Cyber criminals are not easy to take down. That’s primarily because their malicious work is done remotely. For this reason, an attack that happens in one country could easily have been perpetrated by an individual across the world. Bringing hackers to justice is a global law enforcement concern, and yet when it comes down to it, the particulars behind capturing cyber criminals make the whole process very complex. Say, for instance, a hack occurs in North America impacting solely U.S. citizens – but then, as it turns out, the cyber criminals who carried it out are based in Germany. This kind of scenario brings up the kind of police jurisdictional concerns that help illustrate why cyber crime is such a hard thing to police.
It should come as no surprise, therefore, that many hackers go unpunished, and are able not only to constantly evade authorities, but to grow in sophistication and influence in the process. Therefore, when a cyber criminal is nabbed, it’s always cause for headlines. But you know what’s better than bringing a single hacker to justice? Hauling in 49 of them. For Europol’s European Cybercrime Centre, this is exactly what happened toward the beginning of June, when authorities reportedly succeeded in dismantling a vast cyber criminal group. The story of the capture got a lot of visibility, and predictably so: This is not the kind of thing that happens every day.
To shut down a Europe-spanning cyber crime ring, deploy a Europe-spanning group
To understand how European authorities succeeded in bringing down a major hacking operation, it’s best to start by examining the group that accomplished this task. The European Cybercrime Centre, or EC3, became operational at the beginning of 2013. As an organization, EC3 is a product of a very specific societal need: Simply put, the growth in the global cyber criminal infrastructure is occurring at a rate that’s increasingly threatening individuals, enterprises and governments. And even since January 2013, when Europol came onto the scene, we’ve experienced a whole host of cyber criminal attacks that illustrate the mounting power of the hacking sector.
In terms of being established within Europol, EC3 had an immediate advantage. That’s because Europol, or the European Police Office, is a law enforcement agency whose influence encompasses the member states of the European Union. Because of this, EC3 is in a unique position to combat cyber crime across nearly the entire European continent. Given that cyber crime is not a practice that adheres to national borders, the ability of EC3 to transcend these borders is what gives it a clear edge in the fight against hackers. As Europol explained in its description of EC3, “By situating the EC3 within Europol, the Centre was able to not only draw on Europol’s existing law enforcement capacity but also to expand significantly on other capabilities, in particular the operational and analytical support to Member States’ investigations.”
Today, EC3 has a number of responsibilities that make it a central force with regard to the hunting of cyber criminals in Europe. Not only does it serve as “the central hub for criminal information and intelligence,” but it also helps to coordinate investigations and operations. As a European Union-connected agency, EC3’s function isn’t to usurp national police in the fight against hackers, but instead to provide much-needed support. The unique operational format of EC3 came in handy recently, when the group played a central role in dismantling the Europe-spanning cyber ring and arresting 49 of its alleged participants.
Taking down a massive group
The first thing to note about the European cyber crime group that the EC3 busted is that it’s about as nation-spanning as you can get. According to a press release put out by the EC3 following its capture of the 49 suspects, the group’s activities traversed vast parts of Europe, including Poland, the U.K., Italy, Spain and Belgium. Because of this – and due to the fact that EC3 isn’t a policing body with the authority to supersede national policing – the investigation was necessarily a coordinated effort between the EC3 and several different countries. At the helm of the hunt was the Italian Postal and Communications Police, the Spanish National Police and the Polish Police Central Bureau of Investigation.
But for its part, the cyber crime ring that these authorities were hunting was just as coordinated. As Europol pointed out, the ring was based around a man-in-the-middle attack, wherein hackers position themselves in the middle of important and privileged information being transmitted in order to intercept that data. In the case of this group, the hackers orchestrated their attack to target medium and large enterprises across Europe. Once they’d identified corporate targets, the cyber criminals would launch their coordinated effort via malware and social engineering, two of the most common tactics deployed by hackers today.
According to Europol, the cyber criminals leveraged these hacking techniques to gain access to the business’ central email accounts. Once they had this access, they’d effectively secured their “middle man” position, enabling them to monitor information in transit. In the case of the hackers, the data they were targeting was payment requests from customers, which they were able to intercept thanks to their corporate email access. Because they were in the various business’ email accounts, the cyber criminals were able to pose as the legitimate business, and used this disguise to tell customers to send payments to new bank accounts. These accounts, of course, were controlled by the hackers, and once the unsuspecting customers sent payments through, the cyber criminals were immediately able to turn those payments into cash for themselves. The suspects came from all over: Among them were alleged cyber criminals from Cameroon, Nigeria and Spain. But though they came from different places, the hackers displayed a united front in terms of making off with the money, effectively laundering it via a carefully orchestrated system in order to swiftly get the stolen funds out of the EU.
