Those who track cybercrime and cybersecurity developments might be forgiven for thinking that the United States is an indispensable player in successful multinational law enforcement operations against cybercrime. The U.S. Department of Justice, of course, has for many years been a leader in numerous aspects of transnational cybercrime enforcement, ranging from its participation in drafting the Council of Europe Cybercrime Convention to its aggressive pursuit of international cybercrime networks, as recent indictments against members of the Infraud and FIN7 organizations have shown.
Cybersecurity and compliance teams, however, should be careful in gathering threat intelligence not to fall victim to what psychologists term the “availability heuristic” (i.e., a mental shortcut involving people’s evaluation of the likelihood of events based on the ease of recalling recent events). Because cyberattacks and data breaches against U.S.-based companies and U.S. law enforcement operations against cybercriminals typically dominate media coverage here and in other countries, it can be easy to overlook other cybercrime developments outside the United States that receive less coverage.
One recent example is “Operation Warenagent.” Publicly disclosed on July 20, 2018, Warenagent is a multinational operation that the German Prosecutor’s Office of Dresden, the Saxon State Office of Criminal Investigation, the Lithuanian Police, and the Lithuanian Prosecutor’s Office, together with Europol (the European Union’s (EU’s) Police Office) and Eurojust (the EU’s Judicial Cooperation Unit), successfully conducted in June and July 2018 against members of an online fraud network that caused €18 million in damage. According to Europol, since 2012 the network had conducted more than 35,000 detected instances of online fraud. The scheme involved using fraudulently obtained credit-card data to order high-quality goods through a network of “package mules” (i.e., individuals who received the goods as intermediaries) who were mostly recruited in Germany. After receiving the goods, the package mules, who may have received a commission for their services, sent the packages to new addresses, primarily in Eastern Europe. The fraud network’s methods of operation included the use of codenames and encrypted access in the network, and settling payments with the help of cryptocurrencies. Other participants in the network provided IT infrastructure, recruited package mules, coordinated criminal activity, and laundered money.
Warenagent, which required six years to prepare and coordinate, is noteworthy for two reasons. First, it involved the establishment of a Joint Investigative Team (JIT) with the support of Europol and Eurojust. Under the terms of the EU’s 2000 Convention on Mutual Assistance in Criminal Matters and the EU Council’s 2002 Framework Decision on Joint Investigation Teams, a JIT can operate in any of the EU member states. Its leader is a JIT member from the country in which the JIT is based, and its membership can include law enforcement officers, prosecutors, judges, and other personnel. In this case, the JIT, which included eight participating European countries, had five coordination meetings at Eurojust and frequent information exchange and analysis by Europol.
Second, Warenagent succeeded in conducting a series of successful enforcement actions against network members over nine months, despite the members’ efforts to conceal their identities and operations. In October 2017, according to Eurojust, Lithuanian and German police officers conducted 11 searches in various Lithuanian cities, which led to the arrest of 5 suspects. Ultimately, the investigators identified and located the key target in Cyprus. From June 12-15, 2018, authorities reportedly conducted 31 house searches in Cyprus, Estonia, Finland, Germany, Latvia, Lithuania, Switzerland, Ukraine, and the United Kingdom; detained the alleged head of a criminal organization in Cyprus, as well as four individuals in Latvia and Finland respectively, two criminals in the United Kingdom, and one individual each in Estonia, Lithuania, Switzerland, and Ukraine. Over the course of the investigation, four other individuals were detained in Germany. In addition, between June 26 and 29, 2018, authorities conducted two further actions in Lithuania, with 4 arrests and 10 searches.
The crimes with which network members are charged consist of crimes related to tax evasion, money laundering, participation in a criminal organization, production of counterfeit electronic means of payment, forgery of genuine electronic means of payment, and unlawful possession of electronic means of payment or data thereof.