Crime News

Europol and Eurojust strive to improve access to cross-border electronic evidence. The SIRIUS conference 2018 took place on 6 and 7 November at Europol’s headquarters in The Hague. This two-day event, organised in collaboration with Eurojust, gathered over 200 judicial and law enforcement authorities from 40 countries, as well as representatives from Airbnb, Apple, Facebook, Google and PayPal, to address issues and challenges encountered when conducting Internet-based investigations. The objectives of this event were to take stock of the progress made within the framework of the SIRIUS project in building capacity both at EU and US levels in cross-border access to electronic evidence, and to devise novel solutions to emerging and future challenges in the field, capitalising on the input from participants from different backgrounds. The conference provided a perfect opportunity to share knowledge and best practice, as well as to increase mutual understanding and trust between judicial and law enforcement authorities and Online Service Providers. The conference included training sessions by the US Department of Justice, the FBI and Eurojust regarding mutual legal assistance (MLA) procedures, further working towards improving the swiftness of MLA requests. More practice-based activities took place, including a Codefest, which gave participants an opportunity to learn how to use the tools available on the SIRIUS platform and to test the information shared during the two-day event. The conference closed with an inspiring session during which participants, guided by Europol, were able to contribute to the future of SIRIUS, which seeks to remain a reference point for developing knowledge in the area of cross-border access to e-evidence for practitioners. SIRIUS is an innovative project that includes an interactive knowledge-sharing platform accessible to judicial and law enforcement authorities, and aims to produce and disseminate trainings and digests to improve EU-US cooperation in cross-border access to electronic evidence. The project is of operational added value in the internet-based investigation and prosecution of crime. Europol’s EU Internet Referral Unit and the European Cybercrime Centre officially launched the SIRIUS platform during a kick-off meeting in The Hague in October 2017. The platform was enhanced in December 2017 thanks to a grant from the European Commission’s Service for Foreign Policy Instruments (FPI). At that time, Eurojust became associated with the project, including the judicial dimension with MLA processes between the European Union and the USA. The SIRIUS project is funded under grant agreement No PI/2017/391-896.

The Fiscal Action Unit of the Portuguese Republican National Guard, together with the Territorial Command of Setúbal and with the support of a number of other Territorial Commands from Portugal*, as well as Luxembourg and Europol successfully carried out operation SHADOW GAME from 6 to 8 November. After an investigation of 15 months, coordinated by Eurojust and Europol, participating law enforcement forces carried out 267 house searches in Portugal and 8 house searches in Luxembourg earlier this week. As a result of these, 30 individuals were arrested in Portugal, and one detained in Luxembourg in accordance with the European Arrest Warrant. EUR 576,000 have been seized in cash alongside some 3,000 computer devices used for illegal gambling, 22 firearms, 86 vehicles, including several luxury vehicles and several bank accounts resulting in the recovery of more than 6 million EUR in criminal assets. Fourteen commercial companies and 93 people from Portugal, Luxembourg, as well as Brazil and Switzerland were also indicted. The investigation revealed a structured and hierarchical transnational criminal organisation operating in various EU Member States (Belgium, Luxembourg, Portugal) and Switzerland. The criminal organisation was active in the field of servers and software for the development of games of chance, lotteries and sports betting. The purpose of the network was to obtain and maximize illicit revenues by dividing them along the chain of operators and reinvesting them in economic sectors and licit enterprises. The total amount of criminal profits obtained in Portugal and in Luxembourg is currently estimated at EUR 80 million. Europol supported this investigation by providing on-going analytical support, organising and funding operational meetings between Portugal and Luxembourg and by deploying its staff members and mobile office capabilities to Portugal and Luxembourg during the action days to prepare and assist both country’s National Authorities with on-the-spot real time intelligence analysis, which has already allowed for the identification of new international links. * Viana do Castelo, Braga, Porto, Vila Real, Aveiro, Viseu, Coimbra, Guarda, Leiria, Lisbon, Évora and Faro

On 6 November 2018, following a meeting at working level, the four Principals of the Memorandum of Understanding (MoU) between Europol,  the European Union Agency for Network and Information Security (ENISA), the European Defence Agency (EDA), and the Computer Emergency Response Team for the EU Institutions, Agencies and Bodies (CERT-EU), met at CERT-EU's premises. The purpose of the meeting was to update each other on relevant developments and assess the progress made under the MoU, which provides a cooperation framework aiming at leveraging synergies between the four organisations to achieve a safe and open cyberspace. The four partners also agreed on a roadmap prepared by the MoU working group with concrete activities and deliverables throughout 2019. The initial focus will be on working closer in the areas of training and cyber exercises, building the cooperation capacity and the improved exchange of information on respective projects and events with a view to complementing the work of the four partners and avoiding the duplication of efforts. The Principals agreed that this was a major milestone in entering a new era of working together and an important first step in putting the cooperation framework into practice. Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3): “This meeting was an excellent opportunity for us to take stock of what we have achieved so far in the framework of our joint MoU and to agree on a roadmap of concrete joint activities and deliverables for 2019 and beyond. We look forward to working with our MoU partners in making the internet a safer place."

