This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.theguardian.com/technology/2014/apr/15/european-cyber-crime-unit-russia

The article has changed 2 times. There is an RSS feed of changes available.

Version 0 Version 1
Trouble with Russia, trouble with the law: inside Europe’s digital crime unit Trouble with Russia, trouble with the law: inside Europe’s digital crime unit
(4 months later)
Four black brick towers search upwards to an empty Four black brick towers search upwards to an empty grey sky. Mounted security cameras watch on balefully. If it weren’t for all the cheery cyclists passing by, some with surfboards in hand, alleviating the unfaltering graveness of the place, Europol’s headquarters would strike any visitor as some post-apocalyptic Mordor.
grey sky. Mounted security cameras watch on balefully. If it weren’t for all The interior, though, is more modern art museum than Kafkaesque bureaucracy. Expressionist paintings line the walls, clean cut modernist marble and pane upon pane of glass reflect the white light pouring in from outside. It’s all very plush. I’m told there’s a sauna somewhere around too.
the cheery cyclists passing by, some with surfboards in hand, alleviating the A charming PR officer takes me up one of the towers, having her palm scanned at the entrance of Europol’s European Cybercrime Centre (EC3). Troels Oerting, who heads up the unit, greets me with a heart pressure monitor disconcertingly attached to his hip. I daren’t ask. After all, we’re here to talk about EC3’s role in the global fight against digital crime, whilst getting a tour of the team’s vast facilities.
unfaltering graveness of the place, Europol’s headquarters would strike any And vast they are, covering five floors where the EC3, founded just over a year ago, deals with three different kinds of illicit activity: online child exploitation, credit card fraud, and cyber crime services, traditionally offered by organised gangs offering hackers-for-hire or doing it themselves for their own profit.
visitor as some post-apocalyptic Mordor. We pass the rooms where those unenvious men and women trawl through hours of child abuse images and video footage online. Oerting, a former Danish police officer, doesn’t lead me through those darkened doors.
The interior, though, is more modern art museum Then we head to the breakout rooms, where law enforcement agents from across the world come together, either in person or virtually, to tackle urgent cases. Souped-up workstations, mounted screens and videoconferencing gear fill the space. We interrupt three individuals having what appears to be a rather serious discussion in one of the meeting areas. “He’s a journalist,” Oerting says. “Thanks for warning us,” one of the team replies. We move swiftly on.
than Kafkaesque bureaucracy. Expressionist paintings line the walls, clean cut An “unbreakable” door protects the EC3’s data centre, where all the servers powering worker systems can be found, alongside storage systems holding valuable case data, hidden away from any potential crook who manages to get through the hand scanners and security guards at the front gate. A little lab, where malware and other illicit virtual goods are analysed, is protected by two reinforced doors.
modernist marble and pane upon pane of glass reflect the white light pouring in There are bedrooms and shower facilities too, for when agents decide they need to stick around in case of any sudden call for action. Though they look like Ikea-funded prison cells, they’re useful for when investigations suck up officers’ time.
from outside. It’s all very plush. I’m told there’s a sauna somewhere around
too.
A charming PR officer takes me up one of the
towers, having her palm scanned at the entrance of Europol’s European Cybercrime Centre (EC3). Troels Oerting, who heads up the unit, greets me with a
heart pressure monitor disconcertingly attached to his hip. I daren’t ask.
After all, we’re here to talk about EC3’s role in the global fight against
digital crime, whilst getting a tour of the team’s vast facilities.
And vast they are, covering five floors where the
EC3, founded just over a year ago, deals with three different kinds of illicit
activity: online child exploitation, credit card fraud, and cyber crime
services, traditionally offered by organised gangs offering hackers-for-hire or
doing it themselves for their own profit.
We pass the rooms where those unenvious men and
women trawl through hours of child abuse images and video footage online.
Oerting, a former Danish police officer, doesn’t lead me through those darkened
doors.
Then we head to the breakout rooms, where law
enforcement agents from across the world come together, either in person or
virtually, to tackle urgent cases. Souped-up workstations, mounted screens and
videoconferencing gear fill the space. We interrupt three individuals having
what appears to be a rather serious discussion in one of the meeting areas.
