Anti-Phishing, DMARC , Cybercrime , Cybercrime as-a-service

Spanish Police End a Decade on the Run for Ukrainian Hacker

Police Also Apprehend a Smishing Fraudster and Break Up a Phishing Nexus
Spanish Police End a Decade on the Run for Ukrainian Hacker

Spanish law enforcement officers scored several recent wins against cybercriminals this month. Police nabbed a Ukrainian hacker on the run for 10 years, arrested a fraudster known to have run a smishing campaign that amassed 1.2 million euros, and broke up a phishing nexus - all in two weeks.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

The unnamed Ukrainian hacker was arrested at the Barcelona-El Prat Airport by the National Police. The scammer had used scareware to attack victims between 2006 and 2011.

Scareware is a malicious software that tricks users in believing that their computers are infected with various viruses and Trojans. The malware aims to scare people into buying fake security software at a cost of up to $129 or to share credit card details with the attackers.

The arrest can be traced back to a U.S. investigation in 2011 when the FBI and law enforcement agencies of several countries disrupted two international cybercriminal groups in a joint initiative called Operation Trident Tribunal. One group was an active scareware operative whose two members were arrested in Lithuania.

At the time, authorities seized 22 computers and servers in the United States that had been used in the operations. Police also took down 25 other systems in the Netherlands, Latvia, Germany, France, Lithuania, Sweden and the United Kingdom. The federal government froze five bank accounts linked to the fraudsters.

The scareware scheme affected an estimated 960,000 users worldwide, leading to $72 million in actual losses, the FBI said at the time.

Smishing Operator Arrested

The Spanish police arrested an unnamed person in Seville on July 11 for his alleged participation in a smishing campaign that involved data stolen from different public institutions including the General Council of the Judiciary and the State Tax Administration Agency.

The arrest came after a March 2023 crackdown on the developer of the Eye of Horus platform, which had been used to sell personal identifiable data to interested parties. Investigators said the Seville resident illegally acquired at least 30 databases that contained more than 15,000 records of personal and banking information of Spanish taxpayers and further monetized it through other operations.

One tactic involved sending targeted smishing campaigns or an SMS to a user disguised as a legitimate entity such a banking or a public institution with the aim of stealing private information or siphoning off money from bank accounts.

"When the agents surprised the detainee at his home, he had a tab for a mass SMS sending platform open and active on his laptop browser along with 24 mobile phones and 114 SIM cards prepared for use," police said.

Investigators arrested the suspect and seized a large number of cryptocurrency assets during the raids, including more than 1.2 million euros in eight different bitcoin wallets.

Earlier in the month, Spanish police said they had brought down a cybercriminal ring that deployed a range of hacking techniques to target banking customers and extorted nearly 100,000 euros from victims. The group also offered phishing services to other criminals (see: Spanish Police Arrest Phishing Ring Targeting Bank Customers).

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.