Category: Netherlands

Auto Added by WPeMatico

Posted on

51 arrests in wide-scale operation to take down encrypted communication platform used by organised crime groups

Source: Eurojust

Investigations into the communication platform started when authorities were alerted of a new encrypted service being used in Sweden, France, Spain and the Netherlands. Due to servers being located in France, French authorities started investigations into the platform. The platform’s robust encryption made it ideal for criminal networks to use for their activities. It was mostly used for drug trafficking but also for other criminal activities, such as arms trading, homicide, robbery, kidnapping, and money laundering.

The communication platform is a fully anonymised service. Users can purchase the solution without any personal information. The platform uses three encryption standards and offers the option to send a message followed by a specific code that results in the self-destruction of all messages on the target phone. By using multiple private servers around the world, third party or government agencies have difficulty tracking the communication solution.

As servers were found in France and Iceland, the platform was administered from Australia and Canada, and financial assets were located in the United States, a global operation against the phone service started. A joint investigation team (JIT) between authorities from France and the United States was set up at Eurojust, the second-ever JIT with the United States. This allowed them to exchange information and evidence in real time. Authorities from the Netherlands, Sweden, Canada and Australia were also involved in the investigations. Through coordination among the authorities, hosted by Eurojust, a strategy to take down the encrypted phone solution was defined.

To facilitate investigations into the illegal activities using this communication platform, an Operational Taskforce (OTF) was established at Europol in March 2022 involving law enforcement authorities from Australia, Canada, France, Ireland, Italy, the Netherlands, Sweden and the United States.

A Joint Operational Centre was also established at Europol’s headquarters, where representatives from the OTF members and Europol’s officers provided support and facilitated the coordination of the simultaneous operational activities taking place around the globe.

The investigations culminated in a number of joint action days taking place across the globe against the phone service. 38 suspects were arrested in Australia, 11 in Ireland, one in Italy and one in Canada. A drug lab was dismantled in Australia and weapons, drugs and over EUR 1 million euro is cash was seized globally so far. Further actions are expected as the investigation progresses.

The following authorities were involved in the actions:

  • France: Cybercrime unit Prosecutor’s office – JUNALCO (National Jurisdiction against organised crime); Gendarmerie Nationale – C3N Cybercrime Unit
  • Netherlands: National Police
  • Sweden: Swedish Prosecution Authority; Swedish Police Authority
  • Australia: The Office of the Director of Public Prosecutions
  • Canada: Public Prosecution Service of Canada
  • Iceland: Director of Public Prosecution; National Commissioner of the Icelandic Police; Reykjavik Metropolitan Police
  • United States: Department of Justice; Federal Bureau of Investigation
Posted on

Sentences of over five years for Dutch criminals robbing ATMs in Germany

Source: Eurojust

Between November 2021 and January 2023 the OCG members used severe violence to blast ATMs and crowbars to pry them open, stealing an estimated EUR 3.4 million. The damages inflicted on the buildings, teller machines, their infrastructure and the bank’s surroundings amounted to well over EUR 4 million.

The gang members often stole fast cars to carry out the heists in Germany, which usually took place at night in the regions of Bavaria and Baden-Württemberg, before speeding back to the Netherlands. In each attack the OCG managed to steal up to EUR 250 000 in cash. The gang was highly organised, with a clear division of tasks, ranging from organising logistics to blasting open the ATMs.

At the request of the German authorities, Eurojust supported the investigations since May 2022.  The Agency organised two coordination meetings between the authorities involved and facilitated a joint action day in early 2023. In total, sixteen suspects were arrested in the Netherlands between January and September 2023, who were later surrendered to Germany. The Agency also supported the procedures for the surrender of the suspects.

In total, an estimated hundred hauls on German ATMs took place. For thirty cases the suspects were charged. Following plea bargains with the German Public Prosecution Office, fifteen suspects have now been sentenced, two on probation. One defendant is still on trial.

The following authorities conducted and/or supported the investigations:

  • Germany: Public Prosecution Office Bamberg; State Criminal Police Office of Bavaria and State Criminal Police Office of Baden-Württemberg
  • The Netherlands: Public Prosecution Office Central Netherlands/Utrecht; National Police
Posted on

Eurojust supports searches into bribery and money laundering

Source: Eurojust

Investigations into corruption, trading and the influencing and bribery of foreign public officials have led to 13 searches across France, Spain and the Netherlands. A multinational company is being investigated for possible corruption and money laundering involving civilian and military equipment.

French authorities have started multiple investigations into the company. The first investigation, opened at the end of 2016, concerns the sale of defence material and the construction of a naval base, around which there are suspicions of corruption.

