By G9ija

After an 11-month investigation, Interpol has arrested a 37-year-old Nigerian man alleged to be the leader of the global SilverTerrier transnational cybercrime syndicate.

The suspect, who is yet to be named, was apprehended at the Murtala Mohammed International Airport in Lagos by the Nigerian Police Force (NPF) cybercrime unit.

Interpol said in a statement on Wednesday, seen by The Nation that the SilverTerrier arrest struck a major blow against the cybercrime group, responsible for mass phishing attacks and business email compromise (BEC) scams aimed at stealing money from companies around the world.

The international law enforcement agency announced that the arrest was an international operation spanning four continents, coordinated and facilitated by its recently created Africa operations desk within INTERPOL’s cybercrime directorate.

The Nation learnt that the suspect fled Nigeria in 2021 when authorities initially attempted to apprehend him. But, months later, in March 2022, he attempted to return home and was quickly identified and detained as he attempted to re-enter Nigeria.

It was further gathered that Interpol is investigating leads suggesting that the suspected leader’s activity traces back to 2015 and that he has social media links to at least three other SilverTerrier suspects arrested in 2021.

It is also suspected that the group compromised more than 500,000 companies in more than 150 countries by 2020.

The unidentified suspect “is alleged to have run the transnational cybercrime syndicate that launched mass phishing campaigns and business email compromise schemes targeting companies and individual victims,” Interpol said.

The Nation learnt further that before leaving Nigeria, the SilverTerrier suspect tried to sell his Autobiography Special Edition Range Rover for 5.8 million Naira (around $14,000) on social media.

INTERPOL’s Africa desk, called the African Joint Operation against Cybercrime (AFJOC) and funded by the UK Foreign Commonwealth and Development Office, was launched in May 2021 to boost the capacity of 49 African countries to fight cybercrime.

That same month, the police operation, codenamed Delilah, was initiated by an intelligence referral from several INTERPOL partners from the private sector: Group-IB, Palo Alto Networks Unit 42 and Trend Micro.

The intelligence was enriched by analysts within INTERPOL’s Cyber Fusion Centre, which brings together experts from law enforcement and industry to turn information on criminal activities into actionable intelligence.

INTERPOL’s AFJOC desk then referred the intelligence to Nigeria and followed up with multiple case coordination meetings supported by law enforcement in Australia, Canada and the United States.

Investigators began to map out and track the alleged malicious online activities of the suspect, thanks to ad hoc support from private sector firm CyberTOOLBELT, as well as tracking his physical movements as he travelled from one country to another. Nigerian law enforcement successfully apprehended the suspect at Murtala Mohammed International Airport in Lagos.

Interpol quoted Assistant Inspector General of the Nigeria Police Force, Garba Baba Umar, as commending the collaboration.

Umar is the Head of Nigeria’s INTERPOL National Central Bureau and Vice President for Africa on INTERPOL’s Executive Committee.

He said: “The arrest of this alleged prominent cybercriminal in Nigeria is testament to the perseverance of our international coalition of law enforcement and INTERPOL’s private sector partners in combating cybercrime.

“I hope the results of Operation Delilah will stand as a reminder to cybercriminals across the world that law enforcement will continue to pursue them, and that this arrest will bring comfort to victims of the suspect’s alleged campaigns.

Bernardo Pillot, INTERPOL’s Assistant Director, Cybercrime Operations, added: “This case underlines both the global nature of cybercrime and the commitment required to deliver a successful arrest through a global to regional operational approach in combatting cybercrime.

“The persistence of national law enforcement agencies, private sector partners and the INTERPOL teams all contributed to this result, analysing vast quantities of data and providing technical and live operational support.

Mr Pillot added. “Cybercrime is a threat that none of our 195 member countries face alone.”

One of the cybersecurity companies that assisted in the investigation, Palo Alto Networks’ Unit 42, posted a photo of the suspect but did not identify him. Three other companies — Trend Micro, Group-IB and CyberTOOLBELT — also collaborated with law enforcement, authorities said.

The Nation learnt that the operation is the latest in a series of counter-BEC actions that most recently included the apprehension of 11 suspected members of the SilverTerrier gang in January. That sting was called Operation Falcon II. The latest is labelled Operation Delilah.