TOP 10 Law Enforcement Agencies Most Active in Fighting Cybercrime
2022 saw a lot of successful law enforcement operations tackling online fraud, phishing, malware, and other cyber threats. Here’s the TOP 10 law enforcement agencies most active in fighting cybercrime.
Created in the early 1990s and headquartered in Hague, Europol is the European Union's law enforcement agency whose main goal is to improve cooperation between EU countries' police authorities and law enforcement services. In response to growing cybercrime in the EU the agency established The European Cybercrime Centre (EC3) in 2013, and a year later - in September 2014 - The Joint Cybercrime Action Taskforce (J-CAT) was launched.
2022 saw multiple Europol-led law enforcement operations, among which is the disruption of the VPNLab.net service that provided “shielded communications and internet access” to cybercriminals, the demise of the “iSpoof” online spoofing service that caused estimated losses of over €115 million worldwide, and RaidForums - one of the world’s biggest hacker forums and a constant source of high-profile data leaks.
Officially created in 1923 in Austria, The International Criminal Police Organization, aka Interpol, is an international organization that aids worldwide police cooperation and crime control. It is the world's largest international police organization, with 190 member countries. Interpol also helps coordinate transnational cybercrime investigations and operations worldwide.
This year alone, a series of international law enforcement operations coordinated by Interpol have resulted in the arrests of thousands of people involved in social engineering schemes like romance scams, business email compromise (BEC) scams, online fraud, money laundering, and other criminal activities. These include the operation codenamed 'First Light 2022', which saw $50 million seized and over 2,000 alleged scammers arrested, the crackdown on West-African cybercrime rings and the arrests of 75 suspected members of the “Black Axe” cybercrime syndicate. Another law enforcement operation resulted in the arrest of an alleged leader of a prominent business email compromise (BEC) group known as SilverTerrier (TMT) in Nigeria.
The US Federal Bureau of Investigation (FBI)
The FBI is a national investigative organization that operates throughout the United States. Established in 1908, the organization is headquartered in Quantico, Virginia, and investigates a variety of criminal activity including terrorism and cybercrime. The FBI says its cyber strategy is to impose risk and consequences on cyber actors making it harder for both cyber criminals and foreign governments to use malicious cyber activity to achieve their goals.
The most notable cyber operations the FBI carried out this year include the disruption of the massive Cyclops Blink botnet of hardware devices controlled by a threat actor known as Sandworm linked to Russia’s main intelligence agency, and the demise of the Russian RSocks malware botnet used to compromise millions of computers, Android smartphones, and IoT (Internet of Things) devices worldwide to serve as proxy servers.
The FBI also seized the domains of RaidForums, one of the world’s biggest hacker forums used by cybercriminals to buy and sell data obtained from data breaches, and dismantled SSNDOB Marketplace and WeLeakInfo - two illicit platforms that sold personal data. Besides this, an FBI’s investigation identified one of the most successful hackers tied to NetWalker, a notorious ransomware group linked to Russia.
The UK National Crime Agency (NCA)
The UK's National Crime Agency (NCA), formed in 2013, is a national law enforcement agency, which operates across the UK and responds to a broad range of threats from serious and organized crime, including human, weapon and drug trafficking, cybercrime, and economic crime.
Over the past few years, the NCA made an important contribution to the fight against global cybercrime, resulting in the 2014 takedown of the infrastructure of the Shyler banking malware that infected at least 30,000 computers, the arrests of more than 20 customers of the WeLeakInfo criminal marketplace, the arrests of a suspected administrator of the RaidForums hacker forum and seven teenagers believed to have ties with the infamous Lapsus$ hacker group, including the alleged 17-year-old ringleader. More recently, the British police have made more than 100 arrests in UK's biggest ever fraud operation.
The Spanish National Police (Policía Nacional)
One of the largest and wealthiest countries in Europe, Spain appears to be among the biggest victims of cyber crime out of the major European nations, so fighting cybercrime is one of the main objectives of the Spanish National Police. In the past ten months, the agency conducted a slew of operations aimed at tackling online fraud, phishing, and other cyber threats.
In February 2022, the Spanish police arrested eight suspects allegedly part of a cyber crime ring who stole funds from bank accounts in a series of SIM swapping attacks. In May, the agency dismantled a phishing group that stole online bank credentials, and in November it took down a cybercrime organization that used fake investment sites to defraud over €12.3 million ($12.8 million) from 300 victims across Europe.
In December, the law enforcement agency announced it arrested at least 55 suspected members of the “Black Panthers” cybercrime ring involved in phishing scams, SIM-swapping and more.
The Bundeskriminalamt (BKA)
Established in 1951, The Federal Criminal Police Office of Germany (Bundeskriminalamt, BKA) is federal investigative police agency of Germany, directly subordinated to the Federal Ministry of the Interior. As Germany’s central crime-fighting agency, the Bundeskriminalamt also performs coordinating tasks and conducts investigations related to cybercrime.
Over the past few years, the German police participated in a number of international law enforcement operations against cybercrime, including the takedown of Emotet, one of the most dangerous email spam botnets in recent history. After the takedown, a German law enforcement operation uninstalled all remaining Emotet malware from infected computers across the globe.
In April 2022, the police shut down the Russia-based Hydra Market, the world’s largest and most prominent dark web marketplace for illicit goods like drugs, forged documents, stolen data, and other illegal digital services. The Bundeskriminalamt also neutralized a cybercriminal gang that orchestrated large-scale phishing campaigns that defrauded internet users of €4 million, and arrested a suspected administrator of 'Deutschland im Deep Web' (DiDW), one of the largest darknet markets in Germany.
The Dutch National Police (Politie)
The National High Tech Crime Unit (NHTCU) is a subdivision within the Dutch National Police Agency dedicated to investigating advanced forms of cybercrime. Formed in 2007, the unit is focused on organized cybercrime and forms of crime that use sophisticated new technology or methods, as well as cyber-related issues that target vital national interests. The Dutch police also conduct investigative work in collaboration with Europol, Interpol and foreign police teams.
For instance, the Dutch National Police took part in the international law enforcement operations that resulted in the takedown of a popular Russian-based VPN service DoubleVPN widely used by ransomware gangs, and FluBot, one of the largest and fastest-growing Android malware operations to date. The police disconnected 10,000 victims from the FluBot network and prevented over 6.5 million spam SMS from reaching prospective victims.
Earlier this year, the police dismantled an organized crime group involved in phishing, fraud, scams and money laundering that caused millions in losses, and tricked operators of the DeadBolt ransomware into handing over 155 decryption keys.
The Swiss police
In Switzerland, various authorities at the federal level are addressing preventive and reactive cyber security tasks, with The Cybercrime Coordination Unit Switzerland (CYCO) being the country’s central office for reporting illegal subject matter on the Internet and coordinating in-depth analysis of cybercrime.
In recent years, the Swiss police participated in multiple international law enforcement efforts such as the takedown of the Infinity Black hacker group that sold stolen user credentials, as well as malware and hacking tools, the arrest of a dozen suspected ransomware operators, including an individual who operated the LockerGoga ransomware, best known for its 2019 attack on Norwegian aluminum giant Norsk Hydro.
In October 2022, Swiss authorities arrested Vyacheslav “Tank” Penchukov, one of the leaders of the infamous JabberZeus cybercrime group wanted in the US for his involvement in cyber-attacks that used the Zeus malware to steal millions of dollars from online banking accounts.
The French police
In France, there are several operational players in the cybersecurity field - ANSSI, the agency responsible for national cybersecurity, a cyber defense command (COMCYBER), and the Ministry of the Interior (includes the National police and the Gendarmerie), which fights all forms of cybercrime.
In 2019, the Cybercrime Fighting Center (C3N) of the French National Gendarmerie together with Czech antivirus maker Avast shut down the infrastructure of the Retadup malware that infected over 850, 000 Windows systems worldwide. The French police also participated in a number of major law enforcement operations, including the takedown of “Infraud,” a black marketplace that sold stolen debit and credit card data, personally identifiable information (PII), financial and banking information, and malware, and the takeover of the EncroChat encrypted mobile communication network widely used by organized crime groups.
This year, the French law enforcement authorities together with partners disrupted a cybercrime group that hacked keyless cars.
Cyber police of Ukraine (Кіберполіція України)
Established in 2015, Cyber Police of Ukraine is a law enforcement agency within the the Ministry of Internal Affairs of Ukraine dedicated to combating cybercrime. Over the past few years, law enforcement operations carried out by the Ukrainian cyber police led to the arrests of more than a dozen individuals linked to high-profile ransomware attacks, including the alleged Cl0p and Egregor operators, a hacker who attacked over 100 companies with ransomware, as well as five members part of a top-tier ransomware gang behind the attacks targeting more than 50 companies across Europe and the Americas.
In 2022, the Ukraine’s cyber police neutralized a number of massive phishing and online fraud schemes and dismantled several cybercrime gangs, including the scammers behind a $3 million phishing campaign that defrauded over 5,000 citizens of Ukraine, and an international investment fraud ring estimated to have caused losses of over €200 million per year. Also, the cyber department of Ukraine's Security Service (SSU) took down a hacking group that stole 30 million accounts belonging to citizens from Ukraine and the European Union and sold them on the dark web.
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter