Inside Europol's fight against cybercrime
Inside Europol's fight against cybercrime

They say that key trends include child exploitation being streamed online over VoIP, Tor being used for cyber-crime communication, increasingly active Botnets and C&C servers, while credit card payment fraud on EMV cards is cashed out in non-EMV supporting countries.

Jaap van Oss, head of focal point ‘cyborg' at EC3, worked on the Dutch high-tech team which started back in 1996 and he explained his role at Europol over the last seven years: “I think cyber-crime is something that should be solved on an international level so when I got the chance to work here in 2007 – already some time ago – I took that opportunity and I am still here.”

“I think a great change is that right now cyber-crime is very much on the agenda, and on all levels – economically and in banking – everyday. Now everybody notes that it is there, and is growing rapidly.”

Marcin Skowronek, head of focal point ‘terminal', was a Polish police officer and moved to Europol's organised crime financial crime a year later and he now occupies his time monitoring payment fraud, an area he says has moved on from counterfeiting and skimming cards to hacking POS systems.

All investigators start their day monitoring the ‘patterns' in this space, and amongst others they say that banking Trojans, anonymised services and cyber-crime-as-a-service are prevalent. The latter was pointed out in EC3's recent Internet Organised Crime Threat Assessment report, and Oerting tells SC that this lowering of the bar to entry into cybercrime means that there are “very few very good malware writers”. Gillen compares his investigators to a football team: “Everybody has different skills.” 

The future generations are an issue and the skills-gap is keenly felt in information security –fortunately Oerting says EC3 is now cooperating with three universities with their Cyber Security Masters Degrees.

Future development

“I see the EU becoming more of a block in terms of this kind of crime,” says Gillen. “I can see us really working together, in an effective way, and becoming more of a united force against cyber-crime.

“In ten years' time, I see us having many more staff, I see there being a seamless investigation of cyber-crime at an EU level,” he said, adding that there might come a time where this ‘hand-to-hand' collaboration extends seamlessly to the US and other partnering countries and companies. 

Oerting believes that reporting mechanisms and legislation must improve to accommodate cyber-crime but also stresses: “We need to see the internet as shared resource like water around us. It doesn't belong to anybody, we shouldn't accept any pollution of the internet, we need to find way to protect the internet. It's here that we have common story to share with Chinese and Russians because they also want that.

“They will spy on each other to the end of days, but at least we can fight normal organised crime. This is bad for all of us; sure, we can agree on that. That's what EC3 is trying to do.”