An Garda Síochána has joined International Law Enforcement Authorities across Europe, Australia, the United States, Ukraine, and Canada in a global criminal investigation which has taken down a website, iSpoof.cc, that allowed fraudsters to impersonate trusted corporations or contacts to access sensitive information from victims, a type of cybercrime known as ‘spoofing’.
The Operation has been led by the London Metropolitan Police.
On 8 November 2022, the website and server was seized and taken offline by US and Ukrainian authorities. The website has now been replaced by a ‘splash screen video’.
In support of this international operation, The Garda National Economic Crime Bureau (GNECB) supported by the Garda National Cyber Crime Bureau (GNCCB) and local Divisional resources in Dublin, Meath and Louth coordinated activity in Ireland on the 8th and 9th November 2022 resulting in:
- 17 searches (Dublin, Meath, Louth)
- 6 arrests including execution of 14 bench warrants
- 132 electronic devices seized
- 64 suspect bank accounts identified
- Ancillary evidential exhibits seized
This operation focused on the users of a website, iSpoof.cc, which is a website designed to allow persons to make telephone calls and/or send sms or text messages from ‘spoofed’ numbers that appear to be from genuine telephone numbers such as bank fraud lines, government departments, policing organisation, business organisations or delivery companies and more. It is believed that this server and website is used by persons to commit these type frauds around the world, including by residents in Ireland targeting Irish residents.
The investigations showed that the website was potentially used by 21,000 users worldwide who are all suspected of being engaged in fraudulent activities using spoofed phone numbers.
In the 12 months until August 2022 around 10 million fraudulent calls were made globally via iSpoof.
Law Enforcement estimate a worldwide loss to victims in excess of €115 million.
Speaking about An Garda Síochánas participation in this global law enforcement operation Assistant Commissioner Paul Cleary, Organised and Serious Crime said:
Over recent months we are all aware of the proliferation of ‘spoof’ and scam phonecalls. An Garda Síochána, working with our International Law Enforcement partners, is playing our part in targeting and degrading the activities of Organised Crime Groups. The activities earlier this month is the start of a significant investigation being led by the Garda National Economic Crime Bureau which will bring those involved in these criminal activities in this jurisdiction before the courts here in Ireland.
This was an evidence-gathering phase of the operation in Ireland and investigations are ongoing.
London Metropolitan Police Press
An international one stop spoofing shop has been taken down in the UK’s biggest ever fraud operation, led by the Metropolitan Police.
More than 200,000 potential victims in this country alone have been directly targeted through the fraud website iSpoof.
At one stage, almost 20 people every minute of the day were being contacted by scammers hiding behind false identities using the site.
They posed as representatives of banks including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, Natwest, Nationwide and TSB.
Scotland Yard’s Cyber Crime Unit worked with international law enforcement, including authorities in the US and Ukraine, to dismantle the website this week.
This was a crucial phase in a world-wide operation, which has been running out of the public eye since June 2021, targeting a suspected organised crime group.
iSpoof enabled criminals to appear as if they were calling from banks, tax offices and other official bodies as they attempted to defraud victims.
Victims are believed to have lost tens of millions of pounds while those behind the site earned almost £3.2 million in one 20 month period.
Detective Superintendent Helen Rance, who leads on cyber crime for the Met, said:“By taking down iSpoof we have prevented further offences and stopped fraudsters targeting future victims.
“Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are.”
Commissioner Sir Mark Rowley said:
The exploitation of technology by organised criminals is one of the greatest challenges for law enforcement in the 21st century.
Together with the support of partners across UK policing and internationally, we are reinventing the way fraud is investigated. The Met is targeting the criminals at the centre of these illicit webs that cause misery for thousands.
By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable victims.
The Met’s Cyber and Economic Crime Units co-coordinated the operation with Europol, Eurojust, the Dutch authorities and the FBI.
In the UK, more than 100 people have been arrested, the vast majority on suspicion of fraud.
iSpoof allowed users, who paid for the service in Bitcoin, to disguise their phone number so it appeared they were calling from a trusted source. This process is known as ‘spoofing’.
Criminals attempt to trick people into handing over money or providing sensitive information such as one time pass codes to bank accounts.
The average loss from those who reported being targeted is believed to be £10,000.
In the 12 months until August 2022 around 10 million fraudulent calls were made globally via iSpoof, with around 3.5 million of those made in the UK.
Of those, 350,000 calls lasted more than one minute and were made to 200,000 individuals.
Losses reported to Action Fraud as a result of the calls and texts via iSpoof is around £48 million. Because fraud is vastly underreported, the full amount is believed to be much higher.
The Met, which has worked closely with the Cyber Defence Alliance and UK Finance, is asking anyone who believes they were contacted as part of a scam where a number was spoofed to report this online via Action Fraud.
The Met’s Cyber Crime Unit began investigating iSpoof in June 2021 under the name of Operation Elaborate. It was created in December 2020 and had 59,000 user accounts.
Investigators infiltrated the site and began gathering information alongside international partners.
The website server contained a treasure trove of information in 70 million rows of data. Bitcoin records were also traced.
Because the pool of 59,000 potential suspects is so large, investigators are focusing first on UK users and those who have spent at least £100 of Bitcoin to use the site.
A wave of UK arrests followed with details of other suspects passed onto law enforcement partners in Holland, Australia, France and Ireland.
Earlier this month the suspected organiser of the website was arrested in East London. He has been charged with a range of offences and remanded in custody.
There are more than 70,000 numbers that have been contacted via iSpoof that the Met has linked to an identified suspect.