With the support of Europol, the Polish Border Guard has successfully dismantled an international criminal network involved in the facilitation of illegal immigration. The organised criminal group (OCG) ran their operation in Poland, smuggling non-EU nationals into the European Union (EU) and the Schengen Area, and helping them obtain the relevant documents to stay. On 24 October 2018 seven key suspects – all of whom are Polish nationals – were arrested in Poland. During the searches, police seized communication and electronic devices and various documents used by the OCG. The investigation into the group began in 2013. The OCG registered documents at the Regional Labour Office, which declared their intention to provide work for non-EU migrants in Poland. The criminals created both fictional and genuine companies to issue these documents, which entitle non-EU nationals to obtain a Polish visa to stay in the country and to find paid employment. The visa also entitles the holder to stay in other EU countries. The OCG was responsible for all the travel arrangements, declarations, applications, work permits and temporary residences for the migrants. Once the migrants had signed the documents, they travelled to Germany and Sweden. The investigation indicates that the group helped at least 550 foreigners to reach the EU and Schengen Area. The case is ongoing and further future detentions are possible. Europol supported the investigation by providing analytical and operational support and hosting an initial operational meeting at its headquarters in The Hague. During the action days, Europol’s European Migrant Smuggling Centre (EMSC) provided on-the-spot support by deploying an analyst to Poland equipped with a mobile office and a Universal Forensic Extraction Device (UFED). This allowed for real-time cross-checks against Europol’s databases as well as data extraction from the seized devices for further analysis.

More than 30 000 artefacts, including Greek and Roman ceramics, helmets, funeral urns, lamps, arrowheads and spears – thought to be either genuine or forged – have been seized as a result of the latest operation targeting trafficking of cultural goods in Europe. The seizures were made as part of Operation SARDICA run by the Spanish Guardia Civil and the Bulgarian Police, with the support of Europol and Eurojust, against an organised crime group suspected of looting and forging cultural artefacts. 17 property searches were carried out simultaneously in Bulgaria and Spain during the action day on 23 October, resulting in the arrest of 13 suspects and some EUR 180 000 in cash seized. The investigation uncovered that the criminal gang had been operating mainly from Spain, and were illegally excavating and trafficking cultural goods looted from archaeological sites in Bulgaria. The criminals were also involved in the manufacturing of forged archaeological goods. All these objects were sold online on popular auction websites, where the criminals had set up fake user profiles, agreeing between themselves to overbid during auctions, so as to increase the selling price and their subsequent criminal profits. The smooth coordination and exchange of information were instrumental in the success of this investigation. Europol brought together the different involved police forces to help them connect the dots between their own national investigations and provided analytical support before and during the action day.  A mobile office was deployed on-the-spot in Valencia (Spain) to help with the cross checking of operational information against Europol’s databases, alongside an expert being present  at the coordination centre set up at Eurojust to coordinate the execution of the arrest warrants and searches.

With the support of Europol, the French National Gendarmerie and the Criminal Investigation Directorate of the General Inspectorate of the Romanian Police have dismantled an organised crime group suspected of having committed at least 65 burglaries in several regions of France since February 2018. Dismantling the group began on 19 June on an action day carried out in the outskirts of Paris. Three suspects were arrested and 80 portable gardening tools were seized. During the second phase of the operation on 24 October, 60 police officers were deployed to Dolj County in southwest Romania. Another 4 suspects were arrested and 11 houses searches carried out.This organised crime group under investigation was specialised in committing burglaries in outbuildings and gardening tool shops. Reactivity and strong exchange of information were the key success factors to overcoming the high mobility and flexibility of the criminals.Involved from the very onset of the investigation in February 2018, Europol facilitated the exchange of information and provided analytical support before and during the action day. A mobile office was deployed on-the-spot to help with the cross checking of operational information against Europol’s databases.

CEPOL and Europol, supported by the Portuguese Guarda Nacional Republicana (GNR) organised a conference and training session attended by 75 CBRN and/or explosives experts of the European Explosive Ordnance Disposal Network (EEODN), which took place from 16th to 19th of October 2018, at the School of Guard, at Queluz, Portugal. Officers from 26 EU Member States plus Norway and the United States, together with experts from specialised agencies such as the EU DG Migration and Home Affairs, the Joint Research Centre – Geel, the NATO – C-IED CoE Madrid - Spain, the NATO EOD CoE Trencin – Slovakia, INTERPOL, the Organisation for the Prohibition of Chemical Weapons (OPCW), the International Atomic Energy Agency (IAEA) and the Europol - CBRN & Explosives team were present. The main purpose of the conference was to promote the debate on recent cases involving the use of improvised explosive devices (IEDs) and radiological materials (CBRN). The 23 experts involved as trainers were able to develop the participants’ knowledge, skills, techniques and tools through the analysis of the most recent incidents occurring in Europe. This joint CEPOL - Europol activity happened for the first time in Portugal, and the training programme was designed and jointly prepared by the National Republican Guard and Europol. The participants were invited to combine all their knowledge and “hands on” capacity, challenged by the possibility of using innovative strategies and techniques for the neutralisation of the highly complex and dangerous threats. The Conference ended on 19th October, after a debriefing on the methodologies, strategies and techniques used during the training, aiming to provide a reflection on the best practices to face this kind of threats.

