Police Arrest 6 in $28 Million Cryptocurrency Fraud Probe'Cyber Dogs' Deployed to Search Suspects' Home for Hidden Storage Media
Six suspects have been arrested as part of an international police investigation tracing the theft of at least $28 million worth of bitcoin cryptocurrency. Police allege that the fraudsters created look-alike sites for the Blockchain.com cryptocurrency exchange - and perhaps others - and tricked users into visiting them by making fraudulent Google Adwords buys that led Google search users to the spoofed sites.
Five men and one woman, ages 19 to 37, were arrested in simultaneous raids Tuesday morning as part of a joint operation involving the U.K.'s South West Regional Cyber Crime Unit and Politie, the Dutch national police. The joint operation has been backed by the EU's law enforcement intelligence agency, Europol, and its Joint Cybercrime Action Taskforce, as well as EU agency Eurojust, which handles judicial cooperation relating to criminal matters, and the U.K.'s National Crime Agency.
Three U.K. suspects, all men, have been arrested in the southwest English counties of Somerset and Wiltshire on charges of suspicion of committing computer misuse as well as money laundering. Two Dutch suspects were arrested in Amsterdam and Rotterdam on a charge of suspicion of committing money laundering, authorities say.
Police say the investigation centers on typosquatting, referring to the practice of fraudsters creating domain names that spoof the names of actual sites. In this case, police say the practice was used to spoof at least one "well-known online cryptocurrency exchange" so that when users mistyped the URL, they arrived at a look-alike version of the site. Such sites can be used to steal users' legitimate access credentials, enabling attackers to drain victims' cryptocurrency wallets.
"Evidence to date shows that victims have visited a spoofed version of blockchain.com by clicking on a bad URL promoted using Google Adwords," Detective Inspector Louise Boyce from the South West Regional Cyber Crime Unit tells Information Security Media Group. "Analysis of further devices seized as part of yesterday's operation may reveal other domains have also been spoofed."
Our @swrccu investigation into a £22m cyber fraud has led to 6 arrests today.— South West ROCU (@SWROCU) June 25, 2019
Estimated 4k victims targeted. More here https://t.co/FhAgUhYulY Great joint effort including @Europol @Eurojust @NCA_UK and support from @ASPolice @wiltshirepolice @SouthEastROCU
More victims continue to come to light as police continue their investigation.
"The warrants were the result of 14 months of investigation," Boyce says. "The investigation has grown from a single report of £17,000 ($22,000) worth of bitcoin stolen from a Wiltshire-based victim to a current estimate of more than 4,000 victims in at least 12 countries. We expect that number to grow."
Unleash the Hard Drive Hounds
Boyce says that as part of the operation, "we've seized a large number of devices, equipment and valuable assets," with the help of numerous other U.K. police forces. Items seized are are now being subjected to digital forensic examination.
"Devon and Cornwall and the Metropolitan Police also provided vital help in the form of their two cyber dogs, who played key roles in searching suspects' homes," she said.
In 2017, England's Devon and Cornwall as well as Dorset police forces announced the launch of the country's first-ever "digital storage detection police dogs" program to test the concept. At the time, police said they were training two dogs in-house: Tweed, then a 19-month-old Springer Spaniel, and Rob, then a 20-month-old Labrador.
"These dogs will give the police a new way to fight the threat of terrorism, pedophiles and fraudsters," Chief Superintendent Jim Nye, commander of Dorset Police and Devon and Cornwall Police's Alliance Operations Department, said at the time. "Tweed and Rob have been used by police at crime scenes and executions of warrants, not just within Devon, Cornwall and Dorset, but across the whole U.K. The dogs have been used to sniff out data devices such as mobile devices, USB sticks, SD cards, hard drives and computers."