A second investigation, opened in June 2023, concerns the suspected corruption and influencing of foreign public officials linked to the sale of civilian and military equipment abroad.

As the company has subsidiaries in Spain and the Netherlands that needed to be searched, Eurojust helped connect the French authorities with the Spanish and Dutch authorities. Eurojust ensured swift cooperation between the authorities by organising a coordination centre. The coordination centre was set up for the execution of mutual legal assistance requests sent by France as well as to relay and solve any urgent issues arising amongst the three countries during an action day held on 26 June. The action day led to 15 searches at several of the subsidiaries in France, Spain and the Netherlands. The searches were undertaken by over 80 officers, including 65 in France, 8 in Spain and 12 in the Netherlands.

The authorities involved in the actions were as follows:

  • France: National Financial Public Prosecution Office (PPO); Central Office against corruption and tax fraud.
  • Netherlands: National Office for Serious Fraud, Environmental Crime and Asset Confiscation; Fiscal Information and Investigation Service
  • Spain: Anticorruption Public Prosecution Office (PPO); Central Court number 3 at the Audiencia Nacional; Judicial National Police Unit attached to the Anticorruption PPO
Posted on

Website used for child pornography, prostitution and drug dealing taken down with support of Eurojust

Source: Eurojust

An online platform known for facilitating various crimes was taken down by the French authorities, in cooperation with Bulgaria, Germany Lithuania, the Netherlands and Hungary. The authorities had been investigating the digital platform since December 2023. During an action day on 24 June the servers located in Germany were seized and disconnected and over EUR 5.6 million of criminal funds were frozen.

The website was used for many years to facilitate a range of criminal activities, in particular for child pornography, sexual exploitation, drug dealing, ambushes and even homicides. Criminals were able to send messages and connect with other criminals active in their criminal activities.

Since 2021, more than 23 000 judicial procedures have been initiated involving the online platform. At least 480 victims of the platform have been heard during these judicial procedures. Investigations into the platform were started by French authorities in December 2023. These investigations showed that the platform was concealing and facilitating transactions for organised crime groups and was enabling criminal activities such as pimping and paedophilia.

A coordinated action to take down the website was carried out with the full support of Eurojust. The authorities seized the servers located in Germany, which resulted in the platform being disconnected and the display of a splash page. The Lithuanian and Hungarian authorities ensured the swift execution of freezing orders, which led to the freezing of over EUR 5.6 million in criminal funds.

At the same time, a European Investigation Order (EIO), issued from France, was successfully executed in Bulgaria. All investigative actions have been carried out in presence of French magistrates and officials from the Law enforcement authorities of France upon authorisation by the competent Bulgarian authorities. As part of the execution of the EIO, bank statements were  revealed, searches and seizures were carried out and witnesses were questioned.

The actions were carried out by the following authorities:

  • France: PPO Paris JUNALCO (National Jurisdiction against organised Crime) Cybercrime Unit; Gendarmerie Nationale – Cybercrime unit; ONAF (Anti Fraud National Office)
  • Bulgaria: Sofia City PPO and General Police Directorate Combating Organised Crime
  • Germany: Public Prosecutor’s Office Limburg; Hessian State Criminal Police Office
  • Hungary: Budapest IX. District Public Prosecutor’s Office
  • Lithuania: Vilnius Regional Prosecutor’s Office
  • The Netherlands: Public Prosecutor’s Office Amsterdam
Posted on

Major operation to take down dangerous malware systems

Source: Eurojust

In an unprecedented operation against aggressive and dangerous computer malware, authorities in the European Union and beyond have taken actions against droppers including IcedID, Pikabot, Smokeloader, Bumblebee and Trickbot, which infiltrated computers via emails. The measures focused on disrupting criminal services through arresting suspects, the freezing of illegal proceeds, and taking down botnets, coordinated by Eurojust. The operation, which was carried out this week with support of Europol, is a follow up to the successful takedown of the Emotet malware system in 2021.

During actions carried out simultaneously in Germany, the Netherlands, France, Denmark, Ukraine, the United States and United Kingdom, 4 suspects were arrested, who offered the malware as a professional blackmail service to other criminal actors. Some of the suspects were involved in operating Emotet in the past.

Via so called ‘sinkholing’ techniques or the use of tools to access the systems of operators behind the malware, investigators managed to block and take down the botnets. Malware droppers are types of malicious software which downloads viruses, ransomware or spyware on computers. They are generally installed via mails with infected links or Word and PDF attachments, such as shipping invoices or order forms, to get access to personal data and or bank accounts of computer users.

