17 February 2018
Lynne Owens, Director General of the NCA said: “Since before the referendum, the NCA and its partners in policing and wider law enforcement have clearly stated our need to work closely and at speed with European countries to keep people in the UK safe from threats including organised crime, child sexual abuse, cyber-attack, and terrorism. The ability to work in this manner with our European partners benefits us all, increasing our ability to disrupt criminal activity and protect our citizens from national threats as well as local level volume crime at the heart of our communities.
“We are confident that these requirements are being taken into account by the Prime Minister and officials responsible for negotiating Brexit, and that there is commitment to our position that we need to retain our ability to share intelligence, biometrics and other data at speed.”
Operational example of the benefit of international law enforcement cooperation
Cyber-attacks cause harm to our security and prosperity, impacting both individuals and businesses. They do not recognise national borders and are frequently orchestrated in one country, with the technology hosted in another, and victims in multiple countries around the world. The NCA’s ability to disrupt criminal activity, such as the Avalanche network described below, is greatly enhanced through our ability to share intelligence and run joint operations with our European law enforcement partners.
The Avalanche network was used as a delivery platform to launch and manage global malicious software attacks and money mule recruiting campaigns. It caused an estimated EUR 6 million in damages in concentrated cyberattacks on online banking systems in Germany alone. In addition, the monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of euros worldwide. The global effort to take down this network involved the crucial support of prosecutors and investigators from 30 countries.
The operation to dismantle the Avalanche network involved law enforcement agencies across Europe, coordinated through a command post hosted by Europol at its headquarters in The Hague. From there, NCA officers worked together with Europol’s European Cybercrime Centre (EC3) and representatives from a number of involved countries to ensure the success of such a large-scale operation. Hosted within the UK were 2,600 domains which were seized and where possible blocked to deny criminals access to computer they had infected.
The result of the action led to the complete removal of this criminal marketplace that had taken the OCG a number of years to establish. The OCG lost all the infrastructure and the entire platform was removed from service, reducing access to the provision of Malware as a service and the ability to use the money muleing techniques removed. Through on-going media engagement the level of risk for hosting and running these type of services has been raised. Victim and community safety levels have been raised via this same messaging and direct contact with service providers highlighted members of the public that had been infected by malware delivered from this platform. Worldwide there were 5 arrests, 37 premises searched, 39 servers seized, 221 servers taken offline, 850,000 domains seized.