12 arrested for involvement in malware attacks against critical infrastructure

A total of 12 people who wreaked havoc around the world with ransomware attacks against critical infrastructure have been arrested as a result of a law enforcement operation involving at least eight countries.

The attacks are believed to have affected more than 1,800 victims in 71 countries. These cybercriminals are known to specifically target large corporations, making it easier for them to optimise their business.

The arrests took place at the end of October in Ukraine and Switzerland. Most of these suspects are considered high-value targets because they are being investigated in parallel in multiple high-profile cases in different jurisdictions.

As a result of the law enforcement action, more than USD 52,000 in cash was seized, along with 5 luxury vehicles. Computer forensic experts are currently examining various electronic devices to obtain evidence and identify new investigative leads.

All suspects had different roles in these highly organised criminal organisations. Some of these criminals used multiple mechanisms to exploit network vulnerabilities, such as various attacks, SQL injections, stolen credentials and fishing emails with malicious attachments.

Once on the network, some of these cybercriminals would focus on moving with criminal intent, deploying malware like Trickbot, or post-exploitation frameworks like Cobalt Strike  or PowerShell Empire, in order to remain undetected and gain further access.

The criminals would then enter the compromised systems undetected, sometimes for months, and investigate further weaknesses in the networks, before moving on to monetise the infection by deploying ransomware. These criminals have been known to deploy ransomware like LockerGoga, MegaCortex and Dharma, among others.

The effects of the ransomware attacks were devastating, as the criminals had had time to scan computer networks undetected.
 They then presented a ransom note to the victim, demanding that he pay the attackers in bitcoins in exchange for decryption keys.

It is suspected that several of the individuals arrested were responsible for laundering the ransom payments: they would channel the ransom payments in bitcoins through various services, before collecting the illicit proceeds.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Do black American motorists face heavier fines for speeding than the white ones in the United States?

In 25 States of the United States, motorists accused of speeding can face either a criminal charge or a traffic offence, and the type of prosecution brought is chosen at the discretion of police officers and the courts.

Using speeding data from 18 counties in Virginia over a period of nine years, researchers found large racial disparities in who was condemned for a criminal offence.

Black motorists stopped for speeding were nearly twice as likely as white drivers to be condemned for a criminal charge when their speed had been in the range qualifying for the most serious charge.

Among the motorists who had been driving at excess speed and who were condemned for a criminal offence, black drivers were likelier than white ones to be accused of a minor crime instead of a traffic offence.

In general, police officers reduced the possible accusation from a charge to a traffic offence when they were on duty in counties in which black motorists represented a larger share of drivers than in other counties.

Among drivers accused of an offence by law officers, black drivers were likelier than white ones to be condemned for a criminal charge by the courts.

So why was this the case?

  • Black motorists were less likely than white motorists to attend an obligatory court hearing.
  • Black motorists were less likely than white motorists to have a lawyer present in court.
  • Black motorists had a higher probability than white motorists of living in areas where drivers were allowed to pay in advance for charges rather than appearing in court (which results in an automatic condemnation for a criminal charge).

These three factors explained approximately four fifths of the racial disparities in the convictions.

The majority of motorists condemned for a traffic charge did not go to prison, but there are other repercussions.

  • Applications for jobs, housing and other services involve asking candidates to show whether they have a criminal record.
  • A criminal charge can count as part of an individual’s previous record if the person is sentenced for a new offence, a factor that increases the penalty for this charge.
  • Apart from this, the average fine and legal costs imposed for a criminal charge in Virginia were up to 120 dollars more than a traffic offence.
  • Some states suspend the driving licence of persons who do not pay the fines and associated taxes. (Virginia abandoned this practice in 2019.)
  • A criminal condemnation adds negative points to the driving record of an individual and can increase the cost of motor insurance.

Politicians could perhaps find fairer ways of enforcing the speeding laws.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Do we need to rethink the US intelligence strategy in regard to domestic terrorism?

Changes in the perception of the terrorist threat may bring the United States at a turning point. After two decades of an almost exclusive focus on the terrorist threat posed by the world jihadist organization and its supporters, the intelligence effort is now turning towards tackling domestic violent extremism. This may require rethinking the intelligence strategy.

Since September 11, the primary goal of domestic intelligence gathering has been to prevent terrorist attacks. This meant discovering and thwarting terrorist plots before they could be carried out. Fear of further September 11 attacks or even more alarming terrorist scenarios made prevention essential.

