In a scenario in which the continuous technological evolution influences every action of our daily life, the effort of the Postal and Communications Police in the year 2019 was constantly directed to the prevention and contrast of cybercrime in general, with particular reference to the crimes of the main competence of this specialty.
CNCPO
The frenetic pace of technological innovations and new means of communication, following the spread of the Internet on a large scale and, in particular, the progressive spread of smartphones and tablets among minors, are just some of the elements that facilitate forms of aggression on the net towards childhood and adolescence, consequently resulting in a significant increase not only in crimes involving minors online, such as child pornography and cyberbullying, but also in the spread of other forms of aggression against them, such as self-harming conduct, so-called challenges (e.g. Blue Whale, Binge Drinking), etc.
Considering that one of the aspects of the web that characterize these phenomena, as well as all virtual communities, is the absence of borders and, therefore, supranationality, which implies the presence of users who connect from abroad with servers certified in other countries , the international cooperation activity, established over the years by the National Center for the Contrast to Childcare Online (CNCPO) through EUROPOL and INTERPOL, both with EU and non-European countries, is of absolute importance, as it allows an exchange investigative info, as well as sharing new investigation techniques and good practices in the matter.
In this context, the role played by the Postal and Communications Police is particularly important, particularly in the context of crimes relating to the sexual exploitation of minors online. 650 people were investigated in the current year.
The investigations relating to the phenomenon of online solicitation of minors, on the other hand, made it possible to investigate 180 subjects.
Among the aforementioned judicial police activities, 8 particularly significant operations were carried out, conducted by the territorial offices of the Specialty and coordinated by the Center, some of which were carried out in undercover online mode and resulted from reports received in the context of the cooperation activity international process carried out by the CNCPO which, together, allowed to investigate 151 subjects in a state of freedom.
A particularly insidious phenomenon that has made a breakthrough between young and very young is represented by stickers, a phenomenon in growing diffusion, which consists in sharing, on instant messaging platforms, free digital stickers, with offensive, violent, discriminatory, anti-Semitic content, as well as child pornography .
The instant messaging platforms offered users the possibility to use, alongside emojis (pictographic symbols, similar to emoticons and used in SMS, e-mails, as well as in social networks), packages of stickers made available by instant messaging systems which offer the possibility of creating personalized and modified ones from real photographs, through various free "Applications", available for IOS and Android.
In recent times, this type of service is receiving the consent of preadolescent and adolescent users, who, however, often make an improper use of it, spreading digital stickers with illicit content (child pornography, xenophobes, discriminators, etc.) and exposing themselves to responsibility penalties relating to the dissemination and dissemination of child pornography.
Currently, 7 cases of stickers treated by this Specialty have been detected, which ended with as many minors investigated for the dissemination and possession of child pornography.
In addition, among the most significant investigations initiated directly by the Center in the context of the crimes of sexual exploitation of minors, a complex operation, carried out in undercover mode online in the Dark Net, which allowed to arrest an 60 year old for detention of sexual exploitation material of minors, aggravated by the huge quantity, by the use of anonymization and encryption means, as well as by the particular violence of some images found, depicting sexual abuse of minors even at a very young age. The man was of particular interest, also at an international level, for the roles of administrator and moderator that over time he held in virtual pedophile communities.
At the same time, the most important activities coordinated by the CNCPO, together with the Departments of the Postal Police of Pescara, Turin, Venice, Udine and Catania, in the current year, are highlighted, which are as follows:
OPERATION "TANA DELLA LUNA"
The investigation was initiated by the Catania Postal Police Department and coordinated by the CNCPO, following the complaint of the mother of a minor who discovered, within the child's cell phone, a child pornographic video. The computer analysis of the telephone has revealed, within an instant messaging application, the presence of two groups of users, one of which is called "Tana della luna", from which the name of the operation is inspired, within which the participants took responsibility for the crimes of disclosure and possession of child pornography. At the end of the investigation, 51 personal and home search decrees were carried out on the national territory. It should be noted that 28 of the aforementioned search decrees were issued by the Public Prosecutor's Office for minors in Catania against minors who, through the aforementioned telephone application, distributed, disseminated, offered and sold images and video content child pornography.
The activity ended with 51 complaints.
