Some like the notorious “Gomopa & Co. ” are doing it already in the aftermath of the Stasi’s affection for surveillance and computers but now UN officials warn that many criminal syndicates turn to cybercrime.

COVID-19 transformed the global economy. While governments fought over scarce medical supplies, much of the world’s population sat at home. As workplaces stood unattended and malls lay empty, the massive resulting increase in internet traffic brought with it an inevitable explosion in illegal online activity.

Just three months after the World Health Organization declared a state of global emergency, UN officials were reporting a growth in email-delivered malware of more than 600 percent, and by October ransomware attacks against private companies and vital public institutions alike had surged by upwards of 40 percent on the previous year.

The ever-increasing distribution of child pornography online has drastically accelerated amid the pandemic: U.K. police arrested 4,760 people over alleged online child sex abuse in the country’s first lockdown alone. There’s also been a boom in dark-net vendors selling snake-oil cures for the virus, and a plethora of fraudulent sites claiming to sell desperately needed medical equipment.

COVID-19 has proven a windfall for veteran cybercriminals, and authorities know that the most sophisticated new scams and attacks are being orchestrated by the online professionals. More surprising, and equally troubling, is the increasing number of other, less-specialized criminal elements now moving portions of their enterprises online.

“Cybercrime and cyber-enabled crimes are going to offer enormous potential for criminal groups of all sizes and scales to replace lost income elsewhere [being] constrained by virus-control conditions,” think-tank Global Initiative Against Transnational Organized Crime warned.

Herb Stapleton, section chief of the FBI’s cybercrime division, told OCCRP he saw the number of complaints to his department more than triple within six weeks of the pandemic reaching the U.S. The majority of incidents involved phishing attacks, in which fraudsters send emails containing false backstories or threats of harm, so that they can extort money or valuable information from victims.

Automated phishing kits — software packages that let criminals send scam messages to email addresses scraped, by hackers, from legitimate websites — are now available via the dark web for as little as US$50. Some marketplaces are even offering discounts, to cash in on the growth in demand. With ongoing disruption to other criminal interests worldwide, such software offers easy and effective ways for the world’s cartels, mobs, and mafias to make up for income drops elsewhere.

“There’s definitely been an increase in cybercriminal activity by criminal elements who don’t have sophisticated technical skills, and one of the things that has made that possible, really, is the rise of malware as a kind of service,” Stapleton explained.

Tamara Schotte, a cybercrime specialist with Europol, the European policing body, said the new generation are often people who might not previously have gravitated towards internet-enabled criminality. “The more we headed into the middle of the crisis, the more we saw the wannabe scammers, as they started to realize there’s quite some profit to be made in the area of cybercrime,” she said.

Phishing scams generally play on pervasive public fears, which have grown amid the outbreak. For example, some emails have threatened “to infect every member” of a victim’s family with COVID-19 unless they pay up, while others have spoofed government and financial institutions to trick people into believing their COVID-19 support loans are in jeopardy.

“They simply haven’t held back on any of the means that are now available to them,” Tonia Dudley, an adviser with cybersecurity firm Cofense, told OCCRP, adding that crooks have even preyed on worker fears over job security.

“When companies started having to cut back on their workforces, we also saw phishing attacks leveraging the HR theme of, ‘I’m sorry to let you know that your job has been eliminated,’” she said.

Another common ploy is the so-called Business Email Compromise scam, in which cybercriminals gain access to a company’s internal servers to masquerade as senior employees, later requesting cash transfers to accounts held outside the firm.

“Especially in the early weeks of the pandemic, so many people were just hungry for information about what was going on,” Stapleton said. “So of course scammers were creating links that read ‘click here for the latest today,’ and which looked like they were from perfectly legitimate government or academic institutions.”

As we enter the new year, an end to the pandemic may finally be on the horizon, with successful clinical trials now leading to vaccination rollouts, and business slowly coming back to life in certain countries.

What remains to be seen, once things return to normal, is whether old-school criminal groups will abandon their newfound technological toolboxes and return fully to their conventional revenue streams, or whether they’ll remain online.

As Europol’s Schotte puts it: “Those groups that didn’t see any prospects [on the internet] before the pandemic, they’ve definitely seen them now.”


