CastleCops® - 26 Arrests in Italy for Association to commit offences of Phishing

Guardia di Finanza
Comando Provinciale Milano
Gruppo Pronto Impiego Milano

PRESS RELEASE Milan, July 13th 2007

26 ARRESTS IN ITALY FOR ASSOCIATION TO COMMIT OFFENCES OF PHISHING.

THE TOP COMPONENETS ARE ALL FROM EASTERN EUROPE.

The first arrests ever in Italy having been carried out for association to commit crimes of phisings, the young hacker confesses: I used to send e-mails from Poste Italiane and entered into the current accounts of my victims from my laptop. The top components all come from Easten Europe.

The Provincial Command of the Military Financial Police (Guardia di Finanza) of Milan executed 26 Arrests Warrants for the people belonging to two criminal associations. These two criminal associations were connected through and made up of Italian and Foreign citizens, who were responsible of a series of deceptions of hundreds of users taking advantage of Home Banking Services, through techniques better known as phishing.

The operation, called “PHISH & CHIP“, allowed the Judicial Authorities to identify 18 Italian citizens and 8 foreign citizens from Eastern Europe, regularly living in our Country, who took advantage of the Home Banking Services’ personal access codes of the clients of “Poste Italiane” (holders of on-line bank accounts or PostePay Cards). The access codes were illegally wormed out through the answers given to the e-mails apparently sent by their Credit Institutions.

The investigation, coordinated by the Public Prosecutor of the Italian Court of Milan Francesco Cajani, is – as the Judge for the preliminary investigations Guido Salvini wrote in his order – “….. the first attempt to face the phenomenon of the criminal organizations apt to the systematic attempt of phishing in an organic manner, both from the investigative point of view and also contesting offences of association”.

The main responsible, arrested by the Military Financial Police, after an attempt of escape which lasted 12 hours, declared he was a data processing consultant who “helped” the Italian companies in the prevention of credit card frauds.

The information systems’ hacker of the group is 22 years old. During his questioning at the attorney’s office, which lasted most of the night, the latter confessed he had sent e-mails as if they were sent by Poste Italiane, and collected the access data on e-mail addresses of providers operating in Italy but with servers based abroad. Afterwards he entered the bank accounts of the defrauded people and emptied these bank accounts, transferring the amounts held on them on PostePay Cards activated by the members of the organization for this purpose.

The complex operation took off in February 2007 thanks to what was shown to be an elementary information system’s error, even for a criminal association committing Cyber Crimes, that is to say: using the same SIM card, even for only one single time, for the illegal activities via the Internet as well as for the conversations between the people taking part in this criminal association.

This mistake allowed the judicial Authorities to identify the head of the organization, who thought he could guarantee his anonymity thanks to the use of SIM cards for cellular phones which guaranteed anonymity because they were bought in shops in certain shops in Milan where it was not requested to show ones identity card or anyhow the controls foreseen by the Law were not carried out..

By using different explanations (anyhow, all credible reasons such as the transfer of the web site, technical reasons and even the update of the anti-phishing measures!), and therefore touching the psychological part of the users, also using texts, images and in many cases real clones of the original web sites, the holders were convinced of the authenticity of the messages and, through the indicated links connected – or thought they were connecting - to the web site of their bank to fill in the form through which they were requested to give their current account number and their password.

When they had the above mentioned data they were ready to empty the bank accounts. The withdrawal of the illegally transferred amounts was carried out by means of a particular mechanism: some of the members of the criminal organisation went to Italian and Foreign casino’s (mainly in Germany, Austria and Greece) and with the illegally “charged” cards purchased fiches for the maximum allowed amount. In this manner they managed to “monetize” 3.000 Euro per withdrawal (as opposed to the mere 250 Euro per withdrawal at bank ATM’s).

The illegal mechanism was uncovered thanks to a detailed investigative relationship between the “Fraud Management” of Poste Italiane and the militaries of the Guardia di Finanza [the Italian Financial Police], who monitored the activation of the PostePay Cards within the territory of Milan, and afterwards in the whole Italian territory, in real time.

The Arrest Warrants were executed in the Provinces of Milan, Brescia, Novara, Como, Firenze, Parma, Forlì and Pescara. During the searches carried out a massive quantity of material was seized: tiny laptops (Flybook, Tablet PC), external supports for the archiving of data, magnetic cards which can be used to create credit cards and ATM cards, hundreds of credit cards and prepaid cards of various bank institutions, false documents and last generation mobile phones.

These operations (as they are carried out with the use of numerous data processing systems, were carried out by the Military Financial Police along with the new Judicial Police Squad for Computer-Related Crimes set up by the General Attorney’s Office of Milan) also allowed the retrieval of numerous prepaid credit cards of the Banca Intesa (which some of the members of the criminal organization had operated with the day before at the Casino of San Remo).

It was this last Bank Institution which had become one of the “favourites” of the criminal organization as the monitoring of the activations carried out by Poste Italiane had made that channel more and more difficult to use.

In order to understand the criminal capacity of the two criminal organizations it is sufficient to say that just in the area of Milan and with the operations carried out at the damage of three BancoPosta current account holders the two organizations managed to steal their savings, amounting to more than 65.000 Euro, in just a few minutes. The investigators have already identified the Credit Institutions, based in offshore countries, where the organization used to “store” the hundreds of thousands of Euros (part of which have already been retrieved during the searches) earned though the above set out criminal operations.

Notwithstanding the excellent investigative results reached up to date, “It would be useful – the Judge for the Preliminary Investigations writes – to have a legislative innovation, which, just like the US did a few years ago, would foresee a specific crime of phishing which at present cannot be included in the computer fraud described by article 640 Ter of the Italian Code of Criminal Procedure, in order to prevent a “weak” offence like the simple fraud, foreseen by article 640 of the Italian Code of Criminal Procedure, to be contested for the initial phase of the illegal behavior of the Phisher, that is to say the sending of the e-mail with the request of information.”


	2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 142ppm 0.308s (0.035s) Making cybercriminals unhappy since 2002*