“He’s a journalist,” Oerting says. “Thanks for warning us,” one of the team replies.
We move swiftly on.
An “unbreakable” door protects the EC3’s data
centre, where all the servers powering worker systems can be found, alongside
storage systems holding valuable case data, hidden away from any potential
crook who manages to get through the hand scanners and security guards at the
front gate. A little lab, where malware and other illicit virtual goods are
analysed, is protected by two reinforced doors.
There are bedrooms and shower facilities too, for
when agents decide they need to stick around in case of any sudden call for
action. Though they look like Ikea-funded prison cells, they’re useful for when
investigations suck up officers’ time.
In this togetherIn this together
The forensics room, a Faraday cage where no outside The forensics room, a Faraday cage where no outside interference can penetrate the walls, is a clinical little area, panels emitting light from almost every corner of the room, helping those tinkering with suspects’ hardware obtain evidence. “A lot of the times these criminals will stamp on their smartphones,” Oerting says, giving me a demonstration of how one might do just that. “But it doesn’t matter, we can still find stuff [on the devices].”
interference can penetrate the walls, is a clinical little area, panels emitting Amongst the 70 workers here, one is an FBI agent, whilst an officer from the UK National Crime Agency’s cyber unit will be joining the team soon. Oerting has a soft spot for the UK, largely because of its regimented approach to tackling all kinds of illicit activity. “What the UK is good at, and I think it's because they are an old empire, and what I admire about the UK, is that you sit down, you make a strategy and you follow it.
light from almost every corner of the room, helping those tinkering with suspects’ “The UK, even being EU-sceptical, knows that if there is one thing you can't border yourself from it’s cyber crime ... the UK has seen we need to do this together.”
hardware obtain evidence. “A lot of the times these criminals will stamp on Oerting wants to welcome police and other forensics investigators from across the world, as part of EC3’s mission to act as a hub for cyber sleuths looking into the most egregious of online crimes. One year into its existence, its efforts to foster collaboration have received plaudits from the industry.
their smartphones,” Oerting says, giving me a demonstration of how one might do “Not only has there been greater collaboration with law enforcement agencies worldwide, but the development of the advisory boards and their collaboration with the private sector shows the value of the public-private partnership. Building upon the collaborative nature of the centre is critical in the fight against cybercrime, and one that I feel EC3 has already demonstrated great success to date,” says Raj Samani, CTO for security firm McAfee in EMEA and a cyber crime adviser for Europol.
just that. “But it doesn’t matter, we can still find stuff [on the devices].”
Amongst the 70 workers here, one is an FBI agent, whilst an officer from
the UK National Crime Agency’s cyber unit will be joining the team soon.
Oerting has a soft spot for the UK, largely because of its regimented approach
to tackling all kinds of illicit activity. “What
the UK is good at, and I think it's because they are an old empire, and what I
admire about the UK, is that you sit down, you make a strategy and you follow
it.
“The UK, even being EU-sceptical, knows that if
there is one thing you can't border yourself from it’s cyber crime ... the UK
has seen we need to do this together.”
Oerting wants to welcome police and other forensics
investigators from across the world, as part of EC3’s mission to act as a hub
for cyber sleuths looking into the most egregious of online crimes. One year
into its existence, its efforts to foster collaboration have received plaudits
from the industry.
“Not only has there been greater collaboration with
law enforcement agencies worldwide, but the development of the advisory boards
and their collaboration with the private sector shows the value of the
public-private partnership. Building upon the collaborative nature of the
centre is critical in the fight against cybercrime, and one that I feel EC3
has already demonstrated great success to date,” says Raj Samani, CTO for
security firm McAfee in EMEA and a cyber crime adviser for Europol.
From Russia with little loveFrom Russia with little love
Yet it’s clear all is not well when it comes to Yet it’s clear all is not well when it comes to cyber relations between nations. Working with non-EU members such as Russia, where digital crime is rife, is far from straightforward.
cyber relations between nations. Working with non-EU members such as Russia, where digital crime is rife, is far from straightforward. Collaborating with Putin’s cyber police is only going to get more difficult thanks to the standoff with Ukraine. Not only would Ukraine have been a useful addition to the EC3 membership, given the level of unlawful online activity in nations of the old Soviet Union, but Russia had started showing signs of greater cooperation, Oerting says. That progress looks likely to be put on hold, possibly indefinitely, especially with the sanctions being imposed by Europe and the US.
