Latest news with #BKA
WIRED
3 days ago
- Politics
- WIRED
Cops in Germany Claim They've ID'd the Mysterious Trickbot Ransomware Kingpin
Matt Burgess Lily Hay Newman May 30, 2025 9:22 AM The elusive boss of the Trickbot and Conti cybercriminal groups has been known only as 'Stern.' Now, German law enforcement has published his alleged identity—and it's a familiar face. Photograph:For years, members of the Russian cybercrime cartel Trickbot unleashed a relentless hacking spree on the world. The group attacked thousands of victims, including businesses, schools, and hospitals. 'Fuck clinics in the usa this week,' one member wrote in internal Trickbot messages in 2020 about a list of 428 hospitals to target. Orchestrated by an enigmatic leader using the online moniker 'Stern,' the group of around 100 cybercriminals stole hundreds of millions of dollars over the course of roughly six years. Despite a wave of law enforcement disruptions and a damaging leak of more than 60,000 internal chat messages from Trickbot and the closely associated counterpart group Conti, the identity of Stern has remained a mystery. Last week, though, Germany's federal police agency, the Bundeskriminalamt or BKA, and local prosecutors alleged that Stern's real-world name is Vitaly Nikolaevich Kovalev, a 36-year-old, 5'11' Russian man who cops believe is in his home country and thus shielded from potential extradition. A recently issued Interpol red notice says that Kovalev is wanted by Germany for allegedly being the 'ringleader' of a 'criminal organisation.' 'Stern's naming is a significant event that bridges gaps in our understanding of Trickbot—one of the most notorious transnational cybercriminal groups to ever exist,' says Alexander Leslie, a threat intelligence analyst at the security firm Recorded Future. 'As Trickbot's 'big boss' and one of the most noteworthy figures in the Russian cybercriminal underground, Stern remained an elusive character, and his real name was taboo for years.' Stern has notably seemed to be absent from multiple rounds of Western sanctions and indictments in recent years calling out alleged Trickbot and Conti members. Leslie and other researchers have long speculated to WIRED that global law enforcement may have strategically withheld Stern's alleged identity as part of ongoing investigations. Kovalev is suspected of being the 'founder' of Trickbot and allegedly used the Stern moniker, the BKA said in an online announcement. 'It has long been assumed, based on numerous indications, that 'stern' is in fact 'Kovalev',' a BKA spokesperson says in written responses to questions from WIRED. They add that, 'The investigating authorities involved in Operation Endgame were only able to identify the actor stern as 'Kovalev' during their investigation this year,' referring to a multi-year international effort to identify and disrupt cybercriminal infrastructure, known as Operation Endgame. The BKA spokesperson also notes in written statements to WIRED that information obtained through a 2023 investigation into the Qakbot malware as well as analysis of the leaked Trickbot and Conti chats from 2022 were 'helpful' in making the attribution. They added, too, that the 'assessment is also shared by international partners.' The German announcement is the first time that officials from any government have publicly alleged an identity for a suspect behind the Stern moniker. As part of Operation Endgame, BKA's Stern attribution inherently comes in the context of a multinational law enforcement collaboration. But unlike in other Trickbot and Conti-related attributions, other countries have not publicly concurred with BKA's Stern identification thus far. Europol, the US Department of Justice, the US Treasury, and the UK's Foreign, Commonwealth & Development Office did not immediately respond to WIRED's requests for comment. Several cybersecurity researchers who have tracked Trickbot extensively tell WIRED they were unaware of the announcement. An anonymous account on the social media platform X recently claimed that Kovalev