The Central Criminal Police of the Estonian Police and Border Guard Board in cooperation with Romanian and Lithuanian authorities on Monday arrested three suspects in cyberattacks against Estonia.
Three men were apprehended as part of international police cooperation in Romania on Monday as suspects in cyber crimes targeting Estonian residents. The prosecutor's office is applying for the suspects to be extradited to Estonia for court proceedings.
A wave of phishing emails began in Estonia in 2019 where recipients received emails and text messages seemingly from banks, notifying them of an incoming or rejected transfer or of a need to update their account information. People were sent authentication requests through Smart ID and Mobile ID enabling criminals to acquire their online banking codes and transfer funds in their account to an account controlled by the criminals. The last attack occurred just one day before the suspects were apprehended. Phishing emails were sent to people across Europe and extensive damages were also caused to Lithuanian residents.
Oskar Gross, head of the Central Criminal Police's cyber crimes department, said that investigating crimes taking advantage of the infrastructure of the Republic of Estonia is a very high priority endeavor for the police.
"The case was unique due to the criminals having managed to create a believable scenario which enabled them to log into environments that used a Smart ID or Mobile ID solution for authentication. There were also some cases where the criminals used the acquired Mobile ID signatures to create new Smart ID accounts without the victims' knowledge," Gross said.
"The phishing attempts became regular and their mode of operating was similar, which indicated that their perpetrators were the same," he said, adding that for this reason, the police handled the cases together.
According to the results of the criminal proceedings, three Romanian nationals are suspected of organizing the attacks and sending out the phishing emails. The three men are also the ultimate beneficiaries of the scheme, according to preliminary assessment.
Public prosecutor Eleliis Rattam said: "At this point the suspected cyber criminals have been arrested in absentia on the basis of an European arrest warrant and we are applying for their extradition from Romania to the Republic of Estonia in order to be able to charge them. It is fair that suspects in crimes against the IT infrastructure that has great importance for Estonia should be punished in Estonia."
Phishing emails were sent to up to 100,000 people and the criminals managed to gain access to some 400 accounts. In total, the attempted outgoing transfers amounted to €150,000; however, a number of transfers failed due to various reasons, such as the target realizing that they were being scammed and refusing to confirm the transfer with a PIN2 code. On several occasions, the suspicious transfer was blocked by banks. The aggregate sum stolen from close to 40 victims totals over €100,000.
A police operation for apprehending the criminals, in which Estonian police detectives also took part, was carried out in Bucharest. The operation was supported by the European Union Agency for Criminal Justice Cooperation (Eurojust) and the European Union Agency for Law Enforcement Cooperation (Europol).
The criminal proceedings are being carried out by the Central Criminal Police's cyber crimes department and led by the Office of the Prosecutor General.
Editor: Helen Wright