For two weeks, from 15 to 26 October 2018 at its headquarters, Europol’s European Cybercrime Centre hosted the fifth Victim Identification Taskforce, whose aim is to identify victims and suspects of child sexual exploitation and abuse. 27 law enforcement experts from 21 countries and INTERPOL joined Europol staff to go through millions of images and video files to find and exploit vital clues. This combination of collaborative work, image and video analysis and criminal intelligence, followed by national investigations, has already led to the safeguarding of 241 victims and prosecution of 94 offenders in 28 countries. More than 32 million (binary unique) images and video files were available in Europol’s database for this operation. In preparation for this Taskforce, Europol experts triaged 351 series of related images that would be the object of analysis for the participants. One series can link from 2 to more than 5 000 images. Today, at the end of this annual Taskforce, a total of 584 series have been analysed. For 91 series, likely countries of production have been determined and these countries informed, so they can start their own national investigation. All the series have been uploaded to the INTERPOL International Child Sexual Exploitation (ICSE) database. We know that four eyes are better than two, so imagine having 34 pairs of eyes and expert brains working together for two weeks, while exchanging expertise and good practices. The eyes came from Belgium, Cyprus, Denmark, France, Germany, Hungary, Italy, Latvia, the Netherlands, Portugal, Spain, Sweden, the United Kingdom and third-party partners Australia, Bosnia and Herzegovina, Canada, Colombia, Moldova, Norway, Switzerland, the United States (US ICE, US FBI) and INTERPOL. The tireless efforts during the four previous editions have resulted in the safeguarding of 241 victims and the arrests and prosecutions of 94 offenders. This number will undoubtedly increase after this fifth edition. 1000 police officers trained At the same time as the event, for the 19th time, Europol organised a ten-day training course on ‘Combatting the Online Sexual Exploitation of Children’(COSEC) at the Police Academy of North Rhine-Westphalia in Selm, Germany. During this training course, unique of its kind, the training participants were also working on the same series of abuse images as the Victim Identification Taskforce. The COSEC training is meant to expand the community of investigators who fight child sexual abuse and exploitation. Since its first edition in 2000, almost 1 000 law enforcement officers have taken the course which encompasses open source investigations, forensics, victim identification and financial investigations. Crowdsourcing the search As a spin-off of the law enforcement-focused Victim identification Taskforce, Europol launched a crowdsourcing initiative to expand the search for the origin of child sexual abuse images to the general public. Since the start of the project, on 1 June 2017, more than 22 000 tips have been sent to Europol which has already resulted in eight children identified and one offender arrested thanks to the help from ordinary citizens.

