A foreign national who, by the teams of the Istanbul Provincial Gendarmerie Command Anti-Smuggling and Organized Crime (KOM) Branch Directorate, neutralizes companies that conduct online stock exchange and forex transactions on international platforms with cyber attacks on their accounts with their operating systems, and demands money with blackmail and threats to reopen the systems. work was initiated to catch people.
After a technical and physical follow-up that lasted for about 3 months, the teams determined the addresses used by the members of the Syrian ANEA-led organization.
In the searches made by teams that conduct simultaneous operations to 19 different addresses in Istanbul, Bursa, Gaziantep and Sanliurfa provinces, 1 million 850 thousand euros and 1 million 200 thousand dollars worth of money, 30 gold bracelets, 31 gold bracelets, 7 gold necklaces. Money counting machine, tablet computer, 6 mobile phones, 22 computers including 10 laptops, 12 hard disks, 10 flash drives, 11 recording device, 1 phone lines were seized, 250 suspects were detained.
Foreign nationals ANEA, AN, AA, RA, AS, SA, AE, MAH, WS, AA, AA, FA and M.İ.R. They were arrested by the judge in Bakırköy Courthouse, where they were transferred after their actions in the gendarmerie.
They earned between 40 thousand and 800 thousand dollars in three minutes
In the investigations carried out by the gendarmerie teams, the suspects took over the accounts of the companies and rendered transactions inoperable, delayed the updating of the prices of the company by giving purchase and cancellation orders in a short time (approximately 1500), the hackers who were abroad entered the accounts of the companies with desktop connection programs and made transactions without drawing attention, and this It was determined that they earned between 3 thousand and 40 thousand dollars in 800 minutes with the transactions, and they also made small changes in the exchange rates of the companies, and they directed the people who wanted to make purchases by opening fake accounts belonging to the companies with short purchases.
They were selecting people who were not blacklisted
It was also noteworthy that the suspects who detected the companies' security vulnerabilities opened many accounts from the designated company and chose the individuals whose names were not blacklisted by banks and financial institutions as a target.
It was found that the suspects, who were found to have made a request to stop the cyber attacks in return for the unblocking of the people whose accounts were blocked and giving a large amount of ransom, sold the investment instruments they received at low prices for high amounts.
In the meantime, it was determined that people who wanted to create a counterfeit of the website and application of the company targeted by the organization and wanted to open a user account through this company, carried out a "phishing" attack by making them deposit money into fake accounts.
In the examination of the materials seized as a result of the operation, in the message sent by the organization leader ANEA to the manager of the organization, "The prices of the shares were written, buy and sell at these prices immediately." It was learned that he gave instructions in the form.
Warning from the Gendarmerie
In the warning made by the Gendarmerie, it was emphasized that the companies should get service by contracting with a professional cyber security company in order to prevent cyber attacks and fraud incidents.
Referring to the necessity of constantly checking the security systems of registered accounts, the gendarmerie requested that the security forces be notified in case of a demand for money through threats and blackmail by following suspicious transactions.