El Salvador’s fight against las maras results in 20,000 arrests in one month

El Salvador’s president, Nayib Bukele, declared a state of emergency in March of this year to combat maras (gang) violence. It was extended for an additional 30 days in April. The police and military have arrested 20,421 suspected maras members in just 33 days since the beginning of the state of emergency. The courts have also remanded 9,672 defendants in custody. The state of emergency allows detainees to be held for up to 15 days without justification, as opposed to the 72-hour limit under normal circumstances.

As reported by the newspaper La Razon America, the Salvadoran president is trying to put an end to the flood of murders in recent months and the control that these powerful criminal gangs, such as Mara Salvatrucha or Barrio 18, exercise in several areas of this small Central American country of 6.4 million inhabitants. The murder of 87 people during the last weekend of March was the last straw for Bukele.

Salvadoran police and military have spent nearly two months arbitrarily arresting “terrorists” without warrants and based on suspicions only. These indications include having a criminal record, tattoos from gangs such as Mara Salvatrucha or Barrio 18, or other marero tattoos. The escalation of homicides in recent months is evidence of growing insecurity in the country.

After the most violent days in El Salvador since the end of the civil war 30 years ago (1979-1992), the Salvadoran Congress gave the go-ahead for the suspension of the right to defence, freedom of association and the inviolability of correspondence without a court order. Salvadoran media and security experts explain the drastic increase in violence in the country by the breakdown of a secret pact between the Bukele government and the Salvadoran maras. However, Bukele has always denied the existence of such an agreement.

Nayib Bukele is the president with the highest popular support in the region, with 76% approval according to M&R Consultores. He justified the state of emergency with the estimated 70,000 members of maras who commit crimes and fight among themselves for control of extortion and drug trafficking operations.

The UN High Commissioner for Human Rights and Amnesty International Americas have shown much concern about mass arrests, especially in the areas most controlled by the maras. They have also condemned the cruel, inhumane and degrading treatment of suspects piled up in El Salvador’s precarious prisons.

Nayib Bukele rejected criticism from these international organisations for alleged human rights violations. He even went so far as to declare that, if they defend the members of the maras so much, they should take them back to their countries. The president is trying to justify the prohibition of graffiti or any other visual expression that explicitly or implicitly conveys messages about the maras that control various areas of the country. The police union has denounced the police chiefs for demanding daily quotas of detainees from their agents in the fight against maras.

Amnesty International has once again rejected the measures imposed by the Salvadoran government that prohibit the media from reproducing and transmitting messages or communiqués from maras that could generate panic in the population. This could lead to imprisonment of journalists solely for reporting on gang-related activities. Amnesty also condemns the fact that prisoners may be held without sufficient food and air and that children between the ages of 12 and 16 may be sentenced to up to 10 years in prison without the right to defence.


Aquest apunt en català / Esta entrada en español / Post en français

Europol action day against migrant smuggling

An operational task force (OTF), directed by the German Federal Police and coordinated by Europol, targeted some of the most dangerous migrant smugglers in the entire European Union. The OTF Pathfinder involved law enforcement authorities from Austria, Germany, Hungary, Romania, Serbia and the Netherlands, resulting in the opening of 39 new investigations. The Action Day resulted in the arrest of two high-value targets, 12 house searches and the seizure of more than 80,000 euros in Germany and France.

Investigations by the operation’s task force have so far led to:

  • 8 high-value targets arrested and 3 subject to a European Arrest Warrant (2 in Austria, 7 in Germany, 1 in Hungary and 1 in Romania)
  • 127 arrests of facilitators (63 in Austria, 19 in Germany, 15 in Hungary, 25 in Romania, 4 in the Netherlands and 1 in Serbia)
  • 916 smuggling incidents detected (600 in Austria, 262 in Germany, 26 in Hungary, 22 in Romania, and 6 in the Netherlands)
  • 151 house searches (37 in Austria, 70 in Germany, 17 in Hungary, 25 in Romania and 2 in the Netherlands)
  • Seizures of various assets for a total value of approximately 900,000 euros

The OTF Pathfinder, set up at Europol in August 2021 and initiated by Germany, targeted some of the most dangerous migrant smugglers active throughout the EU. These Europol high-value targets, primarily Syrian nationals, had global connections to source, transit and destination countries. Europol checked its databases and found that these suspects are already linked to more than 150 investigations.