Our world is hyper-connected now. Current estimates are that there are around 10 billion electronic devices with access to the internet and that number will have at least doubled by 2020. In addition to the many advantages and opportunities, the emerging ability of connected devices to impact the physical world has also created a new set of vulnerabilities and possibilities of exploitation by criminals. To address these vulnerabilities, tackle them effectively and to fully realise the great potential that it offers, ENISA and Europol have brought together 300 experts from the private sector, security community, law enforcement, the European Computer Security Incident Response Teams (CSIRTs) community and academia for a two-day conference in The Hague. The Internet of Things (IoT) is a wide and diverse ecosystem where interconnected devices and services collect, exchange and process data in order to adapt dynamically to a context, automate decisions and provide better situation awareness. In simpler words, it makes our televisions, bathroom scales, fridges and even our cars and cities ‘smart’ and creates new opportunities for the way we work, interact and communicate, and how devices react and adapt to us. IoT has added to our overall convenience, ease of use and even safety but it is important to implement adequate security measures to protect the IoT from cyber threats. What will happen when cheap and unprotected IoT devices allow criminals to watch your every move from your vacuum cleaner’s camera, change the settings of your connected medical device or drive your car into a wall? These challenges – whether technical, legal, policy or regulatory – need to be addressed across different sectors and stakeholders. For the second year in a row, ENISA and Europol joined forces to gather the world’s leading experts from the private sector and law enforcement and cybersecurity community to discuss the security challenges around Industry 4.0, IoT application domains and concrete case studies in the automotive, aerospace and smart home industry and emerging IoT trends like artificial intelligence and digital forensics. The second IoT Security Conference provides a unique platform for experts to provide the audience with insights into the security requirements of IoT, a mapping of relevant threats, assessing possible attacks and identifying potential good practices and security measures to apply in order to protect IoT systems and to deliver the many opportunities IoT offers in a safe and privacy-respecting manner. The main conclusions of the conference are: security should not be an afterthought when designing systems and IoT systems are no exception; implementing security does not need to be complicated. As ENISA's report shows, baseline security recommendations for IoT were made accessible via an interactive online table. This allows for easy access to specific good practices; law enforcement needs to be in a position to go beyond defence and incident response by being able to investigate and prosecute the criminals abusing connected devices; there is a need to discuss digital forensics in regard to IoT and the importance of data and privacy protection, considering the amount and different categories of data collected by the IoT; this joint conference is an excellent example of much-needed multi-disciplinary dialogues. ENISA and Europol are working closely together to inform key stakeholders of the need to be aware of the cybersecurity and criminal aspects associated with deploying and using these devices; the IoT has great potential and provides tremendous opportunities to improve the way we interact, do business and go about our daily lives. In 2019 and beyond, holistic, pragmatic, practical and economically viable security solutions need to be promoted and the entire IoT ecosystem needs to be looked into. ENISA will be working on an automotive IoT case study and welcomes the active support of all partners. Cybersecurity is a shared responsibility. Stronger collaborations with industry are planned together with other initiatives to ensure coordinated efforts and explore all possible synergies.　 ENISA’s Head of Core Operations Department, Steve Purser commented: "It is important and essential to collaborate because cybersecurity is a shared responsibility and that is ever more true in the IoT domain. This joint conference is an excellent example of these much-needed multi-disciplinary dialogues. The benefits and opportunities that IoT brings are numerous and of paramount significance for the entire society. It is our duty to ensure that this is done in a secure, safe and reliable manner. IoT security is a prerequisite for a secure and safe connected digital society. The time to act for Internet of Things security is now. I welcome the collaboration with Europol, and I am confident that such joint efforts contributing to ensuring IoT security for all."　 Europol’s Deputy Executive Director of Operations, Wil van Gemert added: "Law enforcement must have the tools, skills and expertise to investigate the criminal abuse of the IoT. We have a leading role, together with our partners, to go beyond increasing cyber security and resilience of the IoT as we can make a specific contribution in terms of deterrence. The complexity of IoT and its resulting cybersecurity challenges call for a holistic, smart and agile approach. As IoT is now a present reality as opposed to a futuristic concept, the necessity to have this multi-stakeholder conference to put cybersecurity at the heart of the IoT ecosystem is self-evident." Useful tool for law enforcement use The Internet of Things has many advantages for law enforcement as a new tool to fight crime. Police are already using connected devices like smart cameras for major events and to fight robberies and home burglaries, bodycams to raise situational awareness, sensors in firearms to track when and how often it is used, and so on. It is important that law enforcement also invest in the safety and security of its IoT-connected devices, to protect the privacy of the citizens it works for. Crime scenes are changing because of the IoT: data from connected doorbells, cameras, thermostats, fridges, etc. can provide useful and crucial evidence. The necessary forensic techniques and training will need to be used to safeguard this data. Big data collected by IoT devices, for example for facial recognition from camera images after a major incident, will become an integral part of a criminal investigation but also require the necessary means to protect the privacy of citizens. Common understanding of IoT cyber security ENISA has been working for several years on identifying security threats and risks in the Internet of Things and on providing recommendations to strengthen its security. To address the challenges and lay the foundation for IoT security, ENISA has introduced Baseline Security Recommendations for IoT, to ensure common understanding and interoperability when it comes to IoT cyber security. Device manufacturers and users of IoT devices and systems can use these recommendations as a checklist against which to assess their IoT security solutions. For this reason, an interactive online tool has also been developed that can be used to define one's own threat model and accordingly identify specific security measures to deter, protect and prevent pertinent threats. Building on this work, ENISA continues to engage with stakeholders and will publish a new study in 2018 on Good Practices for Security of IoT with a focus on Industry 4.0 and smart manufacturing, while in 2019 relevant efforts concerning smart cars are expected.

As of today, victims of the GandCrab ransomware can recover their files without giving into the demands of the criminals thanks to a new decryption tool released for free on www.nomoreransom.org. This data recovery kit was developed by the Romanian Police in collaboration with its counterparts from Bulgaria, France, Hungary, Italy, Poland, the Netherlands, United Kingdom and United States, together with the security company Bitdefender and Europol. It is the most comprehensive decryption tool available to date for this particular ransomware family: it works for all but two existing versions of the malware (v.1,4 and 5), regardless of the victim’s geographical location. This tool is released a week after the criminal group behind GandCrab made public decryption keys allowing only a limited pool of victims located in Syria to recover their files. GandCrab in a nutshell GandCrab is one of the most aggressive malware attacks in recent months, infecting nearly half a million victims since it was first detected in January 2018. Once GandCrab takes over a victim’s computer and encrypts its files, it demands a ransom ranging from USD 300 to 6 000. The ransom must be paid through virtual currencies known to make online transactions less traceable, such as DASH and Bitcoin. Back in February, a first decryption tool was made available on No More Ransom by the Romanian Police, with the support of the internet security company Bitdefender and Europol. A second version of the GandCrab ransomware was subsequently released by the criminals, this time with an improved coding which included comments to provoke law enforcement, security companies and No More Ransom. A third version followed a day later. Now in its fifth version, this file-locking malware continues to be updated at an aggressive pace. Its developers are constantly releasing new versions of it, with new, more sophisticated samples being made available to bypass cybersecurity vendors’ countermeasures.  Underground alliances The rapid spread of GandCrab has been helped along by a ransomware-as-a-service scheme, which offers on the dark web to wannabee criminals with little to no technical expertise a toolkit for launching quick and easy malware attacks, in exchange for a 30% cut from each ransom payment.  In order to further maximise the profits, the GandCrab developers are also partnering up with other services in the cybercrime supply chain, enabling different criminal groups to practice their core competencies while working together to earn more illicit profits than they would be able to gather working individually. How to stay safe in the future Victims who have fallen to this ransomware should visit www.nomoreransom.org where this new decryption tool is available for free. The best cure against ransomware remains diligent prevention. Users are strongly advised to: Always keep a copy of their most important files somewhere else: in the cloud, on another drive, on a memory stick, or on another computer. Use reliable and up-to-date anti-virus software. Not download programs from suspicious sources Not open attachments in e-mails from unknown senders, even if they look important and credible And if you are a victim, don’t pay the ransom! Find more information and prevention tips on www.nomoreransom.org

The French Judicial Police (DCPJ) and the Italian Carabinieri Corps, with support from Europol and Eurojust, arrested 23 individuals and dismantled 2 criminal networks suspected of producing and distributing counterfeit banknotes in France and Italy. The networks produced various denominations: 20 and 50 euro counterfeit banknotes and distributed EUR 45 000 in 100 euro counterfeit banknotes since 2016, causing EUR 4.5 million worth of damage to the economy. The case was initiated earlier this year when the French National Police specialised units were tipped off about the distribution of fake banknotes. Investigations led the police to discover an organised crime group producing counterfeit banknotes in a print shop in Naples, Italy. The banknotes were later distributed by a different crime ring in Nancy, France. The criminals in France regularly drove to Naples where they visited members of a Neapolitan family firm to whom they bought the counterfeit banknotes. Once back in France they resold the banknotes and they were put into circulation from Nancy to other EU Member States. Print shop dismantled in Naples The action day took place on 16 October, after establishing a Joint Investigation Team in May, between the authorities from both countries with the assistance of Europol and Eurojust. In France, nine suspects were taken into custody alongside the search of their respective houses. In the meantime 14 members of the illegal production group were arrested in Naples, the same city in which the police officers dismantled the print shop where the banknotes were supplied. Printing and digital equipment was also seized. During the action day, French police officers were deployed to Italy and Italian Carabinieri officers took part in the operation in France. Europol attended five operational meetings and supported the operation by financing two of them, one in France and one in Italy. During the investigations there was a continuous exchange of information and Europol also financed specific operational measures conducted by the DCPJ, of the French National police, in the framework of a grant for euro counterfeiting.

In an operation supported by Europol, the Bulgarian authorities with the collaboration of the U.S. Secret Service have seized EUR 11 million and USD 1.7 million in counterfeit 50, 100 and 500 euro banknotes, as well as 100 and 50 counterfeit US dollars. The fake banknotes were found in an illegal print shop concealed in the basement of a hotel in Sunny Beach (Slantchev Briag), a resort on the Black Sea. This is one of the biggest and the most modern counterfeiting print shops dismantled in Europe in recent years. The print shop used a highly sophisticated and modern printing press that produced high-quality banknotes. On 20 October 2018, more than 30 addresses across Bulgaria were raided during the operation. As a result, four members of the organised criminal group were detained, including the hotel owner. Europol supported the investigation by providing analytical and operational support, including information-exchange and cross-checks against Europol’s databases, and by financing special police measures under the grant for the fight against euro counterfeiting. Europol experts also attended one operational meeting in Bulgaria. At this stage of the investigation, and as the printing house is a new factory, Bulgarian authorities have confirmed the likelihood that the counterfeit banknotes are already in circulation, in or outside Bulgaria, is rather minimal. Watch the video

After almost 18 months of investigation, the Central Investigation Group on Housebreaking Theft, of the Osnabrück Police in northern Germany, in close cooperation with the Osnabrück Public Prosecutor’s Office and the coordination of Europol, succeeded in a significant blow to an international operating burglary gang which committed more than 100 crimes in Belgium, Denmark, Germany, and the Netherlands. Material damage over EUR 150 000 The crimes, mostly burglaries of farms or isolated houses, were planned from Overijssel in the Netherlands and committed across international borders. Police officers identified 21 members of this mobile organised crime group and arrested 11 suspected burglars. All members of the same large Dutch family, the suspects have been charged with over 100 burglaries in four countries, including in several German federal states. The total material damage is estimated to be over 150 000 euros. The suspects were extremely secretive and professional in their execution. They operated in teams which changed daily and used technical equipment to warn or instruct their accomplices when committing the crimes. The perpetrators also used many types of vehicles, often registered to bogus owners. International police cooperation In Germany, the 21 suspected gang members have a proven record of 64 burglaries: 25 in Lower Saxony and 39 in North Rhine-Westphalia. In Belgium and the Netherlands, investigators registered further offences which could also be attributed to the group. The Danish Police established references to various property offences in Denmark in connection with the burglary gang, resulting in international police cooperation which spanned four countries. The success of this operation was possible due to the intensive cooperation of the central investigation team of the Osnabrück Police, with law enforcement from Belgium, Denmark, the Netherlands and North Rhine-Westphalia. Europol supported the operation from the beginning by organising an operational meeting, analysing data and deploying a mobile office on-the-spot during the action day.

One of the most serious aspects of this phenomenon is the role of the family, with Europol receiving regular notifications of children being sold to criminal networks by their families. In some cases they engage directly in the trafficking and exploitation of their own children. Female suspects play a key role in the trafficking and exploitation of minors, much more than in criminal networks which are trafficking adult victims. Most of the cases reported to Europol involve networks escorting non-EU minor victims across the entire route from their country of origin to the place of exploitation, frequently with the involvement of smuggling networks. Smuggling of minor victims through the external borders and across member states usually entails the use of forged travel documents. Criminal profits are mainly redirected to the country of origin of the key suspect, in small amounts via money transfer services and in larger sums using criminal money couriers and mules. Children are trafficked from around the world into the EU. The majority of non-EU networks reported to Europol involved Nigerian organised crime groups which are trafficking young girls to be sexually exploited. Children in migration and unaccompanied minors are at higher risk of trafficking and exploitation. Although the scale of trafficking of unaccompanied minors remains unknown, a future increase is expected. These are some of the findings of the Situation Report on Criminal networks involved in the Trafficking and Exploitation of Underage Victims in the European Union , which Europol released today on the occasion of the EU Anti-Trafficking Day.  Most comprehensive evidence-based picture to date For this first time ever on such a scale, this report provides an in-depth picture of the features of criminal networks involved in one of the most ominous crimes of all – the abuse of vulnerable children. For the purpose of the report, operational intelligence from almost 600 contributions  involving trafficked underage victims was used, all of which were reported to Europol by the Member States between 2015 and 2017. In Europe, thousands of minors continue to be trafficked and exploited to generate profits for criminal networks, accounting for over 20% of all identified victims of trafficking according to UNICEF . Europol increasingly receives information on trafficking networks operating across Member States, taking advantage of the vulnerability of children to sexually exploit them and to abuse them in labour exploitation. Other criminal groups place victims on the streets to beg for money, force them to commit various types of crimes, sell them through illegal adoption schemes and defraud the welfare state. Exploited children in vulnerable situations deserve to be protected more than anyone else. This landmark report draws on months and years of investigation and information exchange between devoted national anti-trafficking units in the Member States and Europol to  draw the most up-to-date intelligence picture of this heinous crime”, said Europol’s Executive Director Catherine De Bolle. “Together with EU Member States, we will build on the finding of this report to better support future investigative actions at both national and EU-level against trafficking of the weakest social category of all – vulnerable children "Trafficking of minors is the lowest and most vile crime against those who need our protection most. On EU Anti-Trafficking Day, this report shows once again that we cannot close our eyes to what is happening on EU soil and outside.”, commented the European Commissioner for Migration, Home Affairs and Citizenship Dimitris Avramopoulos. “Together with Member States and the support of Europol we must continue fighting to eradicate this heinous exploitation and abuse of children." Released on the occasion of the EU Anti-Trafficking Day on 18 October, this report is produced in the framework of the EU Policy Cycle for Organised Crime and Serious International Crime. More details and context can be found in the report itself. Download the report.