To sum up this attack, there was nothing amateur about it. So how was the EC3 able to dismantle the group? The answer is that the law enforcement group was as highly coordinated in hunting the attackers as the criminals were in planning the attack. Here’s what the EC3 did to nab the group’s members:
- Set up a base of operations: As previously mentioned, this was not an investigation that EC3 was prepared to do on its own. To catch the 49 cyber criminals required a combined effort among agencies spanning the European continent. Therefore, the first step for the EC3 was to set up a coordination center, which they launched in the Hague. This center provides the means for the various law enforcement groups involved in the investigation to interface.
- Activate international information exchange: Once the center had been established, it was time for the various country-specific policing agencies to come together and share information. During the investigation, the Spanish National Police, Italian Postal and Communications Police and other groups oversaw the careful exchange of data regarding the group, and through this they were able to construct a composite sketch of the hacking collective and the way it operated.
- Deploy ground forces: Like any effective criminal investigation, the hunt for the 49 couldn’t be confined to an office in the Hague. Therefore, experts at Europol worked to ensure that there was an operational presence on the ground in impacted countries like Spain and Italy. Harnessing mobility tools, these on-the-ground experts were able to communicate with base control and help build the case against the hackers.
- Break down doors: Given that the European policing authorities were conducting a primarily virtual investigation, you might think there wasn’t a physical component to it. But, in fact, there was. Once the collective groups had established enough data about the cyber criminals to deem actionable, they used this information to search 58 properties, as V3 reported. Through these searches, authorities were able to get their hands on forged documents, SIM cards, USBs and other incriminating materials. From there, the 49 arrests followed.
As Europol deputy director of operations Wil van Gemert pointed out to V3, the cyber criminal investigation highlights the collaborative work that’s part and parcel of virtual crime policing.
“This successful operation shows the importance of international law enforcement working together with private industry to fight the global threat of cybercrime,” van Gemert said. “We will continue our efforts to take down botnets and disrupt the core infrastructures used by cyber criminals to carry out a variety of crimes. Together with the European Union member states and partners around the globe, our aim is to protect people worldwide against these criminal activities.”
Cyber crime is an everyday occurrence – but bringing it to justice isn’t
The capture of the 49 middle men attackers isn’t just significant for the size of the capture – it’s significant that it happened at all. In the world we live in, cyber criminals don’t have to worry too much about capture, since it’s exceedingly rare that they’re brought to justice. While 49 hackers may be off the virtual streets, there are many other groups and individuals still at large. Here are some of the most wanted hackers, as reported by We Live Security:
- Alexsay Belan: Belan is wanted in connection with the hack of three U.S.-based businesses in 2012 and 2013. A sophisticated Russian hacker, Belan was allegedly able to use his hacking prowess to break into the networks of the e-commerce companies and steal lots of privileged information, which he reportedly then sold for profit on the dark web.
- Ercan Findikoglu: Findikoglu is in a lot of trouble in the U.S. – up to 247 years’ worth, to be exact. His alleged crime is that he carried out a $60 million credit card cyber fraud scam. In 2013, Findikoglu was nabbed in Frankfurt by German police, but due to complications with extradition to the U.S., he was kept in Germany. However, that changed a few days ago, when he was finally extradited to the U.S. While this means he’s technically no longer “most wanted,” his long period of evasion earns him a spot on this list.
- Evgeniy Bogachev: When it comes to cyber criminals who are wanted by authorities, you can’t do much better than Evgeniy Bogachev. Currently public enemy number one in the FBI’s fight against cyber fugitives, Bogachev’s capture is so in-demand that the FBI is willing to fork over up to $3 million to anyone who provides actionable information. What is it about Bogachev that makes him such a hot target for law enforcement? The man is suspected to be none other than the developer of the GameOver Zeus botnet, which has been a massively disruptive force as far as malicious strains go.”The software was used to capture bank account numbers, passwords, personal identification numbers, and other information necessary to log into online banking accounts,” reported the FBI on GameOver Zeus. “While Bogachev knowingly acted in a role as an administrator, others involved in the scheme conspired to distribute spam and phishing emails, which contained links to compromised web sites.”
GameOver Zeus is reported to have done quite a bit of damage since it burst onto the virtual scene in September 2011. As the FBI reports, the botnet may have claimed more than 1 million infected computers, and is reportedly directly responsible for losses in excess of $100 million. When you look at it this way, the reward money for Bogachev represents only a fraction of the monetary damage he’s done. Were the FBI to capture him, he is the type of person whose knowledge of the cyber criminal world could prove useful in nabbing other criminals and groups.
With so much of cyber crime going unpunished, the need falls on businesses and individuals to do everything it takes to keep the hackers away. Law enforcement can – and should – play a role in cyber crime suppression, but it’s still a relatively new practice. And in the meantime, if your business is breached, you won’t be able to blame law enforcement for not getting the hackers. The responsibility for the attack will lie on your shoulders – which is why it’s imperative to implement defensive measures.