Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Interpol. Show all posts

Operation Synergia II: A Global Effort to Dismantle Cybercrime Networks

Operation Synergia II: A Global Effort to Dismantle Cybercrime Networks

In an unprecedented move, Operation Synergia II has significantly strengthened global cybersecurity efforts. Led by INTERPOL, this extensive operation focused on dismantling malicious networks and thwarting cyber threats across 95 countries. Spanning from April to August 2024, the initiative marks a monumental step in international cybercrime prevention.

Global Collaboration

Operation Synergia II aimed to tackle a range of cybercrimes, including phishing, malware distribution, and ransomware attacks. Cybercriminals exploit vulnerabilities to steal sensitive information, disrupt services, and extort money. The operation's success lies in its collaborative approach, involving INTERPOL, private cybersecurity firms like Kasperksy, and national law enforcement agencies. This partnership was crucial in sharing intelligence, resources, and expertise, enabling swift and effective actions against cyber threats.

The Scope of the Operation

In Hong Kong, authorities dismantled over 1,000 servers linked to cybercrimes, while investigators in Mongolia confiscated equipment and identified 93 suspects. Macau and Madagascar also played vital roles by deactivating hundreds of servers and seizing electronic devices.

Neal Jetton, Director of Interpol's Cybercrime Directorate, remarked, “The global nature of cybercrime requires a global response… Together, we’ve dismantled malicious infrastructure and protected countless potential victims.”

Key Achievements

The operation led to the seizure of over 22,000 malicious IP addresses and servers. This massive takedown disrupted numerous criminal networks, preventing further attacks and mitigating potential damages. The seized assets included servers used for hosting phishing websites, distributing malware, and coordinating ransomware operations.

Impact Areas

Phishing Schemes: Phishing remains one of the most prevalent and dangerous forms of cybercrime. Cybercriminals use deceptive emails and websites to trick individuals into revealing personal information, such as passwords and credit card details. By targeting and taking down phishing servers, Operation Synergia II significantly reduced the risk of individuals falling victim to these scams.

Malware Distribution: Malware, or malicious software, can cause extensive damage to individuals and organizations. It can steal sensitive information, disrupt operations, and even take control of infected systems. The operation's success in dismantling malware distribution networks has helped curb the spread of harmful software and protect countless users.

Ransomware Attacks: Ransomware is a type of malware that encrypts a victim's files, demanding payment for their release. It has become a major threat to businesses, governments, and individuals worldwide. By targeting the infrastructure used to deploy ransomware, Operation Synergia II has disrupted these extortion schemes and safeguarded potential victims.

Interpol's Operation 'Synergia' Secures Numerous Cybercriminal Arrests, Disrupts Global C2s

 

An international operation aimed at countering the rising threat of phishing, banking malware, and ransomware attacks globally has successfully dismantled command-and-control (C2) servers across Africa and the Middle East. Led by Interpol, the Synergia operation engaged 60 law enforcement agencies, including 17 from the Middle East and Africa (MEA) region. 

Notably, significant takedowns occurred in South Sudan and Zimbabwe, resulting in four arrests. Kuwait law enforcement collaborated with Internet Service Providers (ISPs) to identify victims, conduct field investigations, and provide technical guidance to mitigate the impacts of cyber threats.

Collaborating with local law enforcement and cybersecurity firms such as Group-IB, Kaspersky, ShadowServer, Team Cymru, and TrendMicro, Interpol executed the operation from September to November. The global initiative led to the arrest of 31 individuals and the identification of 70 additional suspects.

Beyond the MEA region, the operation yielded notable results worldwide:

- Europe witnessed the majority of C2 server takedowns, resulting in 26 arrests.
- The Hong Kong and Singapore Police successfully took down 153 and 86 servers, respectively.
- Bolivia mobilized various public authorities to identify malware and vulnerabilities.

Synergia also uncovered malicious infrastructure and resources in over 50 countries, spread across 200 web hosting providers globally. Currently, 70% of the C2 servers have been taken offline, with the remainder under investigation.

Bernardo Pillot, Assistant Director to the Interpol Cybercrime Directorate, emphasized the collaborative efforts of multiple countries and partners, underscoring the commitment to safeguarding the digital space. By dismantling the infrastructure supporting phishing, banking malware, and ransomware attacks, the operation aims to create a more secure online environment for users worldwide.

INTERPOL Fights Virtual Crime in the Metaverse

 


Could the future of law enforcement lie in the virtual world? In a pioneering move, INTERPOL established the INTERPOL Metaverse Expert Group in October 2023, aiming to enhance security in the emerging digital world known as the Metaverse. This virtual space, described as a 3D online environment where users interact through avatars, has raised concerns about potential crimes like grooming, radicalization, and cyber-attacks on critical infrastructure.

The INTERPOL Metaverse Expert Group is a collaboration involving INTERPOL member countries, governments, the private sector, academia, and international organizations. Their goal is to make the Metaverse secure by design. While the Metaverse holds promise for transforming various aspects of our lives, it faces challenges such as inadequate infrastructure, privacy concerns, jurisdictional ambiguity, and cybersecurity threats.