Since the launch of the OTF Pathfinder, national law enforcement authorities have opened 39 new investigations related to these 14 individuals. One of these connected investigations led to the arrest of one of the high-value targets by the Italian Financial Corps, backed by the Albanian police and the Hellenic police. Another led to the arrest of 18 suspects in Romania. The suspects were paid between 4,000 and 10,000 euros, despite smuggling and housing migrants in extremely poor and often life-threatening conditions.

Investigations revealed that those arrested facilitated the smuggling of at least 10,000 migrants, mainly of Afghan, Pakistani and Syrian origin, into the EU. Europol facilitated the exchange of information and developed a large number of intelligence analysis products, which help national authorities to connect these large-scale cross-border criminal activities, identifying perpetrators and detecting ongoing smuggling activities.

Investigations uncovered that these suspects were managing a large-scale smuggling business, making use of the same logistics, accommodation and travel arrangements. They used loading docks of lorries, closed vans and personal cars to move migrants from Turkey through the Western Balkan region, Romania and Hungary to Austria, Germany and the Netherlands. Payments were mainly made through the so-called hawala financial system.

The suspects used social media platforms to advertise their illegal business and to persuade migrants’ relatives that the smuggling was safe. Typically, facilitators must build trust among migrant communities in order to recruit as many people as possible.


Aquest apunt en català / Esta entrada en español / Post en français

Major cross-border operation against cocaine lords in Europe

Joint actions of the Belgian Federal Police in Antwerp (Federale Politie Antwerpen), the Dutch National Police (Politie), the German Regional Police (Landeskriminalamt Niedersachsen) and Federal Police (Bundeskriminalamt / BKA), coordinated by Europol, led to the identification and prosecution of the main European High Value Targets who import large quantities of cocaine to the European Union from South America. The Paraguayan National Anti-Drug Secretariat (SENAD – Secretaria Nacional Antidrogas) also participated in the operation.

This operation targeted the European and South American drug and money-laundering infrastructure of a large-scale trafficking network, with which the operation already had great success in February 2022 with the seizure of 34 tonnes of cocaine in Belgium and Germany.

Europol facilitated the exchange of information and worked with intelligence studies and data based on criminal analyses, which allowed a detailed picture of the operations of the networks across countries and continents to be obtained.

The action day on 20 April 2022 led to:

  • Over 35 locations searched by the police.
  • 17 arrests (5 in Belgium, 11 in Germany and 3 in The Netherlands).
  • Seizures in Belgium, Germany and The Netherlands, including electronic devices, documents, four vehicles, luxury watches and properties, including four apartments, as well as bank accounts and cash with a total value of 5.5 million euros.

These operational activities are the culmination of a parallel investigation by Belgian, Dutch and German law enforcement authorities into a criminal network trafficking shipments of several tonnes of cocaine from their countries of origin to Europe. The operation began in February 2021 when the police authorities of the ports of Hamburg and Antwerp seized a total of 34 tonnes of cocaine in 3 shipments linked to this criminal network. During the investigation, the cooperating authorities discovered that this criminal group had the capacity to send multiple shipments of several tonnes of cocaine to Europe in just a few months.

The command and control centre of the traffickers and the European targets behind it were headquartered in Dubai. From there, they managed the cocaine trafficking from their own production infrastructure in Bolivia. Logistical and supply lines were also identified in Paraguay.

The leaders of the criminal network used encrypted communication to organise their large shipments. The coordination of the several tonnes of cocaine trafficked was intercepted as a result of taking down the Sky ECC encrypted communications platform in 2021. This also led to the discovery of a large network of legitimate businesses created to allow the import of drugs from South America and the laundering of related revenue. For example, to enter the EU, the cocaine was hidden in shipments of bananas, coffee and plaster.


