In March 2026, an international operation coordinated by German authorities with the support of Europol culminated in one of the largest actions against cybercrime and child abuse networks on the dark web. Known as Operation Alice, this initiative brought together law enforcement from 23 countries with the aim of dismantling a massive infrastructure of fraudulent sites linked to illegal content and criminal services.

The investigation, initiated in 2021, revealed that a single operator controlled more than 373,000 “.onion” domains, that is, sites accessible through the Tor network designed to conceal the identity and location of both servers and users. This figure places the case as one of the largest ever detected in this area.

The portals simulated offering child sexual abuse material (CSAM) and other cybercrime services, such as the sale of credit card data or illegal access to computer systems. However, it was primarily a fraudulent operation: customers paid—usually in Bitcoin—but did not receive any content.

The announced “packages” ranged from 17 to 215 euros and promised large volumes of data. This model combined two criminal dimensions: the exploitation of extremely serious content and a massive global scam.

Between 9 and 19 March 2026, the authorities achieved significant results:

• Identification of the main operator of the network
• Identification of 440 clients worldwide
• Closure of more than 373,000 sites on the dark web
• Confiscation of 105 servers
• Seizure of electronic devices and digital data

According to the authorities, the responsible party is a 35-year-old male residing in China, who would have generated more than 345,000 euros in profits from about 10,000 clients. During the period of activity, he managed up to 287 servers simultaneously, many of which were located in Germany.

One of the most relevant aspects of the operation is that not only has the supply been targeted, but also the demand. The 440 individuals identified as clients are considered suspicious, despite not having received the advertised material.

From a legal and security standpoint, the mere attempt to acquire such content constitutes a serious crime in many jurisdictions. Additionally, security forces consider these individuals as high-risk targets, as they may be involved in other criminal activities or pose a potential threat.

Throughout the investigation, the authorities acted immediately in those cases where minors in risk situations could be identified. This dimension is key: beyond the repression of crime, whose primary objective is the protection of victims.

For example, in 2023, action was taken in the case of an individual in Germany who had attempted to acquire illegal material, which led to his subsequent conviction. These types of actions demonstrate how the obtained intelligence can have a direct impact on abuse prevention.

Europol played a key role in coordinating the operation, facilitating the exchange of information between countries and providing advanced analytical capabilities. It also contributed decisively to the tracking of cryptocurrency transactions, a key element for identifying both the operator and the users. This case demonstrates that, despite the use of anonymization technologies such as Tor or payments in Bitcoin, law enforcement can reconstruct criminal activity through digital forensic analysis and international cooperation.

Operation Alice sends a strong message: anonymity on the internet is not absolute, and criminal infrastructures, no matter how sophisticated, can be dismantled. The combination of digital investigation techniques, financial tracking, and international collaboration has consolidated as an effective tool against global cybercrime.

For the security sector, this case highlights several key lessons: the importance of shared intelligence, the need to address both supply and demand, and the value of technology in combating complex threats.

Ultimately, this is an operation that has not only dismantled a massive network but also strengthens the global capacity to detect, pursue, and prevent serious forms of online criminality.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The UK government has announced a significant boost in the fight against waste-related crime, a phenomenon often underestimated but with a growing impact on both public safety and the economy and the environment. The new strategy includes granting police-style powers to agents of the Environment Agency, aiming to improve their intervention capacity, pursue criminal networks, and prevent illegal activities before they become established.

This movement reflects a significant change in the institutional perception of the problem: environmental crime is no longer seen as an administrative or minor infraction but is treated as a form of serious organised crime. The networks involved in illegal dumping, fraudulent waste transport, or illicit landfill management often operate with sophisticated structures, generating high profits and exploiting regulatory gaps and limitations in inspection capacity.

The new legislative proposal aims to expand the powers of environmental officers under legal frameworks such as the Police and Criminal Evidence Act (PACE) and the Proceeds of Crime Act (POCA). In practice, this would allow inspectors to have tools similar to those of the police, including broader investigative capabilities, access to evidence, arrests under certain circumstances, and, in particular, the ability to trace and seize the economic benefits derived from criminal activity.