LITTLE PLAYERS OPERATION
The investigation, coordinated by the CNCPO and conducted by the Postal Police Section of Udine, draws inspiration from the report presented by a priest to his former pupil who through his "Instagram" profile followed children and teenagers in provocative attitudes, which also presented on his profile photographic reproductions pedo. The Udine section carried out the computer search of the suspect and the analysis of the computer media found revealed the presence, on these media, of child pornography. Furthermore, the examination of the seized material allowed the operators to verify that the illicit material had been exchanged with other users of the well-known instant messaging service "KIK", where the subject used to access, also communicating in English.
From the results that emerged, a much broader and more complex investigation started, conducted in undercover mode, following which 36 subjects were identified who held and disseminated child pornography via links to cloud spaces where the aforementioned material was stored.
Therefore 36 searches were carried out, ordered by the Prosecutor of the Republic of Trieste, aimed at identifying the subjects responsible for these criminal conduct.
The activity ended with 35 reported and 1 arrested.
OPERATION "X-FORCE"
As part of an activity coordinated by the CNCPO and conducted by the Venice Postal Police Department, following reports from the Canadian police, computer traces have been developed that can be traced back to Italian citizens suspected of the crimes of disclosure and possession of child pornography, perpetrated online through the well-known instant messaging service "KIK".
The Prosecutor of the Republic of Venice has therefore issued 10 decrees of personal and home search against as many Italian users.
During the computer search carried out against an arrested person, self-produced material emerged to the detriment of three Italian minors.
The activity ended with 8 reported and 2 arrested.
DIRTY WARE OPERATION
As part of an activity coordinated by the CNCPO and the Postal Police Department of Pescara, on the recommendation of the Canadian police, computer traces have been developed attributable to Italian citizens suspected of the crimes of disclosure and possession of child pornographic material perpetrated on the Net through the known instant messaging services "KIK" and "Wattpad".
The Prosecutor of the Republic of L'Aquila has therefore issued 11 personal and home search decrees, carried out on the national territory, against as many Italian users.
The activity ended with 10 reported and 1 arrested.
"LOST NET" OPERATION
As part of an activity coordinated by the CNCPO and the Turin Postal Police Department, with methods also undercover, 11 personal and home search decrees issued by the Turin Public Prosecutor's Office were carried out, aimed at identifying Italian users who were responsible for the crimes of disclosure and possession of child pornography perpetrated on the Net. The undercover activity mainly took place on the Gigatribe circuit, as well as on the well-known instant messaging service "TELEGRAM", where the presence of treatment channels was found specific themes.
During the computer search, a large quantity of child pornography was found.
The activity ended with 6 reported and 5 arrested.
As regards the prevention activity carried out by the CNCPO through continuous and constant monitoring of the network, 46.077 websites were identified, of which 2.287 blacklisted and obscured as they presented child pornography content.
OPERATIONAL SECTION
As part of the crimes against the person perpetrated on the web, 288 people have been investigated since January for committing sexual extortion, stalking, harassment and threats on social networks.
Online defamations are steadily increasing, especially against people who hold institutional positions or who are known to the general public: 2426 cases treated and 738 people investigated.
514 cases of online blackmail have been reported since the beginning of the year.
Particular importance has assumed the activity of contrasting the revenge porn, a phenomenon in continuous growth, for which 24 people are investigated. Unfortunately, the data do not reflect the seriousness and extent of the phenomenon, due to the reluctance to report of many people.
Great efforts have been made to combat hate speech crimes: there are over 2000 virtual spaces monitored in 2019 for gender, anti-Semitic, xenophobic and far-right discriminatory conduct.
Online scams continue to grow: in 2019, over 196 thousand reports were received and processed, which made it possible to investigate 3620 people. Fraudulent conduct on e-commerce platforms has been increasingly sophisticated.
The so-called romantic scams have increased, which see victims of women aged between 40 and 60, surrounded by men known on the net and induced with sentimental stratagems to pay large sums of money to unscrupulous scammers.
There has been a significant increase in the phenomenon of scams linked to online trading: many network users, enticed by the prospect of easy earnings deriving from "safe" investments, have fallen into the network of skilled scammers and fake financial intermediaries investing hundreds of thousands of euros .
CNAIPIC
There is a clear increase in the activity to combat the cyber threat carried out by the National Anti-crime Center for the Protection of Critical Infrastructures (CNAIPIC), attested by the significant increase in the number of alerts directed to national critical infrastructures which, compared to 2018, has seen an increase by more than 30%, until reaching 82484 alerts.
The timely sharing of the so-called "compromise indicators" of the IT systems with the suppliers of essential public services made it possible to strengthen the tools aimed at protecting IT security, also guaranteed by the constant monitoring activity in contexts of interest.