Aquest apunt en català / Esta entrada en español / Post en français

European operation against a network that forced homeless people to practice begging

Authorities in Austria, Germany, Hungary and Romania have dismantled a particularly violent family-based criminal network that exploited homeless people.

An investigation by the Upper Austrian Regional Criminal Office (Landeskriminalamt Oberösterreich), the Austrian Federal Police (Bundeskriminalamt), the German Bavarian State Police (Polizei Bayern), the Hungarian National Police (Magyar Rendorseg) and the Romanian Police (Poliția Română), with the support of Europol and Eurojust, led officers to dismantle an organised crime group involved in human trafficking for forced begging. The criminal network was particularly violent and abused extremely vulnerable individuals.

Thanks to the investigations, a police action day was held in early April of this year, which resulted in the following:

  • 7 locations searched (1 in Austria, 2 in Germany, 1 in Hungary and 3 in Romania).
  • 4 arrests (1 in Germany, 1 in Hungary, 1 in Austria and 1 in Romania).
  • Seizures of telephones and other electronic devices, more than €90,000 in cash and 9,400 RON in cash, as well as 1 kg of gold.
  • Two victims, who died during the operation of the criminal network.

Since 2017, national authorities in the four countries in question have been investigating this organised crime group based on family ties. This has included the investigation of group members of Romanian and Hungarian origin who trafficked and exploited people, with victims in Austria and Germany. The victims of Hungarian and Romanian origin were particularly vulnerable as a result of alcohol addiction and homelessness.

These people were forced to beg at specific locations in various cities, such as the German cities of Ingolstadt, Nuremberg and Berlin and the Austrian cities of Feldkirch, Linz, Bad Hall and Stayer. They were totally dependent on the criminal network and their documents were seized upon arrival in foreign countries where they did not speak the language. The criminal network provided them with a sandwich or just enough alcohol to survive the day, while earning more than 200,000 euros from the victims’ activities. These individuals were subjected to inhumane treatment and living environments and suffered violent behaviour at the hands of the suspects.

Two of the victims died from health-related problems while being exploited in extremely degrading conditions. The criminal gang also forced an equally vulnerable person to work at their house and treated them as a domestic slave.

Europol facilitated the exchange of information and provided analytical support in this investigation. On the action day, Europol deployed a virtual command post to enable real-time information exchange between investigators, Europol and Eurojust.

Eurojust had set up a joint investigation team between Germany, Hungary, Romania and Europol in 2021.

In 2017, the European Council decided to continue the EU policy cycle for the 2018-2021 period. It aims to address the most significant threats posed by organised and serious international crime to the EU. This is achieved by improving and strengthening cooperation between the relevant services of EU member states, institutions and agencies, as well as non-EU countries and organisations, including the private sector where relevant. There are currently ten EMPACT priorities. As of 2022, the mechanism becomes permanent under the name EMPACT 2022+.


Aquest apunt en català / Esta entrada en español / Post en français

Extensive cross-border operation against human traffickers in France and Romania

The French National Police (Police Nationale), the Romanian Police (Poliția Română) and the Spanish National Police (Policía Nacional), with the support of Europol and Eurojust, dismantled a criminal network involved in human trafficking for the purpose of sexual exploitation. For the purposes of this investigation, Europol set up an operational task force that led to the identification of the leader of the criminal gang.

The police action day on 22 March of this year resulted in:

  • 16 house searches (10 in France and 6 in Romania).
  • 7 arrests (2 in France and 5 in Romania, including one high-value target identified by the law enforcement authorities involved).
  • 32 victims identified, mostly Romanian nationals (13 in France and 19 in Romania).
  • The seizures included digital equipment and mobile phones, cannabis from an indoor laboratory, luxury vehicles and more than 23,000 euros in cash.

