Europol’s top hacking ring takedowns

6 of 7 NEXT PREV

Shylock

In 2014, Europol and other law enforcement agencies seized servers which provided the backbone of the Shylock malware campaign, used to attack banks and financial institutions worldwide.
The Shylock financial Trojan, named so due to code references to Shakespeare's The Merchant of Venice, infected at least 30,000 PCs worldwide, targeting those in the UK, US, Italy, and Turkey.

Published: June 5, 2019 -- 13:47 GMT (14:47 BST)
Caption by: Charlie Osborne
Game over, Zeus

Another takedown of note in the same year was the seizure of infrastructure belonging to the operators of the Gameover Zeus botnet and CryptoLocker ransomware.
While variants of Zeus and CryptoLocker are still found in the wild, the police operation did stop the Gameover Zeus scheme in its tracks -- albeit after victims suffered an estimated $100 million in losses. The mastermind behind Gameover Zeus, Evgeniy Mikhaylovich Bogachev, is still wanted by the FBI.

Published: June 5, 2019 -- 13:47 GMT (14:47 BST)
Caption by: Charlie Osborne
ATM skimming

In 2017, Europol hunted down those believed to be part of a global ATM skimming ring.
ATM skimming involves tampering with ATM hardware or software, often through physical cameras and skimming systems, in order to swipe the card details of innocent users.
As part of "Operation Neptune," the police arrested four Bulgarians who used the stolen data to create clone cards capable of withdrawing cash from their victims' accounts in countries including Belize, Indonesia, and Jamaica.

Published: June 5, 2019 -- 13:47 GMT (14:47 BST)
Caption by: Charlie Osborne
Carbanak and Cobalt

Fast forward to 2018 and we have the arrest of the alleged operators of Carbanak and Cobalt malware campaigns by Europol. Active since 2013, the criminals conducted a series of successful heists which allowed them to cash in an estimated €10 million per successful heist, with overall theft believed to be over the €1 billion mark.
The group is known as Fin7. The source code for Carbanak has recently been discovered on VirusTotal.

Published: June 5, 2019 -- 13:47 GMT (14:47 BST)
Caption by: Charlie Osborne
Counterfeit cash

Another campaign foiled in 2018 was a vast plot which involved the purchase of counterfeit euro banknotes in the Dark Web.
It's rather easy to purchase illegal goods and fake money online if you know where to look, but as this case highlighted, law enforcement is able to track down underground traders.
In total, almost 300 house searches were conducted in 13 different countries and 235 suspects were detained. Drugs, weapons -- including guns and nunchaku -- 1,5000 banknotes and cryptocurrency stashes were also seized.
The producer of the banknotes had been arrested months prior. Over 10,000 counterfeit notes were shipped around Europe.

Published: June 5, 2019 -- 13:47 GMT (14:47 BST)
Caption by: Charlie Osborne
Cashing in on cryptocurrency

An interesting cryptocurrency-related case was the arrest of a UK citizen for allegedly stealing $11.4 million in IOTA virtual currency.
The thefts took place in January 2018. The man in question operated a website which promised to generate random, strong passwords for IOTA wallets, but secretly, the suspect was logging the passwords for use, later on, to break into user accounts and steal away their funds.

Published: June 5, 2019 -- 13:47 GMT (14:47 BST)
Caption by: Charlie Osborne
Wall Street Market

One of Europol's most recent successes is the closure of Wall Street Market, a Dark Web marketplace which sold weapons, drugs, hacking tools, and stolen data.
After the trading posts' operators performed an exit scam and scarpered with $14.2 million in cryptocurrency, law enforcement seized the server belonging to the website.

Published: June 5, 2019 -- 13:47 GMT (14:47 BST)
Caption by: Charlie Osborne

6 of 7 NEXT PREV

European law enforcement has smashed everything from Dark Web marketplaces to ATM skimmer rings.

Cashing in on cryptocurrency

An interesting cryptocurrency-related case was the arrest of a UK citizen for allegedly stealing $11.4 million in IOTA virtual currency.

The thefts took place in January 2018. The man in question operated a website which promised to generate random, strong passwords for IOTA wallets, but secretly, the suspect was logging the passwords for use, later on, to break into user accounts and steal away their funds.

Published: June 5, 2019 -- 13:47 GMT (14:47 BST)

Caption by: Charlie Osborne

6 of 7 NEXT PREV