Europol has arrested the hacker masterminds behind a notorious cyber black market, selling access to 21,000 compromised servers.
The European Cybercrime Centre (EC3) reported arresting two unnamed Ukrainians in Madrid as a part of a joint operation with the Spanish National Police, codenamed Operation Ransom II.
"On 9 July, Spanish National Police arrested the two criminals and searched their house. One of them was caught red-handed, running virtual machines and chatting with other cyber criminals," read the report.
Europol said authorities seized a variety of items during the raid, including €50,000 in cash, as the group raked in huge profits from their scams.
"Their sophisticated money laundering facility was processing around €10,000 daily through various electronic payment systems and virtual currencies," Europol said.
The hackers had reportedly managed to compromise 21,000 company servers and had successfully sold access to them to more than 450 criminal groups. "The 21,000 compromised servers of companies located in 80 countries (1,500 of them in Spain) had a common feature whereby access settings were via a remote desktop (RDP)," read the report.
"With this set-up, the cyber criminal could access all information contained on the servers, using full administrator privileges for the system, i.e. absolute control. The criminals ran an online shop where the compromised machines were 'sold' to 450 of their cyber criminal 'customers' who were able to choose the location (country) of their preferred servers."
At the time of publishing Europol had not responded to V3's request for comment on how many servers were located in the UK.
Europol said the takedown was only possible thanks to cross-department and agency cooperation and data sharing. "This Spanish National Police investigation was supported from the early stages by Europol specialists, who organised and hosted a coordination meeting in April 2013," read the report.
"Europol then facilitated the exchange of criminal intelligence with other EU member states, delivered analytical reports and supported the operation on the spot with a mobile office and technical advice. Europol will receive data on the compromised computers so it can be analysed and distributed to law enforcement authorities, who in turn can notify those server owners affected by the criminals' activity."
Increasing cross-national collaboration regarding cyber threats has been an ongoing goal of the European Commission. The EC3 centre is a central part of this strategy. The centre launched earlier this year with a staff of 40 and an annual €7m budget, drawn from Europol's existing €84m funding.
The Ukrainians are two of many cyber criminals found to be running their nefarious operations out of Spain. Before their arrests Spanish authorities detained a man believed to be one of the heads of the notorious Reveton malware gang.