HQ/EMEAFind out how we can help your business
Europol has dismantled an international cybercrime network responsible for unlocking stolen and lost mobile phones through a sophisticated phishing operation. The phishing-as-a-service (PhaaS) platform, known as iServer, enabled criminals to steal mobile phone credentials and unlock stolen devices.
This operation, named Operation Kaerb, was conducted by law enforcement agencies from Spain, Argentina, Chile, Colombia, Ecuador, and Peru. During the action, which took place between September 10-17, 2024, authorities arrested 17 individuals, carried out 28 searches, and seized 921 items, including phones, vehicles, electronic devices, and weapons.
The platform’s creator, an Argentinean national, has been taken into custody. According to the investigation, iServer has been used to unlock an estimated 1.2 million mobile phones since 2018.
iServer was a phishing platform that stood out from other PhaaS services due to its focus on unlocking stolen devices.
Criminals, referred to as “unlockers,” used the iServer platform’s automated phishing interface to extract user credentials from cloud-based mobile systems. This action allowed them to bypass security features such as Lost Mode and unlink devices from their rightful owners. The platform primarily targeted Spanish-speaking individuals across Europe, North America, and South America, with victims most heavily concentrated in Chile (77,000), Colombia (70,000), and Ecuador (42,000).
Unlockers exploited the platform by sending fraudulent SMS messages to victims, tricking them into clicking on links and entering sensitive information like two-factor authentication (2FA) codes and passwords. The credentials were then used to deactivate Lost Mode on stolen phones and gain unauthorised access to the devices. The criminals further profited by offering these unlocked phones to third parties, including phone thieves, creating a profitable black market.
In a separate but related development, Europol, in collaboration with the Australian Federal Police, also took down an encrypted communication platform called Ghost, used by criminals to evade detection while engaging in drug trafficking and money laundering. The platform offered a secure communication method by utilising three encryption standards, and it facilitated criminal operations across borders. The investigation led to 51 arrests, and the platform’s creator was identified as a 32-year-old Sydney man. Authorities also uncovered a drug lab and seized €1 million in cash.
Meanwhile, German authorities shut down 47 cryptocurrency exchanges involved in illegal activities for ransomware groups and darknet criminals. The shutdown exposed how these exchanges allowed anonymous trading without enforcing Know Your Customer (KYC) protocols, contributing to the growth of cybercrime.
These recent law enforcement actions highlight the evolving landscape of organised cybercrime, where phishing platforms and encrypted communication networks are increasingly leveraged for illicit activities.
