2022 iSpoof fraud investigation

Last updated November 02, 2024

ispoof.cc was a website used by many people to make unauthorised phone calls while displaying a caller ID falsely indicating that they were legitimate callers. In 2021 and 2022 it was part of an investigation by numerous law enforcement agencies into frauds enabled by this caller ID spoofing. It was shut down in November 2022 as the result of Operation Elaborate, a multi-agency investigation led by the Metropolitan Police and supported by Netherlands Police, Europol and Eurojust. As of 2022, it is the largest fraud investigation that has ever taken place in the United Kingdom.

Method of fraud

The website allowed criminal callers to make phone calls displaying caller IDs of legitimate bodies such as banks, which enabled them to defraud victims by tricking them into transferring money, or providing information such as banking passwords which made transfers possible.

History of fraud

Those behind the site are believed by police to have earned almost £3,200,000 in a 20-month period.^[1] Globally, 142 people were arrested.^[2] Police focussed first on UK users and those who had transferred at least £100 worth of bitcoin on the site, as the total number of potential suspects, 59,000, was too great to deal with at the same time.^[1] Between August 2021 and August 2022 approximately 10 million fraudulent calls were made via the website, 3.5 million of them in the UK.^[1] At least 4,785 victims reported the crime to Action Fraud, with the highest loss to an individual of £3,000,000. In the UK, 70,000 individual phone numbers are known to have been targeted, and the Metropolitan Police estimate that there had been 200,000 victims in the UK by November 2022; the average loss of victims identified by Action Fraud was £10,000.^[3] UK authorities estimated at the time that the worldwide loss to victims exceeded £100 million.^[2]

Action by country

Netherlands

Netherlands Police came across iSpoof in an ongoing spoofing investigation. They discovered that the spoofing service was hosted on servers in The Netherlands. This resulted in a new investigation, completely focused on the service itself. Deconflicting with international partners turned out to be the start of a close collaboration with London's Metropolitan Service which had their sights on the administrator residing in London. By means of a wiretap in Almere, the Netherlands Police gathered all calls made using the spoofing service. This resulted in insight into the users and how they work. Several forensic images of the server were taken over time and the databases were analyzed. Since then, several suspects have been identified and arrested in the Netherlands. The Dutch information about the criminal users has been shared with other countries making further investigations possible.^[4]

Republic of Ireland

Six people were arrested in Ireland in 2022 as part of the investigation. Seventeen locations across County Louth, County Meath and Dublin were searched, and 132 electronic devices seized. The Garda Síochána also identified 64 suspicious bank accounts.^[5] Detective Inspector Mel Smyth said that, while the exact amount lost in the Republic of Ireland was not known, it did run into the millions. He also said that more searches and arrests would be carried out as the investigation unfolded.^[6]

Ukraine

The Department of Cyber Police of the National Police of Ukraine were involved in the seizure of the website and server.^[2]

United Kingdom

The investigation was led by London's Metropolitan Police, and assisted by multiple other agencies, including the City of London Police and the National Fraud Intelligence Bureau (known publicly as 'Action Fraud'). In the UK, as of 25 November 2022, 120 arrests had been made; with 103 in London and 17 outside London.^[3] The site administrator, 34-year-old Tejay Fletcher, was arrested in East London on 6 November 2022; on 20 April 2023 he pleaded guilty to multiple charges.^[2] He was sentenced to 13 years and four months in prison at Southwark Crown Court on 19 May 2023.^[7]

United States

Authorities from Ukraine and the USA seized the website and server, taking it offline on 8 November. The Federal Bureau of Investigation (Pittsburgh), United States Secret Service (Pittsburgh), and United States Attorney (Western Pennsylvania) were involved.^[2]

Other agencies

Agencies also involved are:

Australia: Australian Federal Police (several suspects identified in Australia)
Canada: Royal Canadian Mounted Police (Federal Policing Cybercrime Investigation Team Toronto)
European Union: Europol and Eurojust
France: 'Cyber Criminality Unit' of Paris, and the Gendarmerie National (several suspects identified in France)
Germany: Bundeskriminalamt
Lithuania: Lithuanian Criminal Police Bureau
Belgium : Federal Computer Crime Unit

Notes

↑ An OCG is defined under the section 45 of the Serious Crime Act 2015 as a group which: has at its purpose, or one of its purposes, the carrying on of criminal activities, and consists of three or more people who agree to act together to further that purpose.

