Category: USA

Auto Added by WPeMatico

Posted on

51 arrests in wide-scale operation to take down encrypted communication platform used by organised crime groups

Source: Eurojust

Investigations into the communication platform started when authorities were alerted of a new encrypted service being used in Sweden, France, Spain and the Netherlands. Due to servers being located in France, French authorities started investigations into the platform. The platform’s robust encryption made it ideal for criminal networks to use for their activities. It was mostly used for drug trafficking but also for other criminal activities, such as arms trading, homicide, robbery, kidnapping, and money laundering.

The communication platform is a fully anonymised service. Users can purchase the solution without any personal information. The platform uses three encryption standards and offers the option to send a message followed by a specific code that results in the self-destruction of all messages on the target phone. By using multiple private servers around the world, third party or government agencies have difficulty tracking the communication solution.

As servers were found in France and Iceland, the platform was administered from Australia and Canada, and financial assets were located in the United States, a global operation against the phone service started. A joint investigation team (JIT) between authorities from France and the United States was set up at Eurojust, the second-ever JIT with the United States. This allowed them to exchange information and evidence in real time. Authorities from the Netherlands, Sweden, Canada and Australia were also involved in the investigations. Through coordination among the authorities, hosted by Eurojust, a strategy to take down the encrypted phone solution was defined.

To facilitate investigations into the illegal activities using this communication platform, an Operational Taskforce (OTF) was established at Europol in March 2022 involving law enforcement authorities from Australia, Canada, France, Ireland, Italy, the Netherlands, Sweden and the United States.

A Joint Operational Centre was also established at Europol’s headquarters, where representatives from the OTF members and Europol’s officers provided support and facilitated the coordination of the simultaneous operational activities taking place around the globe.

The investigations culminated in a number of joint action days taking place across the globe against the phone service. 38 suspects were arrested in Australia, 11 in Ireland, one in Italy and one in Canada. A drug lab was dismantled in Australia and weapons, drugs and over EUR 1 million euro is cash was seized globally so far. Further actions are expected as the investigation progresses.

The following authorities were involved in the actions:

  • France: Cybercrime unit Prosecutor’s office – JUNALCO (National Jurisdiction against organised crime); Gendarmerie Nationale – C3N Cybercrime Unit
  • Netherlands: National Police
  • Sweden: Swedish Prosecution Authority; Swedish Police Authority
  • Australia: The Office of the Director of Public Prosecutions
  • Canada: Public Prosecution Service of Canada
  • Iceland: Director of Public Prosecution; National Commissioner of the Icelandic Police; Reykjavik Metropolitan Police
  • United States: Department of Justice; Federal Bureau of Investigation
Posted on

Eurojust and U.S. Department of Justice co-host meeting aimed at ensuring sensitive technologies stay out of the wrong hands

Source: Eurojust

The unlawful acquisition of sensitive technology is a significant threat to free and democratic societies around the world. When in the wrong hands, innovations that include semiconductor technology, quantum computing, biosciences and artificial intelligence can be used to increase the military capabilities of foreign adversaries. The technologies can also be used to engage in mass surveillance, suppress dissidents living abroad or commit other human rights abuses.

The meeting served as a unique opportunity for US and European partners to discuss the threats posed by the acquisition of sensitive technology by non-allied nations; exchange information about efforts to combat such threats, including relevant authorities, enforcement tools and best practices; and identify opportunities for further collaboration. As part of this discussion, the United States highlighted its Disruptive Technology Strike Force, a US inter-agency programme launched in 2023 aimed at preventing critical technologies from being unlawfully acquired.

Opening remarks were delivered by European Commissioner for Justice Didier Reynders, Eurojust President Ladislav Hamran, U.S. Department of Justice Assistant Attorney General for National Security Matthew G. Olsen, and Prosecutor General of Ukraine Andriy Kostin.