CNAIPIC - National Cyber Crime Center as part of the overall National Information System for the Fight against Cyber Crime, SINC3 project financed with ISF funds, still in the completion phase and which aims to extend the cyber protection network even to the most sensitive realities of the Country, managed a total of 1181 significant cyber attacks, of which:
- 243 cyber attacks on Internet services relating to institutional sites and critical IT infrastructures of national interest;
- 938 cyber attacks targeting sensitive companies and local public administrations;
- 79 requests for cooperation within the "High Tech Crime Emergency" circuit.
Among the investigative activities conducted, in this context, there are 155 investigations launched in 2019 for a total of 117 people investigated.
The most significant activities include:
- EXODUS operation, where the CNAIPIC, together with the Carabinieri Ros and the Special Guard for Technological Fraud Protection of the Guardia di Finanza, has completed a vast operation that has allowed the acquisition of clues about the architecture and management criteria of that sophisticated infrastructure information technology to found the preventive seizure decree of the same infrastructure and of the companies of E-Surv srl and STM srl.
Until a few months ago, the data intercepted by the Exodus IT platform, used by several Italian investigative offices, all ended up in the Amazon clouds. The cybercrime pool of the Naples Public Prosecutor's Office (coordinated by the Chief Prosecutor Giovanni Melillo and the Assistant Prosecutor Vincenzo Piscitelli) requested and obtained the arrest of two people, for whom the precautionary measure of house arrest was ordered.
These measures were issued after innovative investigations, practically unique in Italy, which involved experts from the Postal Police (Cnaipic), the Carabinieri del Ros and the Special Protection Technology Fraud Unit of the Guardia di Finanza.
Law enforcement officers carried out numerous searches and seized dozens of IT devices in the offices of some companies (Ips spa, RPC spa, Innova spa and Rifatech srl) on behalf of which E-surv operated in subcontracting or as a supplier.
- LUX operation, in which CNAIPIC, as part of a long and complex investigation activity, carried out, with the help of staff from the Postal and Communications Police Department of Rome, the local and personal searches carried out against 9 people, that in competition between them had set foot a complex and articulated criminal activity.
At the top of the system 2 unfaithful ACEA employees, as well as some municipal technicians and specialized electricians. Corruption and fraud offenses contested for various reasons.
During the activities, carried out thanks to the collaboration of ACEA and the important contribution of the Company Protection and of the technical auditors of the Capitoline company, various sequestration measures were also followed up, with which as many counters were tampered with by the association. criminal, in the context of the services offered to "customers", in almost all cases commercial establishments (bars, restaurants, supermarkets), whose owners have been reported for corruption and fraud.
The investigation further revealed that several suspects also benefited from the altered systems, making up to 75% of actual consumption against the municipal capital, benefiting from totally abusive connections to the electricity distribution network.
- People1 operation, in which CNAIPIC has completed one of the most complex investigative activities in the fight against cyber attacks on institutional databases.
Hundreds of credentials for accessing sensitive data, thousands of private information contained in public administration computer archives relating to personal, contributory, social security positions and administrative data belonging to thousands of citizens and businesses of our country were massively subtracted from a dangerous group criminal. This was discovered by the specialized investigators of the Postal and Communications Police Service, who carried out an order for pre-trial detention in prison and proceeded to execute 6 search decrees on the national territory; various investigative agencies are also addressed.
The numerous clues collected during the investigations indicate the person in charge of the "system" as the main responsible for repeated attacks on the IT systems of numerous central and peripheral Italian administrations, through which he would have been able to illegally intercept hundreds of authentication credentials (userID and password).
The suspect was thus able to enter institutional databases, belonging for example to the Revenue Agency, INPS, ACI and Infocamere, true final objectives of the criminal activity, from these by exfiltrating precious personal data of unsuspecting Italian citizens and businesses . Reported on the loose for the same violations, 6 accomplices of the arrested, all in various capacities employed within known investigative and debt collection agencies operating in various cities of Italy.
For the execution of the restrictive and search measures, as well as for the carrying out of the preliminary information activity, the CNAIPIC made use of the collaboration of the staff of the Postal Police Departments of Rome, Milan, Naples, Venice, Genoa and the Section of Imperia.
