Speech: An Intense first year for the European Cybercrime Centre
European Commission - SPEECH/14/114 10/02/2014
Other available languages: none
[Check Against Delivery]
EU Commissioner for Home Affairs
An Intense first year for the European Cybercrime Centre
Brussels, 10 February 2014
The EC3 was created within Europol only year ago as the EU focal point in the fight against cybercrime. The Centre was set up to help protect European citizens and businesses. During the short period in which the Centre has been active, it has already gained a well-deserved reputation in the EU and beyond the Union's borders.
Today, together with the head of the Centre we are presenting the first year's activity report and I would like to thank Troels Oerting for the excellent work done. Let me also thank Europol's director, Rob Wainwright, for his help in the successful establishment of the EC3.
When inaugurating the EC3 last year, I said that cybercriminals are smart and know how to quickly take advantage of new technologies, so we had to become even smarter and quicker if we want to effectively prevent and fight these threats.
EC3 seems to be the right answer and its helping to boost Member States' effectiveness in fighting cyber-criminals.
As the report illustrates, our cyber-experts have built their reputation on a number of very successful actions and operations. Let me give you some concrete examples.
The European Cybercrime Centre assisted in the coordination of two major international investigations on Ransomware, where criminals infected tens of thousands of computers worldwide and realized profits for over one million euros per year. EC3 also supported several international initiatives in the areas of botnet takedowns, and malware attacks against financial institutions.
Significant efforts were also put on the combating of online sexual exploitation of children. At present, EC3 supports 9 large child sexual exploitation operations within the European Union. In the first year of EC3, significant efforts – jointly with many Member States and non-EU cooperation partners – were put into combating the illegal activities of paedophiles engaged in the online sexual exploitation of children using hidden services.
EC3 is also involved in many operations and joint investigations targeting the production and distribution of child abuse material on various internet platforms. It is providing ongoing operational and analytical support to investigations on the dark net, where paedophiles trade in illicit child abuse material in hidden forums, as well as to investigations into ‘sextortion’. Sextortion is the term given to the phenomenon where child abusers gain access to inappropriate pictures of minors and use the images to coerce victims into further acts or the abuser will forward the images to family and friends of the victim.
Last but not least, the EC3 supported investigations resulting in three different international networks of credit card fraudsters being dismantled and tens of suspects being arrested.
We would be ingenuous if we believed that what we are doing will suffice. We are witnessing a fast evolution of criminal behaviours and patterns, exploiting technology developments and existing legal loopholes. Our experts are constantly spotting new, evolved threats on the horizon.
We hear of companies who are blackmailed by hackers, threatening to run attacks against their information systems. There is evidence that easier video streaming makes it possible for offenders to orchestrate child abuse, taking place at distance in real time and follow it via webcams.
The sad reality is that, today, the threshold for committing cybercrime has decreased immensely in the past few years: anyone can become a cybercriminal. No technical skills are necessary, as the relevant tools are available online in user-friendly versions at reasonable prices, offering anyone the opportunity to commit cybercrimes.
It is estimated that cybercrime is among the most underreported offences. Victims frequently have no incentive to report, for example because they are ashamed of having become a victim of a scam or because they are reimbursed by their banks. It is a low-value, high-volume crime. Service providers, meanwhile, have a reputation to lose and fear exposure to copycat attacks. This has to change.
Moreover, criminals act from “safe” locations. As cyberspace is accessible from anywhere, the threat also both comes from, and affects, countries with which judicial cooperation has traditionally been limited. With global connectivity rapidly increasing, the number of victims and the number of cybercriminals from new regions are also on the rise.
And cybercriminals become more and more difficult to track down as their location and the location of their data can be hidden ever more effectively.
Software has become available for masking IPs that requires lengthy investigations to determine the true location of data, if it can be found at all. Cloud services, which has great benefits for you and me as consumers, can also allow criminals to avoid storing illegal material on their own computer.
And even when criminals can be identified, law enforcement authorities face huge difficulties in gathering the necessary evidence. Collection is hampered by the possibilities offered by modern technology, such as live streaming.
And all of this is happening while our perception of the cyberspace environment has changed dramatically over the past year. After the Snowden revelations, European citizens are even more concerned about the protection of their privacy and personal data in cyberspace.
This is why we must make sure that well-established fundamental rights principles are properly applied to new technological developments.
So, to conclude, our cyber-experts have given an important contribution to safeguard the open Internet and the digital economy, and to protect Europe's citizens and businesses online.
Thanks to the work of the European Cybercrime Centre, we are able to work together effectively and timely at European and international level. We are protecting EU citizens online by identifying the most dangerous cybercrime threat and the key cybercriminal groups at EU level.
I am sure that we will continue to build on this initial success. We have had a successful and intense first year. The EC3 has delivered on its promises and achieved its initial goals. Building on this foundation, we have to make sure that the EC3 can continue to be at the forefront of the fight against cybercrime in the EU, also in the years to come.