Europol coordinated the international Operation Tarantelo, conducted by the Spanish Guardia Civil with support of French, Italian, Maltese and Portuguese authorities, in which 79 individuals were arrested More than 80 000 kg of illicit Bluefin tuna were seized and it is estimated the network trafficked a volume of over 2.5 million kg a year Several poisoning cases were detected due to the unsanitary conditions in which the fish were stored Operation Tarantelo was launched when the Spanish Guardia Civil became aware of irregularities relating to Bluefin tuna fishing in the Mediterranean Sea. Investigations revealed that the fish was being traded illegally in Spain, but imported into the country through French harbours, after being caught in Italian and Maltese waters. While the fish caught in Maltese waters were illegally imported using documents from legal fishing and authorised farms, the fish caught in Italian waters arrived in Spain without documents or inspections. Although most of the fish was caught in Malta and Italy, in Spanish waters there were also unauthorised catches, in this case, the illegally fished Bluefin tuna was transported in false bottoms under the deck of a vessel. The illegal Bluefin tuna market is double the legal market This illegal Bluefin tuna market was up to 2.5 million kg a year and it is estimated criminals earn at least EUR 5 profit per kg; total illegal profits amount to EUR 12.5 million. The volume of this illegal trade is double the annual volume of the legal trade, which is estimated to be 1.25 million kg. A human health crime The tuna business is often linked to other crimes such as food fraud or document fraud. The main risks for consumer health were due to the unsanitary conditions in which the fish was transported and stored. Sometimes the fish was hidden underwater after it was fished, awaiting transportation. The supply chain was interrupted several times, which made the tuna go off and the risk of food poisoning higher for eventual customers. Several cases of food poisoning were detected after eating the tuna, due to the degradation of proteins from the unhygienic conditions in which the tuna was stored. Europol’s support was crucial for the success of Operation Tarantelo, not only by providing analysis support but also providing permanent expertise and advice from environmental crime experts and coordinating meetings for information exchange. On the action day, two mobile offices were deployed to Italy and Spain and Universal Forensic Extraction Devices (UFEDs) for on-the-spot support. The Spanish Guardia Civil arrested 79 suspects and carried out 25 searches. In addition, police seized more than 80 000 kg of illegal Bluefin tuna, alongside EUR 500 000 in cash and seven luxury vehicles. In Italy experts specialising in food health and safety, Carabinieri NAS, carried out 23 inspections and identified 45 suspects, reported one individual and seized 541 kg of tuna as well as relevant documentation. In Portugal the Food Safety and Economic Authority (ASAE) carried out one inspection including several administrative reports and examined relevant documents. Watch the video

The arrestees were members of an organised crime group dealing with forged passports and suspected of trafficking thousands of people. Various groups from the extensive network had already been dismantled in Albania last March. The migrants, looking for a better life in Canada, the United Kingdom or the USA, were recruited in Albania and the former Yugoslav Republic of Macedonia and paid between USD 20 000 and 25 000 in exchange for forged travel documents. Investigators from the Spanish National Police were able to identify and arrest 27 migrants in numerous Spanish airports travelling with forged documents from several European countries. Action Day in Skopje The action day took place on 4 October in different locations in the former Yugoslav Republic of Macedonia. On searching properties, police officers seized amounts of money: EUR 1 800, USD 14 500, CHF 4 400 and AUD 500, alongside two luxury vehicles, one firearm, cartridges, 14 mobile phones, four Australian passports, a copy of a Canadian passport and applications for Canadian visas, among other documents. Operation Passport was carried out by the National Unit for Suppression of Migrant Smuggling and Trafficking in Human Beings of the former Yugoslav Republic of Macedonia, in collaboration with the U.S. Diplomatic Security Service, U.S. Customs and Border Protection, and Homeland Security Investigations in the USA. The European Migrant Smuggling Centre at Europol supported the case by organising the initial meeting with all the involved parties. During the investigation, information was cross-checked in the Europol database and shared with the involved partners to collect as much intelligence as possible. Europol coordinated the action taken in the former Yugoslav Republic of Macedonia between police officers from several European countries such as Albania, Austria, Bulgaria and Spain. During the takedown, Europol was present in Skopje with forensic and operational support.  

With the support of Europol, the Romanian special forces and the Italian Polizia di Stato located and arrested last week in Oradea (Romania) a suspect known as V.B.. The suspect was wanted by the Italian authorities for his involvement in an international drug trafficking case, for which he was sentenced to 15 years of imprisonment by an Italian court. In particular, the individual is one of the first international drug brokers who linked the Italian mafia group Cosa Nostra with Ndrangheta and with Colombian drug cartels. Europol supported the case, since the individual had links to other EU Member States and third parties. This arrest – the result of a fruitful exchange of information between Europol, Italy and other EU Member States, is the fifth of its kind as part of the Italian project ‘Eurosearch’, which aims to locate and capture dangerous mafia fugitives in Europe. Europol is supporting the project ‘Eurosearch’ and the related investigations with ENFAST (European Network of Fugitive Active Search Teams) and with its dedicated AP ITOC (Analysis Project on Italian Organised Crime) which analytical and operational support, such as organising dedicated operational meeting at its headquarters in The Hague.