One key recommendation from INTERPOL is the integration of artificial intelligence (AI) for predictive policing. However, there are concerns about the legal and ethical implications of relying too heavily on AI. Potential privacy violations and biases, particularly towards marginalized groups, raise red flags. The call for caution emphasises the need for checks and safeguards when using AI-based predictive policing.

Another legal dilemma in the Metaverse revolves around avatars – the digital representations of users. Questions arise about who controls AI-based avatars and their legal status. A recent case in South Korea, where a man was jailed for generating illicit content using AI, highlights the complexity of addressing legal issues tied to avatars.

The report also addresses the challenge of interoperability, emphasising the need for universal protocols to enable seamless interactions across different virtual spaces. Professor Subhajit Basu from the University of Leeds stresses the importance of collaboration between tech companies, governments, and international organizations to establish these protocols while respecting legal jurisdictions.

Basu points out that a significant aspect of the legal framework involves data protection and privacy. As users move their data within the Metaverse, comprehensive legal measures aligned with regulations like Europe's GDPR become crucial.

The INTERPOL report underscores the Metaverse's potential for immersive law enforcement training. However, it highlights complex governance issues and international laws. To bridge these gaps, the report suggests regular policy reviews to adapt to the evolving landscape of the Metaverse.

Recognizing the multi-jurisdictional nature of the Metaverse, the report emphasizes the need for a holistic approach involving collaboration between various stakeholders for an effective response to metacrime. This approach ensures engagement across borders and organizations, essential for navigating the intricate challenges posed by the Metaverse.

INTERPOL’s efforts to address Metaverse-related crimes mark a significant step towards ensuring a secure and responsible digital future. As the Metaverse continues to evolve, the call for collaboration and proactive policies becomes crucial for effective law enforcement and protection of users' rights and privacy.



Operation Haechi IV: Interpol Arrest 3,500, Seize Assets Worth $300M


In a sweeping operation announced on Tuesday, the international police organization, Interpol has recently detained around 3,500 culprits who were allegedly linked to a cybercrime incident. 

The agency has also seized assets worth $300 million, across 34 countries. The operation, labelled as Haechi IV, furthermore suspended over 80,000 suspicious bank accounts and cautioned governments of the onset of new types of NFT and AI scams.

Stephen Kavanagh, Interpol’s Executive Director of Police Services informs that “The seizure of USD 300 million represents a staggering sum and clearly illustrates the incentive behind today’s explosive growth of transnational organized crime[…]This vast accumulation of unlawful wealth is a serious threat to global security and weakens the economic stability of nations worldwide.”

This year, Interpol witnessed a massive 200% surge in arrests regarding incidents that involved malicious hacks. 

For instance, Comcast suffered a data breach that affected around 56 million accounts, potentially resulting in the compromise of all Xfinity accounts. On Tuesday, ransomware group Rhysida leaked the upcoming Marvel video game from PlayStation, along with the passport information of the game’s developers. Also, last month, 23andMe suffered a loss of biodata of 6.9 million customers in a hack.

In this recent Interpol operation, e-commerce, corporate email compromise, and investment fraud accounted for the majority of the arrests. Haechi IV, however, informed participating nations about two cutting-edge strategies employed by cybercriminals. Interpol discovered that investment fraud, online sexual extortion, and impersonation scams all over the UK were using AI-generated content on multiple occasions. The technology of voice cloning was frequently employed to mimic someone who the victims knew.

Another cyber scam tactic noticed by Interpol that was used in the NFT attacks was very commonly adopted by cybercriminals in South Korea, where victims are promised substantial returns on their investments. However, following the initial investment, these spoof cryptocurrency ventures are frequently dropped. These two con games make use of modern technology and people's shallow knowledge of the subject. "Persistent challenge of cyber-enabled crime, reminding us to stay alert and keep refining our tactics against online fraud," according to Kavanagh, is demonstrated by the 200% increase in arrests.  

Interpol Operation: 14 Arrested, Allegedly Involved in Scamming Victims of $40 Million


Another Interpol operation detained 14 suspects and identified 20,674 suspected networks spread across 25 African nations that international law enforcement has connected to more than $40 million in losses due to cybercrime.

Operation Africa Cyber Surge II

The police operation, with combined efforts of Interpol, African law enforcement and private-sector security firms, commenced in April and lasted for four months. It was conducted in order to exterminate cyber malpractices like phishing, business email compromise (BEC) and other online scams. 

The international agency informed that the operation was conducted with the help and on-the-ground operational support of several infosec companies like Group-IB, Interpol and Uppsala Security. Their efforts helped in making three arrests in Cameroon related to an online scam involving the fake sale of artwork valued at $850,000.

Group-IB, that previously collaborated with Interpol on operations, gathered and communicated more than 1,000 indicators from its threat intelligence.

