'Every day is a challenge' - Inside Europol's fight against cybercrime
Europol's European Cybercrime Centre (EC3) is growing faster than expected. Doug Drinkwater visited its offices in The Hague, Netherlands, to find out how it is uniting law enforcement in the fight against cyber-criminals
“Some countries will never extradite their criminals to us. Will we transfer the whole case to another country?” asked Oerting. “Will they take the case and take it to court, how long will you wait? We need to find a reporting system that doesn't miss any areas, doesn't overlap, and then we can have a system where you work with these countries where the crime originates from.”
Oerting says that 85 percent of EC3 cases currently involve Russian-speaking crime, but he expects this to change as new internet users in Africa, India and China take the internet population from 2.9 billion to nearer four billion in the next three to four years.
Paul Gillen heads up operations at the centre following a long career at the Garda Síochána (Irish Police Service) - where he was previously head of the Computer Crime Investigation Unit (CCIU). He says that the group are currently at the limit of the operations they can take.
“With the resources that I have, we're up to our neck. If we had double, treble or quadruple [the resources], obviously we could take some more business but at the moment we're fully occupied with plenty of work – some really interesting work,” he said, adding that these were at various stages between ‘incubation' and ‘developed'. Gillen admits his team face daily challenges, but hopes the new J-Cat division can help.
Gillen has a team of investigators but spoke candidly about the difficulties of fighting cyber-crime when announcing the J-Cat division in July. “The cyber-crime investigation community agrees that this is the only way they can work. We will have some success and some failures, but we must work together.”
The 23 languages, 28 jurisdictions, the level of cyber-crime detection and lack of a universal reporting process and just some of the difficulties that they face on a day-to-day basis, says Gillen, and there are legislative issues too, such as collecting enough evidence to result in a prosecution.
“If you look at evidence in cyber and evidence in real world cases – say drug smuggling for example – there will be drugs, they physically exist; they will be somewhere, someone has to buy them, collect them, use them, sell them and make money from them. There's a whole industry around them,” said Gillen.
“In cyber cases, evidence is volatile; it's data, it can be altered, erased, moved from one medium to another, corrupted, added to. This makes the evidence unreliable, inaccurate and the worst case scenario in the case of the prosecution – inadmissible. Or probably worse, it's non-existent because it has gone.”
Gillen admits that the ‘burden of proof' is heavier in cyber-crime but believes that difficulties are complicated by a reluctance to report such criminal activity.
“Victims are almost seen as being to blame and that dynamic won't change until reporting is better. Criminals are going to take advantage of that.”
“What self-respecting victim is going to put themselves up to be ridiculed?” he asks. “But the reality is that they are a victim of a crime.”
Both Gillen and Oerting admit that reporting is a difficulty – there is no standardised procedure. Oerting says:“We're trying to fight 21st Century crime with a 19th Century legal system. We're very much based on physical crime, obtaining evidence and also the extent to which police can ask for information and get it, which is possible in some countries, whereas others will require a court order.
“So we need to have a thorough look at legal systems without losing anything regarding transparency and security; we probably have to find another way of exchanging evidence. And I think this is an area we should discuss.” He does note that a mutual legal assistance protocol in Europe means evidence-sharing is an issue outside of his jurisdiction. “The next step is to work with these guys.”
Asked whether he is in contact with the legal authorities at the European Commission, he says that he often explains cyber-crime to the powers that be but admits that legislative issues remain. “All of us agree that this is a problem…but these are areas for our politicians.”
Another less-publicised issue is that some countries are well behind the curve when it comes to investigations; at an event in London in June, Christian-Marc Liflander, policy advisor for the cyber defence section of Nato's Emerging Security Challenges Division, told SC that some of the southern European countries are much less-well equipped to deal with cyber-crime. Some countries don't even have one ENCASE licence, which is needed to investigate PCs/hard drives.
“The police are not the best place to get information on cyber,” admits Gillen. “That information is with private companies, victims of cyber-crime, financial institutions, ISPs, hosted companies…”
He adds that he sees those with more expertise advising those with ‘less capacity', in the hope that the latter learns.
“We cannot afford to have any weak links in the chain. We have to make sure everyone is coming forward.”
EC3's investigators flood into the room and join the discussion, on everything from the required skills to the latest threats. Their backgrounds vary but most have worked in high-tech crime units in their home countries. English is the common language.