EAST Celebrates 20th Anniversary

At the 6th EAST Global Congress, kindly hosted by EURO Kartensysteme GmbH (EKS) in Frankfurt, members celebrated EAST’s 20th Anniversary in a traditional setting.

Some key milestones from the EAST journey are:

  • The very first EAST meeting was held in Brussels on 11 February 2004, chaired by Rafael Rondelez (Europol).  Of the 13 people who attended that founding meeting three are still active in EAST – Otto de Jong (ING), Lachlan Gunn (EAST) and Ari Partenen (Loomis Automatia Oy).  Another founder member, Susanne Kreuzer (formerly of EKS), was able to join the 20th anniversary celebration.  Susanne retired from EAST in 2019.  Europol has remained a key partner of EAST since 2004.
  • In 2007 it was agreed that EAST should take on its own legal identity and that a non-profit company, limited by guarantee, should be formed and a Board of Directors appointed. Formal National membership commenced.  Three EAST Directors chair EAST Global Congress meetings in rotation.  The current EAST Chair is Thomas Von der Gathen (Payment Services Austria) and the other two Directors on the rota are Veronica Borgogna (Worldline) and Graham Mott (LINK Scheme).
  • In 2012 the EAST Associate membership category was introduced to allow for wider participation in EAST activities and for wider circulation of EAST outputs.  These outputs currently include Crime Reports, Fraud Alerts, Fraud Updates, Payment Alerts, Physical Attack Alerts, Security Alerts, and Security Updates.
  • On 15 May 2013 the EAST Expert Group on All Terminal Fraud (EGAF) was launched in Amsterdam, chaired by Otto de Jong.  Working closely with Europol and other law enforcement agencies, over the years EGAF has made a huge difference to law enforcement and the industry by providing Fraud Alerts, Security Alerts and Updates, and various Guideline documents. Otto continues to chair EGAF.
  • On 13-14 June 2013 the first EAST international Financial Crime and Security (FCS) Forum was held in The Hague.  Since then EAST has held two more Forums in 2015 and 2017 and then EGAF and EGAP FCS seminars in 2018 and 2019. Since Covid EAST has not held any more FCS events, but this is under review for the future.
  • On 7 May 2014 the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) was launched in London, chaired by Graham Mott.  EGAP has worked with Europol to create a platform where law enforcement and private sector organisations can share crime statistics and trends.  EGAP provides Physical Attack Alerts and various Guideline documents. More recently EGAP has also engaged with the European Central Bank (ECB) and the 21st EGAP Meeting will be hosted by the ECB next month.  Graham continues to Chair EGAP.
  • On 10 June 2015 Europol’s European Cybercrime Centre (EC3) signed a Memorandum of Understanding (MoU) with EAST in order to further strengthen the cooperation in combating all types of payment crime, including card-not-present fraud, card present fraud, hi-technology crime, as well as ATM malware and physical attacks.
  • On 19 April 2017 the EAST Expert Group on Payment and Transaction Fraud (EPTF) was launched in Dublin, chaired by Rui Carvalho (EAST).  EPTF is working with Europol and other agencies to provide a specialist platform for discussion of security issues affecting the payments industry with a specific focus on social engineering, scams, and on fraud relating to customer manipulation by organised criminal groups.  EPTF provides Payment Alerts and Security Alerts and Updates.  Rui continues to chair EPTF.
  • In September 2018 EAST became a member of Europol’s Advisory Group on Financial Services, an advisory group to the Programme Board of the European Cybercrime Centre (EC3).  Rui  represents EAST in the Group.
  • On 12 February 2020 EAST held its 50th National Member meeting, hosted by PSA in Vienna.  This was the final meeting attended by EAST co-founder Martine Hemmerijckx.  This was followed by the Covid pandemic during which EAST National members held 6 Interim online meetings.
  • In 2021 the EAST Global Membership category was introduced to widen the scope of EAST membership in response to the increasing globalisation of organised criminal groups.
  • In June 2021 EAST joined the European Commissions PSMEG (Payment System Market Experts Group) with observer status, represented by Thomas Von der Gathen.
  • On 16 June 2022 EAST held its first Global Congress, hosted by Europol in The Hague.

The 20th Anniversary celebration was also a farewell to Margit Schneider of EKS who is soon retiring.  Margit has been a member of EAST since 2007.  EAST Executive Director Lachlan Gunn thanked her for her significant contribution to the group and Thomas Von der Gathen presented her with a commemorative plaque.

