Police Arrest 1800 in Major Money Laundering Crackdown

European police have identified over 18,000 money mules and arrested 1800 in a significant crackdown on money laundering.

Some 27 countries took part in the seventh European Money Mule Action (EMMA 7), which ended yesterday, according to Europol.

The two-and-a-half-month initiative saw police from these jurisdictions, along with Europol and Eurojust, work with the European Banking Federation (EBF), the FinTech FinCrime Exchange and private sector firms such as Western Union, Microsoft and Fourthline.

The aim was not only to target the individuals themselves but also the source of their profits.

Around 400 banks took part, reporting 7000 fraudulent transactions and preventing total losses estimated at nearly €70m ($79m). Some 18,351 money mules and 324 recruiters were identified, although it’s not clear who was arrested.

According to Europol. the EMMA initiative has been running since 2016 and is the largest international operation of its kind,

Leads come either from private sector reports or police intelligence.

Although many are unwitting recruits into the world of cybercrime, money mules are being used to launder money for a wide range of online scams, including SIM-swapping, man in the middle attacks, e-commerce fraud and phishing, Europol claimed.

Many are students, immigrants or those in economic distress looking for some quick and easy money. They’re often approached on social media with job adverts.

Before the pandemic, police and fraud experts warned of a sharp increase in the number of new money mules being recruited into the industry, especially young adults. However, the figure has surged as many lost their jobs during the crisis.

For this reason, police regularly run awareness campaigns, such as Europol’s “Don’t be a mule” initiative.

SANS Institute Founder Dies

American cybersecurity training advocate, technologist, and entrepreneur Alan Terry Paller has died at the age of 76. 

Paller’s death occurred on November 9 at his home in Bethesda, Maryland. His passing was announced by the Bethesda-based SANS Institute, which Paller and his wife, Marsha Mann Paller, founded in 1989.

The Institute went on to become one of the world’s leading nongovernment cybersecurity training programs. 

Paller was born in Indianapolis on September 17, 1945, to an engineer and a high school English teacher. In 1967, he graduated from Cornell University with a bachelor’s degree in mechanical engineering. Paller completed a master’s degree in engineering from the Massachusetts Institute of Technology in 1968. 

He began his career in the United States Navy, using computers to design ships. He went on to co-found a computer timeshare business in Hawaii, run a consultancy in applied computer graphics technology, and work for the Institute for Defense Analysis on missile-defense issues.

Cybersecurity was described by Paller as an “existential issue.” He was a firm believer in the use of regulation to improve America’s cybersecurity posture and earned a reputation as one of cybersecurity’s earliest cheerleaders. 

Speaking to the Washington Post in 2012, Paller said of cybersecurity: “Our future economic well-being and future national security are at stake if we don’t mandate it.”

In addition to championing cybersecurity and raising awareness of the importance of training cybersecurity professionals, Paller was an advocate for increasing the diversity of the cybersecurity workforce and actively sought ways to reach out to veterans, community colleges, communities of color, teens, and women. 

To attract more young people into pursuing a career in cybersecurity, Paller established game-based competitions that introduced teens to cybersecurity in a fun way.

Haya Arfat, a 20-year-old student at Texas A&M University, became interested in cybersecurity after joining the GirlsGoCyberStart program for high-schoolers that Paller set up. She later received a SANS Institute scholarship in 2019. 

“Alan was really encouraging and passionate,” said Arfat. “That’s what opened my eyes to the possibility of a career in cybersecurity.”

Paller is survived by his wife of 53 years, his daughters, Channing Paller and Brooke Paller, his two grandsons, and other family members.

Twitter to Remove Private Media

Twitter has altered its privacy rules so that images of individuals that were posted without the subject’s consent can be taken down from its online platform. 

The social media company said it was expanding its existing private information policy to include “private media” in a bid to combat cyber-harassment. 

News of the policy change came the day after Twitter co-founder Jack Dorsey announced that he is stepping down as the company’s chief executive officer. Parag Agrawal, a 37-year-old Twitter engineer who was appointed as the company’s chief technology officer in 2017, will take over the helm.

Under the new policy, which was announced by the company in a blog post on Tuesday, images do not need to be considered abusive to be removed.

“While our existing policies and Twitter Rules cover explicit instances of abusive behavior, this update will allow us to take action on media that is shared without any explicit abusive content, provided it’s posted without the consent of the person depicted,” stated Twitter. 

“This is a part of our ongoing work to align our safety policies with human rights standards, and it will be enforced globally starting today.”

The company said that it will take action in line with its “range of enforcement options” whenever it receives a report that a tweet features unauthorized private media.

Reports must be sent in from the individual depicted in the image or from their authorized representative before the company will determine whether its private media rule has been infringed.

Twitter said that the new policy “is not applicable to media featuring public figures or individuals when media and accompanying Tweet text are shared in the public interest or add value to public discourse.”

Current privacy rules put in place by Twitter ban users from publishing other people’s private data, such as phone numbers, addresses, and IDs. Users are also barred from threatening to share private information or encouraging other people to expose it.

In May, Twitter introduced a prompt feature to encourage users wishing to Tweet abusive language to think harder about what they are posting before they post it.

Final Member of ‘The Community’ Sentenced

The United States has sent a fourth member of the international hacking group known as The Community to prison.

Garrett Endicott, of Warrensburg, Missouri, was the last of six defendants to be sentenced in connection with a multi-million-dollar SIM-swapping conspiracy that claimed victims across the country, including in California, Missouri, Michigan, Utah, Texas, New York and Illinois.

Endicott, along with 22-year-old Conor Freeman of Dublin, Ireland; Ricky Handschumacher, 28, of Pasco County, Florida; Colton Jurisic, 22, of Dubuque, Iowa; Reyad Gafar Abbas, 22, of Rochester, New York; and Ryan Stevenson, 29, of West Haven, Connecticut, was charged with conspiracy to commit wire fraud, wire fraud, and aggravated identity theft in a 15-count indictment unsealed on May 9, 2019.  

After pleading guilty to the charges, 22-year-old Endicott was yesterday ordered to pay restitution in the amount of $121,549.37 and serve 10 months behind bars by United States District Judge Denise Page Hood.

Members of The Community would gain control of a victim’s cell phone number, then use it to access the victim’s email accounts, crypto-currency wallets, and cloud storage. By resetting passwords and requesting two-factor authentication codes, the hackers were able to bypass security measures and steal tens of millions of dollars’ worth of crypto-currency.

“Individual victims lost crypto-currency valued, at the time of theft, ranging from under $2,000 to over $5m. The sentenced defendants were involved in total thefts ranging from approximately $50,000 to over $9m,” said the US Attorney’s Office for the Eastern District of Michigan. 

Three of Endicott’s co-conspirators have already been handed custodial sentences in the United States. Handschumacher was sentenced to 48 months in prison and ordered to pay restitution in the amount of $7,681,570.03. 

Jurisic was sentenced to 42 months in prison and ordered to pay restitution in the amount of $9,517,129.29, and Abbas was ordered to pay restitution in the amount of $310,791.90 and sentenced to 24 months in prison. Stevenson pleaded guilty and was sentenced to probation in the District of Connecticut.

In January, the United States withdrew its extradition request for Freeman after the hacker was sentenced to three years in prison in Ireland in November for stealing crypto-currency, dishonestly operating a computer to make a gain, and knowingly engaging in the possession of the proceeds of crime.