From a security perspective, this approach is especially relevant because it targets one of the main incentives for this type of crime: economic profit. Waste crime generates approximately £1 billion annually, making it an attractive sector for organised criminal groups. By applying financial mechanisms, such as those provided for in the POCA, the government seeks to dismantle these business models, reducing the profitability of illegal activities.

Another key element of the new strategy is the improvement of institutional coordination. The Joint Unit for Waste Crime (JUWC), which brings together various bodies such as law enforcement and national agencies, has been strengthened with specialists in investigation, intelligence, and financial analysis. This multidisciplinary approach is essential to tackle networks that often operate at a regional or national level, using shell companies and complex money laundering systems.

In addition, the government is exploring new avenues of collaboration with the private sector, especially banks and financial institutions. The objective is to facilitate the exchange of information about suspicious actors, so that these entities can make informed decisions and avoid doing business with companies linked to waste crime. This approach aligns with broader trends in security, where public-private cooperation is key to detecting and disrupting illicit activities.

The measures also have a preventive and community dimension. The increase in illegal discharges and unauthorised waste sites not only causes environmental damage but also directly impacts citizens’ perception of safety. Degraded and poorly managed spaces can contribute to a sense of institutional abandonment, fostering other forms of crime and weakening social cohesion. To combat these problems, the government has launched initiatives for broader community regeneration and improvements to public spaces.

Recent results show that law enforcement is already having effects, with over a hundred judicial proceedings and the closure of more than a thousand illegal waste sites in just over a year. However, authorities recognise that the problem continues to evolve, with increasingly adaptive and technologically sophisticated criminals. For this reason, they consider it necessary to provide the agents with more tools and operational flexibility.

Despite the potential benefits, this expansion of powers also raises relevant questions. The granting of police-like powers to non-police agencies requires clear guarantees regarding supervision, training, and accountability. It is essential to ensure that the use of these powers is proportional, transparent, and respectful of individual rights, avoiding potential abuses or overlaps in competencies.

In conclusion, the new strategy of the UK against waste crime represents a significant evolution in security policies. By recognising this activity as a serious and organised threat, and by empowering environmental agents with enhanced powers, the government is betting on a more robust, coordinated, and results-oriented response. If implemented in a balanced manner, this model can contribute not only to reducing environmental crime but also to strengthening security, public trust, and environmental protection.

_____

Aquest apunt en català / Esta entrada en español / Post en français

An international criminal network that laundered the profits of cocaine for Italian organised crime has been dismantled after investigators traced the money across Europe.

What began as suspicious financial movements constituted a sophisticated money laundering system that served members of the Camorra and the ‘Ndrangheta. Behind shell companies, fake invoices, and luxury investments, millions of euros in cocaine profits were being cleaned and reinvested throughout Europe.

The investigation was led by the French National Gendarmerie, in collaboration with the Italian Carabinieri and the Swiss Federal Office of Police (fedpol). It was supported by the Belgian Judicial Federal Police of Antwerp, the Bulgarian State Agency for National Security, the German Customs and the Ecuadorian National Police, under the coordination of Europol and Eurojust.

As a result of the financial flows, investigators identified a Montenegrin citizen, known as a high-value target of Europol and wanted by several European countries. The suspect had settled in the Cannes area of France, with close relatives, including his Italian son-in-law, known to the Italian authorities for money laundering, fraud, and arms trafficking offences.

The financial investigation revealed that the money laundering network was directly linked to large-scale cocaine trafficking from South America to Europe.

It is suspected that the group coordinates maritime shipments of significant quantities of cocaine to the main ports of Europe. A major seizure by the Belgian customs at the end of 2025 was linked to the Montenegrin suspect, marking a decisive breakthrough in the investigation.

Investigators discovered a highly structured organisation. The network was based on substantial financial capacity, crypto assets, weekly cross-border travel in luxury vehicles with sophisticated concealment compartments, and a corporate network spanning multiple jurisdictions.

