Cyber Intel within European Cybercrime Center Ops

Similar documents
European Cybercrime Centre EUROPOL

EUROPOL SUPPORT TO ANTI-CORRUPTION INVESTIGATIONS

Strategic and operational threat analysis at Europol's EC3

Europol The Police Intelligence Agency of the European Union

Regional Seminar on Cyber Preparedness

Council of the European Union Brussels, 14 July 2017 (OR. en)

15412/16 RR/dk 1 DGD 1C

Way to new challenges

The commission communication "towards a general policy on the fight against cyber crime"

Workshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats

INTERPOL s Role and Efforts in Combating Cybercrime. Dr. Madan M. Oberoi Director Cyber Innovation and Outreach

INTERPOL For official use only. Fighting with friends

UNODC tackling cybercrime in support of a safe and secure AP-IS

The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC

Global Project on Cybercrime European Union Cybercrime Task Force. Strasbourg, November 21-23, 2011

Designing Robustness and Resilience in Digital Investigation Laboratories

INTERPOL s Role and Effort in Combating Cybercrime Kunwon YANG Assistant Director, DFL, IGCI

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 26 September 2008 (30.09) (OR. fr) 13567/08 LIMITE ENFOPOL 170 CRIMORG 150

PROJECT RESULTS Summary

Issue I. Airport Communication Project

Police Technical Approach to Cyber Threats

10025/16 MP/mj 1 DG D 2B

ITU Global Cybersecurity Index

2CENTRE A collaborative model for capacity building against cybercrime. Cormac Callanan 2CENTRE Industry Liaison

13268/16 EB/dk 1 DGD 1C

COOPERATION BETWEEN INTERPOL AND THE UNITED NATIONS

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

Cyber Security Development. Ghana in Perspective

UNODC/CCPCJ/EG.4/2017/CRP.1

DECISION 09/2016/GB OF THE GOVERNING BOARD OF THE EUROPEAN POLICE COLLEGE ADOPTING THE LIST OF ACTIVITIES 2017

Staff and financial resources Introduction Programme Board Functions of EC Future orientation... 25

ITU. The New Global Challenges in Cybersecurity 30 October 2017 Bucharest, Romania

COUNTER-TERRORISM. Future-oriented policing projects

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

Europol Strategy

UCD Centre for Cybersecurity & Cybercrime Investigation

CYBER SOLUTIONS & THREAT INTELLIGENCE

Development of a renewed European Union Internal Security Strategy. Justice and Home affairs Council meeting Brussels, 4 December 2014

ILLICIT GOODS AND GLOBAL HEALTH. Future-oriented policing projects

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form BOSNIA AND HERZEGOVINA. Policy Target No. 1

6056/17 MK/ec 1 DG D 2B

Cybercrime what is the hidden nature of digital criminal activities nowadays?

UNODC. International Cooperation and Assistance in Cybercrime Matters

Call for Interest for the INTERPOL Digital Crime Centre 2 nd round (area of advanced technology required for the Malware/BotNet analysis)

15670/14 EB/hm 1 DG D 1 C

Cybersecurity Strategy of the Republic of Cyprus

EXPERT GROUP MEETING ON CYBERCRIME

Project III Public/private cooperation

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

EU policy on Network and Information Security & Critical Information Infrastructures Protection

BI Building Integrity

PERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established

Combating Pharmacrime AGENDA

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Scope of the Member State mechanism

Council of the European Union Brussels, 16 March 2015 (OR. en)

EUROPOL Unclassified Basic Protection Level

Centre for cybersecurity Belgium : Role, Missions et future capacities

National CIRT - Montenegro. Ministry for Information Society and Telecommunications

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Guiding principles on the Global Alliance against child sexual abuse online

ENISA EU Threat Landscape

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Promoting Global Cybersecurity

THE REGULATORY ENVIRONMENT IN EUROPE

A Multi-Stakeholder Approach in the Fight Against Cybercrime

Serious Organised Crime Agency Collaborative Partnership s Work! Howard Lamb SOCA e-crime

Systemic Analyser in Network Threats

CSIRT capacity building Andrea Dufkova CSIRT-relations, COD1 NLO meeting Athens June 8. European Union Agency for Network and Information Security

Report on the Hungarian Crime Prevention Activity and the Role of the Regional Crime Prevention Academy BUDAPEST

G8 Lyon-Roma Group High Tech Crime Subgroup

CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME

Go West! Political, legal and operational aspects of cooperation between Europol and the United States

International Law Enforcement Cooperation on Cybercrime investigations: the role of INTERPOL. Mr Olusola Oguntunde

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Contents. International collaboration and networking. 1. Example 2. Formal networks 3. Informal networks

Thematic Paper on Organised Crime Cybercrime - New Investigation Strategies and New Technologies

TO INSPIRE, CONNECT AND EMPOWER TO TURN BACK CRIME

ESSA Q INTEGRITY REPORT

Inter-American Port Security Cooperation Plan

Global Alliance against Child Sexual Abuse Online 2014 Reporting Form

Action Plan to enhance preparedness against CBRN security risks

National Strategy for Combating Organized Crime

Cybercrime Capacity Building a cooperative process

Global Cybercrime Certification

Defining cybersecurity.

MINISTRY OF INTERNAL AFFAIRS OF GEORGIA INTELLIGENCE-LED POLICING IN GEORGIA

Global Resilience Federation Trust. Collaboration. Community. Cindy Donaldson President, Global Resilience Federation October 2017

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

Romania - Cyber Security Strategy. 6th IT STAR Workshop on Digital Security

Europol Unclassified Basic Protection Level. Mr Antonio Tajani. President of the European Parliament

Cyber Security Strategy

Achieving Global Cyber Security Through Collaboration

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

Europol Unclassified Basic Protection Level. Council Working Party on Information Exchange and Data Protection (DAPIX) Friends of Presidency

Transcription:

@EC3Europol ENISA CTI-EU Cyber Intel within European Cybercrime Center Ops Álvaro Azofra EC3 Operations Rome, 30 Oct 2017.

SUMMARY 1. Europol 2. European Cybercrime Center (EC3) 3. EC3 Operations 4. EC3 strategic products

Europol Headquarters The Hague, Netherlands

Europol creation and objective European Police Office (Europol) Established in 1999 The EU s law enforcement agency Make Europe safer by assisting EU law enforcement authorities

Europol staff 129 Analysts 503 Others Overall Staff: 1141 229 Specialists OPERATIONAL STAFF 217 Liaison Officers Different kinds of law enforcement agencies (LEAs) NO direct power of arrest Analytical capabilities + Expertise + Resources = tackle criminal networks

EU Liaison Bureau Network Europol Liaison Officers in: Interpol IGCI Interpol IPSG Washington DC

Cooperation Agreements Third Parties 28 EU Member States Operational Agreements: Albania, Australia, Bosnia and Herzegovina, Canada, Colombia, Denmark, Eurojust, former Yugoslav Republic of Macedonia, Frontex, Georgia, Iceland, Interpol, Liechtenstein, Moldova, Monaco, Montenegro, Norway, Serbia, Switzerland, Ukraine, United States Strategic Agreements: CEPOL, ECB, ECDC, EMCDDA, ENISA, FRONTEX, OHIM, OLAF, Russia, UNODC, World Custom Organisation

Europol Legal Framework MANDATE: Europol Council Decision (upd. Jun 16) Support and strengthen member states Prevention and combat: o Organised crime o Terrorism o Other serious crime o Affecting 2+ member states

Europol activity 46 000 cases initiated in 2016 (+16%) 870 000 operational messages 7 000+ users from the 28 Member States

European Cybercrime Centre (EC3) Established in January 2013 Strengthen the law enforcement response to cybercrime.

EC3 Structure

EC3 Cybercrime Operations Critical infrastructures and information systems Cyber Attacks AP CYBORG Cyber Intelligence Team Organized groups generating large criminal profits Serious harm to the victims Payment Card Frauds Child Sexual Exploitation AP TERMINAL AP TWINS

EC3 Cyber Intelligence Team Analytical hub: collection + process + analysis. Disparate intel feeds: public, private and open sources Identify emerging threats and patterns Support other EC3 teams NO surveillance NO infiltration

EC3 Joint Cybercrime Action Taskforce High-Tech Crimes Online Child Sexual Exploitation Cybercrime facilitators Payment Fraud

EC3 Advisory Groups Communication Providers Financial Services Internet Security

EC3 Cybercrime Fighting Model Prevent Detect INTELLIGENCE-LED Deter Disrupt

From Collect to Connect Law Enforcement, Private Sector and Academia s contributions Intel from current and past investigations Forensics indicators Appropriate tools

EC3 Operations flow

Operation Avalanche - Nov 2016 5 arrests in 4 countries 37 searches in 7 countries Awareness raising and prevention Victim remediation in 189 countries 64 TLDs 800 000 domains in 26 countries 39 servers seized in 13 countries 221 servers taken offline

Operation Bayonet & GraveSac Take down the largest criminal Dark web markets AlphaBay (2014): 200, 000 users, 40,000 vendors Hansa: 1,800 users Traded cybercrime malware, illegal drugs & firearms Used Tor to hide the user identities & server locations Traded the same commodities as AlphaBay 20 June Took over 20 July Shut down Cryptocurrencies used for the transactions (1 billion $) Admin arrested; Properties, bank accounts, servers (CA,NL) seized 2 Admin arrested; Servers (NL, DE,LT) seized LE Strategy: take over the Dark web markets; Monitor the users activity; Shut down the both markets at the same time Europol s role: Coordination De-confliction; Command post

EC3 approach to Cyber Intel Operational and Tactical phases Threat Identification in the contributions ( IoCs, TTPs) + Dissemination of the tactical intel to the MS/ TC Strategic intel based in the tactical intel gathered-generated by specialist and analysts Europol EC3 Strategic intel to tackle international cybercrime by the MS Strategic intel to assess Europol and its constituency in better decision-making and risk identifying

EC3 strategic product: Cyber Bits Short intelligence notifications Objective: raise awareness, trigger discussions, ask for further actions. Distributed to LEAs and relevant partners. Public ones posted on the Secure Platform for Accredited Cybercrime Experts (SPACE), Europol s Platform for Experts (EPE) on cybercrime.

EC3 strategic product: Dashboard Weekly most important cyber events related with the EC3 ecosystem

EC3 strategic product: IOCTA

Takeaways Gather the best manpower Use the best tools Build your trust ecosystem I have been impressed with the urgency of doing. Knowing is not enough; we must apply. Being willing is not enough; we must do. Leonardo da Vinci (1452-1519) Consume better not more Chess approach

Let s make Europe safer Follow us: @EC3Europol alvaro.azofra@europol.europa.eu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback