Police arrest 2 in connection with CyberSeal, Dataprotector crime services
Romanian police have arrested two people for allegedly distributing malicious software designed to evade anti-virus protections to more than 1,560 accused cybercriminals, Europol, the European Union’s law enforcement agency, said Friday.
The international crackdown, which Europol and the FBI supported, targeted a decade-long scheme that provided crooks with relatively cheap access to victim computers, which they used to carry out information-stealing and ransomware attacks.
The two Romanian suspects, whom authorities did not identify, allegedly ran “crypting” services designed to sneak malicious code past anti-virus software. The services, dubbed CyberSeal and Dataprotector, sold for between $40 to $300, according to Europol. The two suspects also allegedly offered cybercriminals access to a platform to test their malware against anti-virus software for as little as $7.
It’s the latest effort by global law enforcement agencies to strike at the heart of infrastructure used by people accused of facilitating costly hacking schemes. Europol and Australian police in December 2019 announced the takedown of a remote-access hacking tool that had been sold to 14,500 buyers in 124 countries. In October, U.S. and European law enforcement announced arrests of 14 people who allegedly worked for QQAAZZ, an Eastern European group accused of trying to launder tens of millions of dollars.
In addition to the two arrests this week, law enforcement agencies in Romania, Norway and the U.S. seized computing infrastructure allegedly used by a suspect, according to Europol which credited the FBI for helping. An FBI spokesperson did not immediately respond to a request for comment on the bureau’s role in the operation.
The Directorate for Investigating Organized Crime and Terrorism, one of Romania’s top law enforcement agencies, posted a video that appeared to show armed police raiding one of the suspect’s homes and searching laptops.
At press time, the websites distributing two of the malicious services had been taken down.