In recognition of EAST’s 20th Anniversary Olesya Danylchenko of the Ukrainian Interbank Payment Systems Member Association “EMA” presented EAST with a national flag.  Lachlan accepted the gift on behalf of EAST.

EAST is a Membership Association and its success to date could not have been possible without the active support of all its member organisations and of all the people who represent their organisations at EAST.  The Board of EAST would like to take the occassion of EAST’s 20th Anniversary to thank everyone who has helped EAST in its mission to continue to improve public/private sector cross-border cooperation in the fight against organised cross-border financial crime!

EAST

 

Europol publishes Italian language version of ATM Logical Attack Guidelines

ATM Logical Attack Guidelines - Italian LanguageEuropol’s European Cybercrime Centre (EC3) has just published an Italian language version of guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the updated document was officially launched at the 1st EAST Global Congress, which took place on Thursday 16th June 2022 at Europol’s HQ in The Hague.  The document is now available in English and Italian.  Work on versions in other languages is in progress.

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Descrizione dei Modi Operandi)
  2. Mitigating the risk of ATM Logical Attacks, Setting up Lines of Defence (Mitigazione del Rischio di Attacchi Logici Agli ATM, Creazione di Linee di Difesa)
  3. Identifying and responding to Logical Attacks (Identificazione e Risposta agli Attacchi Logici)

This latest version has many updates including improved advice on lines of defence and countermeasures, and a direct link (QR code) to the countermeasures published by EAST.

The original ATM Logical Attack Guidelines were published in 2015, with a first update in 2018.  They have been acknowledged as being of great value by both the industry and law enforcement, and the low success rate of ATM logical attack levels in Europe can no doubt be attributed to the fact that this guidance has been widely followed.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National, Global, and Associate).

Europol launches updated ATM Logical Attack Guidelines at 1st EAST Global Congress

Europol has published updated guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The new document was officially launched at the 1st EAST Global Congress, which took place on Thursday 16th June 2022 at Europol’s HQ in The Hague.  Production of the document was coordinated by the EAST Expert Group on All Terminal Fraud (EGAF).

It has three sections:

  1. Description of Modi Operandi
  2. Mitigating the risk of ATM Logical Attacks, Setting up Lines of Defence
  3. Identifying and responding to Logical Attacks

This latest version has many updates including improved advice on lines of defence and countermeasures, and a direct link (QR code) to the countermeasures published by EAST.

The original Guidelines were published in 2015, with a first update in 2018.  They have been acknowledged as being of great value by both the industry and law enforcement, and the low success rate of ATM logical attack levels in Europe can no doubt be attributed to the fact that this guidance has been widely followed.

Lachlan Gunn, EAST Executive Director, said “This latest version draws upon feedback and expertise from both law enforcement and the private sector, cemented by a working partnership between Europol and EAST EGAF.  We are very grateful to Edvardas Šileris, Head of Europol’s European Cybercrime Centre (EC3), and his team at for making this possible.  I would like to thank Otto de Jong (ING Bank and EAST EGAF Chair) and Christian Beine (Diebold Nixdorf) for their key role in leading this exercise, and to also extend my thanks to GMV, INTERPOL, NCR, TMD Security and Trend Micro for their invaluable work and contributions”. 

ATM Logical Attacks

Pictured above at the launch are (Left to right) Lachlan Gunn, Edvardas Šileris, and Otto de Jong.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National, Global, and Associate).

Dark Web vendors and buyers taken out by International Police Operation

Police forces across the world have arrested 150 alleged suspects involved in buying or selling illicit goods on the dark web as part of a coordinated international operation involving nine countries.  Over €26.7 million (USD 31 million) in cash and virtual currencies were seized in this operation, as well as 234 kg of drugs and 45 firearms.

Operation Dark HunTOR, was composed of a series of separate but complementary actions in Australia, Bulgaria, France, Germany, Italy, the Netherlands, Switzerland, the United Kingdom and the United States, with coordination efforts led by Europol and Eurojust. This follows on from the takedown earlier this year of DarkMarket, the world’s then-largest illegal marketplace on the dark web.  At the time, German authorities arrested the marketplace’s alleged operator and seized the criminal infrastructure, providing investigators across the world with substantial evidence.  Europol’s European Cybercrime Centre (EC3) has since been compiling intelligence packages to identify the key targets.