"Collaboration and intelligence sharing should be at the heart of cybersecurity operations, and Group-IB stands ready to make a further contribution to this end, in line with our core strategic mission of fighting against cybercrime in all its forms," Group-IB CEO Dmitry Volkov stated on Friday.

Information gathered by Group-IB and other private partners like Trend Micro, Kaspersky, and Coinbase aided in formulating some 150 Interpol analytical reports with data containing ‘intel on cyber threats’ from different countries. 

Details in the report included:

  • 3,786 malicious command and control servers
  • 14,134 victim IPs linked to data stealer cases
  • 1,415 phishing links and domains 
  • 939 scam IPs 
  • More than 400 other malicious URLs, IPs and botnets. 

The first phase of the operation was carried out between July 2022 and November 2022 and resulted in a number of investigations followed by operations against threat actors in the region. 

The most recent arrests come after months of similar cybercrime activities across Africa as international law enforcement works to dismantle cybercrime networks that operate out of various African nations.

Over 100 people were detained last week, according to Interpol, throughout the EU and Africa. Cops also recovered assets worth more than € 2.15 million ($2.4 million) that belonged to the Black Axe organized crime and cybercrime group.

In July 2023, cops in Côte d'Ivoire confirmed to have arrested a suspect, who was apparently a ‘key figure’ of cybercrime group – OPER1ER – responsible for defrauding banks and financial firms across 15 countries.

Interpol in a statement reported that the cybercrime group has defrauded the firms of a sum between $11 million to $30 million, with their targets spreading across Africa, Asia and Latin America.  

Operation Jackal: INTERPOL Shuts Down African Cybercrime Gang


A recent operation by INTERPOL on the West African cybercrime organization led to several bank accounts being frozen, with suspects detained and a series of financial investigations organized worldwide. 

Operation Jackal, conducted between May 15 and 29, apparently mobilized police forces, financial crime units and cybercrime agencies across 21 countries in order to launch a targeted strike on Black Axe and related West African organized criminal gangs.

As of now, more than 200 illicit bank accounts that were linked to online financial crime have been blocked, with several associated suspects arrested whose networks in cybercrime pose a severe threat to international security. 

“Organized crime is mostly driven by financial gain and INTERPOL is committed to working with our member countries to deprive these groups of their ill-gotten assets. This successful operation involving so many countries clearly shows what can be achieved through international cooperation, and will serve as a blueprint for concerted police action against financial crime in the future,” says Isaac Kehinde Oginni, Director of INTERPOL’s Financial Crime and Anti-Corruption Centre (IFCACC). “It also sends a strong message to West African crime networks that no matter where they hide in cyberspace, INTERPOL will pursue them relentlessly. The illegal activities of Black Axe and similar crimes syndicates will remain a priority for INTERPOL.”

In Portugal alone, four such investigations led to the accumulated seizure and recovery of around 1.4 EUR million.

A total of 34 suspects have been arrested in the Irish phase of the operation. Amongst these arrests, 12 were detained for investigative purposes and 22 on suspicion of money laundering and gangland-style offences. 

According to Deputy Head of the National Central Bureau of Dublin, Tony Kelly, ‘It became apparent early in the investigation that international cooperation and the use of INTERPOL’s analytical and coordination capabilities was essential to the investigation, and remains a pivotal element to the success to date and the ongoing investigation into this group.”

More such investigations have been witnessed across the world as intelligence agencies are putting efforts into investigating the issue.

Black Axe and other West African organized cybercrime syndicates are popular malicious gangs known for cyber-enabled criminal offences like financial fraud, mostly done by compromising company’s email systems, romance scams, inheritance scams, credit card fraud, tax fraud, advance payment scams and money laundering. 

Notorious Global Phishing Platform Neutralized in Cross-Border Operation

 


There were arrests made of two alleged operators of the phishing-as-a-service platform "16shop" by INTERPOL in Indonesia and Japan after the agency carried out a successful investigation into the scheme, which was outsourced. 

A research project that investigated cyber threats in the ten-nation Association of Southeast Asian Nations (ASEAN) bloc revealed on Tuesday that 16shop, which the international police co-operation organization described as a vendor of "phishing kits" sold to cyber criminals, was able to detect its existence as part of the research project investigating cyber threats in the bloc. 

To defraud Internet users with email scams, the PaaS platform in use sells phishing kits to hackers to use to defraud them by sending an email with a pdf or a link that redirects the victim to a website that asks them for various personal information such as their credit card number. After these details have been stolen, they are used to steal money from victims by stealing their personal information. 

Known as phishing, this form of cyberattack is committed by impersonating a legitimate entity through a form of communication such as email, a phone call, or a text message, with the intent of obtaining sensitive information from the victim. Several cyber threats are prevalent around the world, including phishing. Up to 90 per cent of data breaches are thought to be attributable to successful phishing attacks, making it one of the most common ways to acquire credentials and steal data from victims. 

As reported by Interpol, 16shop sells phishing kits to hackers, whose aim is to covertly scam internet users with the help of these kits. In most cases, these scams involve sending emails that contain PDF files or links that redirect users to a website as the result of the sender's mistake. A site like this would then ask its victims for their credit card numbers or other sensitive information, such as Social Security numbers. 

