Law enforcement officials across 20 countries have arrested more than 1,000 individuals for various cyber-enabled financial crimes, including investment fraud, business email compromise (BEC) attacks, money laundering, and illegal online gambling.

The arrests took place over a four-month period between June and September 2021; they were part of an Interpol-coordinated operation code-named HAECHI-II that was designed to curb online financial crimes. During the operation, Interpol officials piloted a new global stop-payment mechanism called the Anti-Money Laundering Rapid Response Protocol (ARRP), which allowed them to intercept and recover nearly $27 million in illicit funds from cybercrime operations.

HAECHI-II is the second operation in a three-year effort to take down operators of certain types of financially motivated cybercrime, such as romance scams and illegal online gambling. Nations participating in the initiative include China, Japan, Korea, India, Spain, Thailand, Indonesia, Ireland, and Philippines.

Among those arrested as part of the HAECHI-II operation was the operator of a BEC attack against a Colombia-based textile company. The attack involved the perpetrators impersonating a legal representative from the company and fraudulently transferring more than $8 million from the textile company’s accounts to two bank accounts based in China. In that incident, Interpol was able to quickly freeze the illegally transferred funds and recover more than 90% of the money by using the new ARRP protocol to coordinate efforts between its bureaus in Beijing, Bogota, and Hong Kong. 

In another incident, officials involved with the HAECHI-II operation were able to recover more than $800,000 that was illegally transferred from a Slovenian’s company’s account to a bank account in China.

In addition to the arrests, law enforcement officials involved in the HAECHI-II operation were also able to gather a lot of intelligence on the tactics, techniques, and procedures (TTPs) that cybercriminals are using to carry out online financial crime, according to the Interpol. 

Information on as many as 10 unique new TTPs have been shared with Interpol’s 194 member countries so law enforcement officials in these nations have a better understanding of emerging criminal tactics and of commonalities between different cases, Interpol said.

In total, between June and September this year, Interpol arrested 1,003 individuals, closed 1,660 active investigations, and froze some 2,350 bank accounts associated with various online financial scams.

Law Enforcement on a Tear
HAECHI-II represents the stepped-up efforts that law enforcement agencies globally — led by Interpol — are putting into tackling a wide range of cybercrime. The efforts have yielded some significant results in recent months. These include the arrests of individuals believed responsible for tens of thousands of attacks involving the use of GandCrab and REvil/Sodinikobi ransomware families worldwide. The suspects are accused of demanding more than $225 million in these attacks over a period spanning four years.

A similar Interpol operation resulted in the arrest of an individual suspected of participating in the massive supply chain attack on Kaseya, which resulted in ransomware being deployed on systems belonging to thousands of downstream customers of several managed service providers.

Another recent Interpol investigation led to the arrests of six individuals thought to be the ringleaders of the Cl0p ransomware operation. The individuals are believed responsible for facilitating international transfers of more than $500 million linked to various ransomware attacks in recent years.

While such arrests are unlikely to do little to deter cybercrime in the short term, security experts have noted that they do demonstrate the reach, willingness, and growing ability of international law-enforcement agencies to find and nab individuals associated with major cybercrime operations. Many have said that such global cooperation is essential for the fight against cybercrime to yield results.

Source: www.darkreading.com