From the evidence collected during the investigation it seems that the criminal network had been active since 2014. The members of the criminal gang manipulated their victims into prostitution for the financial benefit of the criminal network.

The modus operandi was to target vulnerable victims in financially and emotionally unstable situations with the so-called “lover boy” method. The criminal network recruited them with false loving relationships, seduced them with expensive gifts and promises of a better life abroad and forced them to continue working by using threats and acts of violence against them or their family members. Using this technique, the criminals pocketed more than 400,000 euros by exploiting vulnerable victims from Romania.

Investigators have already identified 28 victims exploited by the gang in France. Evidence indicates that the criminal network channelled about €1.3 million in illegal proceeds to Romania through money transfer companies and transferred more assets via cash couriers.

This money comes from 250 localities in 25 different states. 80% of the money transfers were made from internet cafes in Barcelona and were addressed to the organisation’s leaders in Romania. Subsequently, they laundered the criminal proceeds in Romania through investments in real estate and luxury goods. They also used part of the illegal profits to finance various criminal activities.

In 2020, together with France, Spain and Romania, Europol set up an operational task force to jointly target this criminal network. The specific set-up of this task force allowed investigators to easily identify the modus operandi of the criminal group and use the information gathered to identify the leaders and their associates.

Europol coordinated the operational activities, facilitated the exchange of information and provided analytical support. It also deployed an expert to Romania to cross-check operational information in real time and support the investigators on the ground.

Eurojust created a joint investigation team (JIT) between France and Romania. Five suspects were arrested as a result of five European arrest warrants.


Aquest apunt en català / Esta entrada en español / Post en français

Migrant smuggling activities increased significantly in 2021

The increase in digitalisation brought about by the COVID-19 pandemic has significantly influenced the functioning of all aspects of our society. Since the onset of the pandemic, criminals have adapted to the new rules and restrictions and, as a result, have exploited the most vulnerable. Migrant smugglers have continued to thrive despite these changes and have adapted the way they recruit, transport and exploit victims. They are arguably more digitalised and highly adaptable.

In 2021, the role of digital technologies in migrant smuggling increased. Traffickers have expanded their use of social media platforms and mobile applications to offer their illegal services.

More digitalised than ever, they abuse social media platforms, mobile applications and encrypted communication tools to offer their services, organise their logistics and secure their profits.

The new report from Europol’s European Migrant Smuggling Centre (EMSC) takes a look at the operations supported by the centre in 2021 and the information collected. This report provides a clear picture of developments in these crime areas and looks at possible new developments. It offers recommendations to improve preparedness in the fight against these criminal activities that directly threaten the lives and dignity of victims.

These are the highlights of the European Migrant Smuggling Centre’s activities in 2021:

  • 6,139 new cases of human trafficking detected with the support of Europol.
  • 55 on-the-spot action days with experts from Europol.
  • 1,246 operational reports produced.
  • 26 high-value targets identified.

Among the new developments highlighted by Europol, the following points are worth mentioning:

  • An increase in border crossings in the European Union and secondary movements within the EU.
  • Better use of digital technologies to facilitate both illegal immigration and human trafficking.
  • The increase in the number of arrivals has placed Cyprus ahead of Greece as the most prominent landing area in the Eastern Mediterranean.
  • The migratory pressure on the eastern border route via Belarus has influenced the increased presence of criminal networks that facilitate secondary movement along this route.
  • Smuggling activities on the passage by sea to Italy almost doubled, while the fare for this trip increased from 6,000 to 12,000 euros.
  • Increased poly-criminality of migrant smuggling networks active along the Western Mediterranean and West African routes.
  • The human trafficking process, including recruitment and logistical arrangements, is becoming increasingly digitalised.


Aquest apunt en català / Esta entrada en español / Post en français

100,000 new forms of mobile banking Trojans detected in 2021

Until recently, mobile malware was relatively rare. Today, the focus has shifted from computers to mobile phones. And the fact is that researchers have found nearly 100,000 new variants of mobile banking Trojans in just one year, as reported by Charlie Osborne from the technology website zdnet.

