DarkMarket taken down in international police operation

DarkMarket, the world’s largest illegal marketplace on the dark web, has been taken offline in an international operation led by German police.  As well as Germany, law enforcement agencies from Australia, Denmark, Moldova, Ukraine, the United Kingdom (National Crime Agency), and the USA (DEA, FBI, and IRS) were involved. Europol supported the takedown with specialist operational analysis and coordinated the cross-border collaborative effort of the countries involved.

The Central Criminal Investigation Department in the German city of Oldenburg arrested an Australian citizen (the alleged operator of DarkMarket) near the German-Danish border over the weekend of 9/10 January 2020. The investigation, which was led by the cybercrime unit of the Koblenz Public Prosecutor’s Office, supported by the German Federal Criminal Police office (BKA), allowed officers to locate and close the marketplace, switch off the servers and seize the criminal infrastructure – more than 20 servers in Moldova and Ukraine. The stored data will give investigators new leads to further investigate moderators, sellers, and buyers.

The DarkMarket vendors mainly traded all kinds of drugs and sold counterfeit money, stolen or counterfeit credit card details, anonymous SIM cards and malware.

DARKMARKET IN FIGURES:

  • almost 500,000 users;
  • more than 2,400 sellers;
  • over 320,000 transactions;
  • more than 4,650 bitcoin and 12,800 monero transferred (at the current rate, this corresponds to a sum of more than €140 million).

PUBLIC-PRIVATE SECTOR COOPERATION

Europol’s European Cybercrime Centre (EC3) has established a dedicated Dark Web Team to work together with EU partners and law enforcement across the globe to reduce the size of this underground illegal economy.  This team focusses on:

  • sharing information;
  • providing operational support and expertise in different crime areas;
  • developing tools, tactics and techniques to conduct dark web investigations;
  • identifying threats and targets.

The EAST Payments Task Force and the EAST Expert Group on All Terminal Fraud work closely with Europol and other law enforcement agencies (national, regional and global).  EAST Global and National Members focus on the reporting of payment and terminal fraud (fraud types, fraud origins and due diligence), for the gathering, collation and dissemination of related information, trends and general statistics across all geographies.

EAST and FS-ISAC Join Forces to Help Combat Fraud with Cyber Threat Intelligence

Expanded partnership to protect and defend European payments infrastructure

EAST, and FS-ISAC have signed a Memorandum of Understanding (MOU) strengthening their sharing of secure payment-related intelligence to battle fraud.

In 2020, average monthly fraud cases reported by FS-ISAC members have increased by 82%.  The latest EAST European Payment Terminal Crime Report, covering the first six months of 2020, reported a 269% increase in ATM malware and logical attacks.  As fraud attempts have skyrocketed during the pandemic and digitization of financial services reaches a point of no return, it is critical for anti-fraud efforts and cybersecurity teams to work together more closely moving forward.

Specifically, the partnership strengthens:

  • operational intelligence sharing
  • anti-fraud and cybercrime prevention initiatives
  • malware analysis
  • strategic partnerships

“The current pandemic has accelerated changes taking place in the financial landscape,” said Lachlan Gunn, EAST Executive Director.  “Financially motivated cybercriminals targeting banks and other financial institutions have reacted accordingly and increasing our collaboration with FS-ISAC is an important step forward in the sharing of intelligence for the industry in Europe and beyond.”

“Accelerated global digitalisation combined with the growing sophistication of cybercriminals demands more sharing and collaboration in the financial sector, both regionally and globally,” said Lucie Usher, Intelligence Officer for EMEA at FS-ISAC.  “This strengthened collaboration between FS-ISAC and EAST will further enable intelligence sharing to better safeguard the European global financial system.”

The partnership was formalised in November during the 3rd EU Financial Cybercrime Coalition (EUFCC) meeting hosted by Europol and FS-ISAC.

ABOUT EAST

The European Association for Secure Transactions (EAST) was formed in 2004 and its remit covers both Terminal Security and Payment Security.  EAST has set up an international network to help improve public/private sector cross-border cooperation in the fight against organised cross-border crime.  Connect with EAST on LinkedIn, follow EAST on Facebook, or talk to EAST on Twitter.

ABOUT FS-ISAC

The Financial Services Information Sharing and Analysis Center (FS-ISAC) is the only global cyber intelligence sharing community solely focused on financial services.  Serving financial institutions and in turn their customers, the organisation leverages its intelligence platform, resiliency resources, and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyber threats.  Headquartered in United States, the organisation has offices in the United Kingdom and Singapore, and members in more than 70 countries.  To learn more, visit www.fsisac.com. To get clarity and perspective on the future of finance, data and cybersecurity from top C-level executives around the world, visit FS-ISAC Insights.

 

Carding Action by Police prevents €40 million in losses

EFECCCarding Action 2020, an operation led by law enforcement agencies from Italy and Hungary and supported by the UK and Europol, targeted fraudsters selling and purchasing compromised card details on websites selling stolen credit card data, known as ‘card shops’, and ‘dark web marketplaces’.