In February of this year, the authorities carried out coordinated arrests and searches in France, Italy, Belgium, and Switzerland. Seven suspects have been arrested (four in France, three in Italy), including the high-value Montenegrin target.

In the French Riviera, luxury vehicles were seized, along with high-end properties worth more than 5 million euros. Additional companies and assets were also seized in Switzerland and Italy.

Europol has supported this investigation since 2023, and it quickly became one of the most active operations of the Agency within its European Financial and Economic Crime Centre.

The case deployed the full range of Europol services: advanced criminal and financial analysis, secure real-time communication, and on-the-ground deployments in France and Italy to support national investigators and build a shared operational picture.

In 2024, a Joint Investigation Team (JIT) was established at Eurojust between France, Italy, and Switzerland, allowing for close judicial coordination. Through Europol, other partners (Belgium, Germany, and Ecuador) joined the investigation, expanding its impact.

The @ON Network, funded by the European Commission and led by the Italian Anti-Mafia Investigation Directorate (DIA), provided financial support for operational meetings and the deployment of investigators.

_____

Aquest apunt en català / Esta entrada en español / Post en français

In recent months, several supermarkets in the United Kingdom have begun to implement unusual security measures on a seemingly harmless product: chocolate. Chains such as Sainsbury’s, as well as Tesco and Co-op, have chosen to place chocolate bars inside anti-theft plastic boxes, a system usually reserved for premium alcoholic beverages or electronic devices.

This decision responds to a significant increase in chocolate theft, which, according to the sector, is no longer the result of occasional thefts, but rather a systematic activity linked to organised crime and resale in illegal markets.

According to the Association of Convenience Stores(ACS), confectionery—especially chocolate—has become one of the most shoplifted products in convenience stores. Its combination of economic value, easy transport, and high demand makes it an especially attractive target.

Merchants report that thefts are often carried out on request. This implies that the products are not consumed immediately but are subsequently distributed through illegal channels: other establishments, informal markets, or businesses that purchase goods at reduced prices without verifying their origin.

This phenomenon is not isolated. According to data from the British Retail Consortium, during the last year, there were 5.5 million incidents of theft in retail establishments in the United Kingdom. In addition, an average of 1,600 daily incidents of violence or abuse against retail sector workers occurred. Although the figure represents a slight decrease compared to the previous year, it remains the second highest ever recorded.

The economic impact is considerable. The Heart of England Co-op group, with 38 stores, reported a loss of £250,000 in chocolate during 2024, making it the most stolen product that year. In 2025, it was only surpassed by alcohol. In just one week, an individual can cause losses of thousands of pounds in the same establishment.

Some merchants explain that a full shelf of chocolate can have an approximate value of 500 pounds, and that thieves can take between 200 and 250 pounds of product in a backpack in a matter of minutes.

In light of this situation, establishments have had to invest in protective measures: more sophisticated CCTV systems, artificial intelligence technology to identify recurring suspects, reduction of exposed stock, and elimination of visible promotions in easily accessible areas. In some cases, the shelves are only partially filled to limit the potential economic impact.

The National Police Chiefs’ Council assured that it is working together with retailers and security experts to strengthen the response to retail crime. The strategy includes better coordination, more efficient use of technology, and more agile reporting systems.

However, the commercial sector is calling for a more forceful response. The ACS calls for harsher sentences for repeat offenders and specific actions against networks that distribute stolen products, as the problem is not limited to isolated theft, but is part of a parallel economy that can finance other criminal activities.

The case of chocolate is symptomatic of a broader problem: the increase of organised theft in retail. Products that previously did not require special protection are now treated as high-risk goods. This evolution reflects changes in criminal behaviour but also in socioeconomic conditions and in the ability to resell through informal or digital channels.

For the security sector, this phenomenon poses several challenges:

• Adapting protection systems for mass consumer products.
• Balancing customer experience and anti-theft measures.
• Incorporating predictive technology and pattern analysis.
• Improving collaboration between businesses and security forces.

Ultimately, the fact that a simple chocolate bar must be kept under lock and key is a clear indicator of the evolution of risk in the current business environment. The response cannot be limited to physical measures; it requires a comprehensive strategy that combines prevention, intelligence, and effective judicial action.

