The Nigerian Police Force (NPF) has arrested 11 alleged members of a prolific cybercrime network as part of a national police operation coordinated with INTERPOL.
Arrested by officers of the NPF Cybercrime Police Unit and INTERPOL’s National Central Bureau (NCB) in Nigeria, many of the suspects are thought to be members of ‘SilverTerrier’, a network known for Business Email Compromise (BEC) scams which have harmed thousands of companies globally.
The ten-day Operation Falcon II (13-22 December) saw 10 NFP officers deployed from the Abuja headquarters to Lagos and Asaba to arrest target suspects identified ahead of time with intelligence provided by INTERPOL. Field operations were preceded by an intelligence exchange and analysis phase, where Nigeria used INTERPOL’s secure global police communications network, I-24/7, to work with police forces across the world also investigating BEC scams linked to Nigeria. The INTERPOL General Secretariat supported field operations 24/7, forensically extracting and analyzing data contained in the laptops and mobile phones seized by NPF during the arrests.
This preliminary analysis indicates that the suspects’ collective involvement in BEC criminal schemes may be associated with more than 50,000 targets. One of the arrested suspects was in possession of more than 800,000 potential victim domain credentials on his laptop. Another suspect had been monitoring conversations between 16 companies and their clients and diverting funds to ‘SilverTerrier’ whenever company transactions were about to be made.
Another individual was suspected of taking part in BEC crime across a wide range of West African countries including Gambia, Ghana and Nigeria.
“By alerting Nigeria to this serious cybercrime threat, INTERPOL enabled me to give the order to hunt down these globally active criminals nationwide, flushing them out no matter where they tried to hide in my country,” said Assistant Inspector General of Police Garba Baba Umar, Head of NCB Abuja and INTERPOL Vice President for Africa. “The outstanding results of Operation Falcon II have served to disrupt this dangerous cyber gang and protect Nigerian citizens from further attack. I encourage fellow African countries to also work with INTERPOL in ridding our continent of cybercrime to make the cyber world a safer place.”
With BEC fraud having both a cyber and a financial element, Operation Falcon II saw financial ‘pathfinder countries’ belonging to INTERPOL’s Global Financial Crime Taskforce (IGFCTF) – including Nigeria – work together on cross-border financial investigations linked to the operation.
The IGFCTF is now coordinating further action against ‘SilverTerrier’ bank accounts and sharing intelligence on the domain credentials of potential victims with member countries to prevent further fraud.
“Operation Falcon II sends a clear message that cybercrime will have serious repercussions for those involved in business email compromise fraud, particularly as we continue our onslaught against the threat actors, identifying and analyzing every cyber trace they leave,” said INTERPOL’s Director of Cybercrime Craig Jones. “INTERPOL is closing ranks on gangs like ‘SilverTerrier’; as investigations continue to unfold, we are building a very clear picture of how such groups function and corrupt for financial gain. Thanks to Operation Falcon II we know where and whom to target next.”
Led by INTERPOL’s Cybercrime Directorate in Singapore, Operation Falcon II was a cooperative effort involving IGFCTF, Nigerian law enforcement agencies, a range of INTERPOL expert teams and vital private partners Palo Alto Networks Unit 42 and Group-IB’s APAC Cyber Investigations Team.
Through INTERPOL’s Gateway initiative, Palo Alto Networks Unit 42 and Group-IB have contributed to investigations by sharing information on ‘SilverTerrier’ threat actors, and analyzing data to situate the group’s structure within the broader organized crime syndicate. They also provided key technical expertise consultancy to support the INTERPOL teams. Gateway boosts law enforcement and private industry partnerships to generate threat data from multiple sources and enable police authorities to prevent and investigate attacks in a timely manner.
The operation was developed as part of efforts to support joint operations in Africa with funding by the U.K. Foreign, Commonwealth and Development Office.