Rapid overseas action dispersed Al Qaeda’s leadership and intense international intelligence efforts reduced the possibility of new September 11. The United States has not suffered any other large-scale terrorist attacks from abroad. In contrast, self-produced jihadists, inspired by jihadist ideology, carried out low-level, albeit sometimes lethal, attacks. Most of these were isolated incidents. Moreover, most of the plots and almost all the attacks involved a single perpetrator who acted alone with limited capabilities and resources.

The campaign against self-produced jihadists is not a model for dealing with domestic violent extremists.

Authorities discovered and thwarted more than 80% of jihadist plots because local community councils, informant information or Internet data alerted the FBI or local police. Those who appeared to intend to commit violence were the subject of covert operations. In the twenty years after the September 11, U.S. jihadists killed a total of 105 people, including 49 in a single shooting at an Orlando nightclub. While each death is tragic, this was far less than many feared in the immediate aftermath of 9/11.

Unlike jihadists, national political extremists have a potential constituency. Jihadist ideology never gained strength in American Muslim communities. The jihadists were isolated, acting independently. In contrast, the beliefs that motivate American national extremists, especially those on the far right, are rooted deep in Norh-American society. Informants may be more difficult to find and political divisions could limit intelligence operations.

The legal campaign against domestic extremism is not an attack on beliefs, nor a crusade to root out anti-government sentiments or end racism. These are issues of national interest. The goal of intelligence is to prevent group violence.

But it seems that most terrorist threats come from individuals or small conspiracies outside of larger movements. The 1995 Oklahoma City bombing was carried out by one man and an accomplice, neither of whom acted in a larger organization. Most current terrorists in the West are solitary actors motivated by extremist ideologies, seeking recognition by outdoing previous spectacular attacks.

Several programs have been implemented to identify and deter people who appear to be on the road to violence, but the success of retail intervention as a preventive strategy has not yet been demonstrated.

The current circumstances are different. Prevention of violent crime remains a goal, but expectations may need to be moderated. While intelligence could be a critical component of the U.S. counter-terrorism strategy, there are reasons why it may also be prudent to return to a more traditional approach focused on investigating violent crimes and reporting perpetrators to justice.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Strategies for strengthening police health

While the creation of comprehensive police safety and welfare initiatives has clear benefits, many departments do not know where to start or how to expand their welfare programs. This area needs guidance on how to provide effective support to police officers and non-police personnel who have experienced trauma, in order to promote their long-term physical and mental health, to equip officers with emotional survival skills, and to overcome stigma and other cultural and psychological barriers to seeking treatment.

To meet these needs, in 2017 the Police Research Forum (PERF) was selected by the Office of Community Oriented Police Services (COPS Office) of the United States Department of Justice (DOJ) to implement and manage the police safety and welfare technical assistance project. As part of this project, PERF provided practical support and experience to three law enforcement agencies as they developed or expanded their officer security and welfare programs. This report is based primarily on PERF’s experience with these police agencies.

This publication is intended to provide departments across the country with a roadmap for creating their own wellness programs. The information contained in this professional handbook includes strategies for creating and improving wellness programs, encouraging participation in these programs, and normalizing the routine use of mental wellness services.

The purpose of the report is to provide guidance to law enforcement agencies on how to build and strengthen their welfare programs for their employees. Each chapter of this publication presents conclusions and recommendations on a topic that emerged as a common theme during evaluations. The report’s recommendations reflect the common challenges facing project areas and other law enforcement agencies across the United States.

For example, Chapter 1 discusses the basics of a comprehensive wellness program, including how to identify wellness needs and how to create a wellness committee.  Chapter 2 focuses on the development of programming for different types of well-being, including physical, mental, and emotional, financial, and spiritual well-being. These recommendations include, among others:

  • Evaluate various methods to encourage participation in fitness programs and determine which are most successful with the workforce.
  • Provide training on mental well-being to all new members.
  • Eliminate the stigma associated with mental health care and promote searching for help..
  • Identify and assist police officers who may be in crisis.
  • Create a mentorship program in which veteran officers are assigned to new employees to provide help and serve as a resource during their academic training, field training, and throughout the territory.
  • Train supervisors on how to identify the first indicators of acute stress or mental health issues.
  • Incorporate well-being and resilience into promotional tests to increase supervisor knowledge.
  • Train officers on identifying and resolving ineffective coping behaviours such as alcohol abuse.
  • Assess suicide risks among agents, promote healthy forms of stress control, and provide health strategies to prevent disease.
  • Provide information on financial well-being (e.g. budgets, retirement benefits, and financial savings).