_____

Aquest apunt en català / Esta entrada en español / Post en français

 In an article in The Conversation, Felia Allum, a professor of comparative organised crime at the University of Bath, analyses the rise in drug-related murders in France and argues that the country is at a “turning point” in its relationship with organised crime. The case that symbolises this turn is the murder of Mehdi Kessaci, brother of an anti-drug activist in Marseille, a crime interpreted as an intimidating message in the context of an escalation of violence. Between 2023 and 2024, 73 people died in Marseille in incidents related to the drug trade, many of them young individuals recruited online with the promise of quick money. Similar episodes have also occurred in Grenoble, Paris, Nîmes, Montpellier, Nice, and Lyon.

Marseille has become the symbolic epicentre of this crisis. The group that currently dominates part of the drug market in France calls itself Mafia DZ, but Allum stresses that it is not a classic mafia like the Italian ones. It does not conform to the traditional hierarchical structure or the historical model of territorial control and institutional infiltration characteristic of certain Italian organisations. This forces us to avoid simplifications and labels such as “narcostate” or “narcoterrorism,” which may attract media attention but do not always help to understand the phenomenon.

According to the author, organised crime does not appear out of nowhere nor is it imposed solely by force. It takes root when it finds empty spaces that the State and society are not adequately occupying. Historically, mafia structures and cartels have consolidated during periods of profound transformation of the state, as occurred in Italy during the 19th-century unification or in the United States during full industrialisation. In these contexts of accelerated change, institutions were still weak or unstable, and non-state actors filled the power vacuums.

However, in the current French case, it is not a state under construction, but rather a consolidated state immersed in a liberal economic model where social, educational, and economic inequalities have deepened. Allum, drawing inspiration from the political scientist Susan Strange, points out that the authority of the State has eroded in favour of the markets and that the welfare model has become increasingly bureaucratised and privatised. When the social fabric weakens and real opportunities are scarce, criminal networks offer a seemingly attractive alternative: immediate income, identity, respect, and a sense of belonging.

In neighbourhoods with high rates of youth unemployment and school failure, drug trafficking can become a fast track to success, although it is extremely dangerous. Organisations impose their own rules on vendors and recruits, generate parallel economies, and, in some cases, obtain a certain level of social tolerance based on fear or economic dependence. Organised crime does not only operate against the community; it often integrates and establishes complex links.

Faced with this situation, President Emmanuel Macron ‘s government has proposed a set of measures aimed at strengthening the criminal and police response. Among them, the creation of a new national anti-organised crime directorate (PNACO) stands out, with specialised prosecutors to pursue drug trafficking networks at the French and European levels. Witness protection programs are also provided for, along with stricter prison conditions for network leaders and an expansion of asset seizure mechanisms. France looks to the Italian model of the 1990s as a legislative reference.

In addition, the government wants to increase penalties for consumers, with higher fines and possible restrictions such as taking away people’s driving licences or jobs. This strategy is based on the idea that it is necessary to act across the entire chain, from the chiefs to the final demand.

However, Allum warns that reactive and punitive measures alone do not address the structural causes of the problem. Criminal networks have a great capacity for adaptation: when one structure is dismantled, another can emerge, often with operations coordinated from abroad. Without an intervention that addresses inequalities, the lack of opportunities, and the disconnection between institutions and citizens, the phenomenon tends to reproduce itself.

The fight against drug trafficking is not just a matter of police reinforcement or criminal reform. It is also a matter of social cohesion, comprehensive public policies, and rebuilding the bond between the State and the most vulnerable neighbourhoods. Sustainable security is not built solely on increased repression, but on prevention, social investment, and real alternatives for young people who today see the drug market as the only possible horizon.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Over the past two years, major ports in north-western Europe have seen a notable drop in cocaine seizures. At first glance, this trend could be interpreted as a success for security policies. Ports such as Rotterdam, Antwerp and Hamburg, which for years had been the main gateways for cocaine entering the continent, have stepped up controls, international cooperation and anti-corruption measures. However, a more in-depth analysis reveals a more complex reality: the decline in interventions does not necessarily imply a reduction in trafficking, but rather a transformation of its dynamics.

Market indicators do not point to a shortage. In several Western European countries, wholesale and retail prices have fallen while demand remains stable or is growing. This suggests a scenario of oversupply, consistent with the sustained increase in production in countries such as Colombia. In other words, police pressure has not stopped the flow, but rather forced criminal organisations to innovate.

One clear adaptation is the change in the size of shipments. Large shipments of several tonnes, which are highly profitable but also very risky, have given way to smaller, more frequent shipments. This fragmentation reduces losses in the event of interception and makes detection more difficult using traditional intelligence patterns.

When surveillance increases at one point, trafficking shifts to other routes. This phenomenon, known as the waterbed effect, is already visible in Europe. The tightening of controls in Rotterdam, Antwerp and Hamburg has been accompanied by an increase in activity in ports in the north and east of the continent, as well as in the Baltic region and south-eastern Europe.

This redistribution entails additional risks: the arrival of new criminal players, increased violent competition, pressure on institutions with fewer resources and greater vulnerability to corruption. The result is not less cocaine, but a problem that is more dispersed and difficult to manage in a coordinated manner.

Criminal organisations have also become more sophisticated in their methods of concealment. In addition to trafficking in containers, practices such as hidden discharges into the sea under the hull of ships or the use of liquid and chemically modified cocaine to camouflage it as legal products are observed. Extraction and processing laboratories are also proliferating within European territory, a worrying sign of the illicit value chain moving closer to home.

This phenomenon is accompanied by a growing presence of Latin American criminal organisations in Europe, such as Brazil’s Primeiro Comando da Capital, the Clan del Golfo and the Sinaloa Cartel. Their establishment not only strengthens distribution networks, but also facilitates the transfer of knowledge, contacts and logistical capacity.

Given this scenario, the response cannot be exclusively national. Cooperation and information exchange initiatives are essential. Strengthening Europol’s mandate and enhancing Eurojust’s judicial tools are necessary steps to prevent local success from creating regional vulnerabilities.

The fight against drug trafficking is no longer just a matter of physically intercepting goods, but of intelligence, anticipation and shared strategic vision. The seizure data alone can create a false sense of control. The real challenge is understanding that this is a highly adaptable adversary.

Reducing interventions may seem like a victory, but it could actually be a mirage. Only through sustained cooperation, forward-looking analysis and a comprehensive approach to security can we prevent the problem from simply changing form while continuing to grow.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Marseille is experiencing an escalation of violence linked to drug trafficking that has generated what authorities, legal professionals, and community actors describe as a collective psychosis: a state of constant fear, social trauma, and a perception of the State’s loss of control over parts of the urban territory. The most alarming element of this crisis is the rise in murders of minors and the increasing role of adolescents, even children, both as victims and as coerced actors within criminal networks.

The case that has recently shaken public opinion is the murder of Adel, a 15-year-old boy, executed with a shot to the head and subsequently burned on a beach in the city. His body was discovered by other children who were going to school, an episode that symbolises to what extent violence has become normalised and has turned public, visible, and seemingly arbitrary.

According to data from the French Ministry of Justice, the number of minors involved in drug trafficking has quadrupled in the last eight years. In Marseille, drug trafficking has evolved into a fragmented yet highly competitive model, where a dominant organisation (the so-called DZ Mafia) operates through a franchise-type structure, with multiple points of sale managed by young recruits, often through social networks.

This new criminal ecosystem is characterised by:

• Disappearance of traditional codes of organised crime (not attacking during the day, not exposing bodies, not involving minors).
• Extreme and demonstrative violence, including public executions, burned bodies, and the dissemination of videos on social networks.
• Mass recruitment of minors, many of whom are migrants or vulnerable adolescents, often subjected to coercion, fictitious debts, and physical violence.

Local actors describe a situation of criminal anarchy, where the logic of fear has replaced any stable hierarchy. Young people, exposed daily to violent deaths, have lost both the fear of killing and the fear of dying.

The murder of Mehdi Kessaci, a 20-year-old probationary police officer with no links to drug trafficking, marked a turning point. It is believed that his death was an intimidating message directed at his brother, Amine Kessaci, an anti-drug activist and emerging figure in the local political arena. This case reinforces the perception that even institutional actors or their family members are not beyond the reach of gangs.

Lawyers, journalists, and activists have begun to reduce or abandon their activities, or to carry them out under police protection for fear of retaliation. Some legal professionals openly claim that the rule of law has been subordinated to the power of gangs in certain neighbourhoods.

In light of this situation, the authorities have intensified police operations through what they call “security bombings”: massive and repeated interventions in high-crime areas, with riot units, closure of sales points, and constant arrests.

These figures show significant activity:

• More than 40 recently dismantled points of sale.
• €42 million in seized criminal assets in one year.
• An estimate of up to 20,000 persons directly or indirectly involved in the drug trade in Marseille.
• A national drug trafficking market valued at 7 billion euros annually.

However, even police officials and prosecutors acknowledge that many of those detained are exploited youths, some held against their will, and that repression does not stop the constant flow of new recruits.

One of the most concerning elements is the open use of TikTok and other social media to advertise the sale of drugs and recruit minors with seemingly legitimate “job” offers. High earnings are promised (€200-500 daily), but the reality is often one of modern slavery, with violence, sexual abuse, and threats against families.

The crisis has reopened an intense political debate. Far-right sectors demand a state of emergency, greater powers for the police, and severe immigration restrictions, attributing the problem to mass immigration and the failure of integration. Other voices such as lawyers, experts and journalists reject this interpretation and warn against the use of fear as a political tool. They argue that violence is the result of decades of social neglect, structural poverty, corruption, and failed public policies, and that police repression only addresses the symptoms, not the causes.

Marseille exemplifies a hybrid security crisis, where organised crime, social exclusion, digitalisation of crime, and weakening of institutional trust converge. The psychosis spreading through the city is not just fear of violence, but the feeling that the social order is eroding and that traditional solutions are no longer sufficient.

For security experts, the case of Marseille raises a key question: how to regain control without fuelling a spiral of repression that ends up exacerbating the very problem that one seeks to resolve.

_____

Aquest apunt en català / Esta entrada en español / Post en français

A large-scale police action, carried out as part of operation Fabryka, coordinated by Europol, led to the dismantling of a criminal network operating throughout the European Union. Coordinated efforts were carried out in Poland, as well as in Belgium, Germany and the Netherlands. These actions targeted a network suspected of importing large quantities of precursors used for the production of synthetic drugs in laboratories across several countries.

In addition, the network was involved in money laundering activities to promote its illicit operations. During the course of the investigation, law enforcement authorities determined that the network may have imported over 1,000 tonnes of precursors, enough to produce more than 300 tonnes of synthetic drugs such as MDMA, amphetamine and cathinone.

It is estimated that illegal activities generate billions in criminal profits for the criminal networks involved. The criminal assets flow into the legal economy, creating significant risks of market distortion, unfair competition, and systematic infiltration of legitimate businesses by organised crime.

The investigation began in 2024 based on intelligence shared by the Polish police, specifically by the Drug Crime Unit of the Wrocław Provincial Police Headquarters. The information provided by the police officers from Lower Silesia was critical to initiating the case and facilitating subsequent international cooperation within the taskforce. Between February 2025 and January 2026, more than 20 action days were carried out targeting connected criminal groups, their production facilities, and storage sites across Europe. The operation culminated in a coordinated action day against the alleged wholesale network responsible for the importation and distribution of chemical precursors.

This network was responsible for the importation, repackaging, and distribution of precursors used in the production of synthetic drugs. Chemicals, originating from China and India, entered the EU through various countries and were transported to Poland for repackaging and subsequent distribution in illegal laboratories across the EU. Since the start of the investigation in 2024, Europol supported action days aimed at different cells of the network, as well as connected groups involved in the production of synthetic drugs in laboratories.

