12 Apr 2021, Europol publishes the European Union (EU) Serious and Organised Crime Threat Assessment, the EU SOCTA 2021. The SOCTA, published by Europol every four years, presents a detailed analysis of the threat of serious and organised crime facing the EU. The SOCTA is a forward-looking assessment that identifies shifts in the serious and organised crime landscape.
The SOCTA 2021 details the operations of criminal networks in the EU and how their criminal activities and business practices threaten to undermine our societies, economy and institutions, and slowly erode the rule of law. The report provides unprecedented insights into Europe’s criminal underworld based on the analysis of thousands of cases and pieces of intelligence provided to Europol.
The SOCTA reveals a concerning expansion and evolution of serious and organised crime in the EU. The document warns of the potential long-term implications of the COVID-19 pandemic and how these may create ideal conditions for crime to thrive in the future. The report clearly highlights serious and organised crime as the key internal security challenge currently facing the EU and its Member States.
Launched at the Portuguese Police’s headquarters (Policia Judicária) in Lisbon during the Portuguese Presidency of the Council of the European Union, the SOCTA 2021 is the most comprehensive and in-depth study of serious and organised crime in the EU ever undertaken.
EU citizens enjoy some of the highest levels of prosperity and security in the world. However, the EU still faces serious challenges to its internal security, threatening to undo some of our common achievements and undermine shared European values and ambitions. As the EU is facing the COVID-19 pandemic, one of the most significant crises since the end of World War II, criminals seek to exploit this extraordinary situation targeting citizens, businesses, and public institutions alike.
The analysis presented in the SOCTA 2021 highlights key characteristics of serious and organised crime such as the widespread use of corruption, the infiltration and exploitation of legal business structures for all types of criminal activity, and the existence of a parallel underground financial system that allows criminals to move and invest their multi-billion euro profits.
Serious and organised crime encompasses a diverse range of criminal phenomena ranging from the trade in illegal drugs to crimes such as migrant smuggling and the trafficking in human beings, economic and financial crime and many more.
Key findings of the SOCTA 2021:
The SOCTA 2021 assists decision-makers in the prioritisation of serious and organised crime threats. It is a product of close cooperation between Europol, EU Member States law enforcement authorities, third parties such as EU agencies, international organisations, and countries outside the EU with working arrangements with Europol. These crucial stakeholders’ involvement is also reflected in the SOCTA’s role as the cornerstone of the European Multidisciplinary Platform Against Criminal Threats (EMPACT) in the EU.
Users of the SICP platform have access to a pool of Xapo wallet addresses for analysis, with user marks of owners (the largest received 231,834.287 BTC), which was launched in the jurisdiction of Hong Kong in 2013. Already in 2014, support for debit cards for operations with cryptocurrencies was implemented. In 2015, the headquarters was moved from the USA to Switzerland.
In August 2019, Coinbase acquired the Xapo custodian (for about $ 55 million). Thus, Xapo came under the control of Coinbase Custody, making the relatively young custodian of the crypto exchange the world's largest storage of cryptocurrencies by capitalization. Today, he holds over $ 7 billion for over 120 large clients in 14 countries.
In 2020, the company moved its operations from California to Gibraltar, which offers a regulatory framework for cryptocurrency companies. The changes in Xapo come amid litigation after the custodian was accused of circulating stolen funds…
So, according to a lawsuit filed by German citizen D. Novak, Xapo and the Indodax cryptocurrency exchange contributed to the turnover of stolen cryptocurrencies. It also reveals that Xapo holds 19.99 BTC from the stolen assets, and the Indodax exchange has 476.69 BTC.
By the end of 2020, the crypto custodian (owned by crypto exchange Coinbase) plans to restructure its business and become a digital bank. Represented by legal entities in the United States (Xapo Blockchain Limited) and Gibraltar (Xapo Gibraltar Limited) and meets the regulatory requirements for financial services, virtual asset providers, electronic money and security.
Source: Xapo
CoinPayments payment system was launched in Estonia in 2013. The electronic wallet of the payment system is used by a large number of sellers and buyers in more than 180 countries, as the wallet supports more than 2005 tokens. The payment system received a regional license to work. However, the withdrawal function to fiat currency is not available.
Over the past 2-3 years, information has been received that cybercriminals have discovered a vulnerability that allows them to withdraw more funds than were in the account. Then the administration of the service compensated for the damage to half of the victims. Also, the site stopped working, which affected a large number of complaints from users and led to problems in investment projects of clients.
CoinPayments also supports the issuance of prepaid cards with a deposit in cryptocurrencies (over 100 types). Such cards can be used in various jurisdictions and carry significant risks of money laundering. There is an official website in the TOR network.
Source: CoinPayments
On November 25, 2020, the long-awaited 5th issue of the SOC magazine was released. Special issue project: SICP platform for tracking suspicious transactions and ensuring blockchain security.
The article says that the field of cryptocurrencies is technically more complex than traditional finance, noticeably more decentralized and less controllable. Therefore, tools are required to help the use of cryptocurrencies in a legal manner and for legitimate purposes. At the same time, the main systemic problem associated with the use of cryptocurrencies is the possibility of their use for illegal operations, in particular for the legalization of criminal income, as well as for financing prohibited activities.
Also, the services of the Russian platform are considered, the peculiarities of their functioning in the Russian realities. The most detailed descriptions of the recently launched CryptoCERT service. Combined with the threats and risks inherent in digital assets...
Source: Information Security
Magazine: ITSec.ru
On November 2, 2020, the Polymetal international investment phishing site was launched. Its contents have been copied almost entirely from the original Polymetal International website. Most of the pages were copied and modified for the needs of the attackers. However, the link in the clone logo leads to the original site.
The home page of the fake site contains information about investment packages (5 types), with a profit of 5 to 50 percent in 8 days. The same information is available in the investor's personal account after registration. Investments can only be made in bitcoins.
In less than a month, the scammers sold 34 packages worth about 0.19 BTC. The criminals' consolidating crypto wallet received 250 transactions at 53.44 BTC. Most of the funds are withdrawn on the Hong Kong crypto exchange Binance.
It is noteworthy that on the same hosting in Phoenix (California, USA) there is another project of Lugwise Asset Management (Lugwiseinvest). The project was launched on October 5 and is positioned as a London-based asset management firm. Although the legal address on the site is listed in San Francisco (California, USA).
Judging by the activity and the amount of funds on the associated purses of the scammers, this is not a complete list of their illegal services and projects.
If you or your loved ones have suffered at the hands of fraudsters, please send notifications to the service mailbox of the CryptoCERT service (This email address is being protected from spambots. You need JavaScript enabled to view it.).
Original: Polymetal International
On July 30, the SICP (Security Intelligence Cryptocurrencies Platform) platform announced the launch of the first Russian commercial Center for monitoring cryptocurrency transactions, identifying the risks of cryptocurrency wallets and responding to incidents in the field of cryptocurrency circulation (CryptoCERT).
This service is the first in Russia and the UIS. Today, any citizen or organization can send information about fraud (another threat or risk) related to cryptocurrencies. Additionally, the publicly available interactive map displays profiled crypto wallets by country. The custom menu allows you to display one or more profiles. The legend displays the share and number of wallets associated with the profile. For registered and verified users, a wider visualization functionality is available.
It should be noted that on July 22, the State Duma of the Russian Federation adopted in the 3rd reading the law "On digital financial assets". The new rules will enter into force on January 1, 2021. The law "On digital currency" is expected to be considered in the coming autumn.
Remarkably, today is World Day Against Trafficking in Persons. It is a serious crime and gross violation of human rights. The United Nations Office on Drugs and Crime (UNODC), as the guarantor of the United Nations Convention against Transnational Organized Crime and the Protocols thereto, assists States in their efforts to implement the Trafficking in Persons Protocol.
