Police dismantles international phone unlocking network linked to 483,000 victims

The operation, codenamed “Operation Kaerb,” was coordinated by Europol and involved law enforcement agencies from multiple countries, including Spain, Argentina, Chile, Colombia, Ecuador, and Peru. Investigations revealed that the iServer platform facilitated automated phishing attacks that mimicked popular cloud-based mobile services, enabling criminals to harvest sensitive information from victims. Over 2,000 individuals known as “unlockers” were registered on the platform, contributing to the unlocking of more than 1.2 million devices. Law enforcement efforts led to the arrest of 17 suspects and the seizure of numerous electronic devices, highlighting the scale and impact of this cybercrime network.

Phishing-as-a-Service Model

The iServer platform operated on a phishing-as-a-service model, providing tools for criminals to create and deliver phishing attacks easily. It automated the process of generating fraudulent web pages that closely resembled legitimate services, enhancing the likelihood of successful credential theft. Unlockers used these tools to target individuals who had lost access to their phones, often sending phishing messages via SMS or email.

Victim Impact

The victims, primarily Spanish-speaking individuals from Europe, North America, and South America, were often misled into providing their device credentials while attempting to regain access to their locked phones. The phishing attacks were particularly deceptive, as they were designed to appear legitimate, thus increasing the chances of victims falling for the scams.

Law Enforcement Response

The coordinated law enforcement operation, which took place from September 10 to 17, 2024, resulted in significant arrests and the dismantling of the iServer platform. Authorities seized various items, including mobile phones and electronic devices, and arrested the platform’s Argentinian administrator, marking a significant victory against organized cybercrime.