As our digital lives have begun to focus more on mobile phones than desktop computers, many malware developers have focused part of their targets on creating mobile threats.

The countries most affected by mobile banking Trojans are Japan, Spain, Turkey, France, Australia, Germany, Norway, Italy, Croatia and Austria.

According to Kaspersky, the Russian IT security company, it has been found that after a sharp increase in the number of attacks detected in 2020, the types of banking Trojans have reportedly started a certain downward trend.

Cybersecurity researchers added that this downward trend in mobile attacks in general is true, but this is paralleled by attacks becoming more sophisticated both in terms of malware functionality and vectors.

Many traditional infection routes remain viable, including phishing or downloading and running suspicious software, but it is also apparent that cybercriminals are infiltrating official app stores to lure mobile phone owners into downloading software that appears to be trustworthy.

This technique is often associated with the distribution of remote access Trojans (RATs). Although Google maintains security barriers to prevent malicious applications from being hosted among its applications, there are methods that circumvent these controls.

In 2021, for example, Malwarebytes found an app on Google Play disguised as a useful barcode scanner with more than 10 million active installs. Although the application was sent out as legitimate software, an update was issued after it accumulated a large user base that turned the application into a form of aggressive adware.

The same tactic can be used to turn seemingly benign applications into banking Trojans designed to steal financial data and account credentials from online services. In the mobile world, theft can occur by redirecting users to phishing pages or by performing overlay attacks, in which a window covers the screen of a banking application. Trojans can also quietly register their victims on premium phone services.

The banking Trojans responsible for the most detected attacks during 2021 were Trojan-Banker.AndroidOS.Agent, Trojan-Banker.AndroidOS.Anubis and Trojan-Banker.AndroidOS.Svpeng.


Aquest apunt en català / Esta entrada en español / Post en français

Online investment scam results in losses of more than 10 million euros

Authorities in Bulgaria have busted a big online investment scam responsible for losses in the region of €10 million, in which fraudsters operated through fake websites and call centres targeting victims in Germany and Greece.

Bulgarian judicial and law enforcement authorities, with the support of Europol and Eurojust, have dismantled a network of online investment fraudsters involved in money laundering.

On the day the police action took place, officers of the Bulgarian National Police (ГД Национална Полиция) arrested a suspect for defrauding investors, mainly Germans and Greeks. Twenty-four properties and premises were also searched, while 66 witnesses were interrogated in Sofia and Burgas. In addition, a variety of electronic equipment, financial information and recordings were seized.

Europol intervened with two experts on the ground to facilitate the exchange of information and provide real-time operational analysis and technical expertise. As for Eurojust, it coordinated the joint action day and provided cross-border judicial support. The national authorities deployed more than 100 officers and prosecutors during the action day.

The scam came to light after German and Greek investors filed complaints and reports saying that they had lost all the deposits in which they had invested. The organised crime group responsible had created websites and call centres that seemed to be legitimate but were in fact fraudulent.

The criminal activity was carried out by two call centres. While acting as financial consultants, the call operators – who spoke German, Greek, English and Spanish – contacted potential investors with promises of secure and juicy profits. As a result, several hundred people invested heavily, but ended up losing all their money.

Bulgarian authorities started their investigations at the end of 2019, while Eurojust set up a joint investigation team between Bulgaria, Germany, Greece, Serbia and Europol.

After five coordination meetings with Europol and Eurojust, the team members were able to identify the two fraudulent call centres in Bulgaria. The Bulgarian police, with the support of Serbian authorities, dismantled both centres on the police action day.

In 2020, a similar modus operandi was used in another case and a coordinated action day led to the dismantling of two more call centres.


Aquest apunt en català / Esta entrada en español / Post en français

Cybercriminals’ latest tactics: charging in return for not attacking

There has been a lot of talk lately about ransomware as a service and ransomware as a service attacks across supply chains. A new tactic is now being applied: “pay us not to attack you“, as reported by Howard Solomon on the itworldcanada website.

