EC3: Cybercrime

Set up in 2013, the European Cybercrime Centre (EC3) was established to help protect EU citizens, businesses and governments from online crime through the strengthening of law enforcement.

Guided by the EC3 Programme Board, the EC3 is made up of two forensics teams – digital forensics and document forensics.

Each of the teams has a focus on operational support and research and development. The outreach and support team’s role is to establish partnerships and coordinate prevention and awareness measures. While the strategy and development team is responsible for strategic analysis; the formulation of policy and legislative measures and the development of standardised training.

At operational level the focus of EC3 is aimed at three key areas: cyber-dependent crime; online child sexual exploitation and payment fraud.

The EC3 Programme Board provides EC3 with direction as to how to achieve its goals and fulfil its officially assigned tasks, building on partnerships, shared responsibility and cooperation with all board members.

According to Europol: “These activities are also supported by the Cyber Intelligence Team (CIT), whose analysts collect and process cybercrime-related information from public, private and open sources and identify emerging threats and patterns.”

EC3 is also supported by the Joint Cybercrime Action Taskforce (J-CAT), a unit which works on the most important international cybercrime cases affecting EU member states and their citizens.

While EC3 operates through utilising Europol’s existing law-enforcement capacity, it also has other expansive capabilities, particularly relating to increased operational and analytical support to Member States’ investigations.

Cyber-dependent crime

In the 2017 Organised Crime Threat Assessment (IOCTA), EC3’s annual strategic report on key findings and emerging threats and developments in cybercrime, highlighted that while traditional cybercrime remains evident, it has also evolved to take new forms and new directions.

Ransomware attacks remain the most common tactic for cybercriminals, highlighted by the fact that the first half of 2017 witnessed attacks “on a scale previously unseen following the emergence of self-propagating ‘ransomworms’.” The IOCTA report highlights that ransomware has widened the range of victims when compared to traditional malware such as banking trojans, often aimed at a limited target profile.

Online child sexual exploitation

The report highlights an increasing volume of self-generated explicit material (SGEM) and use of the Darknet by offenders to share and store material, and to form closed communities.

Payment fraud

Card-not-present (CNP) fraud continues to dominate fraud related to non-cash payments. Card-present (CP) crime is a much smaller portion, however, is still at record numbers. The number of criminal groups specialising in attacks on ATMs and banks is also increasing.

Illicit trade has also become more digital, with most organised crime units using an online component. The report states that: “Compared to the more established Darknet market commodities, such as drugs, the availability of cybercrime tools and services on the Darknet appears to be growing more rapidly.” The report notes that cryptocurrencies continue to be exploited by criminals.

Concluding the report states: “It is clear that continued, close cooperation with the private sector is essential to combat cybercrime in an agile, pro-active and coordinated manner with a comprehensive and up-to-date information posture at its heart. This report also highlights how adequate training of the public and employees to recognise and react appropriately to social engineering would have a significant impact on a wide range of cyber-attacks.”