Canadian and American law enforcement agencies worked together for almost two years to track down and arrest an Ottawa man for allegedly launching over 1,000 ransomware and cyber attacks against businesses and individuals here, and cyberattacks in the U.S.
The Ontario Provincial Police, the RCMP, and the FBI said Tuesday their joint efforts led to the arrest of 31-year-old Matthew Philbert.
He has been charged here with possession of a device to obtain unauthorized use of a computer system, fraud, and unauthorized use of computer. Separately, he was indicted by U.S. authorities in Alaska with conspiring with others to damage a state computer.
Police didn’t break down how many of those hit were businesses, government departments or individuals. Nor did they say how much money victims lost, or how many of the attacks were specifically ransomware.
During a virtual announcement by the three forces, police said they seized laptops, a tablet computer, hard drives, external storage, cellphones and other material.
The investigation began in January, 2020 when the FBI notified the OPP of cyber attacks it believed originated in Canada. The RCMP’s National Cybercrime Co-ordination Unit (NC3) and the OPP’s cyber operations section investigators eventually determined an individual was responsible for ransomware and other attacks “that affected a significant number of businesses, government agencies and private individuals in Canada and the United States.”
According to OPP Detective Inspector Matt Watson, most attacks started with an email message with an infected attachment. If clicked on, the malware allowed an unauthorized person to view the victim’s computer, control their webcam and collect login credentials. Then an unauthorized person allegedly accessed the victim’s bank account. The access also allowed an unauthorized person to allegedly install malware and ransomware.
In an interview with ITWorldCanada.com, Watson said this was the “most prolific” investigation this force has done. He was unaware of any other Canadian residents that could be charged. He wouldn’t say how the investigation was able to focus on one person.
Asked why the investigation took almost two years, Watson said “cybercriminals move at the speed of the internet, we move at the speed of the international judicial process. We have to utilize the mutual assistance treaty process to even obtain seemingly innocuous information like subscriber details on IP addresses, server details and domains and things like that. We have to write judicial authorizations for that, which then go through multiple countries’ legal systems. And as a result it’s a very laborious and time-consuming exercise.”
Working with the FBI was an important part of the investigation, he added.
“If there was any lesson that I’ve taken away from this, it would be that international and domestic partnerships with law enforcement and other organizations are crucial” in fighting cybercrime.
He also encouraged businesses to contact police to report any cyber incident.
Brian Abellera, an Ottawa-based assistant legal attache for the FBI, thanked the OPP and RCMP for working with his agency. “The effort is one of many to come between Canada and the U.S. as we continue the FBI cyber mission to impose risk and consequences against cyber adversaries,” he said.
In a statement, OPP Deputy Commissioner Chuck Cox, who heads the force’s investigations and organized crime section, said that cybercriminals are opportunistic and will target any business or individual they identify as vulnerable. “The OPP continues to demonstrate its ability to seamlessly collaborate on integrated police investigations to combat cybercrimes and other illegal activities.”
This joint operation is another example of how agencies can work closely together to successfully address cybercrime and hold cybercriminals to account for their actions, said Chris Lynam, director-general of the RCMP’s NC3 unit. “The best things people and organizations can do to help us combat cybercrime is learn how to protect themselves from it, and always report instances to local police and the Canadian Anti-Fraud Centre.”
(More to come)