By the way, this factor is taken into account when assessing the risks of crypto wallets, in the SmartEcho service, and identifying suspicious transactions ...
Source: sicp.ueba.su
Source: k4y0t.ru
Fraudsters are trying to make money amid the coronavirus pandemic and the fight against it. In particular, at the beginning of this week the number of spam mails allegedly on behalf of the World Health Organization (WHO) has increased. The letters speak of fundraising for COVID-19 Funds worldwide.
Specialists of the portal SICP.ueba.su analyzed one of these letters, which was sent from This email address is being protected from spambots. You need JavaScript enabled to view it.. It turned out that the second-level domain is actually used by WHO, but it was this letter that was sent from a mail server located in the state of Colorado in the United States of America and in transit passed through a reference mailer in the German municipality of Mauern.
Experts also learned that a link to a picture with a QR code (the address of a bitcoin wallet for donations) leads the reader directly to the portal of the investment company Five Stand Capital, located in the US city of Atlanta from Georgia. As follows from the official information on the company's website, it is a partner of large US investment funds in the United States. The portal itself is hosted by GoDaddy in Oregon (Portland). Still there are three site mirrors - for various domain zones.
This email was first sent from the SendGrid.net mail server, which is also located on GoDaddy’s resources in Colorado, Denver. And, judging by the information bases, another 13 resources are located on this IP address, nevertheless, only one of them is displayed - a web-based mail gateway.
It is important to consider that on the official website of the WHO there is no way to donate funds in the form of cryptocurrency - bitcoin. The same is true of their dedicated donation collection site. And there is even a warning that they do not send any letters.
Apparently, fraudsters are trying to cunningly take advantage of the global crisis situation, possessing a good knowledge of modern technology. Or maybe the owners of WHO decided to use all available tools to raise funds. And experts are wondering, where is the hosting site for WHO?
Interestingly, so far, no funds have been received to the cryptocurrency wallet, which is indicated in the letter of the scammers. The wallet is constantly monitored by SICP platform experts, however, like other malicious purses known to them.
Source: CryptoRussia.ru
Expert Natalia Manuylova invites to a video conference DI Digital Identity to discuss the topic of digital identification, a number of FATF documents. This is a test meeting. Only important points will be affected, without “water procedures”. Welcome! The number of free tickets is limited ...
At the online event, scheduled for April 23 (from 11:30 to 12:30), you can get answers to questions such as: What are some common examples of digital identification? Why does the FATF pay special attention to ID? FATF document overview. Lawyers, AML / CFT specialists and other interested parties are invited to participate.
Source: TimePad.ru
Colleagues, the Association of Chiefs of Information Security Officers (ACISO) invites you to the 8th annual conference of ITS St. Petersburg 2019 (October 10, Prospect Medikov 3-A). Continuing the theme of the year: Beyond reality. The meeting participants will discuss issues of protecting information and the individual as a whole.
Welcoming remarks by the Chairman of the Board of ACISO - Victor Minin, and acquaintance with invited experts will open the event. The program has 3 sections planned, in one of them I will speak, in the light of work on the SICP project: Patrolling blockchains and investment security in the field of cryptocurrency circulation...
In addition, a round table with regulators will be held at the conference, as well as the 2nd version of the manual on the safety of СII (Critical Information Infrastructure) objects of the organization (each participant will get it)!
Source: ACISO.
Since the spring of this year, a project called CloudToken is actively developing and promoting the network, positioning itself as "the first wallet in the world that integrates all crypto assets of the blockchain on one platform." Their goal is to provide project participants with a special ecosystem of public savings.
The project supports 7 major cryptocurrencies and stablecoins, 21 referral levels, has a mobile application (wallets in leading marketplaces) and offers its participants a yield of 6 to 12% per month, as well as 150-fold profit (!) For 2019. At the same time, the first participants (top of the pyramid?) Are promised support for the issuance of payment cards.
The project attracts its participants (the number of which, according to some estimates, has already exceeded 800,000 people) with the help of the so-called "network leaders" from around the world. For example, in Russia and neighboring countries, Pavel Chernyshev is engaged in resource promotion.
Information on the project website is presented in English and Chinese, the legal entity Cloud Technology and Investment Pty., LTD is registered in Australia, and the United States is indicated as the geolocation of the site. Currently, 145 countries are involved in the scheme.
The process of making a profit is described on the resource as follows:
1. Participants send funds to ETH / BTC in the Jarvis bot asset management pool.
2. A tool called Varoom collects data from over 38 cryptocurrency exchanges.
3. Varoom transfers assets to the Jarvis AI BOT.
4. Varoom instructs Jarvis.
5. Jarvis trades on exchanges.
6. Information is collected on the latest prices at CoinMarketCap.com.
7. Members receive rewards in CTO tokens.
8. The rest of the earned funds are transferred to the Jarvis Asset Reserve.
9. Jarvis Asset Reserve supports the rate in the conversion wallet.
10. Participants can convert CTO to ETH, BCH or other cryptocurrency at any time.
The mobile application offered for download is positioned as a cryptocurrency multi-wallet with passive income (while funds can be sent in only one direction), as well as a trading bot (without confirming trading volumes). Nevertheless, judging by the volumes, the funds received from participants (victims?) Are immediately transferred to controlled sites and cold wallets.
According to an investigation conducted by the experts of the cybersecurity resource SICP (sicp.ueba.su), the total amount of funds that have passed through only one wallet currently exceeds 6 billion rubles, and this figure is constantly growing.
In particular, as a result of the investigation, it was found that all the main assets of the CloudToken project are transferred to the South Korean crypto exchange Upbit, and also are withdrawn through wallets in Thailand (in some cases they are frozen).
Below is some more evidence that the CloudToken project is just another pyramid scheme.
1. Despite the fact that the organizers of the project position it as a “completely decentralized cryptocurrency wallet”, in fact it’s hard to even call it a wallet. In fact, users only get access to the server, where they see their tokens. Judging by the CloudToken tracker on Etherscan, all it can boast of is 4 addresses and 5 transactions, with 99.9999% of the funds held at one address. Thus, buyers give their money, but do not become owners of the coveted tokens.
2. In the promotion of the service involved people who have repeatedly advertised fraudulent schemes.
3. Lack of evidence of trading using the Jarvis bot. Although representatives of the project claim that they generate profit using the Jarvis AI Bot bot, which is used for arbitrage trading on exchanges, there is no evidence of such trading on the resource.
4. Cryptocurrency pyramid based on the Ponzi scheme. Project participants on the referral side need to replenish their account by at least $ 500, after which they will be able to receive commissions for attracted people. In this case, commissions are paid up to level 21. It is unlikely that such a scheme can last long.
5. Lack of use cases. CloudToken does not have application scenarios in the real world, it can only be purchased from developers, and no token exchanges accept. The price of the token is not supported by anything, the demand for it is artificial. The company can change the value of the token at any time.
6. Lack of access to CTO wallet private keys. Users do not receive secret keys from the "wallet", instead they are given a password or PIN code.
7. The promise of high return on investment. Most projects that promise high investment returns actually turn out to be scams, unless the program has official registration and regulation.
8. Invalid information. The White Paper of the project mentions the names of people who have nothing to do with the project.
From the foregoing, we can conclude that CloudToken does not have a secure cryptocurrency wallet, its founders do not trade on the exchange and deceive investors. In addition, the project is advertised by well-known network scammers, and the CloudToken address is involved in the services of doubling bitcoins and the distribution of paid prohibited content.
Source: CryptoRussia.ru
Корпоративная система аналитики Транзакция Криптовалюта Актив - кибербезопасность инфраструктуры блокчейнов и антифрод в криптовалютной сфере (антискам, прозрачность, комплаенс).
Российская Федерация, Москва
Тел.: +7 (911) 999 9868
Факс:
Почта: cosatca@ueba.su
Сайт: www.ueba.su