With a view to effective operational sharing, the Center continued the stipulation of specific Protocols for the protection of national critical infrastructures: in this regard, 2019 new agreements were signed in 7 with the companies Alitalia, Istituto Poligrafico Zecca dello Stato, Cassa Depositi and Loans, E.ON, Assaeroporti, Fastweb and Italgas, in addition to the renewal of the existing agreements with CONSOB, the Department of Civil Protection and Vodafone.
It is also represented that similar forms of collaboration, within the scope of the SINC3 project, were initiated by the territorial offices of the Specialty with sensitive structures of local relevance, both public and private, in order to guarantee a widespread and coordinated IT security system .
cyberterrorism
In the context of the prevention and countering of international terrorism of a jihadist matrix and, in particular, of the phenomena of radicalization on the web, the staff of the Postal and Communications Police carries out daily monitoring of the web, supported by qualified linguistic and cultural mediators, the whose contribution, due to the peculiarity of the material and its multimedia contents present on the network, provides an added value of fundamental importance.
As known, in fact, the web takes on a fundamental role as a strategic tool for propaganda of the ideology of Daesh, for the recruitment of new fighters, for financing, for the exchange of confidential communications in the planning of attacks and for claiming them.
In this context, the Specialty has carried out both initiative and specific reporting activities, also thanks to the information received from citizens through the PS Online Commissariat, in order to identify the illegal content present in the spaces and online communication services. of all kinds, such as, for example, websites, weblogs, forums, boards, social networks and closed groups present on communication platforms.
The activity, functional to contrasting radicalization and cyberterrorism, led to the monitoring of over 32.170 web spaces and the removal of hundreds of contents.
It seems appropriate to highlight how the web monitoring activity carried out in the last few months by this Specialty has made it possible to ascertain how the current central structure of the Daesh propaganda apparatus, with more or less constant media production over time, appears to be constituted by various Media Centers persisting in the provinces of the Caliphate which, while in the past had their own communication channels, today rely on the so-called Supporter Generated Content for the dissemination of propaganda material.
It is, therefore, a structure based on a myriad of accounts, activated daily by individual cyber mujahids (supporters of the Caliphate in the media) or in an automated form through special structures dependent on the Daesh and responsible for maintaining media operations, to cope with the restrictive action implemented by the administrators of the Social platforms, with the aim of divulging online Caliphate magazines, updates on the activities of the fighters in the operational theaters, videos, documents, manuals or publications of leading exponents of the Islamic radical current, infographics of threat etc.
In order to counteract this communication strategy of the IS, personnel of the Postal and Communications Police Service participated in the "Action Days" which took place in November 2019 at the Europol headquarters in The Hague, and which involved, in addition to all the law enforcement agencies of the Member States, also the representatives of the major Internet Service Providers, including Telegram - which was the online service provider that received most of the requests for referrals and that its platform a significant part of the key players within the IS propaganda network - as well as Google, Files.fm, Twitter, Instagram and Dropbox.
In this context, therefore, the activities put in place made it possible to obtain a massive "take down" of thousands of groups, channels and accounts (many of which were the subject of previous abusive access and subsequent use as bots) which were subject to of prior reporting by law enforcement, as they are considered responsible for the publication of the sector weekly al-Naba.
In the same circumstance, moreover, through an important monitoring and Open Source Intelligence work, the cyber mujahid's attempts to react were analyzed, and the immediate contrast of the reconstruction tests of the IS online propaganda machine .
It is therefore clear that the transnational nature of the operations described, both for the international nature of the phenomenon and for the inherent structure of the network itself, determines the indispensable efficient activation of supranational cooperation tools that manage to bring undisputed added value to the prevention activities implemented by the various national police forces.
As further confirmation of the international projection of the Postal and Communications Police Service, as the national contact point of Europol's Internet Referral Unit (IRU) (Unit responsible for receiving from the Member States the reports relating to the contents of jihadist propaganda disseminated online and orient its activity), it seems appropriate to report the participation of its operators also in the "CBRNE Action Day", which always took place at the Europol headquarters at the end of November.
In detail, starting from the analysis of the tragic terrorist events that took place in Europe in recent years, starting from the attack on the Manchester Arena on 22 May 2017 to the recent episode of Halle (Germany) on 9 October, it was found that more and more often lone wolves (both jihadist and neo-Nazi) have resorted to explosives and armaments made following the instructions in manuals and guidelines published online.
In the "CBRNE Action Day" course, the joint operation was aimed precisely at identifying online manuals and terrorist-type "Tutorials", which explains how to prepare improvised explosive devices using radiological, biological, chemical and nuclear materials.
