The National Police and the Civil Guard have dismantled two gangs that were dedicated to extorting users to those who offered hacking services for institutions, on the one hand, and to impersonating real websites, a method known as phishing, belonging to national and international banking entities as well as well-known streaming multimedia content service companies, and thereby obtain the data of the victims. One of the gangs offered to erase traffic tickets, Treasury debts, or spy on request, and then extort money from the people who made orders of that kind, from whom they stole private data.
This last operation, baptized by the Civil Guard as Collector, has led to the arrest and investigation of 11 people in Spain and Chile, who are charged with the alleged crimes of aggravated fraud, belonging to a criminal organization, identity theft and falsification of documents, among others.
The main activity of this network of cybercriminals, reports the armed body, was the illicit obtaining of data related to payment credentials (generally credit cards), both for direct exploitation on online commerce platforms by the organization itself, and for proceed to its sale in channels of a well-known messaging app and in dark internet forums (dark web), an activity known as carding. The organization is charged with more than 2,500 criminal acts with more than 300 companies nationwide affected, estimating a patrimonial loss that could reach one million euros with the information on the use of more than 42,000 credit cards. Means of payment have been located in 47 countries around the world, especially the US and European Union countries.
Agents of the National Police, for their part, have carried out an operation against a new criminal modality baptized as hackstorsion (mix of hack Y extortion) in which ten people have been arrested. Those arrested, as explained by the Police in a press release, published about 12,000 advertisements offering services of hacking to spy on real-time messaging apps, email accounts, and social media profiles. They also offered to delete data from the servers of the Tax Agency, the ASNEF (National Association of Credit Financial Establishments), the RAI (Registry of Unpaid Acceptances) or even the DGT (General Directorate of Traffic) as well as change of notes from the servers of the universities, recording of official degrees not taken and other offers of a similar nature. Once the victims hired these services, the detainees extorted some 430 victims with the threat of revealing content from their private or intimate sphere, of which they obtained about 341,000 euros.
During the investigation, searches were carried out in Zaragoza, Barcelona, Girona, Santa Cruz de Tenerife and Las Palmas de Gran Canaria, in which 40 mobile phone terminals, 17 hard drives, three computers, five tablets and 24 pen drives were intervened. In addition, 176,775 euros of the money sent by the victims have been intervened.
The agents, explain the security forces, managed to identify more than 12,000 advertisements of this type and, associated with these publications, more than 40 phone numbers, more than 200 email accounts and almost 1,300 Internet connection IP addresses were found. .