We are actively contacting those numbers this week asking owners to visit our website for more information and to report any fraud losses online.
Eurojust President Mr Ladislav Hamran said:
As cybercrime knows no borders, effective judicial cooperation across jurisdictions is key in bringing its perpetrators to court. Eurojust supports national authorities in their efforts to protect citizens against online and offline threats, and to help see that justice gets done.
Europol Executive Director Ms Catherine De Bolle said:
The arrests today send a message to cybercriminals that they can no longer hide behind perceived international anonymity. Europol coordinated the law enforcement community, enriched the information picture and brought criminal intelligence into ongoing operations to target the criminals wherever they are located. Together with our international partners, we will continue to relentlessly push the envelope to bring criminals to justice.
Commander Nik Adams, from the City of London Police, said:
As the national lead force for fraud, we have coordinated activity across the country with other police forces and Regional Organised Crime Units (ROCUs) to provide a co-ordinated response to support the Metropolitan Police Service with their action and help make this operation a success. Our collaborative approach has supported this operation, which is also underpinned by our work with the National Economic Crime Centre (NECC) within the National Crime Agency.
Collaborative and proactive operations like this to tackle fraud are vitally important in clamping down on criminals and preventing innocent members of the public from being targeted for their hard-earned money.
We would always encourage members of the public to follow the Take Five to Stop Fraud advice and if they think they have been a victim of fraud, to contact their bank immediately and report to Action Fraud at actionfraud.police.uk.
Europol Press Release
Judicial and law enforcement authorities in Europe, Australia, the United States, Ukraine, and Canada have taken down a website that allowed fraudsters to impersonate trusted corporations or contacts to access sensitive information from victims, a type of cybercrime known as ‘spoofing’. The website is believed to have caused an estimated worldwide loss in excess of GBP 100 million (EUR 115 million).
In a coordinated action led by the United Kingdom and supported by Europol and Eurojust, 142 suspects have been arrested, including the main administrator of the website.
London’s Metropolitan Police Commissioner Sir Mark Rowley stated:
The exploitation of technology by organised criminals is one of the greatest challenges for law enforcement in the 21st century. Together with the support of partners across UK policing and internationally, we are reinventing the way fraud is investigated. The Met is targeting the criminals at the centre of these illicit webs that cause misery to thousands. By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable people.
Eurojust President Mr Ladislav Hamran said:
As cybercrime knows no borders, effective judicial cooperation across jurisdictions is key in bringing its perpetrators to court. Eurojust supports national authorities in their efforts to protect citizens against online and offline threats, and to help see that justice gets done.
Europol’s Executive Director Ms Catherine De Bolle said:
The arrests today send a message to cybercriminals that they can no longer hide behind perceived international anonymity. Europol coordinated the law enforcement community, enriched the information picture and brought criminal intelligence into ongoing operations to target the criminals wherever they are located. Together with our international partners, we will continue to relentlessly push the envelope to bring criminals to justice.
The services of the website allowed those who sign up and pay for the service to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords. The users were able to impersonate an infinite number of entities (such as banks, retail companies and government institutions) for financial gain and substantial losses to victims.
The investigations showed that the website has earned over EUR 3.7 million in 16 months. According to UK authorities, losses to victims at present are GBP 43 million (EUR 49 million), with estimated worldwide losses in excess of GBP 100 million (EUR 115 million).
In an international coordinated action carried out in November 2022, 142 users and administrators of the website were arrested across the world. The main administrator of the website was arrested in the UK on 6 November.
On 8 November 2022, the website and server was seized and taken offline by US and Ukrainian authorities.
The case was opened at Eurojust in October 2021 at the request of the UK authorities. National authorities from ten countries, including European Union Member States and third countries, supported the investigation. The Agency played a key role in facilitating the judicial cross-border cooperation among all parties involved. Two coordination meetings were hosted by Eurojust to coordinate the national investigations and to prepare for the action.
On a request of the United Kingdom, Europol started supporting the case earlier that same summer (August 2021). Since then, Europol’s European Cybercrime Centre (EC3) has been providing continuous intelligence development to the national investigators through the Joint Cybercrime Action Taskforce (J-CAT). In addition, EC3 provided a secure platform for law enforcement to exchange large packages of evidence. In the framework of its analytical work, Europol was able to identify additional users of the iSpoof service, a number of which were already known for their involvement in other high-profile cybercrime investigations at the European level.
The following authorities took part in or supported this investigation:
- Australia: Australian Federal Police
- Canada: Royal Canadian Mounted Police – Federal Policing Cybercrime Investigation Team Toronto
- France: Cyber Criminality Unit – PPO Paris; Law Enforcement : C3N – Gendarmerie Nationale
- Germany: Office of the Public Prosecutor General in Bamberg – Bavarian Central Office for the Prosecution of Cybercrime
- Ireland: An Garda Síochána
- Lithuania: Prosecutor General’s Office of the Republic of Lithuania; Lithuanian Criminal Police Bureau
- Netherlands: Cybercrime team Midden-Nederland and Public Prosecutor’s Office Midden-Nederland
- Ukraine: Department of cyber police of National Police of Ukraine
- United Kingdom: Metropolitan Police Service (Cyber Crime Unit), City of London Police, and Crown Prosecution Service
- United States: Federal Bureau of Investigation – Pittsburgh Division; United States Secret Service – Pittsburgh Field Office; and the United States Attorney’s Office for the Western District of Pennsylvania
Help support Cork Safety Alerts by becoming a member – Click Here