EU to Roll Out Cybercrime Taskforce
International Team Will Target Cross-Border Crime CampaignsThe European Union is set to launch a trial run of an international cybercrime task force that will coordinate investigations across Europe, as well as with a handful of other countries, including Australia, Canada and the United States.
See Also: Gartner Market Guide for DFIR Retainer Services
The EU Joint Cybercrime Action Taskforce, or J-CAT, will launch a six-month trial on Sept. 1, Paul Gillen, head of operations of the European Cybercrime Center, or EC3, tells Information Security Media Group.
The Netherlands-based taskforce will be led by Andy Archibald, the deputy head of the U.K. National Crime Agency's National Cyber Crime Unit, and will operate from EC3 headquarters in The Hague.
Additional details about the group are still being finalized by participating EU member states, but Gillen says the goal of creating this type of taskforce is clear. "We're trying to get the EU member states to work together on issues of strategic importance around cybercrime," he says. "Everyone has woken up to the fact that we can no longer stay within our own borders and enforce the law, we have to reach out to each other."
For the six-month trial period, the task force will be composed of cybercrime investigators from Austria, France, Germany, Italy, the Netherlands, Spain, and the United Kingdom - as well as from Australia, Canada, Columbia and the United States - all of whom will work at EC3 headquarters, sharing intelligence and helping to prioritize and build cases. Depending on how the task force goes, representatives from additional EU member states, as well as other countries, might later come on board.
Crossing Borders
Given the cross-border nature of so much cybercrime, information security experts say it's a no-brainer for law enforcement agencies to work across borders too. "In fact, I would argue that the role of EC3 to foster collaboration has proven to be critical," says Raj Samani, the chief technical officer in Europe, the Middle East, and Africa for security vendor McAfee. He's co-author of the forthcoming CSA Guide to Cloud Computing, and also a member of Europol's industry advisory board. "In fact, only last week we saw their success in bringing down Romanian cybercriminals, the week before Shylock, and the week before their role in Gameover Zeus and Cryptolocker." (See U.K. Takedown Disrupts Shylock Botnet.)
Europe, however, faces some unique challenges when it comes to investigating cybercrime. Unlike in the United States, where federal agencies all speak the same language and are familiar with how each other works, police officers in Europe who want to run intra-Europe operations must contend with multiple types of borders. "In the European Union we have 28 different countries, 23 different languages, 28 different legal systems, and law enforcement ... is not the most integrated part of the European Union," Gillen says.
Increasing Investigation Speed
But EC3, which launched in January 2013, is designed to allow EU member states to coordinate investigations into three types of cybercrime operations: conventional information security incidents, including data breaches, botnets, malware and distributed denial-of-service attacks; online payment card fraud; and online child sexual exploitation.
"Our job is to get the European member states working more closely together in those three areas of cyber crime," Gillen says. "We're looking at identifying targets of strategic importance, we're setting up operations around those. We're reaching out to the United States and vice versa, and it's making a nice interface with the 28 members states for the United States." That's been aided, he says, by an FBI agent already being on secondment to Europol.
"Recent joint cybercrime investigations conducted by the FBI, NCA, [Germany's] BKA and a number of other investigative agencies from European Union member nations have highlighted the need to create a permanent task force in which law enforcement agencies from around the world can share information and coordinate multi-national investigations," an FBI spokeswoman tells Information Security Media Group. "The European Cyber Crime Center will provide an excellent venue from which the FBI, EU member nations and other countries can work together on the new Joint Cybercrime Task Force to identify, pursue and defeat cyber criminals as part of a coordinated, global effort."
Gary Warner, chief technologist at Malcovery Security, and also director of research in computer forensics at the University of Alabama at Birmingham, says the J-CAT taskforce will help investigators advance cases much more quickly, including filing local charges against criminals who work across borders. "The biggest thing task forces like this do is remove the complications of sharing data internationally," Warner says. "I'm very glad to see this task force coming online. I've worked with NCA's predecessor SOCA on several cases in the past and they are fantastic international partners."
Measuring Success
Simply bringing together law enforcement representatives has already fostered stronger working relationships and better information sharing, says EC3's Gillen. "It hasn't been or isn't as difficult as it might have been, of course there will be procedural issues that investigations might run into," he says. But part of the taskforce's remit is to find those roadblocks, document them, and, where appropriate, seek changes in EU legislation to overcome them.
"The police are an unusual species, in that we're an emergency service, with the result that we're used to working out problems, and that whole 'can-do' attitude appears to be pervading into this area," says Gillen, who was previously Ireland's lead cybercop.
Warner says one measure of the taskforce's success will be how long it takes arrests to follow the launch of a case. "We frequently see indictments for cybercrimes that have been ongoing for six or more years," he says. "If law enforcement is to have any deterrent effect, the actions of law enforcement must come prior to the criminals earning millions of dollars and safely squirreling their proceeds away."
Taskforce Challenges
But a cybercrime taskforce of this nature has limits. "Our greatest challenge in cybercrime today is that the criminals are provided safe haven in countries that are hostile, or at least unmotivated to cooperate, to the U.S. in particular and western Europe in general," Warner says. "As diplomatic issues continue to heat up, whether in Ukraine-Russia or Gaza-Israel or Syria, we will continue to see cybercriminals act from regions where we have no ability to respond.
"We must cooperate more fully in the 'friendly countries' to take swift action against cybercriminals operating there, but the outstanding challenge of what to do with criminals operating with impunity from Russia and elsewhere remains."