Skip to content
     
    Episode 63

    Building a Safer Cyberspace with Philipp Amann

    EPISODE SUMMARY

    With an increase in organized cybercrime including ransomware and supply chain attacks, what can we do to protect ourselves as individuals and society at large? We're joined by Head of Strategy at the European Cybercrime Centre (EC3), Philipp Amann, to discuss cyber law enforcement and analysis. Learn how cybercriminals have evolved over the years and what the good guys are doing to stay ahead of the curve, including how individuals can assist government agencies in the fight against cyberattacks.

    Subscribe or listen now:  Apple Podcasts   Spotify   iHeartRadio   Google Podcasts

    powered by Sounder
    Joseph Carson:
    Hello everyone. Welcome back to another episode of the 401 Access Denied Podcast. I'm Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea. And it's a pleasure to be here with you for another exciting episode, and I've got an awesome guest, a true superhero person who's fighting cyber crime every single day. So, welcome to the show, Philipp Amann. Can you tell us about yourself and what you do, and some of the favorite things you get up to?
     
    Philipp Amann:
    First of all, thanks for having me. It's really great and a pleasure to be on your podcast, and looking forward to the discussion. So, I'm Philipp Amann. I'm the Head of Strategy of the European Cybercrime Centre. We're part of Europol, Europol being the EU's law enforcement agency. So, as you mentioned, our main of job is to support the EU member states in combating cyber crime.
     
    Joseph Carson:
    Fantastic. What's your favorite things you get up to? What's some of your passions? Do you have any exciting things that you enjoy doing yourself?
     
    Philipp Amann:
    You mean apart from work and-
     
    Joseph Carson:
    Apart from work and cyber crime?
     
    Philipp Amann:
    Well, definitely, you see the bike in the background, and actually, I do like to cycle. We're based in The Hague, so being close to the sea. I come originally from a landlocked country. So, being close to sea and doing all sorts of swimming, going sailing, I think that's something, well, a passion, and I'm still developing that, but that's certainly some of the things that I love to do. The Netherlands is a perfect country for that.
     
    Joseph Carson:
    It's a perfect place for that, absolutely. And today's topic is definitely, it's all about... And it's one that we've had numerous discussions on over the past couple of years at different events that we've been meeting up at. And for me, I think it's a big passion. Any time an opportunity comes up to talk about the complexities of fighting cyber crime, because it's not easy.
    Bringing something from an initial investigation right through to prosecution, that can actually be a very long process, can be a very complex process. Can you tell me how do some of the investigations start? What is the starting point for investigating a cyber crime? How do they get brought to attention? Who brings them to attention? Is it country SIRTs? Is it law enforcement? Is it the victims? What's the initial process look like?
     
    Philipp Amann:
    So, yeah, I mean, I couldn't agree more. I think it is a very complicated space to be, and that requires a very holistic response involving different communities. So, for us, I think what's quite unique... I'll just explain how Europol works. What's quite unique for us is that we don't start our own investigations. We here to support member states or non-EU partners with whom we have an operation agreement, and we provide those services. So, typically, to answer your question, what happens is it will be a member state that will say, "Can you please help us?"
    They may get that information from industry in the country or from the C-SIRT community or from most likely, which is very common, from the national law enforcement agency. And what you typically have is, especially with Cyber crime, it will involve two or more countries, which is one of the criteria for Europe to become active. So this is where I think as an agency and as ECC, the European Cybercrime Center, I think we really embody, if you will, the law enforcement as a service principles. We provide key services, key expertise to member states, but it is complicated, as you said. And it's typically, the successes that we have is the result of 1, 2, 3, 4 years, four year long investigations that require often a truly international network to be successful.
     
    Joseph Carson:
    Absolutely. And for me, definitely once you get into... Is it different when it's only happening within the European members? Because I love what you said, as law enforcement as a service. Because for me being based in Estonia, the government do see themselves as a service provider to the citizens. And I really do see law enforcement as a service to the citizens as well, and to corporates and businesses and countries and so forth.
    When it gets into, if that cyber crime is within the EU, does it typically work faster than having to work with outside members? Or is all types of cyber crime investigations and prosecutions typically take the same amount of time? Is there differences in how accelerated it can be?
     