In detail, during the operation, the police identified over 1700 online resources of investigative interest that were reported to the Internet Service Providers for their removal and for obtaining useful evidence essential for the continuation of the investigation.
The joint operation also included additional investigative activities, also within the Dark Web, in order to identify the purchase and sale of materials necessary for the preparation of devices, with the subsequent analysis of suspicious transactions relating to the sale of chemical precursors on online platforms generic.
Still in the context of the fight against jihadist terrorism, it seems appropriate to also report the investigative activities carried out by the staff of the "Emilia Romagna" Postal and Communications Police Department of Bologna, as a result of which the Prosecutor of the Republic of Bologna has issued a local, personal and IT search warrant against a 24-year-old Tunisian citizen.
The investigations, resulting from the activity carried out by operators under cover of the Specialty in the field of countering cyber terrorism, led to the identification of a Whatsapp account, attributable to the suspect, inserted within groups of explicit support for ideologies of the Islamic State.
In relation to these facts, the Prosecutor of the Republic of Bologna has registered against the Tunisian citizen the hypothesis of crime of apology of crime in relation to the crimes of "Terrorism and crimes against humanity" committed by means of telematic tools.
And again, after the search, several smartphones were found, one of which contained the telephone user associated with the WhatsApp account and the various Telegram channels used for the dissemination of jihadist propaganda, also computer equipment in which there was material multimedia with the same tenor, as well as some Arabic manuscripts praising the Islamic State.
In the year that comes to an end, in addition to the aforementioned judicial police activities related to jihadist terrorism, the Postal and Communications Police recorded a significant increase in activities in the field of online propaganda linked to racist and xenophobic extremism, finding a trend of forums and discussions dedicated to the topic in constant increase.
This trend, which involved the "virtual" population of the whole globe, highlights a transnational dimension of the threat in question, just think of the Christchurch massacre - which took place on March 15, 2019 - in which 50 people lost their lives (while another 50 were injured) following the attack by a man who, motivated by supremacist ideologies, opened fire on two Muslim places of worship in New Zealand's third largest city, broadcasting the images live on Facebook.
Indoctrination, as in the case of jihadist radicalism, takes place also in this area almost always on the network, through a gradual self-training that begins with the display of content spreads of numerous boards, different from the main social networks.
Furthermore, within these boards, messages published by unknown persons are also used, through which terrorist actions are threatened (in most cases turned out to be fake).
On this point, moreover, it seems appropriate to highlight how, thanks to the good collaboration with the Federal Bureau of Investigation, operators of the Cyberterrorism Section of the Postal and Communications Police Service, have identified an Italian subject who, through the 4Chan platform, had threatened the execution in 30 August 2019 of a terrorist action on the Rome / Milan railway section; in particular, the investigators were able to carry out the search against the real author of the message on 29 August 2019, ascertaining the inconsistency of the threat.
And again, in the current year, thanks to the collaboration of the Departments of Florence and Perugia, two subjects were identified and investigated who, respectively, were the authors of an online message with which a mass murder was threatened in New York for the day November 26, and a message in which the author would have said that the next day he would become a killer and adding that the Columbine massacre - massacre occurred on 20.4.99 at Columbine High School in the USA, where many students were killed - by comparison it would have seemed like a joke.
Furthermore, in order to contrast the presence on Italian territory of groups having among their purposes the incitement to discrimination or violence for racial, ethnic and national reasons, the staff of the Postal and Communications Police collaborated with the Police Offices of Prevention for the execution of computer searches against over 28 subjects located throughout the country.
Following this evident increase in risk, there has also been a parallel increase in the level of attention at international work tables, and, within the EU Internet Forum, staff from the Postal and Communications Police Service contributed - together to representatives of the Member States and Europol, as well as some delegates of the major Internet service companies (including Facebook, Google, Microsoft, Telegram, Twitter, Snap, JustPaste.it and Dropbox) - to develop a protocol for European Union crisis aimed at combating and containing the rapid viral spread of terrorist content and violent extremism online.
FINANCIAL CYBERCRIME
With reference to financial cybercrime, the statistics of the current year record 4930 cases on a national level.
The phenomenon of phishing, aimed at the illicit collection of personal codes and sensitive data, has seen a significant increase especially through the use of malware and clone sites. However, there are also cases regarding the so-called "Vishing" (voice phishing) and "Smishing" (phishing through messages and sms).
