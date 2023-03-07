International network “Double-Spider” : Investigators uncover international hacker network

Dirk Kunze, Head of Department 42 at the North Rhine-Westphalia State Criminal Police Office, answers questions about the internationally active network. Foto: dpa/Federico Gambarini

Düsseldorf A special unit of cyber investigators in North Rhine-Westphalia said it has uncovered an international hacker network called "Double-Spider". The network comes "from the Russian culture sphere".

As "Double-Spider" the hacker group caused fear and terror, now they are said to have been caught by investigators from North Rhine-Westphalia. According to the investigators, they have identified the suspected masterminds of the international network of cyber criminals, who are said to be responsible for spectacular hacker attacks worldwide.

Arrest warrants have been issued for three suspects, and eight others are under investigation, according to reports from the State Criminal Police Office and the public prosecutor's office in Düsseldorf on Monday. Europol and the FBI were involved in the investigation.

More than 600 attacks on institutions worldwide

The suspects are notably blamed for the attack on the University Hospital in Düsseldorf, the Funke media group and the district of Anhalt-Bitterfeld, which had declared a state of emergency as a result.

One of the suspects, a 41-year-old Russian citizen, is also wanted by the FBI, which has offered a five-million-dollar reward for him. The group is accused of more than 600 attacks on institutions worldwide, causing considerable damage.

The criminal group called "Double-Spider" or "Grief" had links to Russia, but there were no indications of state structures behind the schemes. The suspects were after millions of dollars in ransom money, he said.

But NRW Interior Minister Herbert Reul (CDU) said ”We also see references and connections to the Russian domestic intelligence service FSB and the paramilitary mercenary group Wagner in the case of individual persons in this group of perpetrators.” Even if the acts served personal enrichment, the assumption is that they were at least tolerated by the state. In addition, it could not be ruled out that the siphoned-off data and funds were also used for state purposes.

The three suspects Igor T., Irina Z. and Igor G. are now wanted worldwide. They are on Europol's "Europe's most wanted" list. It is unclear where the trio is currently located, he said. "The attacks on critical infrastructure are a game of life and death," said a Europol spokesman in Dusseldorf.

"Such cyber criminals do not stop at university hospitals," said LKA chief Ingo Wünsch. "Companies need to secure their digital gateways." In the case of the Düsseldorf University Hospital, for example, there were suspicions that the hackers could be responsible for the death of a patient. However, this had ultimately not been confirmed.

Despite the war, police in Ukraine have actively supported the investigation. In Germany, the group attacked and damaged at least 37 institutions. A number of unreported cases can be assumed because there are companies that pay ransoms without involving the police.

There were headhunters for hackers

In 2021, North Rhine-Westphalia took over the international investigations against the group. In the process, a shadow economy came to light.

For example, there are job postings and headhunters for hackers. So-called access brokers traded uncertain jobs in company networks. Hacker attacks are also brokered as criminal services to third parties. The whole thing is carried out via money laundering networks using cryptocurrencies.

In addition to the three suspects mentioned, eight others aged 38 to 40 from Germany, Russia, Moldova and Ukraine are under investigation. Thirteen EU countries are said to be involved. They are wanted for particularly serious extortion and computer sabotage.

It has now been possible to prove that specific individuals committed specific acts, said senior public prosecutor Markus Hartmann. For this, he said, the digital traces were condensed to such an extent that it was enough for arrest warrants. "The term hacker attack is actually a trivialization of what happened." He said one was dealing with structured organized crime.

The international manhunt will now make it more difficult for the suspects to spend their money in Paris, London or Milan, for example, he said. The suspects further developed software from well-known hacker groups such as the Evil Group or Dridex and used it to attack companies, LKA investigator Dirk Kunze reported. "Double-spider" is the English term for the crankset as part of the pedal system on a bicycle.

One of the predecessor groups is believed to be responsible for the attack on the British national health care system. For that case, NRW's "Parker" investigation group made nearly 100 requests for legal assistance, including to Russia, it said. It is now hoping for leads on the suspects' whereabouts.