As a result, 150 vendors and buyers who engaged in tens of thousands of sales of illicit goods were arrested across Europe and the United States.  A number of these suspects were considered as High-Value Targets by Europol.

EFECCThe arrests took place in the United States (65), Germany (47), the United Kingdom (24), Italy (4), the Netherlands (4), France (3), Switzerland (2) and Bulgaria (1).  A number of investigations are still ongoing to identify additional individuals behind dark web accounts.

In the framework of this operation the Italian authorities also shut down the DeepSea and Berlusconi dark web marketplaces, which together boasted over 100,000 announcements of illegal products.  Four administrators were arrested, and €3.6 million in cryptocurrencies was seized.

Europol’s EC3 facilitated the information exchange in the framework of the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol’s headquarters in The Hague, the Netherlands.

EAST EGAP holds 16th Meeting

The 16th Meeting of the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) took place on Wednesday 1st September 2021.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Graham Mott of the LINK Scheme.

  • Europol gave a central assessment of the ATM physical attack situation in Europe
  • National Threat Assessments were shared by representatives from 19 countries:
CountryUpdate(s) Given By
AustriaCriminal Intelligence Service
BrazilTecBan
BulgariaNational Police
CroatiaMUP Croatia
Czech RepublicCriminal Police
FranceGendarmerie - OCLDI
GermanyBKA
GreeceHellenic Police
HungaryNational Bureau of Investigation
IrelandAn Garda Siochana
ItalyMIB
LuxembourgService de Police Judiciare
NetherlandsNational Police
PolandNational Police
PortugalPolicia Judiciare
South AfricaSABRIC
SpainGuardia Civil / National Police / Autonomous Police of Catalonia
SwitzerlandFederal Office of Police (FEDPOL)
United KingdomSaferCash / West Midlands Police (ROCU)

Experts from the following organisations also participated in the meeting:  ATM Safe, Barclays, Cyprus Police, Danish National Police, Feerica S.A., Gunnebo, Guarda Nacional Republicana, HSBC, Mactwin Security, Malta Police Force, NatWest Group, National Bureau of Intelligence (HU), National Bureau of Investigation (FI), NCR, Oberthur Cash Protection, Policia de Seguranca Publica,  Scotia Security Group, Spinnaker.

EAST EGAP is a European specialist expert forum for discussion of ATM,  ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices. The latest lists can be downloaded from the ‘Stained Banknotes’ page on this website (bottom of page).

The Group meets twice each year to enable in-depth and technical discussion to take place. The areas covered include:

  • The latest incidents and criminal MOs
  • The collection and distribution of best practice guidelines
  • The evolution of threats and counter-measures
  • Lessons from and on law enforcement

Europol publishes the EU SOCTA 2021 – Serious Organised Crime is of growing concern

EU SOCTA 2021Europol has published the European Union (EU) Serious and Organised Crime Threat Assessment (EU SOCTA 2021). The SOCTA, published by Europol every four years, presents a detailed analysis of the threat of serious and organised crime facing the EU. The SOCTA is a forward-looking assessment that identifies shifts in the serious and organised crime landscape.  It details the operations of criminal networks in the EU and how their criminal activities and business practices threaten to undermine societies, economy and institutions, and slowly erode the rule of law. The report provides unprecedented insights into Europe’s criminal underworld based on the analysis of thousands of cases and pieces of intelligence provided to Europol.

The SOCTA 2021 warns of the potential long-term implications of the COVID-19 pandemic and how these may create ideal conditions for crime to thrive in the future, highlighting serious and organised crime as the key internal security challenge currently facing the EU and its Member States.  The report highlights key characteristics of serious and organised crime such as the widespread use of corruption, the infiltration and exploitation of legal business structures for all types of criminal activity, and the existence of a parallel underground financial system that allows criminals to move and invest their multi-billion euro profits.