There are cases of attackers bold enough to launch attacks in which they ask for payment to stay away, according to Sumit Bhatia, director of innovation and policy at Rogers Cybersecure Catalyst, Ryerson University. With this tactic, they demonstrate to an organisation their ability to attack, but they do not go through with it. However, they warn the organisation that it must pay them in order to stop the full-scale attack. They generally do so with organisations that lack the resources or expertise to modify or adjust systems in time to prevent a future attack.

In parallel to this new form of cybercriminal action, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and its partners in Australia and the United Kingdom issued an alert due to an increase in sophisticated, high-impact ransomware incidents against critical infrastructure worldwide.

In this ransomware alert, the agencies noted that in the past year they had seen attacks against major critical infrastructure sectors, including defence, food, government, healthcare, financial services, energy and higher education.

If the ransomware criminal business model continues to generate financial returns for its actors, incidents related to these attacks will become more frequent.

The alert describes attacker behaviours and trends, as well as recommended mitigations:

  • Patch operating systems and corporate applications.
  • Secure and monitor remote access services used by employees and partners.
  • Require multi-factor authentication for as many services as possible.
  • Require the use of strong passwords, especially service, administrator and domain administrator accounts.
  • Use Linux security modules on systems running this operating system.
  • Segment networks.
  • Use end-to-end encryption in online communications.
  • Ensure that all backup data is encrypted.
  • Other actions that increase the system security.

Small businesses should not think that they will not be attacked. Attackers may go after small businesses that are partners with the larger companies they attack, either because they have valuable customer data or because of intellectual property.

These small businesses can enforce good cybersecurity if they focus on the basics: attackers look for easily exploitable vulnerabilities, including misconfigured systems. By simply making sure the basics are covered, such as having a solid program or being aware of their assets, they will be ahead of other companies that rely on advanced technology and ignore the fundamentals.


Aquest apunt en català / Esta entrada en español / Post en français

5 cybersecurity threats facing the world in 2022

With large investments in research and development, Bitdefender Labs discovers 400 threats per minute and finds 30 billion threats every day. It has now compiled a list of the top 5 cybersecurity threats for the current year:

1. Ransomware will continue to dominate the realm of threats and will become the most lucrative cybercrime, just as it was during the year 2021. In the case of the United States alone, the U.S. Treasury says it has involved a payment of $5.2 million in the last year alone.

It is expected that there will be an increase in the number of Ransomware as a Service (Raas) attacks focused on the exfiltration of data for extortion purposes, as well as the so-called stealthy malware which is kept inactive for periods of time before encrypting the data.

2. Sustained attacks by governments will have a major impact on society. Political tensions could have a big effect on the cybersecurity sphere as governments compete for digital supremacy.

It is likely that 2022 will be the year of cyber-attacks against critical infrastructures, seeking to disrupt not only public services, but also parts of the Internet. Similarly, hacking initiatives can be seen around the world, especially against states that provide cybercriminals with a safe harbour for digital crimes targeting U.S. or European institutions.

3. There could be an increase in supply chain attacks and zero-day vulnerabilities. Unlike other threats, supply chain attacks are quieter, harder to stop and spread faster.

4. Data breaches will result in an increase in commercial attacks. As personal information stolen in data breaches becomes more accessible to cybercriminals, spam campaigns will become much more targeted.

Scams during 2022 will likely capitalise on pandemic-imposed online recruitment processes. Cybercriminals may start impersonating companies to trick potential candidates and thus infecting devices through attachments.

In addition, cybercrime operators will likely use this remote work opportunity to recruit unsuspecting job seekers for illegal activities, such as money smuggling.

5. Internet of things (IoT), web infrastructure and black markets: this year is likely to see a significant increase in attacks on cloud infrastructures, including those hosted by Tier 1 providers.

An increase in black market activity in terms of trafficking illegal substances is also expected.


Aquest apunt en català / Esta entrada en español / Post en français