20th January, 2022
Interpol, in collaboration with Nigeria Police Force, has arrested 11 members of a Nigerian cybercrime gang, potentially responsible for targeting as many as 50,000 victims in various scams in recent years.
At least six of the suspects to belong to “SilverTerrier,” a syndicate accused of employing a range of malware variants in tens of thousands of financial scams dating back to at least 2014.
Palo Alto Networks’ threat intelligence arm, Unit 42, which helped in the investigation said the six Silver Terrier members have “successfully avoided prosecution for the past half decade.
This, it said, was due to the complexities of mapping global victims beyond the flow of stolen funds back to the source of malicious network activity.
Unit 42, reports cyberscoop.com, also noted that rather than targeting “easily identifiable money mules or flashy Instagram influencers,” the operation focused instead on the “technical backbone of BEC operations”.
It focused on individuals who have the skills and knowledge to build and deploy the malware and domain infrastructure used in the schemes.
The announcement on Wednesday comes two months after three members of the same group were arrested in Operation Falcon.
The arrest of the three followed a year-long Interpol-led investigation into the prolific business email compromise (BEC) scams the group’s members are alleged to have pulled off over the years.
Authorities called this latest roundup Operation Falcon II.
The arrests occurred between Dec. 13 and 22, but it’s not clear exactly where.
Read the full Interpol statement:
The Nigerian Police Force (NPF) has arrested 11 alleged members of a prolific cybercrime network as part of a national police operation coordinated with INTERPOL.
Arrested by officers of the NPF Cybercrime Police Unit and INTERPOL’s National Central Bureau (NCB) in Nigeria, many of the suspects are thought to be members of ‘SilverTerrier’, a network known for Business Email Compromise (BEC) scams which have harmed thousands of companies globally.
The ten-day Operation Falcon II (13-22 December) saw 10 NFP officers deployed from the Abuja headquarters to Lagos and Asaba to arrest target suspects identified ahead of time with intelligence provided by INTERPOL.
Field operations were preceded by an intelligence exchange and analysis phase, where Nigeria used INTERPOL’s secure global police communications network, I-24/7, to work with police forces across the world also investigating BEC scams linked to Nigeria.
The INTERPOL General Secretariat supported field operations 24/7, forensically extracting and analyzing data contained in the laptops and mobile phones seized by NPF during the arrests.
This preliminary analysis indicates that the suspects’ collective involvement in BEC criminal schemes may be associated with more than 50,000 targets.
One of the arrested suspects was in possession of more than 800,000 potential victim domain credentials on his laptop.
Another suspect had been monitoring conversations between 16 companies and their clients and diverting funds to ‘SilverTerrier’ whenever company transactions were about to be made.
Another individual was suspected of taking part in BEC crime across a wide range of West African countries including Gambia, Ghana and Nigeria.
“By alerting Nigeria to this serious cybercrime threat, INTERPOL enabled me to give the order to hunt down these globally active criminals nationwide, flushing them out no matter where they tried to hide in my country,” said Assistant Inspector General of Police Garba Baba Umar, Head of NCB Abuja and INTERPOL Vice President for Africa.
“The outstanding results of Operation Falcon II have served to disrupt this dangerous cyber gang and protect Nigerian citizens from further attack.
“I encourage fellow African countries to also work with INTERPOL in ridding our continent of cybercrime to make the cyber world a safer place,” added Mr Umar.
Following the global money trail
With BEC fraud having both a cyber and a financial element, Operation Falcon II saw financial ‘pathfinder countries’ belonging to INTERPOL’s Global Financial Crime Taskforce (IGFCTF) – including Nigeria – work together on cross-border financial investigations linked to the operation.
The IGFCTF is now coordinating further action against ‘SilverTerrier’ bank accounts and sharing intelligence on the domain credentials of potential victims with member countries to prevent further fraud.
“Operation Falcon II sends a clear message that cybercrime will have serious repercussions for those involved in business email compromise fraud, particularly as we continue our onslaught against the threat actors, identifying and analyzing every cyber trace they leave,” said INTERPOL’s Director of Cybercrime Craig Jones.
“INTERPOL is closing ranks on gangs like ‘SilverTerrier’; as investigations continue to unfold, we are building a very clear picture of how such groups function and corrupt for financial gain. Thanks to Operation Falcon II we know where and whom to target next,” added Mr Jones.
Led by INTERPOL’s Cybercrime Directorate in Singapore, Operation Falcon II was a cooperative effort involving IGFCTF, Nigerian law enforcement agencies, a range of INTERPOL expert teams and vital private partners Palo Alto Networks Unit 42 and Group-IB’s APAC Cyber Investigations Team.
Through INTERPOL’s Gateway initiative, Palo Alto Networks Unit 42 and Group-IB have contributed to investigations by sharing information on ‘SilverTerrier’ threat actors, and analyzing data to situate the group’s structure within the broader organized crime syndicate. They also provided key technical expertise consultancy to support the INTERPOL teams.
Gateway boosts law enforcement and private industry partnerships to generate threat data from multiple sources and enable police authorities to prevent and investigate attacks in a timely manner.
The operation was developed as part of efforts to support joint operations in Africa with funding by the Foreign, Commonwealth and Development Office (UK). INTERPOL extends its thanks for this support.
At a time of increased threat, members of the public, businesses and organizations are reminded to protect themselves from online scams by following the advice featured in INTERPOL’s #JustOneClick, #WashYourCyberHands, #OnlineCrimeIsRealCrime and #BECareful campaigns.
BEC remains “one of the most financially damaging online crimes,” according to the FBI.
In 2020 the FBI received more than 19,000 BEC and email account compromise complaints, costing victims as much as $1.86 billion.
BEC refers to a scam where a company employee authorized to make payments on behalf of the company is tricked into authorizing phony payments or money transfers into accounts controlled by the attacker, via spoofed or legitimate email, or over the phone.