The overall results from all action days (from February 2025 to January 2026) include more than:

• 20 action days: 85 arrests; 100 searches; as well as: 50 delivery points identified; 24 industrial-scale laboratories dismantled; 16 storage locations found; multiple seizures:

• About €500,000 in cash.
• 3,559 kilograms and 982 litres of drugs (including 4-CMC, cathinone, MDMA, amphetamine oil).
• More than 120,000 litres of toxic chemical waste.
• 1,000 tons of precursors (chemicals used for the production of synthetic drugs).

The operational structure of this criminal network was complex, with seven legitimate companies in Poland facilitating import and distribution activities, and a high-level leadership coordination connecting the various criminal groups from EU countries.

In some cases, the criminal cells operating within the broader network managed both the logistics for the supply of precursors and the coordination of production in clandestine laboratories. The main criminal network targeted by this investigation is predominantly composed of Polish nationals, with the involvement of some Belgian and Dutch citizens operating within interconnected groups.

_____

Aquest apunt en català / Esta entrada en español / Post en français

European and South American law enforcement authorities continue to intensify their efforts to dismantle the main criminal networks responsible for cocaine trafficking to Europe. Three recent operations, coordinated with the support of Europol, highlight both the complexity of the routes used by organised crime and the growing importance of international cooperation to address it. These actions have affected networks with connections to Colombia, Brazil, and Greece, and have allowed interventions at all stages of the criminal chain: from the origin of the drugs to their reception on the European continent.

The first investigation focused on a network led by a Dutch citizen who had direct contact with high-level traffickers in Colombia. The individual, 56 years old, resided in Ibiza but frequently travelled to The Netherlands and other European countries. According to the authorities, he coordinated the entry of large shipments of cocaine into Europe with the active support of his two sons.

The case came to light as a result of information obtained from the encrypted platform Sky ECC, a tool widely used by criminal organisations and which has been key in numerous European investigations. Based on this data, the Dutch police deployed surveillance operations, intelligence analysis, and wire-taps that allowed for the identification of ongoing attempts to coordinate new shipments.

The network was linked to six cocaine shipments intercepted in the United Kingdom, Spain and the Netherlands. On 2 December 2025, the main suspect was arrested in Ibiza, while his children, aged 31 and 23, were arrested in The Hague and Haarlem.

Major Brazilian operation against large-scale maritime trafficking

The second operation targeted a Brazilian criminal organisation specialised in large-scale maritime cocaine transport in Europe. The group was responsible for acquiring vessels, training crews, and modifying fishing boats to hide the drugs.

The routes used included departure points on the Brazilian coast and an intermediate stage in West Africa, before the final transfer to European waters.

A key moment in the investigation took place in November 2024, when Portuguese authorities, in collaboration with the Brazilian federal police and authorities from Cape Verde, intercepted a Brazilian-flagged fishing vessel off the west coast of Cape Verde. 1.6 tonnes of cocaine were found on board and six crew members were arrested.

Subsequently, in September 2025, law enforcement dismantled the European branch of the network, with 37 arrests in Spain, including the person responsible for the logistics infrastructure. Finally, on 11 December 2025, a coordinated operation in Brazil culminated in eight new arrests, including two high-value targets, and the seizure of assets worth over 1.5 million euros.

Greek criminal network and at-sea transfers

The third operation targeted a Greek criminal network that used the at-sea transfer method for cocaine trafficking. The group deployed a fishing vessel that left Greece, travelled a route passing through West Africa, and crossed the Atlantic to pick up a shipment from Latin America.

On 14 December 2025, authorities arrested ten suspects: five crew members at sea and five individuals in Greece, including one high-value target.

The key role of Europol and international cooperation

In both cases, Europol acted as the central hub of international cooperation, facilitating the exchange of information, providing analytical support, and coordinating operational meetings among the involved countries. Other key agencies such as Frontex and MAOC-(N) also participated, especially in maritime operations.

These actions are part of the broader European Union strategy against organised crime, coordinated through the EMPACT platform. The cases demonstrate that only through sustained, multilevel, and transnational cooperation is it possible to effectively tackle the structures that support cocaine trafficking to Europe.