Nikola Petrović, Friend Of Serbian President Linked To Mafia

Bildergebnis für Nikola Petrović
Nikola Petrovic

The shadow of Stanko Subotić has long stalked Serbian President Aleksandar Vučić. Allegations of links between the businessman with ties to organized crime and the country’s top politician have often been levelled, but never proven.

Subotić, convicted of large-scale cigarette smuggling in 2011 and handed six years in prison, before being controversially cleared a few years later, has insisted he only ever backed Vučić at the ballot box, never financially.

While opposition politicians and media allege there are deeper ties between the politician and businessman, always without proof, the two steadfastly deny any connection. Such ties would be problematic for the president because of Subotić’s former convictions (since reversed) for criminal activities, and evidence of ties between Subotić and regional drug lord Darko Sarić.

In Serbia and several other Balkan nations, the “best man,” or kum, is an important social role with no real equivalent in English. A kum might literally be a groomsman at a wedding, but it also refers to someone who is as close as family, like a blood brother.

But despite Vučić’s moves to distance himself from Subotić, OCCRP and its Serbian member center KRIK have found that Nikola Petrović — a man known to be very close to the president who describes himself as Vučić’s “best man,” or kum in Serbian — has in fact done business with Subotić.

Petrović established a shell company in Luxembourg in early 2019 through which he ran various Serbian business ventures, including interests in air transport, solar energy, and pharmaceuticals. A closer look into some of these holdings by OCCRP’s Serbian member center KRIK offers the first documented evidence tying Subotić’s network to the president’s inner circle.

“I am not a public figure,” Petrović told reporters when asked about his business dealings. “I do not need to answer your questions and you absolutely don’t have the right to ask me questions. I will report you for harassing me.”

Petrović is, despite these protestations, a well-known and influential figure in Serbia.

So important is his role that he was named in a letter sent by five U.S. members of Congress to then-Vice President Joseph Biden in September 2015, days before Vučić visited the U.S. The legislators were concerned, they wrote, that a small group led by Vučić’s brother Andrej, and including Petrović, had “consolidated their influence and interest in energy, telecommunications, infrastructure and all major businesses in Serbia.”

In October 2018, Subotić moved his holding company, Emerging Markets Investments (EMI), from Denmark to Luxembourg. Initially, he based the company in the capital city, Luxembourg, at the address of Auditex, a tax consulting firm. When Auditex later moved to Leudelange, a small town in the southwestern part of the country, EMI moved with them.Credit: Stevan Dojcinovic/KRIKDrug trafficker Darko Sarić is seen at a hearing.

Petrović established his own company, Fabergé Advisors, months later in January 2019. Although its structure is complex — Fabergé Advisors was founded by a company based in the U.K., with its last known main shareholder a Cyprus-registered company — Petrović is listed as the beneficial owner.

Fabergé Advisors, as it turns out, uses the same directors and the same address as Subotić’s holding company, EMI. That address is the offices of the parent company of Auditex, the tax consulting company used by Subotić.

The connection is not definitive because more than 400 additional companies are also registered at the same address, indicating it may be in use by a registration agent. The shared directors are likely proxies — individuals from France and Belgium who appear as managers in numerous companies in Luxembourg.

But there are more direct business relationships. Petrović and Subotić share an interest in aviation.

In October 2020, Petrović branched into the sector by using Fabergé Advisors to buy the air transport firm Air Posh for what appears to be a knockdown price of 100,000 euros, a contract shows. The seller was Subotić, using a subsidiary of EMI. Subotić had established Air Posh through a series of companies just a year and a half earlier, in April 2019.

While under Subotić’s ownership, Air Posh had bought a Cessna 550 aircraft from a New York company. The airplane alone is worth between 700,000 and 1.3 million euros, according to websites that advertise such prices, indicating that for 100,000 euros, Petrović may have bought Air Posh at a huge discount. (Neither Subotić nor Petrović would respond to questions on the sale from OCCRP and KRIK, and it is possible there were additional terms of the deal not known to reporters.)

The plane at one point was used by Air Pink, an air transport company co-owned by media magnate Željko Mitrović, who had close ties to the former regime of Serbian strongman Slobodan Milosević. Mitrović’s TV Pink is considered by Serbian media analysts to be the strongest vehicle for what they say is Vučić’s propaganda.