used the Stern handle and published alleged details about him. WIRED messaged multiple accounts that supposedly belong to Kovalev, according to the X account and a database of hacked and leaked records compiled by District 4 Labs but received no response. Meanwhile, Kovalev's name and face may already be surprisingly familiar to those who have been following recent Trickbot revelations. This is because Kovalev was jointly sanctioned by the United States and United Kingdom in early 2023 for his alleged involvement as a senior member in Trickbot. He was also charged in the US at the time with hacking linked to bank fraud allegedly committed in 2010. The US added him to its most wanted list. In all of this activity, though, the US and UK linked Kovalev to the online handles 'ben' and 'Bentley.' The 2023 sanctions did not mention a connection to the Stern handle. And, in fact, Kovalev's 2023 indictment was mainly noteworthy because his use of 'Bentley' as a handle was determined to be 'historic' and distinct from that of another key Trickbot member who also went by 'Bentley.' The Trickbot ransomware group first emerged around 2016, after its members moved from the Dyre malware that was disrupted by Russian authorities. Over the course of its lifespan, the Trickbot group—which used its namesake malware, alongside other ransomware variants such as Ryuk, IcedID, and Diavol—increasingly overlapped in operations and personnel with the Conti gang. In early 2022, Conti published a statement backing Russia's full-scale invasion of Ukraine, and a cybersecurity researcher who had infiltrated the groups leaked more than 60,000 messages from Trickbot and Conti members, revealing a huge trove of information about their day-to-day operations and structure. Stern acted like a 'CEO' of the Trickbot and Conti groups and ran them like a legitimate company, leaked chat messages analyzed by WIRED and security researchers show. 'Trickbot set the mold for the modern 'as-a-service' cybercriminal business model that was adopted by countless groups that followed,' Recorded Future's Leslie says. 'While there were certainly organized groups that preceded Trickbot, Stern oversaw a period of Russian cybercrime that was characterized by a high level of professionalization. This trend continues today, is reproduced worldwide, and is visible in most active groups on the dark web.' Stern's eminence within Russian cybercrime has been widely documented. The cryptocurrency tracing firm Chainalysis does not publicly name cybercriminal actors and declined to comment on BKA's identification, but the company emphasized that the Stern persona alone is one of the all-time most profitable ransomware actors it tracks. 'The investigation revealed that stern generated significant revenues from illegal activities, in particular in connection with ransomware,' the BKA spokesperson tells WIRED. Stern 'surrounds himself with very technical people, many of which he claims to have sometimes decades of experience, and he's willing to delegate substantial tasks to these experienced people whom he trusts,' says Keith Jarvis, a senior security researcher at cybersecurity firm Sophos' Counter Threat Unit. 'I think he's always probably lived in that organizational role.' Increasing evidence in recent years has indicated that Stern has at least some loose connections to Russia's intelligence apparatus, including its main security agency, the Federal Security Service (FSB). The Stern handle mentioned setting up an office for 'government topics' in July 2020, while researchers have seen other members of the Trickbot group say that Stern is likely the 'the link between us and the ranks/head of department type at FSB.' Stern's consistent presence was a significant contributor to Trickbot and Conti's effectiveness—as was the entity's ability to maintain strong operational security and remain hidden. As Sophos' Jarvis put it, 'I have no thoughts on the attribution as I've never heard a compelling story about Stern's identity from anyone prior to this announcement.'
