An operation coordinated by INTERPOL codenamed HAECHI-II saw police arrest more than 1,000 individuals and intercept a total of nearly $27 million of illicit funds, underlining the global threat of cyber-enabled financial crime.
Taking place over four months from June to September 2021, Operation HAECHI-II brought together specialized police units from 20 countries, as well as from Hong Kong and Macao, to target specific types of online fraud, such as romance scams, investment fraud and money laundering associated with illegal online gambling.
In total, the operation resulted in the arrest of 1,003 individuals and allowed investigators to close 1,660 cases. In addition 2,350 bank accounts linked to the illicit proceeds of online financial crime were blocked. More than 50 INTERPOL notices were published based on information relating to Operation HAECHI-II and 10 new criminal modus operandi were identified.
HAECHI-II is the second operation in a three-year project to tackle cyber-enabled financial crime supported by the Republic of Korea and the first that is truly global in scope, with the participation of INTERPOL member countries on every continent.
The operation also saw INTERPOL officials pilot test a new global stop-payment mechanism – the Anti-Money Laundering Rapid Response Protocol (ARRP) – which proved critical to successfully intercepting illicit funds in several HAECHI-II cases.
“The results of Operation HAECHI-II show that the surge in online financial crime generated by the COVID-19 pandemic shows no signs of waning,” said INTERPOL Secretary General Jürgen Stock. “It also underlines the essential and unique role played by INTERPOL in assisting member countries combat a crime which is borderless by nature. Only through this level of global cooperation and coordination can national law enforcement effectively tackle what is a parallel cybercrime pandemic.”
As INTERPOL looks to officially launch the ARRP next year, the organization’s financial crime unit is continuing to work with member countries to integrate the system into existing communications channels.
Far from the common notion of online fraud as a relatively low-level and low stakes type of criminality, the results of Operation HAECHI-II show that transnational organized crime groups have been using the Internet to extract millions from their victims before funneling the illicit cash to bank accounts across the globe.
In a single case in Colombia, a prominent textiles company found itself defrauded of more than $8 million through a sophisticated business email compromise scam. The perpetrators impersonated the legal representative of the company, giving the order to transfer more than $16 million to two Chinese bank accounts. Half of the money was transferred before the company uncovered the fraud and alerted the Colombian judicial authorities, which in turn quickly contacted INTERPOL’s financial crime unit through their National Central Bureau (NCB) in Bogota.
Leveraging the new ARRP network, international police cooperation channels were activated between INTERPOL bureaus in Beijing, Bogota and Hong Kong to freeze the transferred funds. Thanks to this new network, which streamlines police communication in international stop payment cases, over 94 per cent of the money was intercepted in record time, saving the Colombian company from bankruptcy.
In another case, a company in Slovenia was duped into transferring more than $800,000 to money mule accounts in China. Again, as the Slovenian Criminal Police opened an investigation and reached out to their foreign counterparts through INTERPOL and other channels, streamlined coordination through China’s INTERPOL NCB in Beijing allowed local authorities to successfully intercept and return the stolen funds to Slovenia in full.
Months of close collaboration between specialized police units around the world also generated significant intelligence on emerging trends in online financial crime. Based on information gained during Operation HAECHI-II, INTERPOL published multiple Purple Notices – international police alerts that seek or provide information on modus operandi, objects, devices and concealment methods used by criminals. The notices are then shared with INTERPOL’s 194 member countries so that police can exchange on emerging criminal methods and establish connections between cases.
One Purple Notice requested by Colombia during the operation details a malware-laden mobile application using the name and branding of the Netflix show ‘Squid Game’. Masquerading as a product affiliated with the popular television series, the app was in fact a Trojan horse virus that, once downloaded, was able to hack the user’s billing information and subscribe to paid ‘premium’ services without the user’s explicit approval. While flagged in Colombia, the app has also targeted users in other countries. The operation also benefited from the expertise of INTERPOL’s cybercrime capabilities to assist member countries in tackling the increasing threat of cyber-enabled fraud.