Many believe that the Mafia of old has long since been active. Not so, says Europol. The new and improved Mafia organized crime ring thrived on violence, intimidation and $12 million in online fraud profits; all specialties of the Mafia. International law enforcement has busted up an extensive cybercrime operation run by a gang with ties to the Italian Mafia.
The group allegedly used phishing attacks to defraud hundreds of victims. The suspects used various lures to convince victims (mostly Italian nationals but also Spanish, English, German and Irish targets) to wire money to bank accounts controlled by the criminal network, according to Europol. “The group, using hackers specialized in latest-generation phishing and vishing attacks and in the use of social-engineering techniques, had taken possession of the home banking credentials of victims… arranging bank transfers for thousands of Euro,” according to an announcement from the Italian National Police (Polizia di Stato).
The gang also engaged in other types of online fraud such as SIM swapping and business email compromise (BEC), Europol said. In all cases, the attackers laundered the money through a wide network of money mules and shell companies.
“The stolen sums were later recycled through the purchase of cryptocurrency or reinvested in further criminal activities, such as prostitution, drug production and trafficking, and arms trafficking,” according to the Polizia di Stato. In all, the crooks raked in a “profit” of about $12 million (€10 million) last year alone.
The Spanish National Police (Policía Nacional), supported by Polizia di Stato, Europol and Eurojust, made 106 arrests in the sting in Spain and Italy.
Law enforcement also froze 118 bank accounts and performed 16 house searches. During the latter, officers seized various collateral used in the operations, including electronic devices, 224 credit cards, SIM cards and point-of-sale terminals as well as an electric shock machine, which speaks to the gang’s ancillary criminal activities. “This large criminal network was very well organized in a pyramid structure, which included different specialized areas and roles,” according to a Monday statement from Europol. “Among the members of the criminal group were computer experts, who created the phishing domains and carried out the cyber-fraud; recruiters and organizers of the money muling; and money-laundering experts, including experts in cryptocurrencies.”
The gang members are mostly Italian nationals but ran the ring out of the Canary Islands, an autonomous zone that’s a territory of Spain specifically, in the city of Santa Cruz de Tenerife. Some of those apprehended were Italian fugitives, wanted for ties to organized crime groups like the Camorra in Naples, and Apulia’s Sacra Corona Unita, police said. “This group of criminals had managed to settle and enter different levels of society: Business networks, law firms and banking entities, among others,” according to a Policía Nacional statement. “This level of settlement not only gave the organization impunity for money laundering, but also for the different criminal activities of these Mafia groups carried out in Spain. Those activities included robberies and assault, as well as the involvement of several of its members in two homicides carried out on the island. “On one occasion they kidnapped a woman and, after threatening her at gunpoint, took her to an ATM to steal all the money and open 50 online bank accounts for the organization,” Spanish police said. “Once detained, they threatened the victim and those around her to prevent her from testifying.”
They added, “The extreme violence of this group was also manifested in other criminal actions. They beat up, robbed and extorted both members of the organization who deviated from internal regulations and other people or companies in Tenerife who, for fear of reprisals, did not report, which gave them a significant degree of impunity.”
The bust was carried out by traditional law enforcement as well as cyber experts: The Joint Cybercrime Action Taskforce (J-CAT) at Europol is a standing operational team that consists of cyber-liaison officers from different countries. “During the operational activities, Europol deployed two analysts and one forensic expert to Tenerife, Spain and one analyst to Italy,” according to the Europol statement. “Additionally, Europol funded the deployment of three Italian investigators to Tenerife to support the Spanish authorities during the action day.”
In 2012, Belgian police were called in to investigate a case involving computers of the Swiss Shipping Company, MSC. They found “tiny computers known as pwnies (pronounced ponies) packed in memory sticks and sitting on several of the workstations”, which caused dramatic and consistent computer slowdown. They realized that these pwnies were being used to steal important information needed “to track specific containers and gain access to restricted areas of the port.” Once these containers were ready for collection, the mafia swooped in, sending in their trucks to drive the containers away. Journalist Misha Glenny called it “the most dramatic example that law enforcement had ever seen of the fusion of two types of crime: a traditional mafia operation and criminal hackers.”
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization that offers cyber threat services that include RedXray and Cyber Threat Analysis Center (CTAC) to aid organizations for cyber threat hunting, notifications, and analysis. Service descriptions can be found at https://www.wapacklabs.com. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or email@example.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings