ispoof.cc was a website used by many people to make unauthorised phone calls while displaying a caller ID falsely indicating that they were legitimate callers. In 2021 and 2022 it was part of an investigation by numerous law enforcement agencies into frauds enabled by this caller ID spoofing. It was shut down in November 2022 as the result of Operation Elaborate, a multi-agency investigation led by the Metropolitan Police and supported by Netherlands Police, Europol and Eurojust. As of 2022, it is the largest fraud investigation that has ever taken place in the United Kingdom.
The investigation began in June 2021, targeting a suspected organised crime group.[Note 1]
Method of fraud
editThe website allowed criminal callers to make phone calls displaying caller IDs of legitimate bodies such as banks, which enabled them to defraud victims by tricking them into transferring money, or providing information such as banking passwords which made transfers possible.
History of fraud
editThose behind the site are believed by police to have earned almost £3,200,000 in a 20-month period.[1] Globally, 142 people were arrested.[2] Police focussed first on UK users and those who had transferred at least £100 worth of bitcoin on the site, as the total number of potential suspects, 59,000, was too great to deal with at the same time.[1] Between August 2021 and August 2022 approximately 10 million fraudulent calls were made via the website, 3.5 million of them in the UK.[1] At least 4,785 victims reported the crime to Action Fraud, with the highest loss to an individual of £3,000,000. In the UK, 70,000 individual phone numbers are known to have been targeted, and the Metropolitan Police estimate that there had been 200,000 victims in the UK by November 2022; the average loss of victims identified by Action Fraud was £10,000.[3] UK authorities estimated at the time that the worldwide loss to victims exceeded £100 million.[2]
Action by country
editNetherlands
editNetherlands Police came across iSpoof in an ongoing spoofing investigation. They discovered that the spoofing service was hosted on servers in The Netherlands. This resulted in a new investigation, completely focused on the service itself. Deconflicting with international partners turned out to be the start of a close collaboration with London's Metropolitan Service which had their sights on the administrator residing in London. By means of a wiretap in Almere, the Netherlands Police gathered all calls made using the spoofing service. This resulted in insight into the users and how they work. Several forensic images of the server were taken over time and the databases were analyzed. Since then, several suspects have been identified and arrested in the Netherlands. The Dutch information about the criminal users has been shared with other countries making further investigations possible.[4]
Republic of Ireland
editSix people were arrested in Ireland in 2022 as part of the investigation. Seventeen locations across County Louth, County Meath and Dublin were searched, and 132 electronic devices seized. The Garda Síochána also identified 64 suspicious bank accounts.[5] Detective Inspector Mel Smyth said that, while the exact amount lost in the Republic of Ireland was not known, it did run into the millions. He also said that more searches and arrests would be carried out as the investigation unfolded.[6]
Ukraine
editThe Department of Cyber Police of the National Police of Ukraine were involved in the seizure of the website and server.[2]
United Kingdom
editThe investigation was led by London's Metropolitan Police, and assisted by multiple other agencies, including the City of London Police and the National Fraud Intelligence Bureau (known publicly as 'Action Fraud'). In the UK, as of 25 November 2022, 120 arrests had been made; with 103 in London and 17 outside London.[3] The site administrator, 34-year-old Tejay Fletcher, was arrested in East London on 6 November 2022; on 20 April 2023 he pleaded guilty to multiple charges.[2] He was sentenced to 13 years and four months in prison at Southwark Crown Court on 19 May 2023.[7]
United States
editAuthorities from Ukraine and the USA seized the website and server, taking it offline on 8 November. The Federal Bureau of Investigation (Pittsburgh), United States Secret Service (Pittsburgh), and United States Attorney (Western Pennsylvania) were involved.[2]
Other agencies
editAgencies also involved are:
- Australia: Australian Federal Police (several suspects identified in Australia)
- Canada: Royal Canadian Mounted Police (Federal Policing Cybercrime Investigation Team Toronto)
- European Union: Europol and Eurojust
- France: 'Cyber Criminality Unit' of Paris, and the Gendarmerie National (several suspects identified in France)
- Germany: Bundeskriminalamt
- Lithuania: Lithuanian Criminal Police Bureau
- Belgium : Federal Computer Crime Unit
Notes
edit- ^ An OCG is defined under the section 45 of the Serious Crime Act 2015 as a group which: has at its purpose, or one of its purposes, the carrying on of criminal activities, and consists of three or more people who agree to act together to further that purpose.
References
edit- ^ a b c "More than 100 arrests in UK's biggest ever fraud operation". Metropolitan Police. 24 November 2022. Archived from the original on 7 February 2023.
- ^ a b c d e "Action against criminal website that offered 'spoofing' services to fraudsters: 142 arrests". Europol. 24 November 2022. Archived from the original on 8 April 2023.
- ^ a b Mcilkenny, Stephen (2022-11-24). "What is Ispoof and how did police take down ispoofers site linked to 200,000 victims?". www.scotsman.com. Retrieved 2022-11-25.
- ^ "Grote spoofingdienst uit de lucht gehaald door internationale samenwerking". www.politie.nl (in Dutch). Retrieved 2023-04-08.
- ^ Fox, Matt (24 November 2022). "Irish arrests in iSpoof anti-fraud operation". BBC News. Retrieved 2022-11-25.
- ^ Reynolds, Paul (2022-11-24). "Six arrests in international fraud call investigation". RTÉ.
- ^ "iSpoof fraudster guilty of £100m scam sentenced to 13 years". BBC News. 19 May 2023.