Takedown of infrastructure of call centres involved in online investment fraud responsible for losses of at least EUR 20 million
The Hague, 21 April 2022
At the request of the Estonian authorities, Eurojust and Europol have assisted the takedown of an online investment fraud scheme, which defrauded victims of at least EUR 20 million. Authorities in Finland, the Netherlands, Latvia, France, Germany and Ukraine supported the operation, taking place today, during which more than fifty servers and services were seized in six countries.
The perpetrators allegedly belong to an internationally organised crime group (OCG) that contacted victims by telephone and via the internet. They presented themselves as brokers of online trading platforms dealing in cryptocurrencies, to convince victims to make investments. In addition to the fraudulent offers, the perpetrators installed remote access programmes that allowed them to illegally access the victims’ computers and steal their banking credentials (bank card data, cryptocurrency wallet access information).
Once the victims joined the platform and made a payment, they were unable to withdraw any money. The web pages were eventually taken offline, or additional payments were requested in order to retrieve the original investment.
It is believed that more than 30 000 people from at least 71 different countries – at least 522 victims are registered in Estonia alone – have fallen victim to the criminal network.
The OCG used a large-scale IT infrastructure that included tens of virtual servers. The members of the network used computers in call centres to connect to the servers. Additionally, the OCG used several sophisticated, self-developed databases that included the overall digital footprint of the victims and anonymising services. This was necessary for the upkeep of the large-scale criminal activities and for hiding the criminal business model from law enforcement.
Eurojust facilitated judicial cooperation in this case by setting up and funding a joint investigation team (JIT). Two coordination meetings were organised to coordinate the national investigations and prepare for the action day. Europol provided analytical support to the investigations.
To support the action day on 21 April 2022, Eurojust set up a coordination centre to enable rapid cooperation between the involved judicial authorities. The purpose of the operation was to disrupt and paralyse the criminal activities of the OCG.
As a result, more than 50 servers were seized (taken down and data copied), in Finland, the Netherlands, Latvia, France and Germany.
The following authorities took part in this investigation:
- Estonia: North District Prosecutors’ Office and North Prefecture of the Police and Border Guard Board.
- Finland: National Bureau of Investigation
- The Netherlands: National Police Unit The Hague
- Latvia: International Cooperation Department of the Central Criminal Police Department of the State Police of Latvia
- France: Investigative judge from JIRS Lille (Interregional Specialized Jurisdiction); LION (Operational Investigative Laboratory for cybercrime) of the National Police DZPJ
- Germany: Prosecutor General’s Office Frankfurt am Main – Cyber Crime Center –, State Criminal Police Office Hessen
- Ukraine: National Police of Ukraine and Prosecutor General’s Office.