_____

Aquest apunt en català / Esta entrada en español / Post en français

Fighting extremism in the US military

In recent years, news headlines have highlighted the involvement of current or former U.S. military personnel in protests against violence, in supremacist groups, in the U.S. Capitol insurrection, and other forms of extremist violence spread across the political and ideological spectrum.This was published in a recent study in the United States.

The threat of extremism is not new, but the proliferation of social media has made it easier for radical ideas to spread quickly and to organize extremist groups, even reaching the military community (e.g. members of the service, military spouses, military dependants, civilian employees and contractors) when looking to expand membership and gain operational capabilities.

The U.S. Department of Defense (DoD) has long banned members of the service from actively defending extremist activities.

DoD policy sets the expectation that commanders must detect prohibited activities, investigate them, and take corrective action. It is also up to the commanders to help minimize the risk by intervening early, mainly through giving advice.

In this perspective, a framework has been created to help commanders reduce the risk of extremism in the military.

First, highlights of extremist research are provided, including a framework for understanding these types of activities. Second, this framework is used to outline four strategies for reducing the risk of extremism in the military. And finally, a community-based approach is recommended, which leverages existing military programs to better support commanders as they fulfil their responsibilities in preventing and mitigating exposure to extremism within the military.

Recommendations

Five recommendations are provided to help create a strategy for supporting commanders in mitigating extremism on the military Internet.

Given the diversity of the U.S. military community, any policy or program designed to prevent or detect extremism should take into account the entire broad military community.

In 2019, there were more than 1.3 million active members, but also more than one million members of the so-called Ready Reserve, more than 200,000 members of the Reserve, almost 900,000 civilian DoD employees, more than 965,000 military spouses and well over 1.6 million member children.

Any member of these groups could adopt and promote extremist beliefs and act on them, including becoming active or passive members of extremist groups that promote racial supremacy, religious extremism, or specific social or political issues. 

Responding to the first signs of extremism is preferable to waiting until the first extremist states manifest themselves in ways that already directly affect military readiness.

Community service providers could also think of broader ways to counter the influence and impact of extremist groups. For example:

  • Provide general guidance on how to break cycles of outrage and hatred in managing personal relationships with friends or relatives who have extremist views or are involved in violent extremist groups.
  • Organize activities to dispel stereotypes and myths.
  • Organize real-time virtual questions and answers or sessions with reformed extremists to help understand the impact of extremism and how to break away from these groups.

Service providers could also alert leaders to signs of misinformation, recruitment and emerging groups which could pose a threat to the military community.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Australia questions the suitability of police stations for women

The wide-ranging debate on how to respond to violence against women in Australia has included proposals to install police stations for women, but researchers at several universities believe this move may be ineffective in addressing real issues, especially for women from indigenous communities.

Proposals to expand police powers, criminalize coercive control, and establish police stations specializing in women have been prominent in Australia’s recent debate on responses to violence against women.

There is currently no credible evidence to support the implementation of police stations for women and the research underpinning the proposal in Australia is problematic for a number of manners. The proposal to establish police stations for women has received strong support in the mainstream media and in academic journals.

These police stations would be designed to respond specifically to cases of violence against women. They have been a feature of Argentinian, Brazilian, and other Latin American countries police since the late 1980s, as well as in parts of Africa and Asia.

Some police stations for women take a multidisciplinary approach towards controlling domestic violence. They have teams of police officers working alongside social workers, psychologists and lawyers. Still, women’s police stations are still police stations.

The arguments in favour of police stations for women come largely from two university studies. These studies concluded that the public believed that women’s police stations could improve the monitoring of gender-based violence in Australia’s Indigenous communities if they had properly trained teams working from both a gender and cultural perspective.

But these investigations did not examine whether these police stations had reduced crime rates, domestic violence statistics, or arrest warrants for violence. It is difficult to assess the effectiveness of women’s police stations without this data. Evidence suggests that these police stations do not function properly.

Assessments of police stations for women have had mixed results. For example, a summary of recent evidence in India found that women’s police stations did not improve services for victims of gender-based violence.

Police studies in Australia and the United Kingdom suggest that simply increasing the number of female police officers will never be enough to improve discriminatory policing, as cases of transphobic abuse have been detected.