The violation of the banking systems of individuals and companies sees an increase in the use of the so-called criminal techniques. Sim-Swap (see below).
The country's economic-productive fabric continues to be the subject of attacks known worldwide with the expressions BEC and CEO Fraud. The purpose of criminal organizations is to intrude on commercial relations between companies by diverting large sums to current accounts in the availability of scammers. Fraud business e-mail compromise or Chief Exeutive Officer fraud are the modern application of the attack technique called "man in the middle".
Despite the operational difficulty of blocking and recovering the proceeds of IT fraud, above all because they are sent to non-European countries (China, Taiwan, Hong Kong), thanks to the versatility of the OF2CEN (On line Fraud Cyber Center and Expert Network) platform for analysis and the advanced contrast of sector fraud, in the year 2019, the Specialty was able to block and recover at the source, out of a movement of € 18.763.446, a good € 13.544.042.
The platform in question, the result of specific agreements entered into through ABI with most of the banking world, allows to intervene in almost real time on the report, blocking the sum before it is pulverized in various streams of nominees.
In this regard, with reference to the phenomenon of cyber laundering, the recent international operation called "Emma5", coordinated by the Postal Police Service with the collaboration of 24 European Countries and Europol, aimed at identifying the so-called "money mules", first recipients of the sums deriving from computer fraud and phishing campaigns, which offer their identity for the opening of current accounts and / or credit cards, on which the illicitly acquired sums are then credited.
The transaction in question allowed 170 money mules to be identified and reported on the national territory.
There were 374 fraudulent transactions, for a total of around 10 million euros, of which around 3.5 million euros were blocked and / or recovered thanks to the information sharing platform called "OF2CEN", created specifically for the purpose of preventing and fight criminal attacks on home banking and e-money services.
Below, a detail of the most significant transactions completed by the Specialty during 2019.
1) In the BEC and CEO Fraud sector, an operation carried out by the Postal Police of Naples and Turin, coordinated by the Central Service, against a Campania-based company operating in the industrial gas marketing sector, for an amount of € 236.000,00, transferred from the victim's current account on balance of a commercial invoice, to a different account, in use by the cyber criminals who had replaced the real business partner.
The complex technological and financial checks carried out by the Postal Police led the investigators to a branch of the Italian Post Office in Turin, where a current account was opened in the name of a Nigerian citizen, residing in the Piedmontese capital.
From there, the money was then transferred immediately by the defrauders to an account in the name of the same Nigerian citizen, and again to a different payment card attributable to a woman, also of Nigerian nationality and residing in Turin.
Immediately after receiving the report, the Naples Postal Police seized all the aforementioned current accounts, managing to recover much of the amount stolen by the scammers.
Subsequently, at the end of the investigations, the colleagues of the Postal Police of Turin, the place where the tracks led, were promptly activated, who carried out a search against the two Nigerian citizens, finding in their possession all the current accounts instrument of money laundering. of the money proceeds from the crime.
A further operation, carried out by the Turin Postal Police, led to the arrest of two men, perpetrators of two distinct episodes of crime, recovering a total of over 380 thousand euros in illegal profits.
At the end of an articulated investigation made up of reconstruction of computer traces, stalking and data analysis, the investigators of the Specialty identified the perpetrators of the fraud, the first, a 43-year-old Liberian, at a bank in Settimo Torinese, caught in the attempt to divert the considerable sum of 370.000,00 euros to other current accounts, which he had collected just the day before as the result of a BEC fraud perpetrated against a company from Como, which should have received this money as payment for an important supply of furnishings for a US customer; the man arrested was finally subjected to the measure of the obligation to stay on the orders of the investigating judge.
The same fate fell to a Nigerian citizen, stuck while he was intent on withdrawing € 4.000 from his current account. The arrested with precedents for specific crimes was arrested.
The world of sport has also ended up in the coils of this type of online fraud. FITET, the Italian Table Tennis Federation, was in fact attracted to the sinister mechanism of computer fraud during an international tournament, which saw the participation of forty countries from all over the world, in which Italy would take part.
While the final preparations were underway for the organization of the transfer of the Italian team, two Italian subjects, skilled hackers, clandestinely entered the network of the Italian Federation, stealing the credentials to access the federal e-mail boxes, and succeeding in doing so. way to intercept all the communications exchanged between the various sports clubs.
To end under the lens of the hackers were, in particular the emails containing the data and the details to proceed to the payments for participation in the prestigious tournament.
