operational activities taking place around the globe.

The investigations culminated in a number of joint action days taking place across the globe against the phone service. 38 suspects were arrested in Australia, 11 in Ireland, one in Italy and one in Canada. A drug lab was dismantled in Australia and weapons, drugs and over EUR 1 million euro is cash was seized globally so far. Further actions are expected as the investigation progresses.

The following authorities were involved in the actions:

  • France: Cybercrime unit Prosecutor’s office – JUNALCO (National Jurisdiction against organised crime); Gendarmerie Nationale – C3N Cybercrime Unit
  • Netherlands: National Police
  • Sweden: Swedish Prosecution Authority; Swedish Police Authority
  • Australia: The Office of the Director of Public Prosecutions
  • Canada: Public Prosecution Service of Canada
  • Iceland: Director of Public Prosecution; National Commissioner of the Icelandic Police; Reykjavik Metropolitan Police
  • United States: Department of Justice; Federal Bureau of Investigation
Posted on

Hungarian EU presidency to combat cybercrime

Source: Eurojust

Cybercrime is a rapidly evolving and growing area of criminal activity. Cybercriminals are exploiting the speed and anonymity of the internet to commit a range of criminal acts, including large-scale cyberattacks and the use of malware, phishing and spam. Many of the cases opened at Eurojust, 534 cases in 2023 alone, investigate cybercrime. The Hungarian presidency will focus on the fight against cybercrime, as it is a serious threat to fundamental rights, critical infrastructure and competitiveness. A key objective in this priority area will be ensuring a safe online environment for children.

To strengthen the security of the EU and its citizens, the presidency will focus on the fight against terrorism and organised crime. The Hungarian presidency will strengthen law enforcement and judicial cooperation in the prevention, detection and investigation of smuggling and trafficking of human beings. To combat drug trafficking, the presidency will promote the implementation of the EU Drugs Strategy and Action Plan and the EU Roadmap for combatting drug trafficking and organised crime.

In the field of criminal justice cooperation, the presidency will continue to prioritise victim support and the fight against corruption. In 2023, Eurojust helped deliver justice to more than 375 000 victims of all forms of serious, cross-border crime. Through a dedicated working group, Eurojust ensures that victim rights are protected in cross-border criminal proceedings.

To enhance digitalisation in judicial cooperation, the presidency will explore possibilities for the use of AI in the justice sector, following the adoption of the AI Act. Since December 2018, Eurojust has been actively working on enhancing digitalisation in Eurojust and the wider European judicial community. The Digital Criminal Justice Programme is working on several enhancements for judicial cooperation, such as the modernisation of the case management system used by national authorities for all of Eurojust’s cross-border cases.

To mark the start of the Hungarian presidency, fine art from a contemporary Hungarian artist will be displayed at Eurojust. This is part of the tradition whereby the country that holds the rotating Presidency of the Council of the EU has the opportunity to display selected artwork in the lobby and on public floors.

Posted on

Major operation to take down dangerous malware systems

Source: Eurojust

In an unprecedented operation against aggressive and dangerous computer malware, authorities in the European Union and beyond have taken actions against droppers including IcedID, Pikabot, Smokeloader, Bumblebee and Trickbot, which infiltrated computers via emails. The measures focused on disrupting criminal services through arresting suspects, the freezing of illegal proceeds, and taking down botnets, coordinated by Eurojust. The operation, which was carried out this week with support of Europol, is a follow up to the successful takedown of the Emotet malware system in 2021.

During actions carried out simultaneously in Germany, the Netherlands, France, Denmark, Ukraine, the United States and United Kingdom, 4 suspects were arrested, who offered the malware as a professional blackmail service to other criminal actors. Some of the suspects were involved in operating Emotet in the past.

Via so called ‘sinkholing’ techniques or the use of tools to access the systems of operators behind the malware, investigators managed to block and take down the botnets. Malware droppers are types of malicious software which downloads viruses, ransomware or spyware on computers. They are generally installed via mails with infected links or Word and PDF attachments, such as shipping invoices or order forms, to get access to personal data and or bank accounts of computer users.

Mainly enterprises and national authorities and institutions were made victims of the series of malware systems which now have been taken down. Users are warned to be careful when opening links and attachments to mails and check the origin of mails.

The investigations, which have been ongoing since the takedown of Emotet, also focused on the running of that malware itself as their operators did create the new botnets mentioned. During the coordinated actions 16 places were searched.

In total over 100 servers were taken down or disrupted and over 2 000 domains are under control of law enforcement authorities.

Furthermore, investigations showed that one of the main suspects has earned at least EUR 69 million in cryptocurrency by renting out criminal infrastructure for the deployment of ransomware. The transactions are constantly being monitored and legal permission to seize these assets instantly through future actions has already been obtained.

Eurojust set up a coordination centre on its premises to manage simultaneous actions in all countries concerned. The Agency also assisted national authorities in the preparation and execution of European Arrest Warrants, European Investigation Orders and requests for Mutual Legal Assistance, and organized five coordination meetings.

The following national authorities were involved in the operations on the ground:

  • Germany: Prosecutor General’s Office Frankfurt am Main – Cyber Crime Center; Federal Criminal Police Office (Bundeskriminalamt)
  • The Netherlands: National Prosecution Service; National Police
  • Austria: Public Prosecutor’s Office of Salzburg; Criminal Intelligence Service Austria (Bundeskriminalamt)
  • Denmark: National Special Crime Unit (NSK)
  • France: Prosecutor’s Office JUNALCO (National Jurisdiction against Organised Crime) Cybercrime Unit; Gendarmerie Nationale C3N
  • Ukraine: Prosecutor General’s Office; Main Investigation Department of National Police of Ukraine; Cyber Department of the Security Service of Ukraine
  • United Kingdom: National Crime Agency
  • United States: United States Department of Justice, Federal Bureau of Investigation, The Defense Criminal Investigative Service
Posted on

Take down of Austrian-based fraud scheme offering new type of crypto coin

Source: Eurojust

National authorities in Austria, Cyprus and the Czech Republic have taken decisive action against an online scam pretending to sell rights or tokens to an alleged new crypto currency. In a coordinated operation, supported by Eurojust and Europol, the six main suspects were arrested and six places were searched. In total, EUR 750.000 in assets, a property worth EUR 1.4 million and two cars were frozen/seized.