    Philipp Amann:
    Well, there definitely differences, and I think if everything were to be within the EU in terms of infrastructure, the perpetrators, the victims, that can speed up processes just because it's in terms of cross border corporation, the legal basis, there's more clarity. There is existing processes and connections in place. Whereas if this involves non-EU countries, you may have delays there. Typically the mutual legal assistant, PD is an example where we know that sometimes it takes quite a while to get a response to that. So this is actually one of the forward looking strategic part where we try to see how can we work together to improve some of those processes. But it really also depends on the topic, as EC3, we cover, well, four main areas, really. So it's cyber dependent crime, cyber crime, it's payment fraud, it's the abuse of the dark web. And then it's combating child sexual abuse online.
    And so depending also on what area we're talking about, what area we support, what the investigation is about, there will be differences because different perpetrators, different ops sec standards. So some of those investigations particular, for instance, in the area of child sexual abuse online, where perpetrators tend to have very high operation security standards can become very technical and typically require an international response.
    So it depends. And yeah, I would say within the year, and the more a cyber crime case is limited geographically speaking, the faster, you may get a response/ but it really depends. You might have cases where even, although they're within the EU, you might still take a long time because of the complexity, because of dependencies and whatnot. So in general it is very difficult as you would probably know as well.
     
    Joseph Carson:
    Yeah. So one of the next things, what is the most common types of investigations? You mentioned a little bit about, let's say financial fraud, payments and other types. What's the most common that you would typically get to see across from your organization? What would be the most common that you would see? That would, typically the one that we should be more concerned about?
     
    Philipp Amann:
    Well, it's definitely, and I think that shouldn't come as a surprise, I think ransomware really is the top threat. What we see there is that the impact of ransomware, it goes way beyond the financial damage. It's a global cyber security risk. If we're talking about the tax against critical infrastructure, against the hospitals, it is something that goes... Really is a risk for public safety. Everybody's life can be threatened, impacted by a cyber attack. You think about attack against hospital. So this is really the top place, which also means that we support a lot of investigation, that space.
    We also work in different coalitions and networks that try to come up with a response. With a response, not just at the EU level, but also globally. So I think that's also very important. But then there other, we shouldn't forget there many other types of activity as well. We see peak, an uptick in mobile malware. And I think that just reflects how we use our phones these days. And obviously, we'll react to that. We still have a lot of CEO fraud, business name compromise, where we also see criminals now abusing AI, artificial intelligence to emulate the voice of CEOs.
     
    Joseph Carson:
    The voice and videos is on the uptick, is very much. Yes.
     
    Philipp Amann:
    Absolutely. So those things are no longer the future. This is happening already. So then obviously we have, unfortunately in the area of child sexual abuse online, significant increase in the production and distribution of material, child sexual material. The payment fraud. I think still card press and fraud, credit card fraud, huge problem, but also attacks against ATMs. It's really a whole range of problems and challenges that we face, but definitely for the time being ransomware, it really tops them.
     
    Joseph Carson:
    Yeah. I recently attended the first conference. For me. It was very insightful because, for me, I've always been looking at ransomware and financial fraud and business email compromise, but that event really opened up my horizon, more to a broader scope of criminal activities that happens using the internet. And wasn't limited to what I'm just used to, as you mentioned, child sex abuse. For me, that was pretty shocking about the extent and especially how it's accelerated over the pandemic as well. That was quite shocking. And having anyone who has to work in that type of environment, to investigate, and I think that's a difficult job to be doing, can definitely lead to trauma and stress in some of those environments. So for the people that's working to bring those cases, the prosecution, and basically... And find, because it's not just they're being abused, but they're also being trafficked as well.
    And they may not be with the parents. They may be basically trafficked across multiple countries. So some of that was quite shocking. Absolutely. One of the things, I loved Meko's recent comment that he made. It was that, he basically caught out saying that we're no longer securing computers. That's a thing of the past. What we are securing now today is society and the digital society.
    To your point, it's about everything that we do day to day is based on technology, whether it being, you taking a bus or traveling somewhere or purchasing something or doing online shopping, communicating with friends or even going to, for example, medical, was it surgeries and appointments? Everything today is touching technology and the severity, I think for me, one of the memories that I've had was, what's my worst nightmare?
    And I think the impact that technology can have is... That can actually result in deaths. Is that something that you would see, have you seen any evidence of that today or is that something that is directly related or indirect? What do you see in that area?
     
    Philipp Amann:
    Well, first of all, I couldn't agree more. I think it is. I'm old enough to, when I used to go online, you had two computers screaming at each other, so it was a very conscious step you had to take to be online. And then it was definitely the wild west back then, but maybe less... Definitely less criminality, I would say. But now of course, now we have a situation, as to your point, where being online is the norm. And a lot of times you don't even recognize that we have a devices around us or on our body or within our body that are connected to the internet. So I think in that sense, obviously we create new dependencies, new, quote, unquote, critical infrastructure. Now I remember back in 2014... Every year we publish our internet organized crime assessment report, which aside from landscaping the year, what has happened in the last 12 months, we're trying to predict the future.
    And then we sometimes have a little bit of exotic topics where, 2015, I think we already spoke about quantum computing and the implications of that and artificial intelligence. But I remember in 2014, so the first time we published it and it was obviously very exciting for us. And I remember we quoted an industry partner that predicted the first cyber death for 2015. And of course that was even though it was just a quote, of course, what happens then is it says, "Europol predicts the first cyber death."
    But if you think about it, I mean we know pacemakers have cyber security risk. We know insulin pumps have cyber security risks. Of course it's possible that you could tamper with those devices and potentially there won't be any logs. So it's very hard to actually prove that. So the point, I think, it's likely it could have happened. Maybe we haven't seen it. We have, of course. And then we had... Speaking of ransomware cases, for instance, in Germany, where a patient had to be transferred from one ICU to another ICU because of a ransomware attack.
    I think there wasn't a causality, but there was certainly a link to that. And so-
     
    Joseph Carson:
    Correct.
     
    Philipp Amann:
    ... This is a very, very likely scenario and yeah, it is about keeping society safe. It's no longer just an IT problem.
     
    Joseph Carson:
    Absolutely. I mean, it brings back a lot of memories that, for me, having managing large IT systems over the years. And I definitely think there's a big difference between having a direct fatality related to a very targeted type of attack that we'd be using technology indirectly target someone. But definitely I think there's been a lot of cases of probably indirect, such as you mentioned the case in Germany where a ransomware attack brought down a certain service and they had to be transferred to another hospital for that procedure.
    I've seen over the years. I mean, myself, I was responsible for the Northern Ireland ambulance service for a period of time. And for me, if those systems were down for longer than 23 minutes, people died because that was the measurement of SLA that we had. That basically if an ambulance wasn't able to get to a patient within that amount of time, the average would be that the potential casualty as a result of that.
    So if you think about just emergency phone lines, critical systems. If we weren't able to get an ambulance to the address or the system that we were looking for, let's say GPS positioning was not available, how could we find that person? So there's a lot of systems we heavily rely on. The postal records, the medical records, the GPS location, the communication side of things. Even to the point, back then we actually had installed defibrillators and EPGs in the ambulances and they were directly communicating back to the emergency rooms in order to actually share the criticality of the patient before they arrived. Imagine that if those systems weren't available as well, that the doctors wouldn't be able to prepare in the emergency room to know what to have, what's on the way, what's the priority, what types of systems they might need or what types of beds they need available.
    So for me, absolutely, I strongly believe that this is becoming much more critical. And I think that we will see cases both direct and indirect. I think it's more about the reporting of it. I think that's what we're probably not having in the logging and auditing of it. So for me, I definitely think this is an area of concern. For you, what's the areas that we should be working towards? How do we get more success going forward? Because I have seen... Can you mention some of the successes that you've had in recent times because I think we definitely need to report on the successes as well. Can you share some of those successes that you've seen cases of?
     
    Philipp Amann:
    Absolutely. That's what you were sort of alluding to is when you talk about cyber and cyber risks and threats, becomes very so gloomy and dark, the world is coming to end. And I think... I like your point. I mean, around, first of all, there are successes and secondly, yes, there's cyber risk and threats, but there are huge opportunities to come with that, or things we just discussed, in the medical area or the medical internet of things.
    Being able to specifically target a treatment to a patient. I think those are huge improvements and smart devices. And of course I think our task is really, or our challenge is to work together. And it's always just not law enforcement. That's the C-SIRT community, that's industry, that's academia, that's civil society. Everybody come together to make sure that we actually turn that into something secure and safe cyber space that we go.
    So I think to get there, I think a lot of the things that we need to do, we've been discussing for the last 10, 15 years. We use this expression, that sharing information, collaboration is the thoughts and prayers of the cyber security community. And so I think working towards solving the issues and say, "How do we overcome the legal challenges? How do we overcome the technical challenges in performance, tools? How do we build trust and how do we create situations where pipelines that go both ways?"
    And I know that law enforcement is sometimes guilty of that.
     
    Joseph Carson:
    It's a one-way street.
     
    Philipp Amann:
    It's a one-way street. And for legal and investigative reasons, it's very hard to give back. But at least what we could do. And we try to do that, tell our industry partners to say, "Well, this is the success." Or give credit to them. So I think there is still a lot you can do without having, encountering any legal confidentiality issues. So there are these challenges. I think for me, it's really is actually, it's not so much about creating something new or finding the solution.
    I think the solutions are there. It's more about walking the talk and seeing how do we actually implement that? And one of the challenges I actually see there is that there is... There's not a lack of initiatives. There's probably, potentially too many. And I could think of so many.
    The Cyber Threat Alliance is doing great work and the giant cyber unit proposed by the commission that will have information sharing part. There's the Cyber Defense Alliance, from a boss heading that. So many different initiatives where-
     
    Joseph Carson:
    The Ransomware Task Force as well, and-
     
    Philipp Amann:
    ISEGs. They're all... It's all about information sharing. So I think maybe also to see how we can ensure that they complement each other, don't have unnecessary overlap, but what I do feel, I think we now have a momentum where we're going into where people realize what we need to also overcome some of the trust issues we may still have. For instance, if take law enforcement, we have, I think come a long way to realize, "Hey, we are strong, we're stronger together. We're equal partners."
    And we all, both can bring something to the table.
     
    Joseph Carson:
    We are all fighting the same crime and the same criminal organization. And I found we're all superheros in our own way. It's more about, it's getting the Avengers coming together, working together. And as you know, there's a lot of superheroes out there doing different things. We've just got to work together and communicate. I do have to say, I have seen a major difference since, I think the highlight was around 2019 that I saw a turnaround. And it was at a talent digital summit in Estonia. And it was basically where it was about private industry and law enforcement working together to come up with basically an AI understanding about how to accept, use AI with responsibility and accountability, and when it's good and when it's not good to use. And for me, that was one of the first times where it was, it was bidirectional.
    It was very open. And as a result, that was the starting point, where it was a lot of governments initiatives and plans to really target, how do we make sure that we're using AI in the right way and not getting into worse, being abused? And it was very directional. It was very cooperative. There was two way communication. And as a result of that, it's accelerated a lot to the EU AI Act, that we're starting to see now.
    Also mentioned to Christopher Krebs recently, I commended him and his is initiative with a CISA in the US as well, where they started actually proactively sharing intelligent information in order for the community to try and defend together. So for me, it was, I remember even recently hearing a talk from one of the FBI officers as well, where he said, they've been listening for a hundred years. Now, they're struggling to get to the point where they're starting to talk more, and that's a new direction for them.
    For me, definitely in the last couple of years, it has been more cooperation rather than that on-way communication, I think even with Europe as well, I think. Definitely I'm starting to see that ability to start working together and make sure that we can reduce the safe places for criminals to operate and bring those prosecutions to a faster closure as well.
     
    Philipp Amann:
    Absolutely. You asked for examples. I mean, Emotet take down. I think that was a great example. Yes, it's coming back, but the race continues to be that way. But I think that sort of really brought together industry, CISO community, law enforcement, the cryptocurrency community, if you will, all the different partners. It was a long and complex investigation, but at the end, a huge impact.
    Or FluBot, another example recently. And what we saw there is also, it's not always law enforcement. Well, quite often potentially industry or community or academia that may have a solution. And then it's all about sharing that solution within the community. So to your point, I think that's really has improved, but the reality, of course it is it takes a lot of resources and it's one case at the time. And of course we prioritize those high value targets that typically will have a huge impact, but we hope will have a huge impact on the cyber crime ecosystem as it were.
     
    Joseph Carson:
    Yeah, absolutely. How critical is it that... One of the things I've seen in the last couple of years, especially when you get to ransomware service or even organized crime now entering into this space of cyber crime, that's becoming an extra part of their, let's say business model per se. And you started seeing a lot of criminals get into specialization. How is that impacting where a cyber criminal can go and say, I will get the access. I will purchase from this criminal gang. I will go and buy this type of ransomware or malware from this malware creator. I will use another help desk organization to do the communication. I will use this cryptocurrency in order to do the funneling and cleaning the money trail. How is that impacting the investigations where you're no longer just dealing with one central organized crime and you've got many different elements?
     
    Philipp Amann:
    Well, often, I mean, as you said, it lowers two barrier for a lot of criminals. And if you start with, I would say the low tech services in the sense, think about distributed service attacks, where you can purchase ... and stresses online. And for small fee per month, everybody without any technical know how can hack any kind of website. And so that's a problem because that opens up the dark side of the internet to everyone. And then if you can, more, as you just described more specialized services, it definitely had an impact because it means that criminals get more... It becomes more professional, if I can put it that way.
    Attacks are harder to defend against. And take another example, AV services counter. One of the examples of the services that, you also mentioned as part of the crime as a service model, where if I've developed my malware, I can actually use that service to check whether the current AV tools in the market will detect it or not. Then of course that means if they don't, you have some degree of confidence that you will remain potentially undetectable.
    So that's a challenge. It also means we see significant grow in scope, in financial damage, in volume, especially when we talk about high volume, low value attacks. This is from an investigative point of view, a huge challenge because we don't have the resources to focus on those. So that's where obviously prevention and awareness disruption becomes hugely important. And we do a lot of those activities as well. You mentioned those and ransom.
    But if you turn those around, what is the positive thing? Well, you may be able to focus on certain key services that facilitates or power the crimes service model. And if you take those and target those and disrupt those that may have quite a significant impact on the rest of the ecosystem. So it also gives you opportunities, obviously.
     
    Joseph Carson:
    Yeah. Looking at this from a massive ecosystem supply chain and targeting the critical mass parts that most of those smaller entry level criminals are taking advantage of. If you take down the supply chain, then everyone will fail in that ecosystem. So I think that's probably one of the key things. What types of resources that you need to help moving forward? Because we do have a massive skills issue and resources are hard to come by.
    What types of skill sets and resources is your organization need and looking for? And hopefully anyone out there who's listening to this, maybe as something that they might be interested in seeking as a future career choice, what's the path to those who are in this industry to becoming a superhero?
     
    Philipp Amann:
    Well, I wouldn't see ourselves as superheroes. As you said, I think everybody involved in that fight is a superhero because they all have a part to play. I mean, there's that famous story about somebody working for NASA and just being a cleaning person and you ask that person to help you. A rocket to the moon. I think that's... Everybody's part of this game and being their own type of superhero.
    I think for us, it really is that point. Look, I initially said law enforcement as a service providing key services and expertise asset service to the member states, meaning that the 27 member states don't have to build up the same level of expertise and tooling because they can rely on your-
     
    Joseph Carson:
    It becomes shared.
     
    Philipp Amann:
    Exactly.
     
    Joseph Carson:
    And you have then expertise, visibility across what what's happening in other locations as well.
     
    Philipp Amann:
    Exactly. Plus I think we do provide these sort of network of networks. So leveraging the power of the network. So we have as EC3 the European Cybercrime Center, we have three advisory groups with about 70 top level experts from the security industry, from the banking sector and communications sector. And we work with them on those issues. And it could be related to investigations. It could be operational, technical, it could be related to capacity building, or it could be a policy related issue where we try to find or inform discussions at that level.
    Is really depending on what the issues are. So I think this leveraging effect is also something that really I would think is a service to member states. So for us, it's different profiles really. I think very technical, related to forensics operation experience, can do, run investigations, analysts, but then also people who are aware of policies and can work in that space. It's a range of different profiles that need to come together to be successful.
    And looking at law enforcement, I think those colleagues, now we seeing generations, new generations coming up that have been, always be exposed to digital environment. So I think they're probably potentially more equipped to be able to work in that field. But having said that, I think equally we've seen a lot of other colleagues who have been in the field for a long time, that they've been able to scale up and skill up.
    And then of course you have that combination of technical expertise, longstanding investigative experience, which is equally important. I think we talk about the artificial intelligence and support. At the end of the day, we need to have human beings look at the data, make sense of it, analyze it and use their investigative experience to.
     
    Joseph Carson:
    Math reduction is what AI's all about. Is, let us focus on the things that's most... Important things, and try to get rid of the noise. Definitely it's, I've had a lot of fun discussions around that topic in recent months. If the audience, some of the audience who's in this industry or looking to get in this industry, where would they go to see what positions are open at Europol with cyber crime?
     
    Philipp Amann:
    Well, I think a lot of our positions obviously would be, especially in the operation department would be sort of law enforcement only. So that's for law enforcement. If you are interested in ideas, it would be analysts, specialists in different areas. Obviously the European Cybercrime Centre is just one of the centers established at Europe. We were the first one in January, 2013, but we have, the latest one is looking into financial crime.
    We have one dealing with counterfeit. So really a range of different profiles and crime areas where we look for colleagues. But then we also have a very large ICT department, as you would imagine. So we also looking for data analysts, just ICT people with a strong ICT profile. So the whole range. Check out our website. I think there's a whole range of interesting-
     
    Joseph Carson:
    I'll definitely make sure to get the website in the show notes so that people can go directly to. One of the questions I've got is that... Because Europol is one that I've worked with for many years and also even the NATO Cyber Defense Centre of Excellence and other C-SIRTS across the world. And as you mentioned, it's all about cooperation and working together. And one that was recently interesting was around the department of justice in the US, had released their new strategy about tackling ransomware and cyber terrorism, cyber crime.
    What's your thoughts on this strategy that they put out, which is really taking more offensive approach than what they've done historically? Is that something that we should all be looking at, or is that something they'll be working together with other internationals? Because as you mentioned at the beginning, a lot of these crimes are across border. They're not typically in... I was always a bit worrying about when you start taking the offensive side, it means that you definitely can't lead that to private industry to take care of that out. I prefer to have the law enforcement or the agencies and countries that are authorized to do that because you never know when a proxy or a country that's also a victim, is being abused. So what's your thoughts around that type of initiative?
     
    Philipp Amann:
    Well, I think first of all, just as a caveat, that would be something that Europol wouldn't be involved in. I mean we support member states, so they lead the investigations. We support them. I think as a general point, as you just mentioned, I think taking offensive steps, I think comes with a lot of risks. As you said, it can be misinterpreted. There might be unwanted side effects, knock on effects you can't control. So in that regard, I think it's a very risky strategy.
    Again, Europol wouldn't be involved in that. Now specifically, on the strategy you mentioned, I think we noted with interest to put it that way, that there was... It seemed the way I understood it was, there's a sort of priority given to disruption and taking down critical infrastructure over potential prosecution. So the way I read it's like, well, if we have a chance to disrupt the infrastructure, the criminal business model, and take the risk that we tip off the criminals, that's going to be the priority. And that probably was informed also by the fact that we do see criminal safe havens.
    And I think a reality for any kind of cyber crime investigation is that apart from the technical challenges, the cross border challenges, the legal challenges, when you get to the point where you identify the perpetrators, the criminals, they may be sitting in jurisdictions that are less cooperative. And so you don't get to them.
     
    Joseph Carson:
    That might be not even considered a crime in those countries because the laws are so old and outdated and still from the '80s and '90s.
     
    Philipp Amann:
    Yeah. So I think certainly a very interesting strategy, but like I said, for us, not something that Europol would... Definitely not be involved in. And I personally, definitely see a lot of risks that come with it. And so if a country were to take those steps, I think you really have to have a very good understanding of the pros and cons, as it were.
     
    Joseph Carson:
    You have to be accountable and responsible when you take those types of actions and it should maybe considered as a last resort overall. Because for me, I think prosecution should always be the primary objective, and offensive is the last resort. When you've run out of all possibilities, including policy and political side of things. For me, I think those should always be the primary.
    And because the offensive measures are temporary measures, because you're just limiting, you're just basically pushing them down in the future, until they set up new infrastructure and redo it again. Because people have backups, not just the good organizations and the good people. The criminals also have backups as well. And we suspect that they can restore those and recover. One of the things you just mentioned, it's definitely a passion of mine, is less safe havens. For me, that would be the measurement that we should be looking at as a primary measurement, because the less safe havens that these perpetrators can operate from, I think the more safer digital society we get. If you look at even just the likes of North Korea, for example, while they can't operate those activities from within the country. They tend to operate from other countries that are, let's say more connected and give them the bandwidth and the ability to operate.
    But again, countries that may not have cooperation. For me, it's all about going back to the cooperation, transparency, working together and getting rid of most of those safe havens so that you're putting pressure governments to cooperate, and not allow cyber criminals to use their infrastructure, to attack others. What's your thoughts around that approach? Is it?
     
