Disruptive technologies – their impact on crime and its prevention

Disruptive TechnologiesEuropol has just published a new report aimed at triggering discussion about ‘disruptive technologies’, and the need for innovation and strategic foresight in EU policing.

Disruptive technologies are fundamentally altering the way we live, work and relate to one another.  They provide criminals with new ways to pursue their illegal goals, but also equip law enforcement with powerful tools in the fight against crime.

To remain relevant and effective, it is necessary for law enforcement authorities to invest in understanding and actively pursuing new, innovative solutions. The new Europol Report, entitled ‘Do criminals dream of electric sheep: how technology shapes the future of crime and law enforcement’ will serve as a basis for future discussions between Europol, EU law enforcement and their stakeholders.

Europol’s Executive Director, Catherine De Bolle, said: “Europol’s strategy sets out our ambition to firmly establish Europol as an innovator in law enforcement at the European level. It is no longer good enough to be reactive. Our ability to predict which emerging technologies criminals will turn to next is instrumental to our mission of keeping EU citizens safe. We hope to start a discussion with law enforcement in the Member States and other stakeholders.”

Some of the emerging technologies include Artificial Intelligence (AI), quantum computing, 5G, alternative decentralised networks and cryptocurrencies, 3D printing and biotech. These are set to have a profound impact on the criminal landscape and the ability of law enforcement authorities to respond to emerging threats. The disruption comes from the convergence between these new technologies, the previously unseen use cases and applications, and the challenges posed by existing legal and regulatory frameworks.

The report aims to identify the security threats associated with this and points to ways for law enforcement to use the opportunities brought by these technologies to combat crime and terrorism. It also highlights the pivotal role of the private sector and the importance of law enforcement to engage more with these actors. Furthermore, it is of paramount importance that the voice of law enforcement is heard when legislative and regulatory frameworks are being discussed and developed, in order to have an opportunity to address their concerns and needs, particularly with regard to the accessibility of date and lawful interception.

in an age of rapid digital technological development Europol can deliver additional value by increasingly engaging in expertise coordination and collective resource management, which avoids unnecessary duplication of resources and expertise at national level. The Europol Strategy 2020+ set out for the organisation to support the Member States by becoming a central point for law enforcement innovation and research.

Download the report here

As a private sector partner of Europol, EAST provides trusted platforms where experts from law enforcement and the private sector can routinely come together to focus on current and evolving criminal threats, and what can be done to counter them.  The platforms are:  EAST National Member meetings; the EAST Payments Task Force (EPTF); the EAST Expert Group on All Terminal Fraud (EGAF); and the EAST Expert Group on ATM & ATS Physical Attacks (EGAP).

EAST participates at Europol Training on Payment Card Fraud Forensics

card fraud forensics EAST Development Director Rui Carvalho presented at the fifth edition of the Europol Training Course on Payment Card Fraud Forensics and Investigations at the Spanish National Police Academy in Ávila, Spain. His talk gave an overview of EAST, shared the latest statistics and trends on terminal fraud in Europe from the perspective of the private sector, and covered trends in payments, including an overview of regional and global e-wallets.

The Europol training, which ran from 8 to 12 July 2019, covered a wide range of topics  in the area of payment fraud, including online skimming, logical attacks on ATMs, card data analysis, cryptocurrencies, social engineering attacks and loyalty card fraud.

The training course was attended by 53 Investigators, forensic experts, and accredited trainers from 25 countries in the European Union, as well as from Colombia, Moldova and the United States.  Presentations were given by Europol staff and by key private sector organisations (including EAST). Since the first training in 2015 over 250 international students have benefited from the training programme, which has been supported by EAST from the outset.

This kind of event highlights the importance of close cooperation between the public and private sectors in the fight against cybercrime and all emerging threats in the field of payment card fraud. Such cooperation is enhanced by regular training, and by shared updates on investigative techniques and the improvement of forensic capabilities.

Cybercrime – Trends and Challenges

cybercrimeAs technology continues to take over our lives, and digitalisation gathers pace, cybercrime is also growing. Europol and Eurojust have published a third joint report identifying and categorising the current developments and common challenges in combating cybercrime, which fall into five different areas.

  • Loss of data: electronic data is the key to successful investigations in all the cybercrime areas, but the possibilities to obtain such data have been significantly limited.
  • Loss of location: recent trends have led to a situation in which law enforcement may no longer establish the physical location of the perpetrator, the criminal infrastructure or electronic evidence.
  • Challenges associated with national legal frameworks: the differences in domestic legal frameworks in EU Member States often prove to be serious impediments to international cybercrime investigations.
  • Obstacles to international cooperation: in an international context, no common legal framework exists for the expedited sharing of evidence (as does exist for the preservation of evidence). There is also a clear need for a better mechanism for cross-border communication and the swift exchange of information.
  • Challenges of public-private partnerships: cooperation with the private sector is vital for combating cybercrime, yet no standardised rules of engagement are in place, and investigations can thus be hampered.

Both the EAST Payments Task Force (EPTF) and the EAST Expert Group on All Terminal Fraud (EGAF) cover cybercrime and its impact on payments and terminals. Both are public-private sector platforms where experts come together to focus on such issues.  EAST National Members also share cybercrime related information with each other, and through the EAST platform, with law enforcement agencies across the world.

Europol publishes Spanish language version of ATM Logical Attack Guidelines

Logical AttackEuropol has just published a Spanish language version of the new guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF), and the French version was published in March 2019.

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Descripción De Los Ataques Lógicos)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (Mitigación De Los Riesgos Y Establecimiento De Líneas De Defensa)
  3. Identifying and responding  to Logical and Malware Attacks (Identificación Y Respuesta Frente A Ataques Lógicos A Cajeros Automáticos)

This new version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, and more detailed recommendations on how to mount a robust and effective response to them.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

EAST participates in Europol’s AG-Financial Services

EAST Development Director Rui Carvalho participated in and presented at a meeting of Europol’s Advisory Group on Financial Services (AG-Financial Services) on 20th June 2019.  The meeting was held at Europol’s HQ in The Hague.  The AG-Financial Services advises the Programme Board of the European Cybercrime Centre (EC3) at Europol. Its purpose is to:

  • bring knowledge and expertise to the Programme Board on the impact of cybercrime on financial services and on how this sector and law enforcement can cooperate in the prevention and combating of cybercrime;
  • update and share all relevant information and expertise on developments in the area of cybercrime that affect financial services;
  • assist the Programme Board in defining priorities for the work of EC3 in this area, including by advising on the cooperation with the financial services and on developing concepts for enhanced prevention;
  • advise the Programme Board on increasing the sharing/exchange of information between law enforcement and financial services

Rui Carvalho is also Chair of the EAST Payments Task Force (EPTF) which has great synergy with AG- Financial Services in that its remit, as a public-private sector expert working group, covers the impact of cybercrime on financial services.  Going forwards he will share updates from the EPTF at future meetings of the AG-Financial Services.

 

48th EAST Meeting hosted by Europol in The Hague

The 48th EAST Meeting (National Members) was hosted by Europol at their Headquarters in The Hague on 5th June 2019. Presentations were made by the European Cybercrime Centre (EC3) and the European Serious Organised Crime Centre (ESOCC).

National country crime updates were provided by 18 countries, and a global update by HSBC. Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

Presentations were also given by the EAST Payments Task Force (EPTF), the EAST Expert Group on All Terminal Fraud (EGAF) and the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).

EAST Fraud Update 2-2019 will be produced later this month, based on the national country crime updates provided at the meeting. EAST Fraud Updates are available on the EAST Website to EAST Members.

48th EAST Meeting

EPTF holds Fifth Meeting

EPTF

The Fifth Meeting of the EAST Payments Task Force (EPTF) took place on Wednesday 17th April 2019 at the Banking & Payments Federation Ireland (BPFI) in Dublin.

The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

The meeting was chaired by Mr Rui Carvalho, EAST Development Director, and was attended by key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors, Payment Providers and Solution Providers.

EPTFPresentations or updates were given by BANCOMAT S.p.A, Diebold Nixdorf,  EURO Kartensysteme GmbHEuropol, EVRY Norge AS, Fiducia & GAD, Group-IB, ING, INTERPOL, JP Morgan Chase, Payment Services Austria, PLUSCARD Gmbh, and Trend Micro.

The Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.  EAST National Members represent 35 countries and outputs from the group are presented to National Member Meetings.  There are 210 EAST Associate Member Organisations from 53 countries and territories.

Europol publishes French language version of new ATM Logical Attack Guidelines

ATM LogicalEuropol has just published a French language version of the new guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF)

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Description des Modes Opératoires)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (Réduction du risque d’Attaques Logiques et de Programmes Malveillants visant les DAB, Mise en place de Lignes de Défense)
  3. Identifying and responding  to Logical and Malware Attacks (Identification et réponse aux Attaques Logiques et de Logiciels Malveillants)

This new version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, and more detailed recommendations on how to mount a robust and effective response to them.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

Terminal Physical Attack Definitions launched by 11th EAST EGAP Meeting at Europol

Physical AttackEAST has published new Terminal Physical Attack Definitions and Terminology to help industry and law enforcement when reporting attacks against ATMs and other terminals.  The document was officially launched at the 11th Meeting of the EAST Expert Group on ATM and ATS Physical Attacks (EAST EGAP), which took place on Wednesday 6th March 2019 at Europol in The Hague.  Production of the document was coordinated by EAST EGAP.  The terminal types covered are broadly classified as:

  • ATM – Automated Teller Machine
  • ATS – Automated Teller Safe (also known as a Teller Cash Dispenser or TCD)

The aim is for these physical attack definitions and terminology to be adopted globally by the Industry and Law enforcement when describing or reporting physical attacks on terminals.  A copy of the document is available here.

11TH EAST EGAP Meeting

Advisory Group on Financial ServicesThe 11th Meeting was chaired by Mr Graham Mott of the LINK Scheme and was attended by key representatives from Terminal Deployers, ATM Networks, Security Equipment Vendors and Law Enforcement.  Europol gave a central assessment of the ATM physical attack situation in Europe and National Threat Assessments were shared by representatives from eighteen countries.

EAST EGAP is a European specialist expert forum for discussion of ATM and ATS related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices. The latest lists can be downloaded from the ‘Stained Banknotes’ page on this website (bottom of page).  The Group, which meets twice each year, enables in-depth and technical discussion to take place. The areas covered include:

  • The latest incidents and criminal MOs
  • The collection and distribution of best practice guidelines
  • The evolution of threats and counter-measures
  • Lessons from and on law enforcement

EAST EGAP meetings are restricted to working group members and, to provide a wider platform for sharing/discussion, the Group is holding a half-day open seminar in London on 9th October 2019.  Registration for this is now open and more information can be found on the EAST Events website.

EAST presents at EUCPN / Europol Conference on Prevention of ATM Physical Attacks

EAST Executive Director Lachlan Gunn, representing the EAST Expert Group on ATM and ATS Physical Attacks (EAST EGAP), presented at a conference on the prevention of ATM physical attacks co-organised by the European Crime Prevention Network (EUCPN) and Europol.  The event, attended by experts from law enforcement and the private sector, was held in Brussels on 22/23 January 2019.

ATM Physical AttacksThe focus of the conference was on the sharing of experiences, insights and best practices with a view to preventing these types of attack on ATMs.  Of particular concern were explosive gas and solid explosive attacks.  An overview of the current situation was built up and then in-depth workshops were held to consider ATM Physical Attack prevention before, during and after an attack.

As a result of the conference the EUCPN and Europol will prepare a paper on the most effective measures that can be used to prevent or deter ATM Physical attacks.