In his remarks, Eurojust President Mr Ladislav Hamran stated: ‘The acquisition of advanced technology by foreign adversaries is a global problem that demands a global solution. The Russian war of aggression against Ukraine has only increased the urgency of finding effective solutions to this longstanding challenge. The presence of so many stakeholders at today’s meeting sends a powerful signal: we can and must do better, because in the end, this is not just about technology but about protecting innocent lives.

In his remarks, Assistant Attorney Mr Matthew G. General Olsen said: ‘The countries represented here have a shared commitment to the common goal of combatting the national security threat posed by the misuse of critical technology. International partnerships are critical to our work.  Our adversaries’ efforts to obtain sensitive technology reaches across the globe, and it demands an international response.

The meeting was divided into topical sessions that featured speakers from EU Member States, EU institutions, other European countries and the United States. Participants highlighted recent examples of coordinated law enforcement actions against criminal actors involved in the illegal export of sensitive technology to foreign adversaries.

Participants agreed to carry the momentum forward and reaffirmed their commitment to protecting critical technology assets from being acquired or used by foreign adversaries.

Posted on

Major operation to take down dangerous malware systems

Source: Eurojust

In an unprecedented operation against aggressive and dangerous computer malware, authorities in the European Union and beyond have taken actions against droppers including IcedID, Pikabot, Smokeloader, Bumblebee and Trickbot, which infiltrated computers via emails. The measures focused on disrupting criminal services through arresting suspects, the freezing of illegal proceeds, and taking down botnets, coordinated by Eurojust. The operation, which was carried out this week with support of Europol, is a follow up to the successful takedown of the Emotet malware system in 2021.

During actions carried out simultaneously in Germany, the Netherlands, France, Denmark, Ukraine, the United States and United Kingdom, 4 suspects were arrested, who offered the malware as a professional blackmail service to other criminal actors. Some of the suspects were involved in operating Emotet in the past.

Via so called ‘sinkholing’ techniques or the use of tools to access the systems of operators behind the malware, investigators managed to block and take down the botnets. Malware droppers are types of malicious software which downloads viruses, ransomware or spyware on computers. They are generally installed via mails with infected links or Word and PDF attachments, such as shipping invoices or order forms, to get access to personal data and or bank accounts of computer users.

Mainly enterprises and national authorities and institutions were made victims of the series of malware systems which now have been taken down. Users are warned to be careful when opening links and attachments to mails and check the origin of mails.

The investigations, which have been ongoing since the takedown of Emotet, also focused on the running of that malware itself as their operators did create the new botnets mentioned. During the coordinated actions 16 places were searched.

In total over 100 servers were taken down or disrupted and over 2 000 domains are under control of law enforcement authorities.

Furthermore, investigations showed that one of the main suspects has earned at least EUR 69 million in cryptocurrency by renting out criminal infrastructure for the deployment of ransomware. The transactions are constantly being monitored and legal permission to seize these assets instantly through future actions has already been obtained.

Eurojust set up a coordination centre on its premises to manage simultaneous actions in all countries concerned. The Agency also assisted national authorities in the preparation and execution of European Arrest Warrants, European Investigation Orders and requests for Mutual Legal Assistance, and organized five coordination meetings.

The following national authorities were involved in the operations on the ground:

  • Germany: Prosecutor General’s Office Frankfurt am Main – Cyber Crime Center; Federal Criminal Police Office (Bundeskriminalamt)
  • The Netherlands: National Prosecution Service; National Police
  • Austria: Public Prosecutor’s Office of Salzburg; Criminal Intelligence Service Austria (Bundeskriminalamt)
  • Denmark: National Special Crime Unit (NSK)
  • France: Prosecutor’s Office JUNALCO (National Jurisdiction against Organised Crime) Cybercrime Unit; Gendarmerie Nationale C3N
  • Ukraine: Prosecutor General’s Office; Main Investigation Department of National Police of Ukraine; Cyber Department of the Security Service of Ukraine
  • United Kingdom: National Crime Agency
  • United States: United States Department of Justice, Federal Bureau of Investigation, The Defense Criminal Investigative Service
Posted on

Practitioners share expertise on battlefield evidence to tackle terrorism and core international crimes

Source: Eurojust

High-level representatives and prosecutors from the United States, the European Union, international organizations, and civil society have been taking stock of the latest developments and cooperation tools for the use of battlefield evidence collected in the context of an armed conflict. During a dedicated expert meeting at Eurojust, specialised prosecutors from the European Union dealing with counter-terrorism were joined for the first time by their counterparts from core international crimes units.