A joint operation against 16Shop was carried out with the assistance of the cyber crime department of the INTERPOL General Secretariat, Indonesian authorities, Japanese authorities, and US authorities. Several private infosec firms participated in the conference, and these included the Japan Cyber Defense Institute, Singapore's Group-IB, Palo Alto Networks' Unit 42, and Trend Micro, as well as Cybertoolbelt, an investigation platform for cybercrime. 

Over 70,000 users in 43 countries have reportedly been compromised as a result of the hacking tools supplied by 16shop. In an interview with The Jakarta Post, brigadier general Adi Vivid Agustiadi Bachtiar, the director of the Indonesian National Police Cybercrime Investigation, stated that anyone can launch phishing attacks by simply clicking on their mouse. 

A cybercrime expert, Bernardo Pillot, said there has been an "unprecedented increase" in the sophistication and number of cyber threats as a result of cybercrime operations at Interpol. Moreover, of late there has been an increase in “customized” attacks as criminals are looking for the highest impact as well as the highest profit from their crimes. 

There is a strong indication that the platform is administrated from a country in Indonesia, according to law enforcement. They seized electronic items, as well as several luxury vehicles, during the arrest of a 21-year-old man. A couple of other platform facilitators were also arrested after the first arrest was made by law enforcement officers. 

A police investigation was launched by the National Police Agency of Japan and the Indonesian National Police shortly after the successful apprehension of the administrator which led to the identification of two facilitators and their arrest by both agencies. 

Group-IB, a Singaporean infosec outfit, had analyzed 16Shop, the e-commerce platform for phishing kits, and the outfit was able to assert that over 150,000 phishing domains had been created as a result of using the outfit's kits. Information security firm Earthlink believes that the kits in question have been traded on the underground cybercriminal market since as far back as November 2017, at prices ranging from $60 up to $150 for each kit. 

According to the group, phishing pages targeting the users of American Express were offered for $60, and fake Amazon pages mocking Amazon were offered for $150, which are both targeted at American Express users, respectively. With the help of the kits, putative victims were able to see content localized to their location based on eight languages. 

It was necessary to have global collaboration since many of the operations of the phishing-as-a-service vendor were hosted on servers owned and run by a US-based company to operate efficiently. To provide Indonesian investigators with the information they needed, the FBI helped to secure it.

Delhi Police, FBI & Interpol in a Joint Operation Expose a Cybercrime Syndicate, Arrested Four


In a joint operation, Delhi Police, the Federal Bureau of Investigation (FBI), and Interpol have exposed an international syndicate involved in cybercrime, arresting four individuals involved in the cybercrime gang.

The four members, including the kingpin, were detained for allegedly conning the US nationals of 20 million dollars.

According to a statement provided by a Delhi Police official, the information regarding the cybercrimes was received by their Intelligence Fusion & Strategic Operations (IFSO) unit – which deals with complex cybercrime cases – from the FBI and Interpol. The agencies indicated that “some international cybercriminals, in conspiracy with each other and with the aid and assistance of co-conspirators based in India, the US and Uganda, were running call centers by posing as employees of the US Internal Revenue Service, Social Security Administration, Drug Enforcement Administration, and other US agencies,” said H.G.S. Dhaliwal, Special Commissioner Police (Delhi Police Special Cell).

“We received information that one accused, Parth Armarkar, impersonated a specific living person by the name of Uttam Dhillon. During his career, the real Uttam Dhillon served as the Acting Administrator of the US Drug Enforcement Administration and as the Director of INTERPOL Washington. Armarkar defrauded victims of millions of USD through call centers operating in Uganda, Africa. He is an Indian national and occasionally visits India,” Dhaliwal said.

The accused Armarkar, allegedly defrauded the victims of around $6 million via phony call centers in Uganda. Later, the technical inputs provided by the FBI helped Delhi police arrest the accused from Ahmedabad, India, apparently the place from where he was operating a segment of the syndicate.

Keeping in mind the severity of the situation, the Delhi Police established several teams of IFSO and Counter Intelligence/Special Cell to investigate on the issue.

Armarkar’s arrest was followed by the Delhi police tracking down the alleged leader of the syndicate, Vatsal Mehta. Further investigation led to the arrest of two more accused, Deepak Arora and Prashant Kumar. According to the police, the accused were on the FBI radar for a very long time.

As part of the coordinated action, the FBI has interviewed over 50 victims so far and collected evidence of fraud amounting to more than 20 million USD, which will be produced in court as per procedure. “Two victims from the US have also been examined through video calling by IFSO (Intelligence Fusion & Strategic Operations),” the officials noted.

The First Information Report (FIR) was lodged against the four accused under section 419 (cheating done by impersonation), 420 (cheating), 384 (extortion), 120B (criminal conspiracy), 34 (acts by many in furtherance of common intention) of the Indian Penal Code and sections 66C (identity theft) and 66D (impersonation) of the IT Act.