Related Research Articles

A detective is an investigator, usually a member of a law enforcement agency. They often collect information to solve crimes by talking to witnesses and informants, collecting physical evidence, or searching records in databases. This leads them to arrest criminals and enable them to be convicted in court. A detective may work for the police or privately.

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">Serious Organised Crime Agency</span> Non-departmental public body of the UK government from 2006-13

The Serious Organised Crime Agency (SOCA) was a non-departmental public body of the Government of the United Kingdom which existed from 1 April 2006 until 7 October 2013. SOCA was a national law enforcement agency with Home Office sponsorship, established as a body corporate under Section 1 of the Serious Organised Crime and Police Act 2005. It operated within the United Kingdom and collaborated with many foreign law enforcement and intelligence agencies.

Europol, officially the European Union Agency for Law Enforcement Cooperation, is the law enforcement agency of the European Union (EU). Established in 1998, it is based in The Hague, Netherlands, and serves as the central hub for coordinating criminal intelligence and supporting the EU's Member States in their efforts to combat various forms of serious and organized crime, as well as terrorism.

His Majesty's Revenue and Customs is a non-ministerial department of the UK Government responsible for the collection of taxes, the payment of some forms of state support, the administration of other regulatory regimes including the national minimum wage and the issuance of national insurance numbers. HMRC was formed by the merger of the Inland Revenue and HM Customs and Excise, which took effect on 18 April 2005. The department's logo is the Tudor Crown enclosed within a circle.

The European Union Agency for Criminal Justice Cooperation (Eurojust) is an agency of the European Union (EU) dealing with judicial co-operation in criminal matters among agencies of the member states. It is seated in The Hague, Netherlands. Established in 2002, it was created to improve handling of serious cross-border and organised crime by stimulating investigative and prosecutorial co-ordination.

Caller ID spoofing is a spoofing attack which causes the telephone network's Caller ID to indicate to the receiver of a call that the originator of the call is a station other than the true originating station. This can lead to a display showing a phone number different from that of the telephone from which the call was placed.

Voice phishing, or vishing, is the use of telephony to conduct phishing attacks.

Telemarketing fraud is fraudulent selling conducted over the telephone. The term is also used for telephone fraud not involving selling.

<span class="mw-page-title-main">John Palmer (criminal)</span> English gangster

John Edward Palmer was an English criminal, former market trader and gold dealer, involved in various criminal activities including mortgage and timeshare fraud.

The National Crime Agency (NCA) is a national law enforcement agency in the United Kingdom. It is the UK's lead agency against organised crime; human, weapon and drug trafficking; cybercrime; and economic crime that goes across regional and international borders, but it can be tasked to investigate any crime. The NCA has a strategic role as part of which it looks at serious crime in aggregate across the UK, especially analysing how organised criminals are operating and how they can be disrupted. To do this, it works closely with regional organised crime units (ROCUs), local police forces, and other government departments and agencies.

The National Fraud Intelligence Bureau is a police unit in the United Kingdom responsible for gathering and analysing intelligence relating to fraud and financially motivated cyber crime. The NFIB was created as part of the recommendations of the 2006 National Fraud Review, which also saw the formation of the National Fraud Authority. The NFIB was developed and is overseen by the City of London Police as part of its role as a national lead for economic crime investigation, and is funded by the Home Office.

Operation Tovar was an international collaborative operation carried out by law enforcement agencies from multiple countries against the Gameover ZeuS botnet, which was believed by the investigators to have been used in bank fraud and the distribution of the CryptoLocker ransomware.

Stop Child Abuse – Trace an Object is an online campaign by Europol that shows objects which appear in the background of child sexual abuse material footage. Europol asks people to visit this website and to look at the objects. The project seeks to identify objects and their locale in order to find and aid victims; situate crime scenes; and apprehend perpetrators.

Joint investigation teams (JIT) are law enforcement and judicial teams set up jointly by EU national investigative agencies to handle cross-border crime. Joint investigation teams coordinate the investigations and prosecutions conducted in parallel by several countries.

EncroChat was a Europe-based communications network and service provider that offered modified smartphones allowing encrypted communication among subscribers. It was used primarily by organized crime members to plan criminal activities. Police infiltrated the network between at least March and June 2020 during a Europe-wide investigation. An unidentified source associated with EncroChat announced on the night of 12–13 June 2020 that the company would cease operations because of the police operation.

Boystown was a child pornography website run through the Tor network as an onion service. It launched in June 2019 and was shut down by authorities in April 2021. Four German administrators of the site confessed and were sentenced to long prison sentences in December 2022.

