EU adopts powers to respond to cyberattacks

Yahoo – AFP, Lachlan CARMICHAEL, May 17, 2019

EU ministers said the 28-nation group would, for the first time, be able to impose
asset freezes and travel bans on individuals, firms and state bodies implicated
in cyberattacks (AFP Photo/Kirill KUDRYAVTSEV)

Brussels (AFP) - The European Union on Friday adopted powers to punish those outside the bloc who launch cyberattacks that cripple hospitals and banks, sway elections and steal company secrets or funds.

EU ministers meeting in Brussels said the 28-nation group would now, for the first time, be able to impose asset freezes and travel bans on individuals, firms and state bodies implicated in such attacks.

"The Council (of EU countries) established a framework which allows the EU to impose targeted restrictive measures to deter and respond to cyberattacks," it said in a statement.

It added that sanctions will be considered if a cyberattack is determined to have had a "significant impact" on its target.

The goal is to bolster the security of EU institutions, firms and individuals against what Britain called an increase in the "scale and severity" of cyberattacks globally.

"This is decisive action to deter future cyberattacks," British Foreign Secretary Jeremy Hunt said after Britain and its EU partners drafted the measures.

"For too long now, hostile actors have been threatening the EU’s security through disrupting critical infrastructure, attempts to undermine democracy and stealing commercial secrets and money running to billions of euros," Hunt said.

"Our message to governments, regimes and criminal gangs prepared to carry out cyberattacks is clear," Britain's top diplomat added.

"Together, the international community will take all necessary steps to uphold the rule of law and the rules based international system which keeps our societies safe.”

The British government has pledged to continue close cooperation with the EU after it leaves the bloc in line with the 2016 referendum.

'Big step forward'

Under the sanctions regime, diplomats said, the 28 EU countries would have to vote unanimously to impose sanctions after meeting a legal threshold of significant impact.

British Foreign Secretary Jeremy Hunt (pictured April 2019) said that "the international 

community will take all necessary steps to uphold the rule of law" (AFP Photo/Daniel 

LEAL-OLIVAS)

For example, countries would look at the scope and severity of disruption to economic and other activities, essential services, critical state functions, public order or public safety, diplomats said.

They would examine the number of people and EU countries affected and determine how much money, intellectual property and data have been stolen.

EU diplomats told reporters it could also cover the hacking of European elections by a third party or country. Elections for a new European Parliament take place May 23-26.

In line with US intelligence assessments, EU officials highlight in particular the threat of disinformation and election hacking from Russia.

EU countries would also study how much the perpetrator has gained through such action.

A Dutch diplomat told reporters that the powers amount to a "big step forward" toward building a more secure cyberspace.

European leaders in October had called for a regime to impose sanctions against cyberattacks.

US and European police said Thursday they have smashed a huge international cybercrime network that used Russian malware to steal 100 million dollars from tens of thousands of victims worldwide.

EU diplomats said the bloc will now start drawing up a blacklist for potential sanctions in cyberattack cases.

A number of powerful people close to Russian President Vladimir Putin appear on a blacklist of 164 Russians and Ukrainians that was established after Moscow's annexation of the Crimean peninsula in 2014.

Those blacklisted are under travel bans and asset freezes just like those that would be imposed on those implicated in cyberattacks.

Global $100 mln cybercrime gang busted

Yahoo – AFP, Sara MAGNIETTE, May 16, 2019

Prosecutions have been launched in Georgia, Moldova, Ukraine and the United
States over a huge international cyber scam, while five Russians charged in the US
remain on the run (AFP Photo/Kirill KUDRYAVTSEV)

The Hague (AFP) - US and European police said Thursday they have smashed a huge international cybercrime network that used Russian malware to steal $100 million (89 million euros) from tens of thousands of victims worldwide.

Prosecutions have been launched in Georgia, Moldova, Ukraine and the United States over the scam, while five Russians charged in the US remain on the run, the EU police agency Europol said.

The "organised crime network behind $100 million in malware attacks" targeted "more than 41,000 victims, primarily businesses and their financial institutions," Europol said.

Police in Germany and Bulgaria were also involved.

The cyber gang used GozNym malware to infect victims' computers, steal their online banking login details and then siphon money from their accounts.

The stolen money was then laundered in US and other accounts.

Scott Brady, the US Attorney General for the western district of Pennsylvania where the US indictment was unsealed, said the operation was an "unprecedented" international effort.

"Unsuspecting European and American victims thought they were clicking on a simple invoice, but were instead giving hackers access to their most sensitive information," Brady added.

The alleged leader of the GozNym criminal network, Alexander Konovolov, 35, of Tbilisi, who goes by the online name "NoNe", was arrested in the former Soviet state of Georgia, the US Department of Justice said.

US Attorney for the Western District of Pennsylvania Scott Brady (pictured October 2018) 

said the operation was an "unprecedented" international effort (AFP Photo/ALEX WONG)

His alleged technical assistant Marat Kazandjian, 31, aka "phant0m," was also arrested in Georgia.

'Fled to Russia'

Konovolov recruited hackers who advertised their services on "Russian-speaking online criminal forums", and eventually controlled the malware-infected computers of more than 41,000 victims, Europol said.

The five Russians charged in the US included the alleged developer of the malware, identified as Vladimir Gorin, but they cannot be extradited because Russia does not send suspects abroad.

Gorin "oversaw its creation, development, management and leasing to other cyber criminals" including the Georgian alleged leader of the group, Europol said.

One of the Russians, Viktor Eremenko, was arrested in Sri Lanka at the request of US authorities in 2017 but "through the intervention of the Russian government" was freed on bail, after which he fled to Russia.