Following a Surge in Metaverse Crimes, Interpol Promises to Implement Punishment


Real-world criminals are now attempting to conduct malicious practices in the virtual world, but this time they may as well face its repercussions. In order to assure the same, the International Criminal Police Organization (ICPO) is on its way to developing techniques that could identify authority crimes in the Metaverse to combat cyber-attacks and criminals lurking in the digital world. 

According to Secretary General Jurgen Stock, the objective of Interpol is to monitor criminal activities across the metaverse. The “sophisticated and professional” criminals are opting for advanced technological tools and tactics to commit crimes, which has to stop for the sake of online users. 

As the number of people using the metaverse rises, more crimes including data theft, money laundering, crimes against children, financial fraud, ransomware, phishing, etc. could occur. 

Stock believed that it was essential for Interpol to remain relevant and implement new technology as they were developed. He stressed the importance of Interpol's response to the problem, emphasizing how rapidly criminals are adopting new technologies for their illicit activities. 

He also noted that the company’s authorities run short of necessary resources at times, in order to carry out their jobs effectively. They have seen firsthand how if action is delayed, trust in the agency's resources and, consequently, the metaverse, may as well be tarnished. Such services are currently available, and criminals are already using them. 

What does Interpol Consider Crime in Metaverse? 

Interpol's virtual reality (VR) realm offers law enforcement a glimpse into the metaverse and a preview of the kinds of crimes that might be committed there through its secured servers. This further gives law enforcement personnel an opportunity to learn about the challenges of policing in the metaverse and test out potential solutions. 

However, Interpol’s Executive Director of Technology and Innovation Madan Oberoi notes that the firm is having trouble defining what constitutes a crime in the metaverse and spreading awareness of such crimes. “There are crimes where I don’t know whether it can still be called a crime or not. If you look at the definitions of these crimes in physical space, and you try to apply it in the metaverse, there is a difficulty,” he says. 

Moreover, the organization also asserts that one of its main tasks is informing the public about these issues. According to Oberoi, law enforcement agencies must make sure to educate themselves about the metaverse in order to effectively assist victims or potential victim users of crimes pertaining to the metaverse. 

In order to efficiently combat cybercrime, one of the best solutions Interpol may implement is to deal with regulating criminal acts in the metaverse and encourage law enforcement agencies to keep up with the technology's rapid advancement. Interpol promises to be in full force in assisting with criminal investigations and crime-solving. Interpol and its 195 member nations will cooperate to combat global cybercrime.   

Interpol is Determining How to Police the Metaverse

 

Interpol, the International Criminal Police Organization, is researching how to police the metaverse, a digital world envisioned as an alternative to the real world. Jurgen Stock, the secretary general of Interpol, believes that the organization must be prepared for this task in order to avoid being left behind by the metaverse and its associated technology. 

When it comes to enforcing the law in the metaverse, police organizations face challenges. However, Jurgen Stock, the secretary general of the International Criminal Police Organization, Interpol, appears to believe that the organization must be prepared to take action on cybercrime. 

The organization is currently preparing to expand its operations to metaverse platforms, which are already in use by some groups to commit crimes. In an interview with the BBC, Stock stated:

"Criminals are sophisticated and professional in very quickly adapting to any new technological tool that is available to commit crime. We need to sufficiently respond to that. Sometimes lawmakers, police, and our societies are running a little bit behind."

Among the current metaverse crimes are verbal harassment, assaults, and others such as ransomware, counterfeiting, money laundering, and financial fraud. However, some of these remain in the legal gray areas.

Thefts in the Metaverse

According to Dr. Madan Oberoi, Interpol's executive director of technology and innovation, one of the most difficult problems the organization is currently facing is determining whether an action on the metaverse constitutes a crime or not. Recognizing that there are still difficulties in this regard, he stated:

"If you look at the definitions of these crimes in physical space, and you try to apply it in the metaverse, there is a difficulty. We don’t know whether we can call them a crime or not, but those threats are definitely there, so those issues are yet to be resolved."

For Oberoi, one thing is certain: to police the metaverse, Interpol needs to have contact and be present on metaverse platforms. This is why the organization already has its own location in the metaverse, which was inaugurated during its 90th General Assembly in New Delhi in October.

Interpol's metaverse platform also serves another purpose, enabling it to offer courses online to members of the force in other countries and directly practice the acquired skills in the metaverse.

Cybercrime Gangs Are Expanding Across Africa: Investigators Warns


Police and investigative experts of the sub-Saharan region of Africa have cautioned of cyber criminal gangs, that are recently advancing in size and power by exploiting the vulnerabilities caused during the global economic crises and the Covid-19 pandemic. 

As claimed by the authorities, both of the mentioned situations have given rise to newer opportunities for online criminals to rake in large assets without risking being caught. 

This growth has a direct impact on the rest of the world, where many victims of “hugely lucrative” fraud live, a senior police official says. 

According to Prof. Landry Signé, a senior scholar and study author at Brookings Institution, the Covid-19 crisis has apparently resulted in the growth of digitalization globally. As online activities boosted, criminals, targeted critical digital infrastructure. 