The operation sought to mitigate and prevent losses for financial institutions and cardholders. Group-IB and card schemes worked in close cooperation with police authorities from the countries involved. During the three-month operation, 90,000 pieces of card data were analysed and prevented approximately €40 million in losses.

Europol facilitated the coordination and the information exchange between law enforcement authorities and partners from the private sector. Europol’s experts provided operational analysis on large volumes of data and supported with expertise in the field of payment card fraud.

“Cybercrime can affect all aspects of our daily life, from paying in the supermarket, transferring money to our friends to using online communication tools or Internet of Things devices at home. Cybercriminals can attack us in different ways and this requires a robust response not only from law enforcement, but also from the private sector,” said Edvardas Sileris, Head of Europol’s European Cybercrime Centre (EC3). “With more than €40 million in losses prevented, Carding Action 2020 is a great example of how sharing information between private industries and law enforcement authorities is a key in combating the rising trend of e-skimming and preventing criminals from profiting on the back of EU citizens…..” he added.

The expansion of e-skimming attacks targeting merchant point of sale systems and e-commerce merchants also influenced the significant increase of prevented losses. As reported in Europol’s iOCTA 2020, card-not-present (CNP) fraud is a criminal threat in constant evolution, generating millions of euros of losses and affecting thousands of victims from across the EU.

The EAST Payments Task Force (EPTF) is a public-private sector platform that focusses on tackling the issues of e-skimming and payment fraud.

Cybercriminals will leverage AI as an attack vector and an attack surface

A jointly developed new report by Europol, the United Nations Interregional Crime and Justice Research Institute (UNICRI) and Trend Micro looking into current and predicted criminal uses of artificial intelligence (AI) has been released.  It provides law enforcers, policymakers and other organisations with information on existing and potential attacks leveraging AI and recommendations on how to mitigate these risks.

The report concludes that cybercriminals will leverage AI both as an attack vector and an attack surface.  Deep fakes are currently the best-known use of AI as an attack vector.  However, the report warns that new screening technology will be needed in the future to mitigate the risk of disinformation campaigns and extortion, as well as threats that target AI data sets.

For example, AI could be used to support:

  • convincing social engineering attacks at scale;
  • document-scraping malware to make attacks more efficient;
  • evasion of image recognition and voice biometrics;
  • ransomware attacks, through intelligent targeting and evasion;
  • data pollution, by identifying blind spots in detection rules.

The paper also warns that AI systems are being developed to enhance the effectiveness of malware and to disrupt anti-malware and facial recognition systems.

The EAST Payments Task Force is focussed on payment issues related to social engineering, malware, ransomware and other cyber threats, and notes that this report is an important step forward in assessing the rapid evolution of cybercrime.

The three organisations make several recommendations to conclude the report:

  • harness the potential of AI technology as a crime-fighting tool to future-proof the cybersecurity industry and policing;
  • continue research to stimulate the development of defensive technology;
  • promote and develop secure AI design frameworks;
  • de-escalate politically loaded rhetoric on the use of AI for cybersecurity purposes;
  • leverage public-private partnerships and establish multidisciplinary expert groups.

For more information and to download the report visit Europol’s website

EPTF holds Eighth Meeting

The Eighth Meeting of the EAST Payments Task Force (EPTF) took place on Wednesday 11th November 2020.  Due to the Covid-19 situation it was conducted as a virtual meeting and 19 EPTF members participated.

The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

The meeting was chaired by Mr Rui Carvalho, EAST Development Director, and key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors and Solution Providers took part.

There was a detailed discussion on the impact of Covid-19 on fraud, on e-skimming, and on Instant Payments.  INTERPOL, Europol and the DCPCU provided the law enforcement perspective, and short presentations were also made by Diebold Nixdorf, Fiducia & GAD, ING Bank, MasterCard Members’ Association, PAN-Nordic Card Association, PSA, PLUSCARD, STMP, tietoEVRY and Trend Micro.

The Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.  EAST National Members represent 35 countries and outputs from the group are presented to National Member Meetings.  There are 209 EAST Associate Member Organisations from 53 countries and territories.

EAST presents on ATM Attacks at EUFCC

EUFCC

On 3rd November 2020, Europol and the FS-ISAC hosted the 3rd EU Financial Cybercrime Coalition (EUFCC) meeting. The virtual event brought together EU law enforcement and the financial sector to discuss financially motivated cybercrime in three dedicated workshops. Subject matter experts from both the private sector and law enforcement discussed the latest threats and trends in relation to ransomware, ATM attacks, and cyber-enabled fraud and business email compromise.

In the ATM Attacks session, Europol gave the law enforcement perspective and EAST Executive Director Lachlan Gunn gave a presentation from the viewpoint of the industry. The main issue covered was black box attacks which, as highlighted by the latest crime statistics published by EAST, are a rising threat in Europe.

The EAST presentation highlighted how its public/private sector platforms operate, and the latest ATM Attack trends.  The key topics covered by EAST were:

EAST also touched on e-skimming, and EAST Development Director Rui Carvalho, who also chairs the EAST Payments Task Force (EPTF), commented that, while skimming attacks on terminals are at the lowest level ever reported by EAST, e-skimming is a rising threat.  This is on the Agenda for discussion at the 8th EPTF Meeting, which will be held on 11th November 2020.

