Hunting cybercriminals across borders

It started with a single clue: an alias buried in the shadows of the internet. Within just a few months, it would lead to one of the largest cybercrime takedowns Africa has ever seen. Operation Serengeti 2.0 involved 18 countries, more than 1,200 arrests, and the recovery of nearly US$100 million in stolen assets. Its targets: massive online fraud networks preying on companies and individuals worldwide.

Behind the headlines was a global team of volunteers working in step with law enforcement. And at the centre of that team sat Jethro, moonlighting as lead investigator for Cybercrime Atlas, a World Economic Forum-hosted (WEF) initiative designed to disrupt organised cybercrime.

“The bust was a huge achievement for our team of volunteers,” says Jethro.

“And for Cybercrime Atlas to be named as one of the operational partners in Serengeti 2.0 proved what’s possible when people from public and private organisations come together with a single mission: to disrupt crime at the source.”

A puzzle from a single clue

Cybercrime Atlas investigations rarely begin with much detail. In this case, the starting point was just an email address and a suspicious website. From there, the challenge was to build a complete picture, identifying criminals, mapping their infrastructure, and linking them to real-world identities.

“I led a global volunteer team of 60 investigators,” Jethro explains.

“My role was both hands-on and organisational, keeping the group focused, checking evidence, and making sure everything was reliable before eventually sharing it with Interpol and Afripol.”

The breakthrough eventually came when an alias was tied to a real person. This opened doors: suddenly their social media accounts, family connections, and even glimpses of bitcoin wallets came into view.

“Sometimes the criminal is careful,” says Jethro, “but their spouse or friends aren’t. They’ll post birthdays, holidays, cars with licence plates, and those are often the missing pieces that reveal the full picture.”

The result was a comprehensive intelligence package that law enforcement could act on. And they did - with spectacular effect.

A cat-and-mouse game

For every domain or malware campaign taken down, hundreds more spring up, says Jethro.

“That’s why the ultimate goal isn’t just disrupting infrastructure but identifying the people behind it and getting them arrested.”

Investigatory work isn’t glamorous; it requires patience, discipline, and stamina.

“The hardest part is avoiding rabbit holes, the distracting paths that move us away from the main objective,” he says.

“Cybercriminals reuse tools and infrastructure, so it’s easy to drift into related but irrelevant investigations.”
To mitigate this, Jethro and his team helped implement a structured review process using advanced graph-based analytics tools.

“Every week, we visualise our investigations in real time - mapping relationships, metadata, geolocation, and behavioural patterns. These act as our compass, helping us quickly identify when we’ve taken a wrong turn or when ‘attribution drift’ is setting in. Attribution is the complex process of identifying the individuals or groups responsible for a cyberattack or malicious cyber activity.”

Ultimately, the biggest challenge is to maintain investigative discipline in a complex and often confusing environment. Says Jethro: “Our role is to provide precise intelligence that enables law enforcement to act with confidence and speed. That pressure is real, and it requires leadership and restraint.”

Jethro’s role is making sure the teams gather enough data, preferably information that isn’t publicly available. This often requires memorandums of understanding or other agreements, where support from organisations like the WEF is invaluable.

“Each investigator has their focus,” he says. “Some prefer malware or domain analysis, while I focus on emails, phone numbers, and social media. I also analyse videos to extract identifiers like locations, license plates, or travel patterns.”

The hours are demanding. Because his team spans time zones, Jethro often starts his work late at night. “From 9:30 to 11 pm is typical,” he says. “And when you’re in the flow, you look up and it’s 2am!”

Connecting Atlas and ING

Although Jethro says this after-hours work is a personal passion project, it also feeds into his day job. ING sponsors his volunteer hours for Cybercrime Atlas, and the two worlds connect in knowledge and insights.

At ING, Jethro works in a second-line role covering internal and external fraud risk.

“I wanted to see the risk side of the business, not just operations,” he says, “though my passion will always be in hands-on investigative work.”

Cybercrime Atlas keeps him on the cutting edge of global threats, knowledge he brings back to ING to strengthen its defences. He also belongs to an advisory group with Europol, and ING’s membership in the WEF’s Partnership Against Cybercrime helps identify potential targets for Cybercrime Atlas investigations.

“Criminals are smart, especially in social engineering (the use of psychological manipulation to trick individuals). “A bank can’t win that fight alone. But collaboration across borders and industries makes a real difference.”

For victims of cyberfraud, shame is often the biggest barrier to flagging it.

“Please don’t be embarrassed,” says Jethro. “Report it to your bank and to law enforcement. That’s how we disrupt these networks and prevent further victims. We can only win this fight together.”

He points out that while banks like ING can uncover critical parts of a criminal’s scheme, collaboration and information-sharing across institutions ensures the full picture emerges more quickly.

From hacker pranks to a mission

Jethro’s passion for disruption didn’t appear overnight. It began decades ago with mischievous curiosity.

“I’m old enough to remember 33k6 modems,” he laughs. “Back then, I’d prank friends with malware - mirroring their screens, opening their CD drives. It was harmless fun, but it showed me how powerful these tools could be. I was always fascinated by systems and how they could be exploited,” he says.

Eventually, that curiosity turned into a career in cybersecurity.

Along the way, his wife’s Buddhist beliefs shaped his outlook. “It’s about giving back,” he explains.

“I’ve been in invite-only cyber communities for 16 years, and sometimes those networks allowed me to help victims recover stolen funds. Joining Cybercrime Atlas was the next step, and a way to make systemic impact.”

There are lighter moments to the job, too. Jethro recalls one incident, when he was leading a red team (ethical hackers who simulate real-world attacks) in a task.

“We had to deploy malware to ATMs and do a ‘cashout’ to test the organisation’s response. My daughter told her class at school that her dad was a bank robber. The school contacted us, so I had some serious explaining to do!”

Looking ahead

What keeps him motivated through long nights and frustrating dead-ends?

“Reminding myself we can’t solve everything alone,” he says. “Taking breaks, switching cases, and sharing laughs with colleagues helps.” But success, for Jethro, is simple. “It’s when law enforcement takes our intelligence and turns it into arrests, asset recovery, and justice for victims.”

Cybercrime is evolving fast with AI and machine learning, making scams more convincing than ever. But Jethro believes the solution is still the same: collaboration, education, and persistence.

“Borders don’t exist online,” he says. “But neither does our determination to fight back. That’s what keeps me going.”

And if he could give people one piece of advice to stay safe online, what would it be? "Stay alert and sceptical, and if something seems too good to be true, it probably is."