Despite female leadership in policing in Queensland, there have still been cases of sexism and racism among the police force, including cases where police officers were posting on social media that women lie about domestic violence. Moreover, Australia has found very little research on the experiences of black and indigenous women in female police stations.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Colombia is to inaugurate a university dedicated to security subjects

It is estimated that in Colombia there are over 380,000 men and women who work for private security firms performing duties as security guards. This is shown by the statistics collected by the country’s National Confederation of Private Surveillance Associations (CONFEVIP).

Those working in this field in Colombia are required to be of adult age, to have completed their military service, to have no criminal record and to have a certificate indicating a knowledge of private security questions.

It is for this reason among others that in the second half of this year a training university for security guards is to be inaugurated in Medellín. The new university will form part of the private security firm Andiseg, which plans to organise the training of the more than 1,500 workers operating in this sector throughout the department of Antioquia.

The aim of the new university is to keep security guards updated about the new technological tools that have been developed in the security field.

Miguel Ángel Díaz, the president of the security firm Andiseg, explained that applicants will be able to graduate from three different courses, each of which has been designed with a view to the requirements of the employment market in recent years and, in particular, now that the health and economic crisis has led to an increase of more than 7% in demand for private security services.

The persons who complete these courses will receive qualifications as professional technicians in private security, professional technicians in technological functions or professional technicians in the operation of drones and new technology, depending on the course that they choose.

With regard to these new tools, the company has indicated that the aim is for security firms to be able to offer more secure services in terms of the provision of security, through devices such as mobile phones, with products such as panic buttons and the geographical referencing of illegal activities or dangerous areas.

The aim is to introduce state-of-the-art technological innovations from the international security market. Artificial intelligence, blockchain and data mining will be made available to Colombians to make their lives safer and more secure, and to contribute to the country’s economic growth.

Migue Ángel Díaz detailed new services offered by Andiseg to combine security with technology: online escorts, virtual guards and Andicity.

An online escort is a cutting-edge escort that provides security in real time in the field of logistics, while a virtual guard represents a form of remote surveillance that shows the end user what is happening in their office, factory, field, etc., in real time. For this purpose drones, cameras and monitoring systems are used.

Finally, Andicity is a panic button that is managed through an app on which users can report robberies, thefts, accidents or other new developments, and also receive the support and assistance of security guards and supervisors.

_____

Aquest apunt en català / Esta entrada en español / Post en français

El Salvador expands its fight against the gangs with 1,000 more soldiers

A few weeks ago, the Government of El Salvador decided to assign 1,042 more members of its Armed Forces to security operations, working in conjunction with officers of the country’s National Police to reinforce its defence strategy against gangs and other forms of serious criminal activity.

This new detachment of 1,042 means that there is now a total of 9,000 soldiers taking part in what is known as the Territorial Control Plan. This strategic plan was introduced in July 2019, with the aim of recovering areas of the country controlled by gangs and reducing the number of murders and other related crimes.

This new contingent was assigned to patrol duties in areas with the highest levels of criminality.

It is currently estimated that there are some 60,000 gang members active within El Salvador, belonging to three dominant groups: the “Mara Salvatrucha (MS-13)”, the “Barrio 18-Sureños”, and the “Barrio 18-Revolucionarios”. The majority of murders taking place in the country are attributed to these three gangs.

In addition to this, El Salvador continues to be a transit point for drug traffic, since it transports its consignments to the United States and other countries, where the gangs play an increasingly active role, given that they control many areas of the country.  The gangs have developed from imposing extortion rackets on drug dealers in the areas they control to becoming direct distributors, in addition to being also consumers.

In late 2020 in the city of San Salvador, the authorities succeeded for the first time in dismantling a laboratory of metamphetamines owned by the MS-13 gang. To conceal its activities from the police, the laboratory had operated under the guise of a religious community. The level of consumption of amphetamines in Central America is higher than the global average, which represents a potential market that that the gangs can control in the future through their retail drug distribution networks.

It is currently considered that the gangs have established relationships with certain international drug trafficking organisations, offering a variety of services: guaranteeing security or even transporting the products themselves. They have probably come into contact with considerable quantities of drugs, thus entering directly into this line of illegal activity.

It is for this reason that the number of military contingents is being increased throughout the country. For example, at the start of the year 500 kg of cocaine were intercepted on board a boat sailing in El Salvador territorial waters.

