ACTION ‘PORT ROYAL’ RESULTED IN UNCOVERING CYBER CRIME
| Banja Luka | Thursday, 16/07/2015
On 14 and 15 July 2015 , the Republic of Srpska Ministry of the Interior, under the supervision of Banja Luka District Prosecutor’s Office, realized an action whose code name is ‘Port Royal’ which is directed on uncovering and proving criminal offenses in the field of high-tech crime, such as the criminal offense of ‘Computer fraud’ from Article 292, point d) of the Criminal Code of the Republic of Srpska, ‘Computer sabotage’ from Article 292, point b) of the Criminal Code of the Republic of Srpska, ‘Forging credit cards and cards for cashless payments’ from Article 276 of the Criminal Code of the Republic of Srpska, ‘Creating and spreading viruses’ from Article 292, point c) of the Criminal Code of the Republic of Srpska, ‘Unauthorized access to a protected computer, computer network, telecommunication network, and electronic processing of information’ from Article 292, point e) of the Criminal Code of the Republic of Srpska.
Police officers were planning and collecting operational information for 22 months, and the action was realized in cooperation with police agencies from the USA, the Republic of Serbia, Australia, the UK, Brasil, Canada, Columbia, Costa Rica, Croatia, Cyprus, Denmark, FYR Macedonia, Nigeria, Israel, Latvia, Germany, Romania, Sweden, Finland and EUROPOL.
About 70 persons were covered in the investigation, and they committed criminal offenses of high-tech crime as members of criminal forum Darkode. Darkode forum (https://darkode.com/) is in top 5 criminal forums on the Internet and represents a place where cyber criminals gather to offer or buy criminal services, crime goods services and individual trade of criminal goods, exchanging ideas and pieces of information significant for cyber crime and cyber security.
In the action ‘Port Royal’, the Darkode criminal forum was taken under control and shut down, and thus a great amount of evidence on criminal offenses being committed for long period was collected. Ever since its establishment in 2007, the Darkode forum has been the case of the highest interest of police institutions worldwide. The technical control over the forum was taken by the USA Federal Bureau of Investigation of Investigation.
For the purpose of realizing the action, three operation centers were formed for coordination of activities: Pittsburgh Operational Center (USA), Operational Center Europol-E (the Netherlands) and Banja Luka Operational Center (the Republic of Srpska), and the Ministry of the Interior appointed their representative for the Operational Center-EC3 and that person coordinated the activities with police agencies of countries which participated in the action.
Police officers of the Republic of Srpska Ministry of the Interior collected sufficient amount of evidence which they used to document the criminal offenses committed, identify the perpetrators, take over the criminal infrastructure and identify the affected persons. The number of affected persons is over 10 million from all over the world, whereas the number of seized credit cards is several hundred thousand.
During the realization of the action ‘Port Royal’, the Republic of Srpska Ministry of the Interior put under their control 16 botnets (computer networks infected with malwares for computer and mobile platforms), 19 fake internet pages used to collect personal information used in online payments (phishing pages), internet shops for selling stolen credit cards automatically (‘automated vending cart’ services), internet shops for buying botnets (‘botshop’), 10 servers with malwares, 5 servers with phishing pages, 5 servers for breaking computer protection and using weaknesses of the protected computer systems (‘Intrusion & Exploits’), 8 servers with compromised information and 21 server for illegal trafficking pharmaceutical products on the Internet, and blocking several thousand internet domains was also conducted.
Repairing damage caused by performing criminal offenses will be performed through the newly established Department for Information Society of the Republic of Srpska. In the following period, this Department will, in contact with CERT bodies of individual countries, perform identification of affected individuals and repair the damage.