Mainly enterprises and national authorities and institutions were made victims of the series of malware systems which now have been taken down. Users are warned to be careful when opening links and attachments to mails and check the origin of mails.

The investigations, which have been ongoing since the takedown of Emotet, also focused on the running of that malware itself as their operators did create the new botnets mentioned. During the coordinated actions 16 places were searched.

In total over 100 servers were taken down or disrupted and over 2 000 domains are under control of law enforcement authorities.

Furthermore, investigations showed that one of the main suspects has earned at least EUR 69 million in cryptocurrency by renting out criminal infrastructure for the deployment of ransomware. The transactions are constantly being monitored and legal permission to seize these assets instantly through future actions has already been obtained.

Eurojust set up a coordination centre on its premises to manage simultaneous actions in all countries concerned. The Agency also assisted national authorities in the preparation and execution of European Arrest Warrants, European Investigation Orders and requests for Mutual Legal Assistance, and organized five coordination meetings.

The following national authorities were involved in the operations on the ground:

  • Germany: Prosecutor General’s Office Frankfurt am Main – Cyber Crime Center; Federal Criminal Police Office (Bundeskriminalamt)
  • The Netherlands: National Prosecution Service; National Police
  • Austria: Public Prosecutor’s Office of Salzburg; Criminal Intelligence Service Austria (Bundeskriminalamt)
  • Denmark: National Special Crime Unit (NSK)
  • France: Prosecutor’s Office JUNALCO (National Jurisdiction against Organised Crime) Cybercrime Unit; Gendarmerie Nationale C3N
  • Ukraine: Prosecutor General’s Office; Main Investigation Department of National Police of Ukraine; Cyber Department of the Security Service of Ukraine
  • United Kingdom: National Crime Agency
  • United States: United States Department of Justice, Federal Bureau of Investigation, The Defense Criminal Investigative Service
Posted on

Eurojust supports international operation against world’s largest ransomware group

Source: Eurojust

In a coordinated action supported by Eurojust and Europol, judicial and law enforcement authorities from 10 different countries have severely disrupted LockBit, the world’s most active ransomware operation. Two members of the ransomware team have been arrested in Poland and Ukraine. In addition, law enforcement has compromised LockBit’s primary platform and other enabling infrastructure. This includes the takedown of 34 servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States and the United Kingdom.

LockBit first emerged at the end of 2019, initially calling itself ‘ABCD’ ransomware. Since then, it has grown rapidly and by 2022 had become the most deployed ransomware variant worldwide. LockBit attacks are believed to have affected over 2,500 victims all over the world.

The group is a ‘ransomware-as-a-service’ operation, meaning that a core team creates its malware and runs its website, while licensing out its code to affiliates who launch attacks.

The joint action enabled the various police forces to take control of much of the infrastructure that enables the LockBit ransomware to operate, including the darknet, and, in particular, the ‘wall of shame’ used to publish the data of victims who refused to pay the ransom. This action has disrupted the network’s ability to operate.

Authorities have also frozen more than 200 cryptocurrency accounts linked to the criminal organisation.

This international operation follows a complex investigation led by the UK National Crime Agency. Supported by Eurojust and Europol, law enforcement from nine other countries worked in close partnership with the National Crime Agency on this case, including authorities in France, Germany, Sweden, the Netherlands, the United States, Switzerland, Australia, Canada and Japan.

The case was opened at Eurojust in April 2022 at the request of the French authorities. Five coordination meetings were hosted by the Agency to facilitate judicial cooperation and to prepare for the joint action.

Europol’s European Cybercrime Centre (EC3) organised 27 operational meetings, and 4 technical 1-week sprints to develop the investigative leads in preparation of the final phase of the investigation. Europol also provided analytical, crypto-tracing and forensic support. In addition, three Europol experts were deployed to the command post in London during the action phase.

With Europol’s support, the Japanese Police, the National Crime Agency and the Federal Bureau of Investigation pooled their technical expertise to develop decryption tools designed to recover files encrypted by the LockBit ransomware. These solutions have been made available free of charge on the ‘No More Ransom’ portal, which is available in 37 languages. So far, more than 6 million victim across the globe have benefited from No More Ransom, which contains over 120 solutions capable of decrypting more than 150 different types of ransomware.