“The Covid-19 pandemic has accelerated digitalization around the world, but as life has shifted increasingly online, cybercriminals have exploited the opportunity to attack vital digital infrastructure […] States across Africa have emerged as a favorite target of cybercriminals, with costly consequences,” says Professor Signé. 

Nigerian Black Axe Gang

Interpol describes online frauds like banking and credit card frauds as the most pervasive and severe cyber threat across Africa. The Covid-19 pandemic has resulted in a sustained rise in the number and advancement of cyber-attacks, with more than half being targeted at online banking platforms, as per the analysts.

A major operation organized by Interpol this month, across 14 countries, emphasises the scale of cybercrimes across the continent and beyond. 

Police later detained more than 70 alleged fraudsters in connection with the Nigerian cyber threat group known as ‘Black Axe’ in South Africa, Nigeria, and Ivory Coast, as well as in the Middle East, Europe, south-east Asia, and the US. 

Moreover, about 50 residents were being investigated, with $1 million confiscated from bank accounts. Additionally, an apartment building, three vehicles, tens of thousands of dollars, and about 12,000 sim cards were seized. 

Reportedly the Black Axe gang started out as a student organization, originating in Benin City, in the 1970s and later evolved into a worldwide criminal network, specializing in frauds. As per the US court filings, the group later claimed a regional headquarters in South Africa in the year 2013. 

Authorities reportedly discovered phones and other equipment that were known to be used by Black Axe scammers, in Ireland. While tracing the group’s vocabulary, the investigators linked the group to West Africa. 

A former South African criminal intelligence official says that although the fraudulent activities have comparatively reduced, one cannot assume that the organization has ceased operations. The official continued that these criminals manage their operations very well, and they have found solutions to all the issues. 

A Major Base for Organized Crimes

As reported by The Guardian, South Africa has emerged as a headquarter for organized crimes. 

South Africa apparently hosts the Black Axe organization, while also helping them proliferate worldwide. In this regard, Interpol further said, “as well as hosting Black Axe groups, South Africa also helps enable their spread to other parts of the world … Black Axe members come to South Africa to obtain South African citizenship, which facilitates their travel to the US, Europe or Dubai.” 

Along with other acts of cyber fraud, threat actors in Africa generally targets victims via online dating services and apps, deceiving them into false relationships in order to acquire money or sensitive information about the victims. 

Not only South Africa, Kenya as well has evolved into a significant base for digital extortion schemes, believes the FBI and Interpol. Thus, making the continent a major base for cybercrime activities.  

Metaverse Opens Up New World of Cybercrime, Says Interpol

 

Global police agency, Interpol says that it is preparing for the risks that online immersive environments, the “metaverse" could create in form of new kinds of cybercrime while bolstering the already existing forms of cybercrime. 
 
Countries that are a member of Interpol have since been raising concerns on how to prepare for potential metaverse crime. Interpol's executive director for technology and innovation, Madan Oberoi told Reuters that, “some of the crimes may be new to this medium, some of the existing crimes will be enabled by the medium and taken to a new level." 
 
According to Oberoi, augmented reality and virtual reality could affect how phishing and scams operate. Additionally, he stated that concerns over child safety were also present.  
 
Virtual reality, as per Oberoi could aid crime in the physical world, “If terror group wants to attack a physical space they may use this space to plan and simulate and launch their exercises before attacking” he added.  
 
Earlier this October, Europol, the European Union’s law enforcement agency stated in a report that threat groups in the future may use virtual worlds for propaganda, recruitment, and training. The report added that users may as well create virtual worlds with “extremist rules.” 
 
According to Europol, if the metaverse environment detects users' interactions on a blockchain, “this might make it possible to follow everything someone does based on one interaction with them- providing valuable information for stalkers or extortionists.” 
 
Since 2021, Metaverse has been a tech buzzword, with company giants and investors claiming that the virtual world environments will advance in popularity, marking a new stage in the internet’s development. Marking its shift towards the idea, Facebook, in October 2021 announced renaming the giant to “Meta.” 
 
But thus far, there are few indications that this vision will come true. As the stock price of Meta fell on Thursday, investors expressed skepticism about making bets in the metaverse. 
 
Sales of blockchain-based assets, that represent virtual land and other digital possessions have also witnessed a plunge after a period of frenetic growth last year.

Interpol Arrests 12 Suspects for Running Sextortion Racket


A joint operation to crack down sex racket

Interpol announced the arrest of 12 individuals under suspicion of core members of transnational sextortion ring. 

The arrests happened in July and August because of a joint investigation done by Interpol's cybercrime division and police in Singapore and Hongkong. 

Under the Banner #YouMayBeNext, supported by 75 INTERPOL member countries and 21 private and public entities, the campaign focuses specifically on sextortion, Distributed Denial of Service (DDoS), and ransomware attacks. 

In an example of the challenges these cyber attacks represent, international police operations supported by INTERPOL has found and tracked down transnational sextortion ring that was able to extract around USD 47,000 from targets. 