The expert meeting was co-organised by the Eurojust Counter-Terrorism Working Group, the U.S. Department of Justice and the EU Network for the investigation and prosecution of genocide, crimes against impunity and war crimes (Genocide Network). The exchanges over the past two days are of crucial importance to prosecutors of terrorism offences and core international crimes, including war crimes, crimes against humanity and genocide. Expertise in the use of evidence from past armed conflicts can be used in proceedings related to ongoing and future conflicts.

Commenting on the importance of the meeting, Mr Matthew F. Blue, Chief of the Counterterrorism Section in the National Security Division of the U.S. Department of Justice said: ‘Terrorists and war criminals should have no illusions that they are safe from prosecution when they plot and commit crimes in conflict zones. The United States is committed to ensuring that battlefield evidence is available for use in its domestic cases and those pursued by its European allies. Today’s meeting reaffirms the strong transatlantic commitment to ensuring that this vital tool is effectively harnessed.

Mr Baudoin Thouvenot, National Member for France and Chair of the Counter-Terrorism Team at Eurojust, stated: ‘We are experiencing challenging times, with a continuing terrorism threat and war at the borders of the EU, and now more than ever, impunity is intolerable. The use of evidence collected on battlefields is a crucial asset in the fight against war crimes, genocide and terrorism. Having the EU and the U.S. judicial authorities working together and sharing expertise sends a strong message on the international scene.

In view of continued terrorist threats, the fight against terrorism remains high on the EU agenda. Eurojust has been assisting cases against returning Foreign Terrorist Fighters (FTFs) and analysing the criminal justice response for some twenty years. A specific focus has been placed on FTFs who travelled to the conflict zone in Syria, but also other areas, to join jihadist terrorist groups.

The complex and dynamic FTF phenomenon has been changing through the years. The support provided by Eurojust has been evolving to ensure that challenges faced by national authorities, including the gathering and admissibility of evidence, e-evidence and financial investigations, are addressed and national efforts are strengthened by solid multilateral cooperation and coordination.

Battlefield evidence plays a key role in such cases. Such evidence may include registration forms, photos depicting crimes committed against civilians, fingerprints on explosive devices and e-mails describing terrorist plots. This evidence can demonstrate the operational workings and command structures of terrorist organisations, including the role of specific suspects and their associates. Battlefield evidence also can assist in assessing the intent and policies of different terrorist organisations operating in the EU, U.S. and globally.

Battlefield evidence is also crucial to build cases that go beyond the prosecution of membership and financing of terrorism to also entail core international crimes. Some FTFs may be prosecuted for both sets of crimes cumulatively. For example, battlefield evidence shared by U.S. authorities and other partners such as the United Nations Investigative Team to Promote Accountability for Crimes Committed by Da’esh/ISIL (UNITAD), whose mandate will come to an end in September 2024, has strongly supported EU prosecutors to obtain cumulative convictions against FTFs on terrorism and core international crimes charges. This for instance has led to a higher level of sentencing of FTFs who were involved with Da’esh/ISIL in crimes against Yezidi victims.

The expert meeting at Eurojust is another milestone in the long-standing cooperation between Eurojust and U.S. authorities on enhancing the access and use of battlefield evidence. It provided a platform for the sharing of challenges and best practice amongst practitioners, which is key to overcoming legal and practical hurdles in ongoing and future criminal cases. It demonstrated information and evidence sharing between EU, U.S. and international partners is of prime importance in investigating and prosecuting alleged FTFs and has proved to be successful in the past.

In joining forces, Eurojust, the U.S. Department of Justice and the Genocide Network have laid the foundation for a community of practice between prosecutors from diverse backgrounds, from all over the EU and partner countries. The expertise is essential to strengthen capacities and foster further cooperation in present and future investigations and prosecutions concerning crimes committed in conflict areas.

Posted on

Eurojust supports international operation against world’s largest ransomware group

Source: Eurojust

In a coordinated action supported by Eurojust and Europol, judicial and law enforcement authorities from 10 different countries have severely disrupted LockBit, the world’s most active ransomware operation. Two members of the ransomware team have been arrested in Poland and Ukraine. In addition, law enforcement has compromised LockBit’s primary platform and other enabling infrastructure. This includes the takedown of 34 servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States and the United Kingdom.

LockBit first emerged at the end of 2019, initially calling itself ‘ABCD’ ransomware. Since then, it has grown rapidly and by 2022 had become the most deployed ransomware variant worldwide. LockBit attacks are believed to have affected over 2,500 victims all over the world.

The group is a ‘ransomware-as-a-service’ operation, meaning that a core team creates its malware and runs its website, while licensing out its code to affiliates who launch attacks.

The joint action enabled the various police forces to take control of much of the infrastructure that enables the LockBit ransomware to operate, including the darknet, and, in particular, the ‘wall of shame’ used to publish the data of victims who refused to pay the ransom. This action has disrupted the network’s ability to operate.

Authorities have also frozen more than 200 cryptocurrency accounts linked to the criminal organisation.

This international operation follows a complex investigation led by the UK National Crime Agency. Supported by Eurojust and Europol, law enforcement from nine other countries worked in close partnership with the National Crime Agency on this case, including authorities in France, Germany, Sweden, the Netherlands, the United States, Switzerland, Australia, Canada and Japan.

The case was opened at Eurojust in April 2022 at the request of the French authorities. Five coordination meetings were hosted by the Agency to facilitate judicial cooperation and to prepare for the joint action.

Europol’s European Cybercrime Centre (EC3) organised 27 operational meetings, and 4 technical 1-week sprints to develop the investigative leads in preparation of the final phase of the investigation. Europol also provided analytical, crypto-tracing and forensic support. In addition, three Europol experts were deployed to the command post in London during the action phase.

With Europol’s support, the Japanese Police, the National Crime Agency and the Federal Bureau of Investigation pooled their technical expertise to develop decryption tools designed to recover files encrypted by the LockBit ransomware. These solutions have been made available free of charge on the ‘No More Ransom’ portal, which is available in 37 languages. So far, more than 6 million victim across the globe have benefited from No More Ransom, which contains over 120 solutions capable of decrypting more than 150 different types of ransomware.

The following authorities took part in this investigation:

  • United Kingdom: National Crime Agency, South West Regional Organised Crime Unit
  • United States: U.S. Department of Justice, Federal Bureau of Investigation – Newark
  • France: JUNALCO (National Jurisdiction against Organised Crime) Public Prosecutor’s Office Paris Cybercrime Unit – C3N (cyber unit); Gendarmerie Nationale
  • Germany: Central Cybercrime Department North Rhine-Westphalia (CCD), State Bureau of Criminal Investigation Schleswig-Holstein (LKA Schleswig-Holstein), Federal Criminal Police Office (Bundeskriminalamt)
  • Sweden: Swedish Cybercrime Centre, Swedish Prosecution Authority
  • The Netherlands: National Police (Team Cybercrime Zeeland-West-Brabant, Team Cybercrime Oost-Brabant, Team High Tech Crime); Public Prosecutor’s Office Zeeland-West-Brabant
  • Australia: Australian Federal Police
  • Canada: Royal Canadian Mounted Police
  • Japan: National Police Agency
  • Switzerland: Zurich Cantonal Police; Public Prosecutor’s Office II of the Canton of Zurich