Europol, the European criminal police agency, has intensified its fight against cybercriminals with several major operations over the past year. A way to break the myth of the “unattainable hacker” for General Lecouffe.
The dismantling of the Hive cybercriminal site in January in 2023, then that of Ragnar Locker in October, not to mention the hacking and arrests of the Lockbit collective in February… Europol, the European criminal police agency, is carrying out large-scale operations against hacker gangs for over a year.
The police even went so far as to take control of the Lockbit cybercriminal platform and hijack their site to make it a page with police press releases, sometimes even with a humorous tone. Met during the InCyber Forum, the largest cybersecurity exhibition in Europe, General Lecouffe, operational director of Europol, shares with us the agency’s ambitions.
The Lockbit operation is notable for its modus operandi, since you also humiliated the hackers. Why did such a fate befall this gang?
General Lecouffe — I wouldn’t say humiliating, since it was not a gratuitous act and without reason, there was a real objective behind it to tarnish or even destroy Lockbit’s reputation. By hacking their site to transform it into a platform where we post press releases, we first wanted to send a message to the world of cybercrime.
As a reminder, Lockbit rents its software to hackers and takes 20% commission on the ransoms recovered after a cyberattack. This gang controlled 25% of the ransomware market and had nearly two hundred affiliates (hacker clients).
When we took control of the site, we sent a friendly message to all these affiliated hackers telling them “ it’s no longer Lockbit you’re talking to, but us “. Already, we are telling affiliates that we have information on them and then we are ruining Lockbit’s reputation on a “commercial level”.
While the hacking of the site had already had a significant impact on their image, by successively publishing press releases on the arrest, then the seizure of the servers directly on their site, the scale of the operation was gradually revealed. Even if Lockbit claims to be making a comeback, we know that their image is tarnished in the industry.
How can we explain this resurgence in the fight against cybercriminals?
General Lecouffe — For a while, many companies paid the ransom without reporting it to authorities. A large part of the attacks escaped the police. The cyberattack on the US Colonial Pipeline in 2021 was a major wake-up call. In 2022, an International Initiative to Combat Ransomware was established between nearly fifty countries. When we align policies, strategies and then resources, we can properly launch the fight against cybercrime.
It is not only ransomware that we are targeting, but the entire chain of cybercrime which makes it possible to launch attacks and maintain this activity: resale forums, crypto mixers to conceal the origin of cryptocurrencies, botnets to send phishing messages. The dismantling of QuackBot’s infrastructure means more than 700,000 deactivated machines in 30 countries, for example, which were rented to carry out phishing campaigns, for example.
Should we conclude that hackers can be hit, even when they are hidden in unreachable countries?
General Lecouffe — There is a widespread discourse of saying: “ anyway, there’s nothing we can do, they’re safe somewhere where we can’t reach them “. But today we prove that we can deal blows to them. There are arrests. Remember: two members of Lockbit were arrested in Poland and Ukraine. And when this is not possible, we will put in place arrest warrants and communicate with many countries to prevent them from leaving.
We are capable of attacking their resources, blocking their wallet, their money flow. And more generally, law enforcement has the capacity to cause harm by directly attacking their infrastructure.
Each operation, like that of Lockbit, teaches us more about their methods, their modus operandi. The battle is never over, of course. To be honest, I don’t think it will ever end, but now that we know more about them, we can consider other operations and say to ourselves ” more, next episode “.
Subscribe to Numerama on Google News so you don’t miss any news!