_____

Aquest apunt en català / Esta entrada en español / Post en français

73 presumed people traffickers arrested in a pan-European operation

Between 31 May and 6 June 2021, Europol provided support for coordinated action on a European scale against the trafficking of persons for forced labour purposes. The operation, directed by the Netherlands, involved a wide range of public authorities, including police forces, Customs officers and border guards, labour inspectors and tax authorities. In total, 23 countries participated in the coordinated operations.

The week of coordinated action involved:

229 arrests (73 for people trafficking)

• 630 identified potential victims of different types of exploitation

• Over 4,890 proved locations

• 16,530 vehicles checked

• 56,250 persons checked

750 new investigations opened, 150 related to people trafficking.

The police authorities carried out checks in manpower-intensive sectors of activity that require only workers with low-level skills. Employees in sectors such as transport, logistics and the construction industry are more vulnerable to exploitation because of the lower level of education and awareness that they require in terms of labour rights and people trafficking. The economic impact of the COVID-19 pandemic has also reinforced certain feelings of vulnerability. For example, victims accept employment in working conditions that may threaten their health. The factors that endanger their health include mass labour environments, low levels of hygiene and an absence of health care.

The risks of exploitation vary depending on the sector. Transport companies give work to many nationals from third countries, who are exposed to the risks of exploitation linked to travelling in overtime periods and very low wages. Another objective of the checks was also the labour exploitation of domestic workers employed for 24 hours a day to look after persons or animals. Some sectors of employment such as nail-bars have been linked to the exploitation of victims of Vietnamese origin. Their vulnerability often increases due to the debt-slavery caused by their journeys to the European Union. The authorities also focused on the potential exploitation of migrants awaiting refugee status during their asylum application procedures. Another focus-point was the facilitators involved in people trafficking, specifically in relation to the use of false and fraudulent documents.

Europol coordinated the action days and facilitated the exchanging of information between the participating countries. It thus provided analytical and operational support on a 24/7 basis and facilitated the exchanging of communications in real time between the participating authorities.

_____

Aquest apunt en català / Esta entrada en español / Post en français

800 criminals arrested in biggest ever law enforcement operation against encrypted communication

The US FBI, the Dutch National Police (Politie) and the Swedish Police Authority (Polisen) in cooperation with the US Drug Enforcement Administration (DEA) and 16 other countries have carried out, with the support of Europol, one of the largest and most sophisticated law enforcement operations to date in the fight against encrypted criminal activities, an operation known as Greenlight / Trojan Shield.

Since 2019, the US Federal Bureau of Investigation, in close coordination with the Australian Federal Police, strategically developed and covertly operated an encrypted device company, called ANOM, which grew to service more than 12,000 encrypted devices to over 300 criminal syndicates operating in more than 100 countries, including Italian organised crime, outlaw motorcycle gangs, and international drug trafficking organisations.

The goal of the new platform was to target global organised crime, drug trafficking, and money laundering organisations, regardless of where they operated, and offer an encrypted device with features sought by the organised crime networks, such as remote wipe passwords.

The FBI and the 16 other countries of the international coalition, supported by Europol and in coordination with the US Drug Enforcement Administration, then exploited the intelligence from the 27 million messages obtained and reviewed them over 18 months while ANOM’s criminal users discussed their criminal activities.

A series of large-scale law enforcement actions were executed over the past days across 16 countries resulting in more than 700 house searches, more than 800 arrests and the seizure of over 8 tons of cocaine, 22 tons of cannabis and cannabis resin, 2 tons of synthetic drugs (amphetamine and methamphetamine), 6 tons of synthetic drugs precursors, 250 firearms, 55 luxury vehicles and over $48 million in various worldwide currencies and cryptocurrencies. Countless spin-off operations will be carried out in the weeks to come.

Operation Trojan Shield / Greenlight will enable Europol to further enhance the intelligence picture on organised crime affecting the EU due to the quality of the information gathered. This enhanced intelligence picture will support the continued effort in identifying high-value criminal targets on a global scale.

Criminal networks have a huge demand for encrypted communication platforms to facilitate their activities. However, the market for encrypted platforms is considered to be volatile. In July 2020, the EncroChat encrypted platform was dismantled by the Operational Taskforce EMMA (France, the Netherlands).

This operation provided invaluable insights into an unprecedented amount of information exchanged between criminals. After the takedown of Sky ECC in March 2021, many organised crime networks sought a quick encrypted replacement for a communication platform that would allow them to evade law enforcement detection.

_____

Aquest apunt en català / Esta entrada en español / Post en français