_____

Aquest apunt en català / Esta entrada en español / Post en français

For more than fifteen years, Vyacheslav Penchukov – known in the digital underworld as Tank– was one of the most enigmatic and sought-after figures in international cybercrime. Charismatic, unpredictable, and astonishingly sociable, Penchukov did not stand out for exceptional technical skill, but rather for an innate ability to gain trust and build networks of collaborators. From Englewood prison in Colorado, where he is serving two nine-year sentences, he has given his first extensive interview, revealing unprecedented details about the operations, alliances, and mindset of the cyber gangs that have sown global chaos for two decades.

The story of Penchukov begins far from the Rocky Mountains that surround Englewood. In Donetsk (Ukraine), teenage hacking began by looking for tricks for video games such as FIFA 99 or Counter-Strike. Over time, this informal learning led him to head Jabber Zeus, a group that, in the late 2000s, used the sophisticated malware Zeusto infiltrate bank accounts of companies, municipalities, and NGOs. In just three months, more than 600 British victims lost over £4 million.

Tank was then a twenty-five-year-old man living among luxury German cars, late-night DJ sessions, and a secret office where he and his team stole money during six or seven-hour shifts. As explained, at that time cybercrime was easy money: unprotected banks, overwhelmed police, and a digital world that was poorly prepared.

But the party ended when the FBI intercepted their conversations on Jabber and discovered their identity from a banal detail: the birth of their daughter. An international operation, Trident Breach, resulted in multiple arrests, but Tank escaped thanks to a tip-off and the speed of his Audi S8 with a Lamborghini engine. After hiding for a while, he tried to reform himself by managing a coal business. However, the constant bribery of Ukrainian officials and the impact of the war in the Donbass pushed him back into criminal activity.

Starting in 2018, Penchukov returned with more strength, now immersed in the ransomware ecosystem, a business much more lucrative than traditional bank robbery. He was part of well-known groups such as Maze, Egregor, Conti, or IcedID, specialising in infecting corporate systems, extorting companies, and even hospitals. In his opinion, the profits could reach $200,000 per month, although there were rumours of million-dollar ransoms circulating within the criminal forums.

The hacker community, as explained, operates on a herd mentality: when a group achieves an exceptional haul, hundreds of imitators launch similar attacks without considering the human consequences. And for many of these offenders, victims are just numbers, and the damages are matters covered by insurance.

One of the most controversial aspects of his testimony is the natural confirmation that several ransomware groups maintained regular contacts with Russian security services, including the FSB. This hypothesis had already been pointed out by multiple Western agencies, but Tank describes these connections as common practice.

He also speaks of his former relationship with Maksim Yakubets, alleged leader ofEvil Corpoand subject of a $5 million bounty. They were friends, going out together in Moscow, and Yakubets, apparently obsessed with showing off his wealth, was surrounded by bodyguards. But when Yakubets was arrested in 2019, the cybercrime community turned its back on him. Penchukov claims that he himself avoided it out of fear of being related to it.

The capture of Penchukov in 2022 was worthy of a film: an operation in Switzerland with snipers on the rooftops, hooded agents, and his children as unwitting witnesses. He still considers that the operation was excessive, but the thousands of victims who have lost savings, jobs, or stability would likely disagree.

In Englewood, Tank spends his days studying languages, playing sports, and obtaining secondary school qualifications. In the final stretch of his confession, Penchukov admits that his downfall came from the very collaborators with whom he had shared fortune and risk. In cybercrime, he says, you can’t have friends. Everyone distrusted everyone; many, when they were arrested, became informants. Paranoia is the only constant in the criminal world.

Now, as he awaits a possible sentence reduction and faces a restitution order of $54 million, Tank looks back with a mix of pride, nostalgia, and justification. He speaks of the past with an almost romantic tone, like a distant adventure. But the traces of his legacy—ruined businesses, paralysed hospitals, affected families—still live on.

_____

Aquest apunt en català / Esta entrada en español / Post en français