Collaborating with Putin’s cyber police is only “Russia is going through some things that will probably not boost our cooperation,” he says. “85 per cent of our cases are Russian-speaking organised cyber groups, so we need to cooperate with these colleagues ... but that's right now a bit complicated.”
going to get more difficult thanks to the standoff with Ukraine. Not only would Countries where cyber criminals host their operations also tend to be those nations that do not have extradition agreements with Western powers. Trying to convince non-EU member states or those that don’t have information sharing agreements to make arrests is “very cumbersome”, Oerting notes.
Ukraine have been a useful addition to the EC3 membership, given the level of The leaks of Edward Snowden are also causing EC3 grief. Companies are now less willing to share data, even if it clearly relates to criminal activity, as noted in a previous Guardian report. “We will of course see the unintentional downside of this,” the EC3 chief says. “Companies are much more cautious than they used to be.”
unlawful online activity in nations of the old Soviet Union, but Russia had
started showing signs of greater cooperation, Oerting says. That progress looks
likely to be put on hold, possibly indefinitely, especially with the sanctions
being imposed by Europe and the US.
“Russia is going through some things that will probably not boost our
cooperation,” he says. “85 per cent of our
cases are Russian-speaking organised cyber groups, so we need to cooperate with
these colleagues ... but that's right now a bit complicated.”
Countries where cyber criminals host their operations also tend to be
those nations that do not have extradition agreements with Western powers.
Trying to convince non-EU member states or those that don’t have information
sharing agreements to make arrests is “very cumbersome”, Oerting notes.
The leaks of Edward Snowden are also causing EC3
grief. Companies are now less willing to share data, even if it clearly relates
to criminal activity, as noted in a previous Guardian report. “We will of course see the unintentional downside of
this,” the EC3 chief says. “Companies are much more cautious than they used to
be.”
Cops losing to robbersCops losing to robbers
And despite all the money invested in digital And despite all the money invested in digital policing, Oerting believes the criminals are still winning. The profits are high and the risk is low. Take Cryptolocker, one of last year’s most damaging threats. Known as ransomware, it encrypted users’ data and demanded money from users (usually around 0.3 Bitcoins, currently worth around £110) to unlock the infected system. It infected at least 250,000 machines in 2013. “It's a money machine. My experts tell me, ‘Troels, if you have 15,000 euros, you invest them here, in one week you will break even, in three months, you have 500,000 euros’.”
policing, Oerting believes the criminals are still winning. The profits are On the underground forums, where many of EC3’s agents operate undercover, it’s become apparent just how grand the spoils have become for successful cybercriminals. In one case, officers came across a competition: the person who obtained the largest amount of money through a particular scam would win a Ferrari.
high and the risk is low. Take Cryptolocker, one of last year’s most damaging Globally, police have not done a good enough job of deterring online crime, admits Oerting. Right now it is “too easy and risk free”. Legislative issues need to be overcome if law enforcement agencies are to offer real deterrents a message Europol is spreading amongst European mandarins.
threats. Known as ransomware, it encrypted users’ data and demanded money from Oerting’s boss, Europol director Rob Wainwright, this month called on MEPs and national parliamentarians for "a fair deal from legislators in giving national and international police authorities the right tools to confront dangerous new forms of organised crime appearing online". Oerting and Wainright are concerned digital sleuths have not been given the same powers as their “real world” counterparts.
users (usually around 0.3 Bitcoins, currently worth around £110) to unlock the “In the physical world, I'm a cop, and according to Danish rules I am empowered to stop people, to frisk them, to arrest them and take away their freedom for 24 hours. I can take them without asking a judge. I can go to their home and [search] there. And I can eventually use force against them and in the end I can kill people,” Oerting says.
infected system. It infected at least 250,000 machines in 2013. “It's a money machine. My experts tell me, ‘Troels, “But if I want just half the same powers on the internet, everybody screams.”
if you have 15,000 euros, you invest them here, in one week you will break
even, in three months, you have 500,000 euros’.”