Bulgarian Krasimir Nikolov was arrested and extradited to the United States in 2016 and has already pleaded guilty to the charges in the indictment, the DOJ said.

Ukrainian police meanwhile arrested Gennady Kapkanov, 36, also known as "firestarter", on suspicion of hosting a so-called "Avalanche" network that provided services to more than 200 cybercriminals including the Georgians.

He allegedly fired an assault rifle through the door of his apartment at police, the DOJ said.

Europol announced the smashing of the Avalanche network in a major operation in 2016, saying that it had infected half a million computers in 188 countries.

The latest operation was a follow-up from that, Europol said.

Dutch police take control of dark web market, monitor thousands of deals

DutchNews, July 20, 2017

Dutch police said on Thursday they have shut down and dismantled one of the biggest ‘illegal market places on the internet today’ after keeping it running for a month and recording thousands of transactions. 

Hansa Market was the most popular dark market on the ‘anonymous’ part of the internet, or dark net, police said in a statement. 

The international investigation was carried out together with Europol, the FBI and the authorities in Germany and Lithuania. This week a Dutch seller was arrested in Krimpen aan den Ijssel and his accounts, with some €2m in bitcoins were seized. 

Police say the winding up of Hansa Market is the final step in an undercover operation which began when Dutch police seized control of the illegal market place on June 20 after two of the site’s administrator were arrested in Germany. 

The website was hosted on servers in Lithuania. Once the administrators were arrested, the servers and infrastructure were sequestered and transferred to Dutch servers, allowing the police and public prosecution department to monitor all trades. 

Drugs

Most of the trades were involved drugs, police said. On average, 1,000 orders per day were placed in response to almost 40,000 advertisement sand more than 50,000 transactions have been monitored since the authorities took control of the website. 

Some 10,000 foreign addresses of Hansa Market buyers were passed on to Europol and more than 500 Dutch delivery addresses were reported to couriers and postal services so they could halt deliveries, police said. 

Dark net markets enable large-scale trading in chiefly illegal goods, such as drugs, weapons, child pornography, and ransom software. Well-known examples include Silk Road (taken down by the FBI in 2013) and Alpha Bay (reportedly shut down earlier this month). 

The police said that the number of transactions processed through Hansa Market rose from 1,000 to 8,000 after Alpha Bay was dismantled. No weapons or child pornography were sold on Hansa Market.

The shutdown of two dark web marketplaces announced by US Deputy Attorney 

General Rod Rosenstein (C), Attorney General Jeff Sessions (R) and other law 

enforcement officials came three weeks after AlphaBay stopped functioning 

with no explanation (AFP Photo/CHIP SOMODEVILLA)

Related Articles:

US, European police say 'dark web' markets shut down

Details emerge of the German administrators of Hansa Market on the darknet - New

Police step up social media presence following successful pilot in Twente

DutchNews, July 13, 2017

Photo: Depositphotos.com

Dutch police are stepping up their efforts to monitor social media use following the success of a pilot scheme in Twente. 

The police force wants all divisions to have a strategy in place for investigating social media within three years, theTelegraaf reports. 

In Twente 20 officers have been delegated to operate the area’s social media channels on a rota basis. The trial scheme has already had tangible results, such as successfully intervening on Instagram last week to stop a teenage girl taking her own life. 

‘We want to make contact with society. That’s what people expect of us,’ Ron de Milde, who is in charge of the new media strategy, told the Telegraaf.

Police bust global cybercrime extortion ring

Google – AFP, 13 February 2013 

Europol's chief Rob Wainwright looks on during a press conference in

The Hague on February 4, 2013 (ANP/AFP/File, Robin van Lonkhuijsen)

MADRID — Spanish police and Europol have busted a global cybercrime operation that infected millions of computers with a virus that falsely accused victims of viewing child pornography and demanded a fine payment, officials said Wednesday.

Police detained 11 people as part of the operation, including a 27-year-old Russian suspected of creating and distributing the virus, Europol director Rob Wainwright told a news conference in Madrid.

The virus locked computers in over 30 countries, mostly in Europe, and it demanded payment of a fine of 100 euros ($135) to return control to its user, he said.

The message generated by the virus used the logo of the national police force and the language of the country where the computer was based to accuse the victim of having viewed child pornography or pirated movies online, he added.

"This operation is the first major operation of its kind," Wainwright said.

"This is an example of the evolving nature of cybercrime online, of how cybercrime is becoming more sophisticated."

The authorities said the group raised millions of euros with its scam but could not yet cite a precise amount.

About three percent of those whose computers were infected by the virus paid the fine that was demanded.

Europol said in a statement that it was "the largest and most complex cybercrime network dedicated to spreading police ransomware."

Police detained 10 people -- six Russians, two Ukrainians and two Georgians -- last week on Spain's Costa del Sol as part of the investigation, said Spain's secretary of state for security, Francisco Martinez.

The suspected author of the virus was detained while he was on holiday in Dubai in December, he added. He is currently awaiting extradition to Spain.

Of the 10 suspects detained in Spain, six have been remanded in custody while the investigation continues and the remaining four were released on bail.

They are accused of fraud, money laundering, forging documents and membership of an organised crime group.

The investigation remains open and further arrests are likely, police said.

The authorities began their investigation, dubbed "Operation Ransom", in November 2011 after detecting the virus in six European countries.

The network created 48 different versions of the virus to ensure that it was not detected by anti-virus software, said Martinez.

So-called "ransomware" viruses, which try to make victims pay an on-the-spot fine, are becoming more prevalent but most strains only accuse people of pirating movies or music. Others scramble data that is only unscrambled when a fee is paid.