Italian mafia cybercrime sting leads to 100+ arrests

Italian mafia cybercrime sting leads to 100+ arrests

The Spanish National Police (Policía Nacional) has successfully dismantled an organized crime ring of hundreds of members in a sting operation supported by Europol, the Italian National Police (Polizia di Stato), and Eurojust. This is the end result of a year-long investigation.

The organized crime ring, which operated in Spain’s Canary Islands, is said to have ties with the Italian Mafia who are “involved in online fraud, money laundering, drug trafficking and property crime.” The official site of the Spanish National Police named the Italian mafia clans as the Casamonica, Camorra Napolitana, Nuvoletta, and Sacra Corona Unita.

In just a year, they were able to steal a total of 11.72M USD (10M EUR) from hundreds of victims of phishing attacks and other fraudulent activities such as SIM swapping (also known as SIMjacking), business email compromise (BEC), and money muling. The Spanish National Police page also mentioned other crimes, such as “kidnapping, falsification of documents, injuries, threats, coercion, robbery with violence, Social Security fraud and illegal possession of weapons.

Europol has summarized the overall results of this sting:

  • 106 arrests, mostly in Spain and some in Italy
  • 16 house searches
  • 118 bank accounts frozen
  • Seizures include many electronic devices, 224 credit cards, SIM cards and point-of-sale terminals, a marijuana plantation and equipment for its cultivation and distribution.

Europol described the ring as “very well organized”, saying it included computer experts who created the phishing domains and spear headed cyber fraud, money mule recruiters and organizers, and money launderers, some of whom are said to be cryptocurrency experts.

Most of the suspects are Italian nationals, who largely victimized Italian citizens into sending large sums of money to bank accounts the criminal network controls. From there, the money was then moved by money mules and invested into shell companies. Countries affected by their fraudulent schemes include Spain, Germany, Ireland, Italy, Lithuania, and the United Kingdom.

“Cyber mafia” is not an unknown concept in the cybersecurity world.

In 2012, Belgian police were called in to investigate a case involving computers of the Swiss Shipping Company, MSC. They found “tiny computers known as pwnies (pronounced ponies) packed in memory sticks and sitting on several of the workstations”, which caused dramatic and consistent computer slowdown. They realized that these pwnies were being used to steal important information needed “to track specific containers and gain access to restricted areas of the port.” Once these containers were ready for collection, the mafia swooped in, sending in their trucks to drive the containers away. Journalist Misha Glenny called it “the most dramatic example that law enforcement had ever seen of the fusion of two types of crime: a traditional mafia operation and criminal hackers.”

In a more recent example, Italy’s Anti-mafia Directorate (DIA) published a report [PDF, in Italian only] in August about Italian Mafia groups turning to the dark web to hide their criminal activities, and masking the transfer of ill-gotten money using cryptocurrencies like Bitcoin and Monero.