As of now, the investigation has tracked 34 back to the syndicate. 

What is sextortion?

Sextortion is considered a criminal act and is a form of sexual exploitation that includes harrassing an individual, either via threat or manipulation, into making sexually explicit content and sending it over the internet. 

The suspects reached out to potential victims through online dating and sex platforms, then lure them into downloading a malicious mobile app and trick them into "naked chats." 

The suspects used this app to hack victim's phone contact lists, then threaten victims by blackmailing to leak their nude videos to their relatives and friends. 

The victims of the sextortion racket are mostly from Hongkong and Singapore. 

Raymond Lam Cheuk Ho, Acting Head of the Hong Kong Police’s Cyber Security and Technology Crime Bureau said:

"We conducted a proactive investigation and in-depth analysis of a zombie command and control server hosting the malicious application, which – along with the joint efforts by our counterparts – allowed us to identify and locate individuals linked to the criminal syndicate.”

INTERPOL's warning 

Besides this, Interpol has warned about a surge in sextortion incident in the recent years, the rise has been aggravated due to the Covid-19 pandemic. 

It mentions the risks of the sextortion, just a click away on a malicious link or an intimate video/picture to someone can expose users to sextortion threats. 

Last year, the FBI Internet Crime Complaint Center (IC3) alarmed about a sudden rise in sextortion complaints since the start of 2021. As per the experts, the attack has caused   financial losses of more than $8 Million until July 2021. 

The FBI got more than 16,000 sextortion complaints until July 2021, most of the victims fall between the age of 20 and 39. 

How to be safe from sextortion?

Security affairs reports the following measures to stay safe from sextortion threats: 

  • NEVER send compromising images of yourself to anyone, no matter who they are or who they say they are.
  • Do not open attachments from people you do not know. Links can secretly hack your electronic devices using malware to gain access to your private data, photos, and contacts, or control your web camera and microphone without your knowledge.
  • Turn off your electronic devices and web cameras when not in use.


INTERPOL Arrests Three Nigerians in Relation with a Global Scam 

 

Three Nigerian men were arrested and convicted as a result of an Interpol-led operation code-named Killer Bee. They were accused of using a remote access trojan (RAT) to reroute bank transactions and steal business credentials. Two possible accomplices were also apprehended. 

The trio, aged 31 to 38, was apprehended as part of an 11-country sting operation involving law enforcement agencies from Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nigeria, the Philippines, Singapore, Thailand, and Vietnam. 

Agent Tesla is a prominent "malware-as-a-service" Remote Access Trojan (RAT) tool used by malicious attackers to collect information like credentials, keystrokes, and clipboard data from the victims. It was initially identified in late 2014. 

Due to Agent Tesla's stability, flexibility, and functionality, which allows for the sampling of sensitive data and exfiltration from the victim, it is used by both cybercriminal groups and actors involved in espionage operations. 

While the authorities did not say how much money the hackers allegedly took, the companies targeted included oil and gas enterprises in Southeast Asia, the Middle East, and North Africa. As per INTERPOL arrested three Nigerians in relation with a global scam The other two men are still facing charges. As per Interpol, one of the scammers, Hendrix Omorume, was prosecuted and convicted of three counts of significant financial fraud and now risks a sentence of 12 months in prison. The other two men are still facing charges.

Interpol and the Nigerian Police Force, with the help of various cybersecurity firms (Group-IB, Palo Alto Networks Unit 42, and Trend Micro), identified a 37-year-old Nigerian man as one of the SilverTerrier cybercrime group's commanders last week.

"Cybercrime is growing at a rapid pace, with new trends continuously appearing," stated Abdulkarim Chukkol, Director of Operations at the EFCC. INTERPOL and the EFCC collaborate on operations like Killer Bee to keep up with emerging technologies, understand the opportunities they provide for criminals, and how they may be used to combat cybercrime.

Interpol Arrests Moroccan Hacker Engaged in Phishing Attacks

 

As part of a global phishing and credit card fraud scheme, law enforcement authorities with Interpol apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France. According to a report published on 6th July by cybersecurity firm Group-IB, the two-year investigation, called Operation Lyrebird by the international, intergovernmental group, resulted in the arrest of a Moroccan citizen nicknamed Dr HeX.

According to the cybersecurity firm, Dr HeX has been "active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims." The cyber-attacks included the use of a phishing kit that included online pages that spoofed banking firms in the country, as well as mass emails that imitated the targeted companies and asked users to enter login credentials on the rogue website. 

The credentials submitted by unwitting victims on the phoney web page were then forwarded to the perpetrator's email address. At least three separate phishing kits were discovered, all of which were apparently created by the threat actor. The phishing kits were also "sold to other individuals through online forums to allow them to facilitate similar malicious campaigns against victims," Interpol said in a statement. "These were then used to impersonate online banking facilities, allowing the suspect and others to steal sensitive information and defraud trusting individuals for financial gain, with the losses of individuals and companies published online in order to advertise these malicious services." 