The following authorities took part in this investigation:

  • United Kingdom: National Crime Agency, South West Regional Organised Crime Unit
  • United States: U.S. Department of Justice, Federal Bureau of Investigation – Newark
  • France: JUNALCO (National Jurisdiction against Organised Crime) Public Prosecutor’s Office Paris Cybercrime Unit – C3N (cyber unit); Gendarmerie Nationale
  • Germany: Central Cybercrime Department North Rhine-Westphalia (CCD), State Bureau of Criminal Investigation Schleswig-Holstein (LKA Schleswig-Holstein), Federal Criminal Police Office (Bundeskriminalamt)
  • Sweden: Swedish Cybercrime Centre, Swedish Prosecution Authority
  • The Netherlands: National Police (Team Cybercrime Zeeland-West-Brabant, Team Cybercrime Oost-Brabant, Team High Tech Crime); Public Prosecutor’s Office Zeeland-West-Brabant
  • Australia: Australian Federal Police
  • Canada: Royal Canadian Mounted Police
  • Japan: National Police Agency
  • Switzerland: Zurich Cantonal Police; Public Prosecutor’s Office II of the Canton of Zurich
Posted on

Support to Dutch action against violation of export sanctions to Russia: three arrests

Source: Eurojust

Eurojust and Europol have supported a coordinated action of the Dutch, German, Latvian, Lithuanian and Canadian authorities against the alleged violation of export sanctions to Russia. During a joint action day, three suspects were arrested and 14 places searched in view of investigations into the illegal export of technological and laboratory equipment, which could be used for military purposes. Such exports are illegal due to the EU-wide sanctions, which were imposed after the outbreak of the war in Ukraine.

The arrested persons are suspected of being part of an international smuggling network. The physical and digital administration of a Dutch-registered enterprise has been seized, in addition to the enterprise’s bank account and communication tools.

Investigations into the case were initiated at the end of 2023 by the Dutch authorities and led to the uncovering of a web of enterprises, which were used to circumvent the ban on exports to Russia. These enterprises were centred around a Dutch-registered trading company, which was set up in 2017 for the import, export and sales of electro-technical and laboratory equipment, among other goods.

Two of the suspects were administrators of the main trading company. The third suspect is an employee of an external contractor, who is alleged to have been aware of the violation of the export ban. The trading company in question is now run by an administrator in Russia, who is also the sole shareholder.

Eurojust enabled the cross-border judicial cooperation and organised a coordination meeting to prepare for the joint actions, at request of the Dutch authorities. It also set up a coordination centre during the action day, which was held on 9 January.

Europol has been supporting the investigation by providing analytical support, as well as conducting cross-checks on the gathered data.

The actions were carried out at the request of and were supported by the following authorities:

  • The Netherlands: National Prosecution Office for Serious Fraud, Environmental Crime and Asset Confiscation (Functioneel Parket); Investigation Service for Financial and Tax Crime (Fiscale Inlichtingen- en Opsporingsdienst, FIOD)
  • Germany: Public Prosecutor`s Offices of Berlin, Düsseldorf, Hamburg and Krefeld; Customs Investigation Service (ZFD) with offices in Berlin, Essen and Hamburg
  • Latvia: Prosecutor General’s Office; State Security Service
  • Lithuania: Vilnius Regional Public Prosecutor’s Office, Customs Criminal Service
Posted on

Historic religious statue returns to Italy with support of Eurojust

Source: Eurojust

The historic Italian statue of Our Lady of Mount Carmel, which holds great religious importance, has been returned to Italy from the Netherlands with judicial support from Eurojust. The religious artefact was stolen in 2014 from a church in Pastena on the Amalfi Coast and later bought by a Dutch collector. The Agency assisted the Italian authorities with the rapid execution of a European Investigation Order (EIO) to arrange for its return to the Pastena parish.

The statue, which is around 700 years old, was stolen from the church in August 2014 and offered for sale via an Italian antique dealer. It was bought in good faith by a Dutch collector who intended to resell it and posted pictures on social media. These were spotted by the parish priest of Pastena, who contacted the Italian authorities. 

An investigation was launched by the special Cultural Heritage Unit of the Italian Carabinieri and the Public Prosecutor’s Office of Salerno, which later contacted Eurojust to initiate the process of retrieving and returning the artefact to the Amalfi Coast. The Agency not only assisted with the execution of the EIO but also provided further cross-border judicial support to the authorities in Italy and the Netherlands. The transfer of the statue took place in recent days. 

The operations were carried out at the request and with the support of:

  • Italy: Public Prosecutor’s Office of Salerno; Cultural Heritage Unit of the Carabinieri
  • The Netherlands: Centre for International Legal Assistance in Criminal Matters of the Public Prosecutor’s Office, East Netherlands; Team for Legal Assistance of the National Police, East Netherlands