On the underground forums, where many of EC3’s
agents operate undercover, it’s become apparent just how grand the spoils have become for successful cybercriminals. In
one case, officers came across a competition: the person who obtained the
largest amount of money through a particular scam would win a Ferrari.
Globally, police have not done a good enough job of
deterring online crime, admits Oerting. Right now it is “too easy and risk
free”. Legislative issues need to be overcome if law enforcement agencies are to offer
real deterrents – a message Europol is spreading amongst European mandarins.
Oerting’s boss, Europol director Rob Wainwright,
this month called on MEPs and national parliamentarians for "a fair deal from legislators in giving national
and international police authorities the right tools to confront dangerous new
forms of organised crime appearing online". Oerting and Wainright are
concerned digital sleuths have not been given the same powers as their “real world”
counterparts.
“In the physical world, I'm a cop, and according to
Danish rules I am empowered to stop people, to frisk them, to arrest them and
take away their freedom for 24 hours. I can take them without asking a judge. I
can go to their home and [search] there. And I can eventually use force against
them and in the end I can kill people,” Oerting says.
“But if I want just half the same powers on the
internet, everybody screams.”
Time to hack back?Time to hack back?
More aggressive measures may be required. Legislation should look at More aggressive measures may be required. Legislation should look at speeding up the process of cross-border obtaining evidence, Oerting adds. “Laws have a geographical limitation. If the Dutch or the Danes are looking at a case, they can only go to the border of this case if the server is in another country. How much will we allow this to be done? The security companies don't ask, they just penetrate and get the information, it doesn't matter where it is located. And if the door isn't open they will make sure it will open. We stop and say this server is not physically located on our territory, and we are not allowed to do anything."
speeding up the process of cross-border obtaining evidence, Oerting adds. “Laws have a geographical limitation. If the Dutch “Our mutual legal assistance process is not sufficient anymore. There is a big need for speeding up the judicial cooperation. One thing is that police cooperation needs speeding up, but also the judicial because [I cannot obtain evidence].”
or the Danes are looking at a case, they can only go to the border of this case This may even stretch to “hacking back”, something Dutch politicians have been discussing. This would permit intrusion of servers across borders. Oerting believes this will one day become a reality, it’s just a matter of timing. “Now, when we have Snowden in fresh memory, how do you then persuade somebody that it's needed for someone in law enforcement to make intrusions?"
if the server is in another country. How much will we allow this to be done? “I can see it will come ... but we will probably have to wait until there are bodies at the table.”
The security companies don't ask, they just penetrate and get the information, The concept of hacking back sounds a bit bellicose. Yet visitors to Europol will note the International Criminal Tribunal for the Former Yugoslavia just next door. That’s where Ratko Mladic is standing trial over orchestrating the massacre of more than 7,000 Bosnian Muslim boys and men. For all the current hyperbole around digital attacks, we should be thankful it has not brought about the horrors often delivered by real-world crime. Oerting and his team are hoping to keep it that way.
it doesn't matter where it is located. And if the door isn't open they will
make sure it will open. We stop and say this server is not physically
located on our territory, and we are not allowed to do anything."
“Our mutual legal assistance process is not
sufficient anymore. There is a big need for speeding up the judicial
cooperation. One thing is that police cooperation needs speeding up, but also
the judicial because [I cannot obtain evidence].”
This may even stretch to “hacking back”, something
Dutch politicians have been discussing. This would permit intrusion of servers
across borders. Oerting believes this will one day become a reality, it’s just
a matter of timing. “Now, when we have Snowden in fresh memory, how do you then
persuade somebody that it's needed for someone in law enforcement to make
intrusions?"
“I
can see it will come ... but we will probably have to wait until there are
bodies at the table.”
The concept of hacking back
sounds a bit bellicose. Yet visitors to Europol will note the International Criminal Tribunal for the Former
Yugoslavia just next door.
That’s where Ratko Mladic is standing trial over orchestrating the massacre of more
than 7,000 Bosnian Muslim boys and men. For all the current hyperbole around digital attacks,
we should be thankful it has not brought about the horrors often delivered by real-world
crime. Oerting and his team are hoping to keep it that way.