‘Spoofing-as-a-service’ takedown: EU supports 142 arrests by police from 10 countries

In a coordinated action led by the United Kingdom and supported by Europol and Eurojust on 8 November 2022, a website and server that allowed fraudsters to impersonate trusted corporations or contacts to access sensitive information from victims was seized and taken offline by US and Ukrainian authorities. 142 suspects have been arrested, including the main administrator, of a type of cybercrime known as ‘spoofing’.

The website is believed to have caused an estimated worldwide loss in excess of GBP 100 million (EUR 115 million).  Investigations showed that the website itself earned over EUR 3.7 million in 16 months. According to UK authorities, losses to victims at present are £43 million (EUR 49 million).

Sponsor ad

How it worked

The services of the website allowed those who sign up and pay for the service to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords. The users were able to impersonate an infinite number of entities (such as banks, retail companies and government institutions) for financial gain and substantial losses to victims.

Police from ten countries, collaborated with multiple EU agencies

The following authorities took part in or supported this investigation:

• Australia: Australian Federal Police
• Canada: Royal Canadian Mounted Police – Federal Policing Cybercrime Investigation Team Toronto
• France: Cyber Criminality Unit – PPO Paris; Law Enforcement : C3N – Gendarmerie Nationale
• Germany: Office of the Public Prosecutor General in Bamberg – Bavarian Central Office for the Prosecution of Cybercrime
• Ireland: An Garda Síochána
• Lithuania: Prosecutor General’s Office of the Republic of Lithuania; Lithuanian Criminal Police Bureau
• Netherlands: Cybercrime team Midden-Nederland and Public Prosecutor’s Office Midden-Nederland
• Ukraine: Department of cyber police of National Police of Ukraine
• United Kingdom: Metropolitan Police Service (Cyber Crime Unit), City of London Police, and Crown Prosecution Service
• United States: Federal Bureau of Investigation – Pittsburgh Division; United States Secret Service – Pittsburgh Field Office; and the United States Attorney’s Office for the Western District of Pennsylvania

Eurojust President Mr Ladislav Hamra commented: “As cybercrime knows no borders, effective judicial cooperation across jurisdictions is key in bringing its perpetrators to court. Eurojust supports national authorities in their efforts to protect citizens against online and offline threats, and to help see that justice gets done.”

How the case evolved

The case was opened at Eurojust in October 2021 at the request of the UK authorities. National authorities from ten countries, including European Union Member States and third countries, supported the investigation. The Agency played a key role in facilitating the judicial cross-border cooperation among all parties involved. Two coordination meetings were hosted by Eurojust to coordinate the national investigations and to prepare for the action.

On a request of the United Kingdom, Europol started supporting the case earlier that same summer (August 2021). Since then, Europol’s European Cybercrime Centre (EC3) has been providing continuous intelligence development to the national investigators through the Joint Cybercrime Action Taskforce (J-CAT). In addition, EC3 provided a secure platform for law enforcement to exchange large packages of evidence. In the framework of its analytical work, Europol was able to identify additional users of the iSpoof service, a number of which were already known for their involvement in other high-profile cybercrime investigations at the European level.

Further details

The same press release was issued by both Eurojust and Europol

Action against criminal website that offered spoofing services to fraudsters: 142 arrests.  Europol, Nov 24, 2022