Between December 2017 and February 2018, the scammers pretended to have set up a genuine online trading company that had launched a new cryptocurrency. They offered 10 million tokens or respective rights to the new currency for sale. Investors paid them in regular crypto values such as bitcoin or ethereum. The Austrian-based fraudsters also claimed to have developed their own software and algorithm for the sale of the tokens, in order to gain credibility with investors. 

In February 2018, the perpetrators closed all their social media accounts and took the fake company’s homepage offline. This so-called exit scam made it clear to investors that they had been conned. They lost around EUR 6 million. Not all victims of the fraud have been identified at this stage.

Eurojust supported the action day against the online scam with a coordination centre, enabling real-time communication between all the authorities involved. This also enabled the rapid execution of European Arrest Warrants and search warrants. Europol assisted in the operation with a mobile office in Cyprus. Austrian police officers were present on the ground during a search in Cyprus. 

Europol’s specialists organised five operational meetings and worked closely with the Austrian desk at Eurojust, providing a holistic analysis picture of the investigation. In addition to supporting the Virtual Command Post set up at Eurojust, Europol deployed a specialist with mobile office to Cyprus in order to support the operational activities and facilitate the exchange of information.

The following authorities coordinated and supported the operations on the ground: 

  • Austria: Central Public Prosecutor´s Office for Combatting Economic Crimes and Corruption; Criminal Intelligence Service Austria – Cybercrime Competence Center (C4) 
  • Cyprus: Cyprus Police
  • Czech Republic: National Organised Crime Agency
Posted on

Eurojust supports international operation against world’s largest ransomware group

Source: Eurojust

In a coordinated action supported by Eurojust and Europol, judicial and law enforcement authorities from 10 different countries have severely disrupted LockBit, the world’s most active ransomware operation. Two members of the ransomware team have been arrested in Poland and Ukraine. In addition, law enforcement has compromised LockBit’s primary platform and other enabling infrastructure. This includes the takedown of 34 servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States and the United Kingdom.

LockBit first emerged at the end of 2019, initially calling itself ‘ABCD’ ransomware. Since then, it has grown rapidly and by 2022 had become the most deployed ransomware variant worldwide. LockBit attacks are believed to have affected over 2,500 victims all over the world.

The group is a ‘ransomware-as-a-service’ operation, meaning that a core team creates its malware and runs its website, while licensing out its code to affiliates who launch attacks.

The joint action enabled the various police forces to take control of much of the infrastructure that enables the LockBit ransomware to operate, including the darknet, and, in particular, the ‘wall of shame’ used to publish the data of victims who refused to pay the ransom. This action has disrupted the network’s ability to operate.

Authorities have also frozen more than 200 cryptocurrency accounts linked to the criminal organisation.

This international operation follows a complex investigation led by the UK National Crime Agency. Supported by Eurojust and Europol, law enforcement from nine other countries worked in close partnership with the National Crime Agency on this case, including authorities in France, Germany, Sweden, the Netherlands, the United States, Switzerland, Australia, Canada and Japan.

The case was opened at Eurojust in April 2022 at the request of the French authorities. Five coordination meetings were hosted by the Agency to facilitate judicial cooperation and to prepare for the joint action.

Europol’s European Cybercrime Centre (EC3) organised 27 operational meetings, and 4 technical 1-week sprints to develop the investigative leads in preparation of the final phase of the investigation. Europol also provided analytical, crypto-tracing and forensic support. In addition, three Europol experts were deployed to the command post in London during the action phase.

With Europol’s support, the Japanese Police, the National Crime Agency and the Federal Bureau of Investigation pooled their technical expertise to develop decryption tools designed to recover files encrypted by the LockBit ransomware. These solutions have been made available free of charge on the ‘No More Ransom’ portal, which is available in 37 languages. So far, more than 6 million victim across the globe have benefited from No More Ransom, which contains over 120 solutions capable of decrypting more than 150 different types of ransomware.

The following authorities took part in this investigation:

  • United Kingdom: National Crime Agency, South West Regional Organised Crime Unit
  • United States: U.S. Department of Justice, Federal Bureau of Investigation – Newark
  • France: JUNALCO (National Jurisdiction against Organised Crime) Public Prosecutor’s Office Paris Cybercrime Unit – C3N (cyber unit); Gendarmerie Nationale
  • Germany: Central Cybercrime Department North Rhine-Westphalia (CCD), State Bureau of Criminal Investigation Schleswig-Holstein (LKA Schleswig-Holstein), Federal Criminal Police Office (Bundeskriminalamt)
  • Sweden: Swedish Cybercrime Centre, Swedish Prosecution Authority
  • The Netherlands: National Police (Team Cybercrime Zeeland-West-Brabant, Team Cybercrime Oost-Brabant, Team High Tech Crime); Public Prosecutor’s Office Zeeland-West-Brabant
  • Australia: Australian Federal Police
  • Canada: Royal Canadian Mounted Police
  • Japan: National Police Agency
  • Switzerland: Zurich Cantonal Police; Public Prosecutor’s Office II of the Canton of Zurich