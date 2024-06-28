He was put in shackles while he was closing a transaction to sell data from the General Directorate of Traffic and the Technical Inspection of Vehicles of Asturias in which he asked for 13,000 dollars (about 12,140 euros). The operation took place in a higher-level technological FP classroom. This student is one of the two arrested by the Civil Guard in Asturias and Seville as responsible for more than a hundred cyberattacks on public and private companies, including the City Councils of León or Salamanca and Provincial Councils such as Málaga or Jaén, as well as the Cantabrian Health Service. Their main objective was to sell this data in forums used by cybercriminals. They are also attributed with other cyberattacks on entities outside our borders, such as the Ministry of Health of Peru or the Judicial Power of the State of Tlaxcala in Mexico. They were very interested in pharmacy data, according to information provided by the Civil Guard this Friday. In fact, they tried to sell a database of a pharmacy network in a Spanish capital with data on 250,000 people.

“This operation demonstrates the maturity of the cybercrime ecosystem in Spain,” concludes Civil Guard Lieutenant Colonel Juan Sotomayor, head of the anti-cybercrime department. “We see it every day with the cyber scam campaign that we receive on our mobile phone or in email. “This is part of the iceberg that we have been able to bring to light,” he adds. These messages and emails reach our devices because our personal data has been stolen from companies or public administrations and sold to telematic criminals.

The arrests took place in October, but it has taken investigators months to unravel and compile evidence of all the cyberattacks for which they will have to answer in court. The arrests are carried out with great secrecy so that evidence does not disappear, since much of the information handled by the suspects is usually stored on servers that can be deleted by third parties or become inactive if they are not accessed for a period of time. The arrested, aged between 18 and 20, knew each other physically and complemented each other in cyberattacks. One was more skilled in programming and the other in system vulnerability techniques, say sources familiar with the operation, called Oceansx.

It was not easy to get to them, the Civil Guard commander admits. They had noticed their presence a few years ago and tracked them down with a particularly complex “game of small pieces of evidence.” “We ran a long distance race to give them names and surnames and once the arrest is made, the police arrive.” sprint“Sotomayor adds. In that race they had to secure all the clues in an investigation in which the evidence is not in plain sight, but on the Internet.

The arrested individuals used around fifteen aliases, such as 9bands, banz9, TheLich, Crystal_MSF, OUJA, unlawz or teamfs0ciety. One of them, GUARDIACIVILX, was particularly striking. Under this name, they offered access credentials to remote services and corporate emails and also had cryptocurrency accounts to which payments for the sale of various packages with these illegally obtained access credentials were allegedly received. During the investigation, the Civil Guard has collaborated with other police agencies such as the FBI, to investigate the transnational scope of the actions of those investigated in institutions on the American continent, especially in Spanish-speaking countries.

One of those arrested for hundreds of attacks to sell information and data from public and private companies in Spain and Latin America. Civil Guard

The data or access to the servers of these entities were allegedly sold to the highest bidder in virtual markets where all kinds of people interested in buying information to commit crimes come together, either to hijack the servers and demand ransoms from the companies or institutions that own them or to send mass messages to deceive their victims by assuring them that they have kidnapped their children or to impersonate the bank and obtain confidential data that leads them to the victim’s savings. The more information they obtain, the easier it will be for them to commit these types of crimes. “In these situations, it is very important to develop digital common sense,” advises the lieutenant colonel, who reminds us to keep in mind the possibility that our data has been stolen. Consulting with those around us about unexpected requests for information or about which there are doubts can also help to invoke that digital common sense. “If the damage has already been done and they have obtained our information, the second piece of advice would be to report it,” adds Sotomayor.

The arrested persons were placed in provisional prison by order of the investigating court number 2 of Grado (Asturias) due to the risk of destruction of evidence and a few months later they were released with charges pending the rest of the investigation of the case. In this type of case, the affected companies and entities have the possibility of taking action against those under investigation.

The investigation, carried out by agents from the Department Against Cybercrime of the Central Operational Unit of the Civil Guard, was supported by the judicial authorities, as well as by the Office of the Prosecutor for Computer Crime and the National Cryptologic Centre (CCN-CNI) and other international agencies.

The companies and entities attacked The cyber attacks of the two arrested in Asturias and Seville have affected a hundred entities, both public and private, such as the Technical Vehicle Inspection of Asturias, or the City Councils of León, Salamanca, Vitoria, Bermeo and Basauri, among others. The Autonomous University of Madrid, the Provincial Councils of Jaén and Málaga and the Cantabrian Health Service were also victims. Outside our borders, the theft of information affected Banco Atlántida (Honduras), the Ministry of Culture of Argentina, the Ministry of Health of Peru, or the Judicial Branch of the State of Tlaxcala in Mexico, among many others.