Operation Trojan Shield, part of Operation Ironside, was a collaboration by law enforcement agencies from several countries, running between 2018 and 2021. It was a sting operation that intercepted millions of messages sent through the supposedly secure smartphone-based proprietary messaging app ANOM. The ANOM service was widely used by criminals, but instead of providing secure communication, it was actually a trojan horse covertly distributed by the United States Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP), enabling them to monitor all communications. Through collaboration with other law enforcement agencies worldwide, the operation resulted in the arrest of over 800 suspects allegedly involved in criminal activity, in 16 countries. Among the arrested people were alleged members of Australian-based Italian mafia, Albanian organised crime, outlaw motorcycle clubs, drug syndicates and other organised crime groups.

Operation Dark HunTOR was an international law enforcement operation targeting opioid trafficking and other illegal activities on The Onion Router (TOR). The operation, which was conducted across the United States, Australia, and Europe, over a period of 10 months. In addition Europol released a statement that said the operation was composed of a series of separate but complementary actions in Australia, Bulgaria, France, Germany, Italy, the Netherlands, Switzerland, the United Kingdom and the United States, with coordination efforts led by Europol and Eurojust; which greatly expands on the initial number of countries that the US press releases indicated.

Operation Lobos, also known as Operation Wolves, was a Brazilian-centered 12-country multinational operation to target the operations of a TOR onion service known as Baby Heart. Additional objectives and targets of the joint operation were the deanonymization of the TOR host servers, TOR administrators, and TOR users associated with the target website and several other targeted websites/chat-sites that were alleged to contain or be used to traffic illegal images of child sexual abuse materials (CSAM) and other categories of legal nude and non-nude images of persons under 18. As of February 2024, the complete list of target websites/chat-sites involved in this operation has not been released by any government; however, the primary targets appeared to be the following: Baby Heart, Hurt-meh, Boyvids 4.0, Anjos Prohibidos (BR)/Forbidden Angels, and Loli Lust. Court documents have indicated that there were at least two other websites/chat-sites that were targeted; however, the names of the websites/chat-sites have not been made public.

References

1 2 3 "More than 100 arrests in UK's biggest ever fraud operation". Metropolitan Police. 24 November 2022. Archived from the original on 7 February 2023.
1 2 3 4 5 "Action against criminal website that offered 'spoofing' services to fraudsters: 142 arrests". Europol. 24 November 2022. Archived from the original on 8 April 2023.
1 2 Mcilkenny, Stephen (2022-11-24). "What is Ispoof and how did police take down ispoofers site linked to 200,000 victims?". www.scotsman.com. Retrieved 2022-11-25.
↑ "Grote spoofingdienst uit de lucht gehaald door internationale samenwerking". www.politie.nl (in Dutch). Retrieved 2023-04-08.
↑ Fox, Matt (24 November 2022). "Irish arrests in iSpoof anti-fraud operation". BBC News. Retrieved 2022-11-25.
↑ Reynolds, Paul (2022-11-24). "Six arrests in international fraud call investigation". RTÉ.
↑ "iSpoof fraudster guilty of £100m scam sentenced to 13 years". BBC News. 19 May 2023.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[OCG-1] An OCG is defined under the section 45 of the Serious Crime Act 2015 as a group which: has at its purpose, or one of its purposes, the carrying on of criminal activities, and consists of three or more people who agree to act together to further that purpose.

[:2-2] 1 2 3 "More than 100 arrests in UK's biggest ever fraud operation". Metropolitan Police. 24 November 2022. Archived from the original on 7 February 2023.

[:0-3] 1 2 3 4 5 "Action against criminal website that offered 'spoofing' services to fraudsters: 142 arrests". Europol. 24 November 2022. Archived from the original on 8 April 2023.

[:1-4] 1 2 Mcilkenny, Stephen (2022-11-24). "What is Ispoof and how did police take down ispoofers site linked to 200,000 victims?". www.scotsman.com. Retrieved 2022-11-25.

[5] "Grote spoofingdienst uit de lucht gehaald door internationale samenwerking". www.politie.nl (in Dutch). Retrieved 2023-04-08.

[6] Fox, Matt (24 November 2022). "Irish arrests in iSpoof anti-fraud operation". BBC News. Retrieved 2022-11-25.

[7] Reynolds, Paul (2022-11-24). "Six arrests in international fraud call investigation". RTÉ.

[8] "iSpoof fraudster guilty of £100m scam sentenced to 13 years". BBC News. 19 May 2023.

[Note 1]

[1]

[2]

[3]

[4]

[5]

[6]

[7]