COVID-19 impact on Non-Cash Payment Fraud

EAST Executive Director Lachlan Gunn presented at a webinar organised by the European Union Agency for Law Enforcement Training (CEPOL) that focussed on the impact of the COVID-19 pandemic on Non-Cash Payment Fraud.  The webinar took place on Thursday 29 October and was attended by over 80 representatives from European Law Enforcement Agencies and Judicial Authorities specialised in electronic payment fraud investigations.

The objective of the webinar was to raise awareness of:

  • different trends and typologies of electronic payment frauds (Card Present Fraud and Card Not Present Fraud);
  • public-private cooperation and role of the private sector in combatting non-cash payment fraud.

The EAST presentation highlighted the role played by EAST in combatting financial crime, how its public/private sector platforms operate, and the impact of the COVID-19 pandemic.  The key topics covered by EAST were:

EAST Publishes Fraud Update 3-2020

EAST has just published its third Fraud Update for 2020. This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 8 non-SEPA countries, at the 2nd (virtual) EAST Interim Meeting held on 7th October 2020.

The following countries supplied full or partial information for this Update:

Armenia, Austria; Canada; Cyprus; Finland; France; Germany; Greece; Hong Kong; Italy; Liechtenstein; Luxembourg; Mexico; Netherlands; Norway; Portugal; Romania; Russia; Slovakia; South Africa; Spain; Sweden; Switzerland; Turkey; Ukraine; United Kingdom.

FRAUD TYPE

Fraud Update

To date in 2020 the EAST Payments Task Force (EPTF) has published one related Payment Alert and the EAST Expert Group on All Terminal Fraud (EGAF) has published ten related Fraud Alerts.

Fraud Update

FRAUD ORIGIN

To date in 2020 the EPTF has published three related Payment Alerts.

To date in 2020 EAST EGAF has published thirteen related Fraud Alerts.

DUE DILIGENCE

PHYSICAL ATTACKS

To date in 2020 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published five related Physical Attack Alerts.

The full European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

Preventing Physical ATM Attacks – advice in all EU Languages

physical ATM attacksTo counter the increase in physical ATM attacks in Europe, affecting an increasing number of European countries, the European Crime Prevention Network (EUCPN) and Europol organised a conference (January 2019) bringing together law enforcement and public and private partners to look at the prevention of this crime. EAST was represented at the event by Executive Director Lachlan Gunn.  The output was a recommendation paper summarising the conclusions of the conference and aimed at raising authorities’ awareness of physical ATM attacks and preventive measures.

This recommendation paper has now been translated into all the EU languages and is available for download from the EUCPN website.

In the most recent European Payment Terminal Crime Report published by EAST on 13 October 2020, and covering the first 6 months of this year, ATM explosive attacks (including explosive gas and solid explosive attacks) were up 0.4% (from 503 to 505 incidents). Losses due to physical ATM attacks were €12.6 million, an 11% increase from the €11.4 million reported during the same period in 2019. This increase was driven by a rise in losses due to explosive and gas attacks, which were up 49% from €5.1 million to €7.6 million.

Black Box attacks increase across Europe

Black BoxEAST has just published a European Payment Terminal Crime Report covering the first six months of 2020 which reports a sharp increase in Black Box attacks on European ATMs.

ATM malware and logical attacks against ATMs were up 269% (from 35 to 129) and all the reported attacks were Black Box attacks. A Black Box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, in order to ‘cash-out’ or ‘jackpot’ the ATM. Related losses were up from less than €1,000, to just over €1 million.

EAST Executive Director Lachlan Gunn said, “Overall crime at terminals has decreased during the lockdown phase of the pandemic. While this rise in Black Box attacks is of concern, most such attacks remain unsuccessful. Our Expert Group on All Terminal Fraud (EGAF) is focussed on addressing this issue, with close cooperation between industry partners and law enforcement. In January 2019 EGAF worked with Europol to update a document, published by Europol, entitled ‘Guidance & recommendations regarding logical attacks on ATMs’. This is currently available in English, French, German, Russian, Spanish and Turkish”.

Terminal related fraud attacks were down 66% (from 10,723 to 3,631 incidents). Card skimming fell to another all-time low (down from 731 to 321 incidents) and transaction reversal fraud (TRF) at ATMs decreased by 97% (down from 3,405 to just 108 incidents). Total losses of €109 million were reported, down 12% from the €124 million reported during the same period in 2019.

ATM related physical attacks were down 23% (from 2,376 to 1,829 incidents). Attacks due to ram raids and ATM burglary were down 34% (from 610 to 405 incidents) and ATM explosive attacks (including explosive gas and solid explosive attacks) were up 0.4% (from 503 to 505 incidents). Losses due to ATM related physical attacks were €12.6 million, an 11% increase from the €11.4 million reported during the same period in 2019. This increase was driven by a rise in losses due to explosive and gas attacks, which were up 49% from €5.1 million to €7.6 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)