A wide-ranging international operation by law enforcement agencies in 30 countries aiming to prosecute online fraudsters has resulted in nearly a thousand arrests and a net of $130 million in seized virtual assets.

Interpol's National Central Bureaus (NCBs) collaborated with local authorities to pursue arrests. Interpol announced that the linked investigations, dubbed Operation Haechi III, tracked cyber-enabled financial crimes and money laundering in 30 countries. The investigations, which took place between June 28 and Nov. 23, intercepted money transfers and virtual assets, leading to the arrest of 975 suspects in the last five months.

The ability to recover funds quickly will cut into cybercriminal profits, an important deterrence, says Ed Cabrera, chief cybersecurity officer at endpoint security firm Trend Micro.

“Illicit financial transactions are the lifeline of all cyber-enabled crimes," he says. "Having the capability to quickly track, seize and return illicit funds to their victims not only can it make victims whole, but it is an incredibly disruptive tool for law enforcement."

The effectiveness of the effort highlights the need for cross-border collaboration, Hyung Se Lee, the head of Interpol's National Central Bureau in Seoul, said in a statement announcing the operation.

"As we look to the future, we recognize the importance for decisive and concerted law enforcement action across borders," he said, noting that the ongoing operation shows the international community's "dedicated coordination and the strong commitment of participating countries."

The operation is the latest Interpol effort to pursue fraudsters and the money trails that they leave behind. In June, the international law enforcement agency announced the arrest of 2,000 suspects and the seizure of more than $50 million stolen by fraudsters using a variety of social engineering schemes. The previous month, Interpol arrested the suspected head of a massive business email compromise (BEC) gang, who had fled arrest in 2021.

A year ago, Interpol announced the arrests of 1,003 people and the seizure of $27 million during Operation Haechi II, the second program in a three-year initiative aimed at curtailing specific types of online fraud, such as online financial crime trends, impersonation scams, romance frauds, sextortion, and investment fraud.

"Online scams like those leveraging malicious apps evolve as quickly as the cultural trends they opportunistically exploit," José De Gracia, assistant director of criminal networks at Interpol, said in a statement at the time. "Sharing information on emerging threats is vital to the ability of police to protect the victims of online financial crime. It also lets police know that no country is alone in this fight."

Encrypted Messaging, Massive Ponzi Schemes

The wide range of fraud fraudsters pursued by Interpol included two Red Notice fugitives accused of stealing $29 million in a Ponzi scheme affecting South Korea, cybercriminals in India impersonating Interpol officers to defraud victims, and fraudsters that stole more than $1.2 million from victims in Ireland, according to the announcement. A Red Notice is an international request for local authorities to arrest a suspect.

Many of the cybercriminal groups exchanged information and cryptocurrency over encrypted chat messaging applications, the investigation found. 

Among the countries that cooperated in the Haechi III operation are Australia, France, Hong Kong (China), India, Indonesia, Ireland, Japan, Korea, Kyrgyzstan, Laos, Philippines, Poland, Singapore, Spain, Thailand, the United Arab Emirates, the United Kingdom, and the United States.

Interpol, along with Afripol, also announced an Africa-centric effort — the Africa Cyber Surge Operation — involving 27 countries collaborating over the past four months. The efforts resulted in the takedown of a dark market in Eritrea, investigations into cryptocurrency scams in Cameroon, and the arrest of the operators of malicious cyber infrastructure used for botnets, phishing campaigns, and online extortion.

In addition to national government, Interpol credited private-sector partners with helping out, including British Telecom, the Cyber Defense Institute, Fortinet’s FortiGuard Labs, Group-IB, Kaspersky, Palo Alto Networks' Unit 42 team, Shadowserver, and Trend Micro.

New Tools for Interpol

As part of its fight against cybercriminals and their financial pipelines, Interpol announced a new tool last year known as the Anti-Money Laundering Rapid Response Protocol (ARRP), which establishes a procedure for quickly stopping criminals' theft of funds — and reversing transactions — before they have completed.

Under ARRP, cooperation channels between Interpol bureaus can be used to freeze the transfer of funds and intercept money before it makes its way into criminals' accounts. Often all, or the vast majority of, funds can be completely recovered.

"Intercepting the illicit proceeds of online financial crimes before they disappear into the pockets of money mules is a race against time," Jorge Luis Vargas Valencia, director general of the Colombian National Police, stated in last year's announcement, noting that "the high level of complexity of coordination with law enforcement units and banking institutions on the other side of the world" has traditionally made such efforts difficult.