Europol’s Jan Op Gen Oorth Talks About Dark Web, Encrochat, and Pirate IPTV

The Europol has been actively engaging in the fight against electronic crime for quite a few years now, managing to affect the scene and finally raise an intimidating and powerful network of investigators against cyber-crooks. The agency was recently involved in dark web market crackdowns, underground bunker hosting service raids, arrests relating child abuse online networks, multi-national pirate IPTV busts, and the takedown of a popular (among criminals) encrypted communications service.

We have reached out to Europol’s Jan Op Gen Oorth, the Head of Office Media Relations and a spokesperson of the agency, who was kind enough to give us a few comments on all the above.

It is important to clarify that Europol cannot comment on recent or ongoing operations, so we couldn’t get into “juicy” details, but we still got some insightful information about how things work at the agency - and we’re excited to share it with you.

TechNadu: The European Cybercrime Center that was launched in 2013 has brought many successes for Europol. How much does the agency focus on fighting cybercrime on the internet today, and in how has the particular body evolved during these seven years?

Oorth: Europol’s European Cybercrime Centre has been created, as an integral part of Europol, to strengthen the EU’s response to cybercrime. This enabled Europol to increase its ability to support the EU Member States to combat more effectively cyber threats such as cyber-dependent crimes, payment card fraud, and online child sexual exploitation. Just last year, Europol’s European Cybercrime Centre has supported close to 400 high-profile operations. An important role for the coordination of actions also plays the Joint Cybercrime Action Taskforce, hosted at Europol. The task force facilitates an intelligence-led approach to target key cybercrime threats and execute joint cross-border operations.

The role of Europol is to support the EU Member States and to coordinate an international law enforcement response. Therefore, all the activities we are involved in are led by the Member States and involved several European law enforcement agencies. Given the complexity and the elevated workload, these actions are only possible through a combined effort. All the actions and resources are prioritized to achieve the biggest impact on the criminal landscape.

TechNadu: You have taken multiple actions against dark web cybercrime platforms in the past couple of years. However, there’s still too much going on for an agency of finite resources to be able to tackle everything. Do you feel that more stringent national or international laws should come into play concerning the deep and dark web? 

Oorth: In general, and more specifically for the Dark web, the problem is not the technology itself. The problem is the criminal use of these technologies and environments. The solution is to provide a proper legal framework and resources to the law enforcement authorities to overcome the technical challenges posed by the criminal abuse of technology.

TechNadu: DDoS attacks are another problematic area that seems to worsen despite Europol’s efforts during the past two years. We are now seeing attacks of unprecedented scale and volume, so are there any new plans on how to diminish this troubling matter?

Oorth: During the last years, Europol has had the opportunity to support a number of relevant operations against DDoS markets such as the action taking down Webstresser.org, and this connected one. The increasing interconnectivity and the IoT phenomenon has facilitated a great avenue for DDoS attacks. Many of these connected devices have weak security, making them vulnerable to be attacked and recruited to build IoT botnets with important attack capacity. Proper cybersecurity is, therefore, essential to prevent and mitigate DDoS attacks.

TechNadu: One of the agency’s most recent operations was the compromise of the “Encrochat” service, mainly used by criminals. Can you give us any details about how you managed to infiltrate the service’s infrastructure?

Oorth: Over the last months, the joint investigation made it possible to intercept, share, and analyze millions of messages that were exchanged between criminals to plan serious crimes. For an important part, these messages were read by law enforcement in real-time, over the shoulder of the unsuspecting senders. The information has already been relevant in a large number of ongoing criminal investigations, resulting in the disruption of criminal activities, including violent attacks, corruption, attempted murders, and large-scale drug transports. Certain messages indicated plans to commit imminent violent crimes and triggered immediate action. The information will be further analyzed as a source of unique insight, giving access to unprecedented volumes of new evidence to profoundly tackle organized criminal networks.

TechNadu: Child abuse and underage pornography are highly sensitive topics that are constantly on your radar. What processes and resources go into this aspect of your operations? Also, what kind of help do you offer to abuse victims, or even to people who feel attracted to minors? 

Oorth: It is important to mention that Europol encourages the use of the term “child (sexual) abuse material” and not “child pornography.” The term “child pornography” may be used as legitimizing by abusers. Every such photograph or video depicts an actual situation where a child has been abused.

Europol has a dedicated team supporting law enforcement authorities to combat and prevent this serious crime. Europol’s main role is to facilitate the information exchange between law enforcement authorities and provide technical and analytical support. However, we do not receive reporting directly from individuals who need to contact their national authorities and NGOs.

We have also supported our national law enforcement partners in their operational activities during the crisis. Action in Italy and Belgium, rescuing victims of child sexual abuse and bringing suspects to justice, are examples of this.

To track the perpetrators and identify and help bring the victims to safety, Europol’s analysts work on identifying elements on such material, leads for investigators. For three years already, Europol has also a crowdsourcing project called “Trace An Object,” where we are asking the general public to help us locate objects taking from the background of abuse material. This has led to the prosecution of three offenders and the identification of ten victims. Several dozens of investigations are still ongoing.

Europol also coordinates prevention campaigns to raise awareness among children on the dangers they may face while surfing online. One of them could come from sharing self-produced explicit material. Hands-on tips and advice for children, but also parents, teachers can also be found on our website and social media.

TechNadu: A topic that we often see in your reports is dealing with counterfeit money bill networks. Is this type of crime on the rise, or is it that you are now better equipped and more capable of tracking down these outlaws?

Oorth: As the EU Central Office for combating euro counterfeiting, Europol supports a number of operations targeting the counterfeiting of the Euro. Europol provides technical and analytical expertise, including on-the-spot support to national authorities to protect the single European currency from counterfeiters. Europol also supports operations targeting the counterfeiting of other currencies. An example is a recent operation, which shut down an illegal print shop for Romanian Leu. Most recently, Europol supported the dismantling of a very large Euro-counterfeiting network in Italy. The activities led to the freezing of assets worth €8 million.

Generally, the trend is not on the rise but is rather diversifying. The European Central Bank’s periodic communications even show a decrease. The operational successes in dismantling illegal print shops and the anticipated reaction of the police forces to the distribution of counterfeit banknotes online are the firm response.

Euro counterfeiting is currently under the newly created Europol’s European Financial and Economic Crime Centre (EFECC). Europol’s EFECC will strengthen the operational support provided to the EU Member States and EU bodies in the fields of financial and economic crime. The systematic use of financial investigations targeting the recovery of criminal assets is also in the heart of these efforts.

TechNadu: Another area that Europol is very active in is that of intellectual property crime. You have coordinated multiple pirate IPTV raids lately, but large-scale piracy remains a thing. What do you believe could be the key to dealing with the rise of illegal IPTV services in Europe? 

Oorth: Alongside taking down the criminal networks that are active in this area, Europol also cooperates with the industry, mainly legal broadcasters affected by this criminal activity and international organizations, protecting the copyrights for many legal distributors, such as the AudioVisual AntiPiracy Alliance. This cooperation helps us to better understand and tackle this illegal activity.

Europol has also created a special page to give leads to consumers how to distinguish between legal and illegal offers and raise awareness on the risks of using illicit services. Some of the dangers include malware infections, scams, abuse of personal data, and thefts of payment card credentials.