4 cuffed following probe into holiday scheme for cybercrooks

Four arrests were made this week as part of an international probe into two overlapping corruption schemes that allowed cybercrims on INTERPOL watch lists to travel freely without flagging any alerts.

Authorities unraveled a ruse in which officials in Moldova and other countries were being bribed to block or delete a criminal’s Red Notice. The total sum of the bribes is believed to be upwards of several millions of dollars.

The Red Notice system is run by INTERPOL and issues alerts to law enforcement agencies (LEA) worldwide to locate and provisionally arrest wanted persons. They’re based on arrest warrants issued in member countries but aren’t arrest warrants themselves. 

If a country’s police force needs help catching a wanted person, they can apply for that individual’s details to be shared among other member countries who can assist in their capture. It is up to each country individually to decide what they do with that Red Notice – it is not an order to arrest the individual to which it pertains.

A National Crime Agency (NCA) investigation also separately unearthed evidence of what’s thought to be an overlapping corruption scheme run by an organization with close ties to cybercriminals in Russia, Ukraine, Belarus, and other countries. The cybercriminals are known ransomware experts and Moldovan officials said they were tied to cybercrimes that caused millions of dollars in damages.

This work revealed that public officials in Moldova were accepting bribes in exchange for information about the status of said cybercriminals’ Red Notices, which the UK’s NCA said were informing their travel plans.

In total, there are two overlapping corruption schemes. The arrests concern payments being made to public officials in return for Red Notices being blocked or deleted, and separately there is a known scheme whereby officials are informing ransomware thugs about where they can and can’t safely travel.

It isn’t clear how many criminals have benefited from these corruption schemes, but the NCA is aware of “several” cases to date, and the investigation remains ongoing.

Jürgen Stock, secretary general at Interpol, said the case only concerns “a small number of Red Notices,” of which there are more than 70,000 and only a fraction are made public.

“Our robust monitoring systems identified suspicious activity in relation to a small number of Red Notices,” said Stock. “We took immediate action, including reporting the issue to law enforcement authorities in our host country France.

“Over 70,000 people are subject to Interpol Red Notices, and while we are confident in the strength of our systems, we do not tolerate misuse of any kind.

“We appreciate the efforts of law enforcement authorities involved, and we will continue providing our full support to the ongoing investigations.”

The case demonstrates the methods used by high-profile cybercriminals to travel the world, even when in some cases there are bounties on their heads.

It’s commonly believed that once found guilty of major cybercrimes such as ransomware, an individual cannot travel to any country that has an extradition agreement with the likes of the US, for example, which aggressively pursues the extradition of cybercriminals so they can be brought to justice.

Paul Foster, director of threat leadership at the NCA, said: “These corrupt officials abused their positions to provide a service that enabled some of the world’s most serious criminals to attempt to operate, travel freely, and evade detection by law enforcement.

“As part of an ongoing joint investigation, the NCA uncovered vital evidence which identified key individuals and high-harm cybercriminals who were paying them to conduct searches for Red Notices.

“International collaboration is key to disrupting serious and organized crime groups who operate on a global scale. This activity, conducted jointly with the Spanish, US, Moldovan, and French authorities, shows that together we are having an impact.

“We are committed to working with our partners to protect the UK from the effects of corruption, wherever it is taking place in the world.”

The Anti-corruption Prosecution Office of Moldova executed 33 search warrants across the country concerning 12 individuals thought to be central to the case, ultimately detaining four on Tuesday.

They will remain in custody for up to 72 hours. Meanwhile, digital forensics teams at the LEAs are combing through heaps of seized devices for evidence to support the criminal investigation.

Moldovan authorities said they have laptops, mobile phones, computers, “other objects,” and documents to sift through.

“We are committed to fighting high-level corruption in all of its forms, particularly those schemes that put in jeopardy criminal investigations worldwide,” said Veronica Dragalin, chief of the Anti-corruption Prosecution Office of Moldova.

“This joint investigation is a testament that international cooperation between law enforcement agencies is crucial in detecting and stopping corrupt actors who have reach beyond national borders. Together, we will continue to work tirelessly to eliminate corruption from public institutions and make the world a safer place for our citizens.” ®

READ MORE HERE