Judicial and law enforcement authorities in Europe, Australia, the United States, Ukraine, and Canada have taken down a website that allowed fraudsters to impersonate trusted corporations or contacts to access sensitive information from victims, a type of cybercrime known as ‘spoofing’. The website is believed to have caused an estimated worldwide loss in excess of GBP 100 million (EUR 115 million).
In a coordinated action led by the United Kingdom and supported by Europol and Eurojust, 142 suspects have been arrested, including the main administrator of the website.
London’s Metropolitan Police Commissioner Sir Mark Rowley stated:
The exploitation of technology by organised criminals is one of the greatest challenges for law enforcement in the 21st century. Together with the support of partners across UK policing and internationally, we are reinventing the way fraud is investigated. The Met is targeting the criminals at the centre of these illicit webs that cause misery to thousands. By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable people.
Eurojust President Mr Ladislav Hamran said:
As cybercrime knows no borders, effective judicial cooperation across jurisdictions is key in bringing its perpetrators to court. Eurojust supports national authorities in their efforts to protect citizens against online and offline threats, and to help see that justice gets done.
Europol’s Executive Director Ms Catherine De Bolle said:
The arrests today send a message to cybercriminals that they can no longer hide behind perceived international anonymity. Europol coordinated the law enforcement community, enriched the information picture and brought criminal intelligence into ongoing operations to target the criminals wherever they are located. Together with our international partners, we will continue to relentlessly push the envelope to bring criminals to justice.
The services of the website allowed those who sign up and pay for the service to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords. The users were able to impersonate an infinite number of entities (such as banks, retail companies and government institutions) for financial gain and substantial losses to victims.
The investigations showed that the website has earned over EUR 3.7 million in 16 months. According to UK authorities, losses to victims at present are £43 million (EUR 49 million), with estimated worldwide losses in excess of £100 million (EUR 115 million).
In an international coordinated action carried out in November 2022, 142 users and administrators of the website were arrested across the world. The main administrator of the website was arrested in the UK on 6 November.
On 8 November 2022, the website and server was seized and taken offline by US and Ukrainian authorities.
The case was opened at Eurojust in October 2021 at the request of the UK authorities. National authorities from ten countries, including European Union Member States and third countries, supported the investigation. The Agency played a key role in facilitating the judicial cross-border cooperation among all parties involved. Two coordination meetings were hosted by Eurojust to coordinate the national investigations and to prepare for the action.
On a request of the United Kingdom, Europol started supporting the case earlier that same summer (August 2021). Since then, Europol’s European Cybercrime Centre (EC3) has been providing continuous intelligence development to the national investigators through the Joint Cybercrime Action Taskforce (J-CAT). In addition, EC3 provided a secure platform for law enforcement to exchange large packages of evidence. In the framework of its analytical work, Europol was able to identify additional users of the iSpoof service, a number of which were already known for their involvement in other high-profile cybercrime investigations at the European level.
The following authorities took part in or supported this investigation:
- Australia: Australian Federal Police
- Canada: Royal Canadian Mounted Police – Federal Policing Cybercrime Investigation Team Toronto
- France: Cyber Criminality Unit – PPO Paris; Law Enforcement : C3N – Gendarmerie Nationale
- Germany: Office of the Public Prosecutor General in Bamberg – Bavarian Central Office for the Prosecution of Cybercrime
- Ireland: An Garda Síochána
- Lithuania: Prosecutor General’s Office of the Republic of Lithuania; Lithuanian Criminal Police Bureau
- Netherlands: Cybercrime team Midden-Nederland and Public Prosecutor’s Office Midden-Nederland
- Ukraine: Department of cyber police of National Police of Ukraine
- United Kingdom: Metropolitan Police Service (Cyber Crime Unit), City of London Police, and Crown Prosecution Service
- United States: Federal Bureau of Investigation – Pittsburgh Division; United States Secret Service – Pittsburgh Field Office; and the United States Attorney’s Office for the Western District of Pennsylvania