The name Dr HeX and the individual's contact email address were included in the phishing kit scripts, which allowed the cybercriminal to be identified and deanonymized, revealing a YouTube channel as well as another name used by the adversary to register at least two fraudulent domains used in the attacks. Furthermore, Group-IB claimed it was able to link the email address to the accused's malicious infrastructure, which includes up to five email addresses, six nicknames, and accounts on Skype, Facebook, Instagram, and YouTube. 

Dr Hex's digital footprint left a tell-tale trail of malicious activities between 2009 and 2018, during which the threat actor defaced 134 web pages, as well as posts created by the attacker on various underground forums devoted to malware trading and evidence suggesting his involvement in attacks on French corporations to steal financial information.

Interpol Seize $83 Million in Operation Against Online Financial Fraud

 

More than 500 suspects were arrested in the Interpol-coordinated Operation ‘HAECHI-I’ and $83 million were seized which belonged to the victims of online financial crime. Over 40 law enforcement officers across the Asia Pacific region took part in the Interpol-coordinated Operation HAECHI-I and intercepted $83 million from being transferred to the accounts of their perpetrators.

Law enforcement agencies were specifically focused on five types of online financial crime: investment fraud, romance scams, money laundering associated with illegal online gambling, online sextortion, and voice phishing.

A total of 585 individuals were arrested, and more than 1,600 bank accounts belonging to perpetrators of the cyber-enabled financial crime were frozen. The stolen funds were blocked from getting into the scammers' accounts following multiple joint operations and months of collecting intelligence on the attackers' operations.

More than 1,400 investigations were opened during HAECHI-I’s six-month operational phase targeting cybercrime in the Asia Pacific region (i.e., Cambodia, China, Indonesia, Korea, Laos, The Philippines, Singapore, Thailand, and Vietnam), with 892 cases having already been solved and the rest still being investigated. 

“Online fraudsters often attempt to exploit the borderless nature of the Internet by targeting victims in other countries or transferring their illicit funds abroad. The results of Operation HAECHI-I demonstrate that online financial crime is fundamentally global and that only through close international cooperation can we effectively combat these criminals," said Ilana de Wild, Interpol's Director of Organized and Emerging Crime. 

Last year, Interpol also advised victims of online financial scams to immediately take action to intercept stolen funds before their money reached the scammers' bank accounts. In January 2021, Interpol warned all 194 member states of fraudsters targeting dating app users and trying to trick them into investing through fake trading apps. 

“The key factors in intercepting illicit money transfers are speed and international cooperation. The faster victims notify law enforcement, the faster we can liaise with INTERPOL and law enforcement in the relevant countries to recover their funds and put these criminals behind bars,” Amur Chandra, Brigadier General of the Indonesian National Police and Secretary of Indonesia’s INTERPOL National Central Bureau, stated.

Joker's Stash, the Largest Carding Forum Shutting Down

 

Joker's Stash opened in 2014 and was perhaps the most well-known underground carding site which gave new stolen credit card data and a guarantee of card validity. The activity gas has undergone a decline since mid-2020. The normally active administrator, Joker's Stash, had several gaps in communication. Joker's Stash, announced on January 15, 2021, that it is expected to shut down in a month - the stipulated date being February 15, 2021. The news was announced by the site's administrator through messages posted on different underground cybercrime forums where the site normally publicized its services.

Threat intelligence firm Intel 471 posted a blog expressing that Joker's Stash's fall comes after an extremely tempestuous close to 2020, documenting the website's end. In October, the individual who purportedly runs the site declared that he had contracted COVID-19, going through seven days in the hospital. The condition has influenced the site's forums, inventory replenishments, and different tasks. Intel 471 likewise found that the customers of the site were complaining that the shop's payment card data quality was progressively poor. 

The FBI and Interpol held onto four domains operated by the marketplace. During that time, the site's administrators said the law enforcement crackdown left just restricted effect on the site, the domains were just utilized as proxies to reroute clients from landing pages to the genuine marketplace, and that authorities didn't hold onto any servers containing card or client information. Despite the fact that the seizure didn't have a lot of effects, it chiefly influenced the site's reputation and made clients feel that the once-untouchable Joker's Stash was presently an open book for law enforcement agencies. 

The Joker's Stash admin didn't give more insights about the choice to close down the site. They may have chosen to stop as opposed to being taken down by the law enforcement agencies. Nonetheless, that doesn't infer that the site's administrator is now immune to prosecution. Prior to its declaration of closing down, the Joker's Stash was viewed as perhaps the most profitable cybercrime operations today.

As indicated by Christopher Thomas, Intelligence Production Analyst at Gemini Advisory, the shop is assessed to have made countless dollars in illicit profits, despite the fact that this cash also goes to the vendors themselves. Joker's Stash has been working since October 7, 2014. Last year alone, the site had posted more than 35 million CP (card present) records and in excess of 8 million CNP (card not present) records.

The site's administrator intends to wipe all servers and backups when they shut their operations next month.