Director of Europol: ‘Top computer graduates are being lured into cybercrime’

Rob Wainwright believes most cyber-gangs are based in Eastern Europe

Rob Wainwright has a fine view from his office in the forbidding HQ of the European police agency Europol – but his attention is fixed far beyond the The Hague.

One threat emerges above all: the surge in cyber-related crime. Organised gangs are this generation’s most-talented computer programmers – and national police forces are struggling to keep up. Most cybercrime operations are based in eastern Europe, Mr Wainwright says. The Mr Bigs of the cybercrime world are likely to speak with a Russian accent, operate from a nice flat, pay their taxes and live beyond the reach of Europol’s 28 member states.

“I think between us and the Americans, we think we know the majority of the kingpins who are behind, for example, the development of the malware,” he says. But the new gangs are different from traditional hierarchical mafia style gangs, with a fluid structure of specialists often working to order to develop programmes for criminal gangs planning specific online scams.

One leader of a global cybercrime syndicate is said to have offered a Ferrari to the hacker who came up with the best scam in an “employee of the month” style competition. The offer was made in a professionally made video hidden on a sub-layer of the internet. It was apparently filmed in a luxury car showroom – evidence of how far organised crime is willing to go to recruit and nurture talent.

“There are three employers out there: the police, the tech companies and the bad guys. They are all after the same style of graduates,” says Mr Wainwright, who was appointed director of Europol in 2009, after a career in international law enforcement.

“We do pretty well because we can pay very well. We have some Romanian cyber analysts here who are fantastic at what they do. But some of the guys that arrived with them at university took a left turn coming out of the building instead of a right turn.”

A recent survey of UK police forces found that less than one-third of key cybercrime staff had the skills or technology to address a threat that is expected to triple over the next three years.

Rob Wainwright, the director of Europol, says states need to update their laws to tackle internet-based gangs (Reuters)

“Across the board in Europe, the police are really struggling to get the right guys through the doors because they can’t afford to pay the rates that criminals and the tech guys do,” says Mr Wainwright. “We’re not getting the right people and there’s not enough training of existing cops.”

The founding of the National Crime Agency – which is home to the country’s leading cybercrime investigation unit – has allowed for the direct recruitment of talented programmers, putting Britain ahead of the curve compared to other European nations. But the current nature of police recruitment to the 43 police forces in England and Wales means that tech talent would have to spend several years in uniform before being moved to a specialist unit.

Mr Wainwright says the key players behind cybercrime are protected by the states’ failure to legislate and keep up to speed with their tactics. A Communications Data Bill – dubbed a snoopers’ charter by critics – was dumped in 2012 after disputes within the Coalition. Rights groups described the proposals as blanket surveillance of the population, but police maintain that current law cannot deal with the huge expansion in internet-based communication by criminals. Mr Wainwright says that the Bill represented only a small part of the tactics needed to counter cybercrime.

The impact of revelations about the CIA’s data trawling by contractor Edward Snowden has seen firms like Apple designing devices that are encrypted and could not be cracked, and marketing them as such. “The internet allows for the offender online to conceal his identity in a way that makes it in some cases impossible for police to overcome,” says Mr Wainwright.

“The commercial imperative has changed from the post 9/11 world when most tech firms, the airline industry and so on understood that the commercial imperative was to work as closely as possible with the authorities to prevent the next terrorist attack.

“Something has changed   to such a point, accelerated by the impact of Snowden, in which they understand the public’s greater concern to be threat of Big Brother snooping from the state.”