Octopus Cybercrime Community

The Public Prosecutor’s Office – Special Prosecutor Office for High-Tech Crime;
The Ministry of Interior - Department for Combatting Cybercrime;
The Ministry of Interior - Service for Special Investigation Techniques, Electronic Surveillance Unit (Digital Forensic Unit);
The Ministry of Interior – Financial Investigations Unit, Service for Combating Organised Crime;
The Ministry of Interior – Section for Suppression of Money Laundering, Service for Combating Organised Crime;
The Ministry of Justice – E-justice Department;
The Ministry of Justice - Central Authority for Mutual Legal Assistance

Other relevant authorities:

Higher Court in Belgrade;
Ministry of Foreign and Internal Trade and Telecommunications;
Republic Agency for Electronic Communications;
Republic Broadcasting Agency.

Case study 1 – “POWER OFF” (Art. 5 and 6 of Convention)

At the end of April 2018, the international action “Power Off” was conducted by the competent authorities of the Netherlands, Great Britain, Serbia, Croatia, Spain, Italy, Germany, Austria, Hong Kong, Canada and the USA participated. On the basis of a request of the Kingdom of the Netherlands sent to the Special Prosecutor's Office for High-Tech Crime, an investigation was commenced against two persons, against M.J. due to the existence of the suspicion that in the period from September 2015 until the end of April 2018, according to instructions of K.R. from Croatia, against whom the investigation was commenced by the Croatian judicial authorities, created the “Webstresser” server, whose Internet presentation was on the webpage https://www.webstresser.org/, whose domain was leased via the Panama Internet Service Provider, and the location of the server itself was protected by “Cloudflare” service.

Through this website, users were able to lease the capacity of DDoS attacks servers, in order to disable or significantly interfere with the electronic data processing process, as well as to prevent legitimate users from accessing the Internet sites that were the subject of the attack. D.V., according to the instructions of K.R. from Croatia, was in charge for leasing and payment via virtual currency or PayPal.

As a reward for the performed activities, M.J. received 15% of the reported monthly salary from K.R. from Croatia.

Second defendant D.V. opened PayPal accounts that were used for receiving payments for the “Webstresser” server users. He transferred received amounts to the accounts under the control of K.R. from Croatia, who, as a reward for the performed activities, gave him monthly 10% of the reported salary for that month.

It is estimated that the accused obtained unlawful property gain in the amount of about 100,000 EUR. From the first suspect, 1.87465457 BTC were temporarily seized, while on several PayPal accounts which were used by the second suspect 6.282,18 USD were frozen.

A criminal investigation and a parallel financial investigation are under way before the Special Prosecution Office for High-Tech Crime.

Case study 2 – “SKRILL” (Art. 7 and 8 of Convention)

In January 2018 the suspect D.D. contacted M.K. from Croatia via Telegram application. M.K. offered D.D. to work with him and create accounts for him and bet on the Russian website www.betsucsess.ru, by purchasing predictions of basketball matches results from a certain person. M.K. explained him how to bet on these results on the www.bet365.com online bet. D.D. would receive a 20% fee from the gain, as well as 50 euros after opening a "ready-made" account. 

On a weekly basis, D.D. created 50-60 Scrill accounts, invested 50,000 to 60,000 EUR on bets, and the profit was about 25,000 to 30,000 EUR a week. In opening Scrill accounts, D.D.was helped by one unknown person.

D.D. through the Telegram application, sent M.K. opened Skrill accounts and access parameters. Money gained from betting D.D. transferred to several Skrill accounts according to the instructions of M.K. and then from these accounts the third person transferred money to other Skrill accounts, from these to other Skrill accounts until the final point, which was the Skrill account of M.K. On a reversed path, M.K., once a month, paid the agreed percentage of his earnings to D.D.'s account.

M.K. told D.D. that he was in arms trafficking with the foreign nationals and that he had a website for crypto currencies trading. He explained that another 20 people worked for him, but that they only bet for him, and that only D.D. is opening accounts and selling it.

In May of 2018, via Telegram application, D.D.contacted B.M. from Croatia, M.K.`s acquaintance. He received an offer to open and sell Skrill orders and bet for B.M. He asked for a number of orders from D.D., so D.D. began to buy a large number of photographs of ID cards and “selfie” photographs from the persons from dozens of known and unknown persons.

Those persons, using the business name and logo (trademarks) of domestic and international companies created pages on the social network "Facebook", where they published false prize games, misleading thousands of customers and users of these companies services to obtain unauthorized personal data from them (name, surname, address of residence, telephone numbers) as well as photographs of personal documents and “selfie” photos of a person with a personal document. 

Case study 3 – “Armagedon” (Art. 9 of Convention)

Special Prosecution Office for High-Tech Crime and Cybercrime Department of the Ministry of Interior of the Republic of Serbia are conducting permanent operation called “Armageddon” related exclusively to sexual abuse of children on the Internet. This operation commenced in 2011. In line with the Lanzarote Convention, these cases are considered as urgent.

With regard to this case, preliminary proceedings were initiated based on information from a Hungarian authority received via INTERPOL.

Information from the Hungarian authorities stated that Hungarian authorities received criminal complaint of a minor victim who had met an unknown person on the social network registered in Hungary with whom she started communication. After gaining victim’s trust, the defendant threatened her and forced her to send him her pictures without clothes and perform sexual activities in front of the camera.

Hungarian authorities submitted to the Serbian prosecution the IP logging records for the accounts that the defendant had used on the social network, and it belonged to Serbian internet provider. The Special Prosecution Office for High-Tech Crime obtained Court Order to locate the place of communication based on which requested data from the provider were acquired and the communication place was located. Knowing the address from which the communication had taken place, the Prosecutor’s Office obtained a search warrant. Upon obtaining the warrant, police performed the search of the premises and found evidence of the committed criminal offence on electronic devices belonging to the defendant. Devices were seized and expert opinion on the content was provided.

Simultaneously, the Special Prosecution Office for High-Tech Crime submitted request for mutual assistance, and received from the competent prosecutor's office in Hungary statements by witnesses (victim and other witnesses), as well as material evidence in the form of electronic communications that the victim had.

Based on all gathered evidence an indictment was filed. According to an indictment defendant, in the period of 2 years, on more occasions, used minor to produce photographs and audio-visual items of pornographic content. He threatened that he would post on the Internet victim`s pictures in her swimsuit and later her pictures without clothes as well as aforementioned video materials. Those threats and orders were sent via social network and via Skype. All pictures and video material defendant kept it in his computer.  

The defendant was convicted for committing criminal offence Showing, procuring and possession of Pornographic Material and Juvenile Pornography under art 185 in concurrence with the criminal offense Coercion under art.135 paragraph 1 CC.

What is important to underline in relation to this case is effective and efficient mutual assistance. Not only that all requested evidence was gathered in short period of time, but the Hungarian liaison officer in Serbia brought those evidence to the prosecutor.

• Legislation;
• Criminal Code;
• Criminal Procedure Code;
• Law on the Organisation and Competences of Government Authorities Combating Cyber Crime;
• Law on Special Competences for Efficient Protection of Intellectual Property Right;
• Law on Mutual Assistance in Criminal Matters;
• Electronic Communications Law;
• Law on Personal Data Protection;
• Law on Liability of Legal Entities for Criminal Offences;
• Regulatory Agency for Electronic Communications and Postal Services (RATEL);
• Rules on General Terms and Conditions for Performing Electronic Communication Activities Under General Authorization Regime;
• Strategy for Combating Cybercrime 2019-2023.