International operation targets customers of counter anti-virus and crypter services: 6 arrested and 36 interviewed

14 June 2017
Press Release
Press Release/News

This News/Press release is about Cybercrime

View all crime areas

Between 5 and 9 June, 6 suspects were arrested and 36 were interviewed during an internationally coordinated operation in 6 European countries. The targets are all suspected customers of a counter anti-virus platform and crypter service - two cybercriminal tools used for testing and clouding of malware samples to prevent security software solutions from recognising them as malicious.

The operation, codenamed Neuland, was led by the Kriminalinspektion Mayen (DE) with the support of Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), a specialised group of cyber investigators at EC3.

The first phase of the operation, also supported by Europol, was executed on 5 April 2016 and targeted the suspects behind a counter anti-virus and a crypter service , as well as the German customers of the two tools, through a large-scale coordinated action in all state criminal police offices in Germany.

The second phase of this operation, from 5 to 9 June 2017, specifically targeted the international customers of the same two services. The following countries participated in this phase: Cyprus, Italy, the Netherlands, Norway, and the United Kingdom. Police officers searched 20 houses and 6 suspects were arrested, while 36 additional suspects have been interviewed so far. A large number of devices have also been seized. 

Europol’s European Cybercrime Centre provided extensive support for secure information exchange, the preparation of the target packages per country, and in-depth malware analysis. Several operational coordination meetings and conference calls were also organised to facilitate operational coordination and deconfliction. This case is an excellent example of how local police forces can benefit from cooperating with Europol to execute impactful nationwide and international actions against cybercriminals.

Trends in Europol’s IOCTA

In last year’s Internet Organised Crime Threat Assessment (IOCTA), Europol already warned about the increasing misuse of legitimate anonymity and encryption services and tools for illegal purposes to avoid detection, investigation and prosecution by the authorities.

This case also illustrates the Crime-as-a-Service model, as the services were offered to the criminals online. A third mention from the IOCTA relates to young individuals who may choose to follow the pathways into cybercrime by procuring cybercriminal tools online and conducting criminal activities online. In this case, the average age of all the suspects in the first phase was only 23 years old.

Check out our prevention guide here.