Local Germany
5 days ago
- Business
- Local Germany
Four scams to be aware of while navigating Germany's rental market
According to a report by the Federal Criminal Police Office (BKA), Germany saw a 25 percent increase in rental fraud between 2020 and 2023. Many of the victims are recent arrivals in the country, often at a severe disadvantage because they are unfamiliar with German law, unsure of where they can turn for good advice, and may have a poor command of the language. Putting aside the classic rental scam, in which people are tricked into paying deposits for an apartment that doesn't exist , or isn't actually available for rent, there are several other forms of rental fraud that have been seen more and more often in the German rental market. These scams all have one thing in common – bad actors in the market selling themselves to desperate renters as knights in shining armour. Here are four recent trends which anyone looking for an apartment in Germany should be aware of. Illegal brokerage commissions A growing number of rental agents are charging brokerage fees – effectively bribes – to eager renters. According to data analysis by SWR , hundreds of apartments are being advertised on the messaging service Telegram for an average brokerage fee of about €1,700. Germany's Housing Agency Act only permits a rental agent or broker ( Makler ) to charge a commission or brokerage fee ( Provision ) from the person who hired them. If you have paid an inappropriate brokerage fee, the law generally allows you to try and claim the money back within a three-year period. However, this is only possible when the payments were documented. Graham Pugh, a relocation expert and founder of BerlinRelo, told The Local that he would never advise one of his clients to pay a brokerage fee, or a bribe, to get a flat. He stressed that there are still clean, offers to be found. Given the incredibly tight housing market in places like Berlin, however, he can understand why some apartment hunters ask themselves if just paying an illegal brokerage fee might be worth it. Advertisement But buyers beware – you'll never be asked to do this for a legitimate apartment offer. If you do decide to hire an agent to help you find a place to live, your broker is permitted to charge a finder's fee of no more than twice the flat's cold rent ( Kaltmiete) plus VAT. READ ALSO: 10 things landlords in Germany can never ask of tenants A colourful apartment building in Berlin's Wedding district. Photo by Paul Krantz. Corrupt rental markets on social media platforms It's no coincidence that brokers soliciting illegal fees use messaging apps like Telegram and WhatsApp, which have become increasingly popular with scammers who can use the encrypted messaging services to cover their tracks and avoid oversight. A case which came to light in Hamburg earlier this year, first reported by Der Spiegel , highlighted the way in which a WhatsApp group was used as a forum for selling rental agreements illegally. A man who called himself Chris was in cahoots with a woman who went by Jenny, who worked for one of Germany's largest landlords in Germany. According to the report, Chris and Jenny claimed they wanted to help people would who otherwise struggle to find an apartment – in return for a 'down payment' of €1,000 (to be paid in cash during the viewing). They were effectively taking bribes in return for placing applicants in apartments. 'This practice is illegal,' said Rolf Bosse of the Hamburg Tenants' Association, commenting on the case. 'It violates tenancy law." Advertisement Platforms like Telegram and WhatsApp, as well as Kleinanzeigen and Facebook, are also popular with scammers who sometimes ask for advance payments for non-existent flats, or collect peoples' documents and commit identity theft. The Hamburg police are aware of one case in which employment data offered by a flat seeker was used by a fraudster to divert their salary into a different account. Graham Pugh confirms that he tells his clients to avoid Kleinanzeigen and social media sites. Sticking to offers from verified renters ( verified anmieter) on Immoscout, rather than using other platforms or going for private ( Von Privat ) listings is the best way to ensure that you avoid potential scams, Pugh says. "I always say to my clients – not all Von Privat offers are scams, but all scams are Von Privat ." READ ALSO: 'Always be vigilant' - Expert tips for finding an apartment in Berlin Landlords pushing 'commercial' leases on apartments Traditionally, landlords don't love self-employed tenants. When they do, it could be because they hope to get around rent control laws by letting some or all of an apartment under a commercial rather than a residential lease. Under German law, commercial leases are subject to fewer legal protections than residential leases. The distinction between the two is based on the intended use of the premises. Despite what some landlords claim, it is illegal to disguise a residential lease as a commercial lease. If the space is mainly used for living, in previous court cases charging commercial rents for residential units has been ruled unlawful. READ ALSO: How much are rents going up in German cities? Finding an apartment in Germany's big cities like Berlin or Hamburg can be exceptionally difficult. Photo by Alicia Christin Gerald on Unsplash Fraudulent tenants' associations Numerous tenants' associations ( Mietervereine ) exist in Germany to help tenants settle disputes with landlords, challenge exploitative contracts, and put pressure on landlords to fulfil their commitments (by carrying out repairs, for example). Not all Mietervereine are the same, however. Most are worth their weight in gold, but – even here – Germany's rental market madness has attracted its share of bad actors. Advertisement A recent ARD report uncovered evidence of commercial enterprises presenting themselves as local tenants' associations and pretending to offer the same services. Before deciding to become a member of a particular tenants' association – and paying the sign-up fee – make sure to look at what people have been saying on review platforms. READ ALSO: 10 essential tips for avoiding rental scams in Germany
Yahoo
24-05-2025
- Yahoo
Germany updates: Police chief warns of youth radicalization
The head of Germany's Federal Criminal Police Office (BKA), Holger Münch, has told newspapers that some young people are organizing themselves in groups to commit "serious crimes" after being radicalized by far-right ideologies. His remarks come after German police this week cracked down on a far-right extremist cell with members as young as 14. Train services at Hamburg's main station are meanwhile back to normal after 18 people were injured on Friday in a knife attack by a female suspect. This is a roundup of the top news stories from Germany on May 24, 2025. Train services at Hamburg's main station have resumed normal operations after a knife attack on Friday that left 18 injured, a spokeswoman for train operator Deutsche Bahn told the DPA news agency. A 39-year-old woman was arrested at the scene on suspicion of carrying out the attack. She is to come before a magistrate on Saturday. Four of the 18 wounded suffered life-threatening inuries, while six were seriously hurt, officials said. So far, police do not believe the attack was politically or ideologically motivated but was rather the result of some kind of psychological distress on the part of the attacker. The head of Germany's Federal Criminal Police Office (BKA), Holger Münch, has warned that young people within right-wing extremist circles are becoming increasingly radicalized. "For about a year, we've increasingly seen very young people with right-wing views becoming more radicalized and forming, at times, well-organized groups to carry out serious crimes," Münch told the Funke media group of newspapers in remarks published on Saturday. He said the internet was a major factor aiding the far-right scene to spread its network. "Radicalization, recruitment and mobilization increasingly happen via social networks and right-wing forums," Münch said. The BKA head said right-wing crime was posing a "major challenge" to security agencies but that general society also had a big role to play in reducing the threat. His remarks follow the arrests this week of five male suspects aged 14 to 18 who were members of a far-right extremist cell alleged to have plotted violent attacks on migrants. The head of Germany's federal crime agency, Holger Münch, has told newspapers that young people are increasingly falling under the thrall of far-right extremist ideologies, with some prepared to commit "serious crimes." Meanwhile, train services at the main station in the northern port city of Hamburg have resumed full operations after disruption caused on Friday by a knife attack carried out by a suspected female assailant in which several were injured. DW's Bonn newsroom keeps you up to speed with the latest headlines from Germany at a time when Europe's economic powerhouse is facing several major challenges from within and abroad.
DW
24-05-2025
- DW
Germany updates: Police chief warns of youth radicalization – DW – 05/24/2025
The head of Germany's Federal Criminal Police Office (BKA), Holger Münch, has told newspapers that some young people are organizing themselves in groups to commit "serious crimes" after being radicalized by far-right ideologies. His remarks come after German police this week cracked down on a far-right extremist cell with members as young as 14. Train services at Hamburg's main station are meanwhile back to normal after 18 people were injured on Friday in a knife attack by a female suspect. This is a roundup of the top news stories from Germany on May 24, 2025.
Yahoo
24-05-2025
- Politics
- Yahoo
German police chief warns of rising right-wing youth radicalization
The head of Germany's Federal Criminal Police Office (BKA), Holger Münch, has issued a warning about the increasing radicalization of young people within right-wing extremist circles. "For about a year, we've increasingly seen very young people with right-wing views becoming more radicalized and forming, at times, well-organized groups to carry out serious crimes," Münch told the Funke media group of newspapers in remarks published on Saturday. He highlighted the growing role of the internet as a networking space for the far-right scene. "Radicalization, recruitment and mobilization increasingly happen via social networks and right-wing forums," Münch said. The high number and severity of far-right motivated crimes pose a "major challenge" to security agencies, which are responding with increased surveillance, according to Münch. Münch emphasized that tackling the issue is not solely the responsibility of the police, but a challenge that requires joint effort across all parts of society to prevent serious acts of violence. Earlier this week, German federal prosecutors launched a crackdown on a far-right extremist cell accused of plotting violent attacks targeting migrants. Five male suspects aged 14 to 18 were arrested in coordinated raids. The teens are accused of being part of - or in one case supporting - a group that calls itself the Last Wave of Defence. According to prosecutors, the group aimed to destabilize Germany's democratic system through acts of violence, primarily targeting migrants and political opponents.
