Portugal’s Polícia de Segurança Pública (PSP) has confirmed that a large cybercrime network that was recently dismantled by the Spanish police, in collaboration with Europol, had been responsible for sending out a computer virus attack in the form of a ‘pop up’ window, purportedly in the name of the Portuguese PSP police.
David Thomas, president of Safe Communities Algarve (SCA), who has reported on this type of crime through the association’s email newsletter, said: “Several residents in the Algarve have recently received this pop-up message and were clearly alarmed by what they saw. So I am pleased to report that, according to Europol and Spanish police information, the gang responsible for this were arrested on February 13.”
The group behind this ‘ransomware’ operation would extort money from victims through the posting of ‘pop ups’ on the screens of computer users alleging that they had been viewing child pornography and asking for payment of a fine.
“For those with a webcam, the virus would take a photograph of them and superimpose this on to the computer screen, together with the warning message and what looked like a PSP website page,” said David.
On its website, Europol informed on February 13 that Spanish police, working closely with the European Cybercrime Centre (EC) at Europol, had dismantled “the largest and most complex” cybercrime network dedicated to spreading police ransomware. “It is estimated that the criminals affected tens of thousands of computers worldwide, bringing in profits in excess of €1 million per year,” said the organisation.
‘Operation Ransom’ resulted in 11 arrests. The first was a Russian man, 27, who was responsible for the creation, development and international distribution of the various versions of the malware. He was arrested in the United Arab Emirates and is currently awaiting extradition to Spain, said Europol. As part of the investigation, one of the criminal network’s largest financial cells in the Costa del Sol was also dismantled. Another 10 individuals (six Russians, two Ukrainians and two Georgians) linked to the financial cell were also detained by the Spanish police authorities.
Six premises were searched in the province of Malaga, where IT equipment used to commit the crime was seized.
“Police investigators also seized credit cards used to cash out the money that victims paid via Ukash, Paysafecard and MoneyPak vouchers, as well as around 200 credit cards which were used to withdraw €26,000 in cash prior to the arrests,” announced the organisation.
“The financial cell of the network specialised in laundering the proceeds of their crimes, obtained in the form of electronic money. For this, the gang employed both virtual systems for money laundering and other traditional systems using various online gaming portals, electronic payment gateways or virtual coins.”
“They also used compromised credit cards to extract cash from the accounts of ransomware victims via ATMs in Spain. As a final step, daily international money transfers through currency exchanges and call centres ensured the funds arrived at their final destination in Russia.” Since the virus was detected in May 2011, there have been more than 1,200 reported cases just in Spain, and the number of victims could be much higher.
If a message claiming to be from a law enforcement agency pops up on your computer screen and accuses you of having visited illegal websites containing child abuse material or file sharing, then you have been infected by “Police Ransomware”. This is malicious software which locks your computer and then demands that you pay a fine in order to get it unlocked.
This type of demand will never be issued by a law enforcement agency. It is a scam designed to generate huge profits for organised criminal groups.
Instructions on what actions to take if you feel your computer has been affected are available from Europol, PJ, PSP and Safe Communities Algarve (www.safecommunitiesalgarve.com – with downloads in English).
Bank phishing gang arrested
The Polícia Judiciária have arrested seven individuals suspected of being involved in crimes of computer fraud, unlawful access, money laundering and conspiracy. Police have so far established the misappropriation of around €170,000 by the group in about 70 cases investigated.
As part of a several-months-long police operation, entitled ‘Seven Seas’, 15 house searches were carried out resulting in the arrest of six men and one woman, who collaborated with a number of other defendants to unlawfully seize money from third parties through the improper use of online banking, a criminal activity that is known as “phishing”.
In conjunction with the Department of Investigation and Penal Action Lisbon, and the cooperation of the Brazilian police, it was possible to identify and determine the role of the leaders, recruiters and the so-called “money mules” who were part of the scam. Money mules are people who accept to receive, in their bank account, money from illegal activities. They will then transfer or withdraw the money to other bank accounts, which in this particular case were held in foreign countries.
The police investigators involved seized in the Lisbon area several computer hardware and software acquired by the group to support its activity, as well as a wide range of documentation of commission of offences.
According to a statement from the Lisbon District General Attorney (PGDL), the detainees had set up a “sophisticated” money misappropriation scheme through “criminal access” to “dozens of bank accounts” without the knowledge of their holders.
The suspects would obtain, through the internet, the bank account numbers, activation codes and other data that would allow them access to the bank accounts and would then proceed with the transfer of money to other accounts, through the so-called “money mules”.
It is believed by police that at least 37 people have been targeted by the group since August last year. Detainees were present in court and three of them are being held in preventative prison, while the others have to report regularly to the police station.
Police warn that despite existing technological protections for the use of online banking, it is up to the users to take additional security measures.