    Philipp Amann:
    Well, I think, like you said, I think we need to work together to make cyber space safer and more secure. Meaning we need to address term of use. We need to address criminal safe havens and see how we can collectively find... Address those issues. I think for us obviously the EU has, I think it's quite effective, very effective is the cyber diplomacy, toolbox measures and options that EU has to respond to, use them in that context.
    But like you said, I think it's with any kind of global issues, the community needs to come together and see, how do we address that? What are the problems? Is there technical problem? Sometimes it could be a capacity problem in the sense that the country may not be actually aware of the fact that they're being abused, that their infrastructure is being abused. So-
     
    Joseph Carson:
    Absolutely.
     
    Philipp Amann:
    ... You might solve the problem by providing services and helping them upscale their security. And there might be other measures and other situations where need to work together. So obviously I'm sure you're aware of it. The discussions that have kicked off at UN level with the new cyber crime treaty. This is obviously something we follow. We're not directly involved in it, but we follow that very closely.
    I mean, we have obviously the Budapest convention as the effective tool, probably the only tool, or the only tool right now to provide that legal basis to combat cyber crime. But now obviously we need to follow those discussions now as well. But I think the key point for me is to have the community, to identify those measures that are most effective and efficient in addressing and addressing those issues. And of course, if we talk about, of course cyber space, but you could take probably any kind of crime area, you'll always have those criminal safe havens potentially, depending on what crime it is.
     
    Joseph Carson:
    There'll always be those places, but we can always look to restrict their ability to strike other nations and maybe even hold them to political or economical restrictions until they decide that cyber crime is not a business that they want to support. So I absolutely agree.
    For what types of resources do you make available? If there was places that the audience can go get resources that are of value. You mentioned the yearly annual report that you produce. Is there other types of materials or resources that the audiences would find very valuable that would help then join in the fight of cyber crime?
     
    Philipp Amann:
    Well, definitely our annual report, which we publish on our website. So all these reports I've mentioned are on our website. We've not too long ago, published a report on the criminal uses and abuses of artificial intelligence, together with UNICRI and Trend Micro. That's on our website. And more recently we had a dedicated report on deep fakes in law enforcement.
    That was reported by innovation lab. We recently had a workshop on the metaverse, policing the metaverse. So looking into that as well. So that's also something we try to do. Become more proactive. Look ahead, get ahead of the curve. Take cryptocurrency. For instance, we had our annual conference this year on cryptocurrencies was dedicated to decentralized finance and it's quite amazing to look at that because you go like, well, a normal cryptocurrency transaction is the default.
    We all need to know also law enforcement had to investigate that, but the future is already here. Again, we're talking about smart content, we're talking about liquidity pooling. We're talking about new content tokens and they're being abused. We see this. So that means, again, huge challenge for law enforcement, but also industry has, supposed to scale up and be ready and work together. So we also have reports and conference in that space.
    We have also, to, which is probably I think, linked to definitely linked to our discussion. Not long ago, together with Professor Mary Aiken, we published together.
     
    Joseph Carson:
    Yes, the ... The CSI Cyber. That was one of her. It's amazing. Congratulate Mary for getting the keys to Dublin.
     
    Philipp Amann:
    Absolutely.
     
    Joseph Carson:
    Which is a fantastic award. So for Mary, congrats, we do applaud everything she does to the community.
     
    Philipp Amann:
    So we published together, and supported by executive director, a position paper called The Cyber Blue Line. So the idea was to... It's sort of more general strategic position paper, where we talk about where do you draw the line, the blue line, what's the role of law enforcement? And shouldn't come as a surprise that also, the position paper calls for a discussion. Again, it's not up to law enforcement, it's up to industry to set the standards, create those realities that we all have to live with. But really we need to come together collectively to decide what is it that we want in terms of online safety, online security. And if you will, even the point that we discussed about from safe havens. That again is a discussion we had at that level, at international level to see how do we approach that?
    Whether the measure is, whether the challenge is there. So I think that's on our website. So a lot of different reports, but what I wanted to specifically mention is first of all, in terms of public private partnership, I think one of the best examples I could think of is our No More Ransom initiative. So that's No More Ransom dot org. And it's something that we started about six years ago with two industry partners in the Dutch police.
    And now it's available, I think in 37 different languages, or 38, it might be. But most importantly, it gives you access to more than 120 different tools that you can use to decrypt your data for free. So we've been able to help, well, at least last year we looked at the statistics, very conservative estimate, after five years, so that was last year, June, July, we were able to help 6.2 million victims. And some of them are large operations.
     
    Joseph Carson:
    That's impressive. And it's definitely, it's a fantastic resource. And one that, always recommending that. If you think about how many people organizations is benefiting, you think about the savings of financial and potentially lives as a result of that as well. Because some people... There has been instances of, that could be potentially devastating to people's lives financially and economically if those businesses had to close.
     
    Philipp Amann:
    Exactly.
     
    Joseph Carson:
    So I think that's a great example of the impact that the organization and the service is having. One of the things I'd like to get into as well, that is just for the audience. So some final words of wisdom that you would like to share with the audience, are what things that they can do to make a difference.
     
    Philipp Amann:
    Yeah. I think when we talk about cyber crime, yes, it's complicated. Takes a lot of partners to be successful in investigations, but I think we all can do something. Sometimes that become... Or I think it can become a little bit overwhelming. You're like, "Okay, there's nothing I can do. There's the cyber wild west out there."
    But I think you can do a lot. I think you can raise your own awareness, realize what you can do to protect yourself online. Use a password manager, use multifactor authentication, be smart with your passwords, be smart with your digital online footprint, what you share online. So I think we can do a lot of things to raise the bar, to collectively raise the cyber security bar, to make it that much harder for criminals to be successful. I mean when you see something, you get a spam email, think twice. Really, does that make sense?
    Whatever you read there. So I think we can do a lot. We can also work with our children. We teach them to be safe in the real world when they cross the street. I think equally work with them, talk to them, to let them know how they can be safe and secure online. Particularly other communities, elderly parents and grandparents, to help them just be safe online. And it could be simple things like lock down their phones or make it very easy for them to go online and just minimize the risks. So I think what I'm trying to say is that I think there are many easy things we can do.
    Having strong passwords, multifactor, having backups, being aware of what you share online, that we can do to protect ourselves and make collectively, everything, everybody's safer and secure.
     
    Joseph Carson:
    You got me thinking. We definitely need to expand the cyber ambassadors or mentors to society.
     
    Philipp Amann:
    Oh yeah.
     
    Joseph Carson:
    We've got help lines for many different things. Why don't we have help lines for digital safety? Maybe that's an initiative that we kind of need to think about. So if you have questions, you don't know who to ask. It's not Ghostbusters you're going to call. It's the digital safety line.
     
    Philipp Amann:
    Exactly.
     
    Joseph Carson:
    So maybe that's an initiative that we need to consider going forward. And it did get me thinking. My mind started when you talked about the metaverse, I started thinking about, what if my avatar or my digital house gets stolen?
     
    Philipp Amann:
    Exactly.
     
    Joseph Carson:
    Is there a process for me to follow from a law enforcement perspective? You get a call saying, "My digital house in the metaverse has been stolen and I can't find it." What do you do? It brings a lot of questions up.
    That's interesting. An interesting realm to go. Philipp, you've been awesome on the show and many thanks for answering. I always have lots of questions in my mind and many thanks for going through and answering them all. It's fantastic. I hopefully get to see you again in the near future.
    For the audience, again, it's been fantastic having Philipp on. It's a true, even though you don't have a cape, you are, for me, one of the InfoSec superheros out there. It is truly, really every single day in the, fighting cyber crime and making sure that we actually, the world can be a safer place. And as a result, you definitely highlighted some major wins and successes that does show that this does work. Even though we don't hear about it every day in the news, because the news prefers to have a bit more of a fear, but we are seeing successes.
    And thank you for you and our team for all the work that you do. For the audience, tune in every two weeks. Again, this is the 401 Access Denied Podcast. I'm your host for the episode. We will have Chloe back again soon. She's unavailable just due to the time zone today, but stay safe, take care and talk to you all soon. Thank you.