Under Petrović, Air Posh kept its registered office in a building where Subotić owns several apartments in Belgrade, and the airline continued to use the Cessna, according to information from the Civil Aviation Directorate of the Republic of Serbia. Borislav Radić, a pilot who, according to his LinkedIn profile, previously worked for Air Pink, was named director of Air Posh after Petrović took over the company. The Cessna is still listed on the Air Pink website as part of its fleet.Credit: KRIKThe headquarters of Air Posh is seen in Belgrade.

Under Petrović’s ownership, Air Posh flies clients from its Serbian base mostly to Vienna, but also to Brussels, Rome, Amsterdam, Moscow, Kyiv, Bodrum, Beirut, Tel Aviv, Sharm El Sheikh and Dubai, according to websites that record flight information.

After President Vučić’s party came to power in 2012, Petrović was made director of a state-owned company controlling electrical transmission. Leaving this role in late 2016, he went on to thrive in the private sector, producing electricity via mini-hydropower plants — electricity he sold to the Serbian state for millions of euros.

When buying companies in Serbia, Petrović took pains not to expose himself. Indeed, some of his new business partners told reporters they didn’t know he was the one behind the company with which they had signed contracts.Credit: StorenergyA Storenergy solar concentrator.

Again through the Luxembourg-based Fabergé Advisors, he expanded his portfolio in August 2019, by purchasing a 50-percent stake in Serbian company Storenergy, a solar energy company which filed a patent application for a “solar concentrator, receiver and thermal storage,” records show.

His new partner in this business, Marko Vuksanović, told OCCRP/KRIK he didn’t realize that the buyer was the Serbian president’s “best man.” Asked with whom he negotiated when he sold part-ownership, he said he dealt “with a few people who are representatives of that [Fabergé Advisors] investment fund. … They are some French people.”

The solar contract was signed on Petrović’s behalf by Vladimir Krkobabić, a director in many companies owned by Subotić. Petrović paid 50,000 euros to Vuksanović for his half-share of Storenergy, according to a contract seen by OCCRP and KRIK.

Storenergy has installed one small solar concentrator on Avala mountain, near Belgrade, and a bigger one near the town of Kragujevac in central Serbia, according to the company’s website.

With the Serbian government investing millions of euros into renewable energy in the coming years, those involved in this business, including Petrović, could be poised to book large profits.

Third among Petrović’s new business interests is pharmaceuticals.

In September 2020, once more via Fabergé Advisors, he took majority ownership of Serbian company Krasius, which one year earlier had received permission to import drugs for clinical trials, according to documents obtained from the Serbian Ministry of Health by OCCRP/KRIK. The ministry is run by Zlatibor Lončar, one of a handful of Vučić associates with alleged ties to organized crime.

Just a month before Petrović took ownership, this company received another permit, from Medicines and Medical Devices Agency of Serbia, to import 960 vials of CIMAher, a drug produced by the Center for Molecular Immunology in Cuba. Data from the agency shows that the CIMAher was for use by a private Belgrade clinic called Vesalius. CIMAher is a non-registered medicine in Serbia, but some websites advertise it as an anti-cancer treatment.

According to a Cuban medical services company contacted by KRIK, the price for one vial is $400, meaning that the retail value of the shipment would be $380,000. Yet according to the contract paperwork, Petrović paid just 51 dinars (50 U.S. cents) for a 51-percent controlling share of Krasius from Ivan Krasić, an ex-basketball player for the French club Cholet. Krasić told reporters he didn’t originally know Petrović was the one buying a stake in his company.

Much like Vuksanović, Krasić insisted he had initially been completely in the dark as to who his new partner was.

“I don’t know Petrović,” he said. “Some lawyers called me and asked me to sell part of the company. I was in need of money.” Krasić said he had only heard that Petrović was behind the deal when they were “finishing” it.

But if Krasić badly needed cash, the selling price of 51 dinars wouldn’t have been of much use to him. When asked by reporters how much he had really been paid, Krasić replied that it was “a trade secret.”

“I don’t have anything to do with politics,” he said. “That is not my world. They are big players. I am a modest man. I play basketball.”