KEY FINDINGS OF THE SOCTA 2021

  • Serious and organised crime has never posed as high a threat to the EU and its citizens as it does today.
  • The COVID-19 pandemic and the potential economic and social fallout expected to follow threaten to create ideal conditions for organised crime to spread and take hold in the EU and beyond. Once more confirmed by the pandemic, a key characteristic of criminal networks is their agility in adapting to and capitalising on changes in the environment in which they operate. Obstacles become criminal opportunities.
  • Like a business environment, the core of a criminal network is composed of managerial layers and field operators. This core is surrounded by a range of actors linked to the crime infrastructure providing support services.
  • With nearly 40 percent of the criminal networks active in drugs trafficking, the production and trafficking of drugs remains the largest criminal business in the EU.
  • The trafficking and exploitation of human beings, migrant smuggling, online and offline frauds and property crime pose significant threats to EU citizens.
  • Criminals employ corruption. Almost 60% of the criminal networks reported engage in corruption.
  • Criminals make and launder billions of euros annually. The scale and complexity of money laundering activities in the EU have previously been underestimated. Professional money launderers have established a parallel underground financial system and use any means to infiltrate and undermine Europe’s economies and societies.
  • Legal business structures are used to facilitate virtually all types of criminal activity with an impact on the EU. More than 80% of the criminal networks active in the EU use legal business structures for their criminal activities.
  • The use of violence by criminals involved in serious and organised crime in the EU appears to have increased in terms of the frequency of use and its severity. The threat from violent incidents has been augmented by the frequent use of firearms or explosives in public spaces.
  • Criminals are digital natives. Virtually all criminal activities now feature some online component and many crimes have fully migrated online. Criminals exploit encrypted communications to network among each other, use social media and instant messaging services to reach a larger audience to advertise illegal goods, or spread disinformation.

EAST EGAP holds 15th Meeting

The 15th Meeting of the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) took place on Wednesday 3rd March 2021.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Graham Mott of  the LINK Scheme.

The meeting was attended by 54 key representatives from Law Enforcement, Terminal Deployers, ATM Networks and Security Equipment Vendors.

  • Europol gave a central assessment of the ATM physical attack situation in Europe.
  • The ECB gave an update on the latest bank notes in circulation, cash usage statistics, and Intelligent Banknote Neutralisation Systems (IBNS) used in the Euro area.
  • National Threat Assessments were shared by representatives from 17 countries:
CountryUpdate(s) Given By
AustriaCriminal Intelligence Service
BrazilTecBan
FinlandAutomatia / National Bureau of Investigation
FranceGendarmerie - OCLDI
GermanyBKA
GreeceHellenic Police
HungaryNational Bureau of Investigation
IrelandAn Garda Siochana
ItalyMIB
LuxembourgService de Police Judiciare
NetherlandsNational Police
PolandNational Police HQ
PortugalPolicia Judiciare / Policia de Seguranca Publica
RomaniaRomanian Police - CID
SpainGuardia Civil / Autonomous Police of Catalonia
SwitzerlandFederal Office of Police (FEDPOL)
United KingdomSaferCash / West Midlands Police (ROCU)

Experts from the following organisations also particpated in the meeting:  ATM Safe, Barclays, Cennox, Diebold Nixdorf, Feerica S.A., Gunnebo, HSBC, Malta Police Force, NCR, Oberthur Cash Protection, Payment Services Austria (PSA), Petersen-Bach A/S, Professional Witnesses Group,  Spinnaker, Swedish Police, TMD Security.

EAST EGAP is a European specialist expert forum for discussion of ATM,  ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices. The latest lists can be downloaded from the ‘Stained Banknotes’ page on this website (bottom of page).

The Group meets twice each year to enable in-depth and technical discussion to take place. The areas covered include:

  • The latest incidents and criminal MOs
  • The collection and distribution of best practice guidelines
  • The evolution of threats and counter-measures
  • Lessons from and on law enforcement

SIM swapping gang taken down by Police

Ten hackers who stole over $100 million in cryptocurrencies from celebrities and influencers in SIM swapping attacks have been apprehended in an international operation co-ordinated by Europol.

Eight criminals were arrested on 9 February as a result of an international investigation into the series of attacks targeting high-profile victims in the United States. These arrests followed earlier ones in Malta and Belgium of other members belonging to the same criminal network.

The attacks orchestrated by the gang targeted thousands of victims throughout 2020, including famous internet influencers, sport stars, musicians and their families.  The criminals are believed to have perpetrated the thefts after illegally gaining access to their phones.  The criminals worked together to access the victims’ phone numbers and take control of their apps or accounts by changing the passwords.  This enabled them to steal money, cryptocurrencies and personal information, including contacts synced with online accounts. They also hijacked social media accounts to post content and send messages masquerading as the victim.

SIM SWAPPING

SIM swapping fraud was identified as a rising trend in the latest Europol Internet Organised Crime Threat Assessment. Cybercriminals take over the use of a victim’s phone number by essentially deactivating their SIM and porting the allocated number over to a SIM belonging to a member of the criminal network.  This is typically achieved by the criminals exploiting phone service providers to do the swap on their behalf, either via a corrupt insider or using social engineering techniques.

SIM swapping

DON’T BE THE NEXT VICTIM

It’s not just celebrities who are under attack.  Anyone with a mobile phone can fall victim to SIM swapping. The above image gives some tips as to how to protect yourself against the threat, and information can also be found on Europol’s dedicated page.

For more advice on how to protect your financial information from such a scam, watch the clip below.

The EAST Payments Task Force (EPTF) focusses on the security of payments and transactions, and SIM swapping falls within its remit.

DarkMarket taken down in international police operation

DarkMarket, the world’s largest illegal marketplace on the dark web, has been taken offline in an international operation led by German police.  As well as Germany, law enforcement agencies from Australia, Denmark, Moldova, Ukraine, the United Kingdom (National Crime Agency), and the USA (DEA, FBI, and IRS) were involved. Europol supported the takedown with specialist operational analysis and coordinated the cross-border collaborative effort of the countries involved.

The Central Criminal Investigation Department in the German city of Oldenburg arrested an Australian citizen (the alleged operator of DarkMarket) near the German-Danish border over the weekend of 9/10 January 2020. The investigation, which was led by the cybercrime unit of the Koblenz Public Prosecutor’s Office, supported by the German Federal Criminal Police office (BKA), allowed officers to locate and close the marketplace, switch off the servers and seize the criminal infrastructure – more than 20 servers in Moldova and Ukraine. The stored data will give investigators new leads to further investigate moderators, sellers, and buyers.

The DarkMarket vendors mainly traded all kinds of drugs and sold counterfeit money, stolen or counterfeit credit card details, anonymous SIM cards and malware.

DARKMARKET IN FIGURES:

  • almost 500,000 users;
  • more than 2,400 sellers;
  • over 320,000 transactions;
  • more than 4,650 bitcoin and 12,800 monero transferred (at the current rate, this corresponds to a sum of more than €140 million).

PUBLIC-PRIVATE SECTOR COOPERATION

Europol’s European Cybercrime Centre (EC3) has established a dedicated Dark Web Team to work together with EU partners and law enforcement across the globe to reduce the size of this underground illegal economy.  This team focusses on:

  • sharing information;
  • providing operational support and expertise in different crime areas;
  • developing tools, tactics and techniques to conduct dark web investigations;
  • identifying threats and targets.

The EAST Payments Task Force and the EAST Expert Group on All Terminal Fraud work closely with Europol and other law enforcement agencies (national, regional and global).  EAST Global and National Members focus on the reporting of payment and terminal fraud (fraud types, fraud origins and due diligence), for the gathering, collation and dissemination of related information, trends and general statistics across all geographies.

Cybercriminals will leverage AI as an attack vector and an attack surface

A jointly developed new report by Europol, the United Nations Interregional Crime and Justice Research Institute (UNICRI) and Trend Micro looking into current and predicted criminal uses of artificial intelligence (AI) has been released.  It provides law enforcers, policymakers and other organisations with information on existing and potential attacks leveraging AI and recommendations on how to mitigate these risks.

The report concludes that cybercriminals will leverage AI both as an attack vector and an attack surface.  Deep fakes are currently the best-known use of AI as an attack vector.  However, the report warns that new screening technology will be needed in the future to mitigate the risk of disinformation campaigns and extortion, as well as threats that target AI data sets.

For example, AI could be used to support:

  • convincing social engineering attacks at scale;
  • document-scraping malware to make attacks more efficient;
  • evasion of image recognition and voice biometrics;
  • ransomware attacks, through intelligent targeting and evasion;
  • data pollution, by identifying blind spots in detection rules.

The paper also warns that AI systems are being developed to enhance the effectiveness of malware and to disrupt anti-malware and facial recognition systems.

The EAST Payments Task Force is focussed on payment issues related to social engineering, malware, ransomware and other cyber threats, and notes that this report is an important step forward in assessing the rapid evolution of cybercrime.

The three organisations make several recommendations to conclude the report:

  • harness the potential of AI technology as a crime-fighting tool to future-proof the cybersecurity industry and policing;
  • continue research to stimulate the development of defensive technology;
  • promote and develop secure AI design frameworks;
  • de-escalate politically loaded rhetoric on the use of AI for cybersecurity purposes;
  • leverage public-private partnerships and establish multidisciplinary expert groups.

For more information and to download the report visit Europol’s website