In fact, stealing these data, the cybercriminals managed to steal the digital identity of the tournament organizers, and cleverly falsifying all the invoices relating to the registration fees, contacted the various sports federations and participating teams (including, in addition to the Italy, there were China, Poland and Hungary), convincing them of the need to make payments on completely false current accounts, opened with foreign banks and actually attributable to the two Italians, who, in a few clicks , had already grossed over € 30.000 in illicit profits.
Through technical activities and complex computer tests, overcoming the anonymization tools that hackers had used to camouflage their tracks, the men of the Postal Police quickly aimed the target at the two Italians, officially residing in Sanremo; stalked and tracked down in Turin, the two were subjected to searches, including computer searches, which made it possible to reconstruct all the evidence of the crime within the copious hardware and software material in their possession, then subjected to seizure.
2) In the phishing sector aimed at the illegal collection of bank codes, an operation was carried out by the Salerno Postal Police, with the coordination of the Central Service, which led to the arrest of a skilled computer fraud, who, in a very short time time, it had allowed him to appropriate almost 200 thousand euros stolen from the accounts of the unsuspecting victims.
The man, a 66-year-old Italian living in Scafati, acted according to a particularly insidious modus operandi.
Upstream was the abusive use of the computer credentials of credit cards and current accounts of unsuspecting victims. The activity of retrieving the credentials and personal data of users, as known, is unfortunately made possible today thanks to the use of multiple and sophisticated criminal techniques: ranging from massive phishing, implemented by sending emails with attachments containing viruses , to phishing carried out through fake internet sites on which the user is invited, by deception, to give their data, to hacking activities directed towards computer systems with the aim of exfiltrating packages of thousands of personal data of citizens and companies - then resold on the black markets of the darkweb - up to the more “traditional” but still current cloning of payment cards.
Having acquired the precious patrimony of access credentials and bank data, the dangerous defrauder illegally accessed the victims' online payment systems, starting different payment orders from their accounts, through online postal slips. Payment orders, in particular, originated from accounts that the defrauder had opened on behalf of additional unsuspecting citizens, victims of digital identity theft.
To further hinder the reconstruction of the tracks, payments appeared formally made payable to additional citizens, who were also completely unrelated to the scam.
From the criminal account, then, the money had already started to be further unpacked, on current accounts in Italy and abroad, in cyber laundering activities.
3) In the sector of violation of home-banking systems of individuals and companies, it is above all the fraud known with the term "Sim-swap" that characterized the investigative activities of the current year.
14 arrests were made by the Postal and Communications Police of Messina, Palermo and Reggio Calabria, with the coordination of the Central Service, during the Sim-swap Operation.
SWAP SIM is an advanced type of computer fraud divided into several steps. Once the victim has been identified, his home banking data and credentials are acquired through hacking techniques or social engineering; subsequently, using ad hoc falsified documents, the victim's sim card is replaced and, through the same telephone number, the credentials are obtained from the bank to operate on the online checking account.
In this specific case, having obtained the victim's personal data and telephone number, as well as the data of the current accounts and the related access credentials, the suspects, using a false identity document in the name of the victim, went to a dealer in order to ask the injured person to replace the SIM in use. The owner's SIM card was then disabled as it was replaced by the fraudulently activated one. The victim noted the failure of his SIM but generally did not immediately associate the event with an ongoing fraud.
Replaced the SIM, the perpetrators of the crime entered the computer system of the credit institution where the victim had turned on the current account, managing most of the time to reset the login credentials through a phone call to customer support, presenting himself as the owner account and answering various security questions. Once logged in, the suspects were enabled to operate on the victim's online bank account, arranging transfers and / or top-ups of prepaid cards in favor of other current accounts and / or prepaid cards in their availability, as they were specifically turned on by accomplices and figureheads, thus hindering the identification of the criminal origin of the sums.
During the investigation and observation of criminal association activities, thanks to the intervention of the operators of the Postal Police, numerous frauds were blocked, some of which amounted to tens of thousands of euros.
Another important operation concerned the insidious vocal variant of phishing, the so-called "Vishing".
With the Double-Vishing Operation, the Postal and Communications Police carried out 6 precautionary measures against a criminal organization, residing in the Neapolitan hinterland but operating throughout the national territory, whose members are under investigation for association crimes for crime aimed at the replacement of a person, aggravated theft and undue use of electronic payment cards.
The criminal organization proceeded according to a complex modus operandi that saw the members divided into specific and well-defined tasks. The first step was to carry out the theft of correspondence in Poste Italiane's distribution centers in central and northern Italy.
Within these correspondence collection centers, at night, part of the gang, with consolidated mastery, identified the dispatches containing credit and / or debit cards sent by credit institutions. Taking possession of the precious titles, an expert group of "telephonists" came into play who put into practice the technique of Vishing (Anglo-Saxon Neologism obtained from the crasis between the words voice + phishing).
The group of "telephonists" called the various card issuing institutes and, presenting themselves as Marshal or Inspector of the Police Forces, stated that they had just seized a substantial number of credit cards found in the possession of criminals. By making peremptory and with the excuse of returning the titles in confiscation, the customer's telephone number was indicated.
This was followed by a complex activity of Social Engineering carried out by technical experts who took care of finding all the necessary information and data. Once the data had been obtained, the organization turned its criminal ability precisely towards the customers to whom, pretending to be employees of the bank, feared related problems in the activation of the title, finally succeeding, with persuasive abilities, in getting the PIN of the securities indicated.
The criminal association had its own "technical-financial apparatus" which dealt with equipping the associates with current accounts and prepaid cards with online functions. The criminals could thus monetize the proceeds of the undue uses that, withdrawn for cash on ATMs, then converged on prepaid instruments by recycling large sums of money on credit cards in possession of the various "money mules" managed by the group.
The illicit profit of this activity has brought more than one million euros into the coffers of the criminal organization. There are hundreds of cards affected by fraud.
4) In the sector of the fight against hacking, remarkable successes were obtained in the current year by the Specialty.
At a national level, with the Eclipse Operation, the Postal Police Service has carried out the largest police operation ever conducted in the field of combating the phenomenon of illegal IPTV. The Operation coordinated nationally by the Public Prosecutor of Rome, and internationally by the European Agencies Eurojust and Europol aimed to directly disarticulate the complex technological infrastructure operating internationally, responsible for the dissemination via the Internet, through numerous sites, of the signal illegally captured by numerous pay TV stations (Sky; DAZN; Mediaset; Netflix etc.).
An extremely accurate technical IT investigation on the diffusion of the streaming signals carried out by the Postal and Communications Police Service allowed to identify the foreign sources from which the "pirated" signal started.
Very powerful servers allocated abroad allowed the diffusion of the signal throughout Europe, to the point that the operational results involved the judicial authorities and the French police; Netherlands; Germany; Bulgaria and Greece.
The overall numbers relating to both the people involved are significant, around 5.000.000 users only in Italy; and to blocked IPTV 30, for an estimated turnover of over 2 million euros per month, which led to the identification of around 200 PayPal accounts, postepay, bank current accounts and wallet bit coins, which are still under investigation. In addition, over 200 servers and 80 domains were seized and 20 searches were carried out across Europe at company and provider offices.
At the local level, a second operation was carried out by the Postal Police in Palermo, reaching the identification of the managers of the well-known pirated IPTV "ZSAT", and disarticulating the IT infrastructure that allowed the abusive reproduction, via the internet, of the entire schedule Sky.
At the end of detailed investigations carried out by the Postal and Communications Police of Palermo and by the Prosecutor of the Sicilian capital, the circle tightened around a 35-year-old citizen of Palermo, whose home was identified and subjected to careful search.
In the bedroom of the suspect, the "Source" of the pirated IPTV ZSAT, consisting of 57 Sky Italia decoders, connected to devices for retransmission on the internet, was punctually found, for a round of end customers estimated at around 11.000 people all over Italy.
Just as proof of the extent of the illegal turnover, at the home of the suspect the men of the financial cybercrime section of the postal police found and seized, hidden in the toilets and in the garbage, well 186.900 euros in cash and a car professional banknote counter, gold bars, and two hardware "wallets" (virtual wallets) containing cryptocurrency in different currencies, whose overall value, certainly high, will be better estimated following further technical assessments.
Illegal IPTV is a complex and very insidious criminal world, managed by domestic and foreign organized crime, whose size and danger are not always those who use them prudent and whose effective criminal dimension is mainly dictated by the use of proceeds towards diversified criminal methods that directly harm citizens' interests.
In common sentiment it is believed that, after all, benefiting from a pirate system is not a crime, at best, little money is taken from a communication giant. But if you look at the phenomenon in its complexity, and not only in the single use, you realize that in reality an entire production system can be put in crisis. The most recent estimates in fact speak of damages for more than 800 million euros.