As the European Union faces increasing threats from organised crime groups and terrorist attacks inspired by religious, left- and right-wing ideologies, an effective law enforcement response must include the availability of well-trained and EU-wide interoperable special intervention units. Therefore, Europol and the ATLAS Network (the cooperation platform of 38 special intervention units of EU Member States and associated countries, Switzerland, Norway and Iceland) today signed the terms of enhanced cooperation. The document was signed by Herbert Kickl, Austria’s Minister of the Interior, representing the Presidency of the Council of the European Union; ATLAS Chairman Commander Bernhard Treibenreif; and Europol’s Executive Director Catherine De Bolle. According to the terms of cooperation, an ATLAS Support Office will be established as a team attached to the European Counter Terrorism Centre (ECTC) within the Operations Directorate at Europol’s headquarters in The Hague, the Netherlands. The ATLAS Support Office will be the main interface of ATLAS with Europol and will support the ATLAS Chairmanship by providing contacts to strategic and operational experts at Europol in the relevant areas of combating terrorism and serious and organised crime. Europol’s Executive Director Catherine De Bolle: “I am very pleased to open a new chapter of cooperation between Europol and the Special Intervention Units of the EU Member States gathered in the ATLAS Network. I am sure that the closer relationship between Europol and ATLAS will bring added value to the preparedness of the law enforcement community and therefore for the safety of all European citizens. One important element we are pleased to see is the facilitation of cross-border deployment of Special Intervention Units. Europol is also committed to supporting ATLAS with the development of ambitious projects for the future, including the establishment of joint training activities and the pooling of resources. ” Herbert Kickl, Minister of the Interior of Austria: “Cooperation between the ATLAS Network and Europol is an important step in the EU and an essential element of the Austrian Presidency of the Council of the European Union. In a crisis situation, special intervention units must be able to support each other across borders.” The signing of the agreement coincides with the ATLAS common challenge, a counter terrorism exercise in seven European regions taking place from 8 to 11 October. The ATLAS common challenge exercise aims to test the effective operational readiness of European special intervention units as regards cross-border operations. Furthermore the exercise will gather information on warning systems and assistance procedures when tested under real-life circumstances. The different scenarios of the ATLAS common challenge are: Group 1: maritime scenario Special intervention units: GSG 9 (Germany), DSI (Netherlands), NI (Sweden), AKS (Denmark), DELTA (Norway), KARHU (Finland) Scenario: this scenario trains the forces for a hostage situation on a vessel on the Baltic Sea. The difficulties lie in the coordination of the assault forces (approach with several helicopters and speedboats in the dark), communication and controlling the different operation phases.  Group 2: aeroplane scenario Special intervention units: UEI (Spain), GIGN (France), DSU (Belgium), GIS (Italy), GEO (Spain), GOE and GNR (Portugal) Scenario: at the disused Teruel airport in Spain, units are trained to deal with the hijacking of a wide-body aircraft. Current technical developments of ATLAS projects regarding the mechanical opening of aeroplane doors or the opening with breaching methods are to be tested during this operation.  Group 3: metro scenario Special intervention units: BOA (Poland), OMEGA (Latvia), ARAS (Lithuania), K-Komando (Estonia) Scenario: terrorists have taken 500 hostages on a metro train in Warsaw. The special intervention units will try to free and evacuate all the hostages. Group 4: mass hostage scenario Special intervention units: LYNX (Slovakia), Cobra (Austria), URNA (Czech Republic), TEK (Hungary), RED PANTHER (Slovenia), SIU (Croatia) Scenario: in the historical Slovakian town Komárno a situation similar to that of Paris in 2015 is being re-enacted. The main difficulties here are the rapid response to highly mobile offenders, coordination of many different units and the use of armoured vehicles or special vehicles. EKO Cobra will assist the Slovakian unit with up to 50 officers during the operation. Group 5: land/sea scenario Special intervention units: VIKING (Iceland), ERU (Ireland), PSNI (Northern Ireland), SCO 19 (England) Scenario: this scenario is based on a counter terrorism operation which starts in Iceland and ends in Northern Ireland through cross-border cooperation with a common assault. Group 6: train and CBRN scenario Special intervention units: SEK (BW-Germany), USP (Luxembourg), RAID (France), SIU (Switzerland), NOCS (Italy) Scenario: in the German federal state of Baden-Württemberg, a passenger train has been taken over by terrorists. In the course of negotiations the units gain information that a dirty bomb could be used. Therefore CBRN specialists from the French units RAID are brought in. Group 7: bus hijacking scenario Special intervention units: EKAM (Greece), EAO (Cyprus), SOBT (Bulgaria), SIAS and BSIJ (Romania) Scenario: a coach has been hijacked in northern Greece. It is being tracked by Greek and Bulgarian special intervention units to Bucharest. In order to prevent it entering Ukraine, the units assault what are now two hijacked coaches. The operation is being coordinated by a crisis centre in Bucharest. Central information and coordination hub at Europol During the entire exercise a central information and coordination hub will be installed in an operational room at Europol headquarters. Liaison officers from the different regional organising units alongside members of the ATLAS Command and Control Forum will be present to visualise situation reports of the transnational operations as well as support the regional operation coordination. Watch the video

In the first week of October Europol, CEPOL and the Belgian Federal Police organised a follow-up training course on dismantling illicit synthetic drug laboratories at the Campus Vesta training centre in Emblem, Belgium. This year the course was attended by 21 participants from 15 EU Member States and Colombia. The participants had the chance to carry out a series of practical exercises under real-life conditions, including a simulated illicit synthetic drug laboratory environment. One of the main aims of this course is to better understand how synthetic drugs are produced and the methodology and risks which can be encountered by law enforcement and forensic officers during the dismantling of illicit synthetic drug laboratories. The training course was led by experts from Europol’s Drug Team together with colleagues from Belgium, the Netherlands and Poland. The objectives of the course were to: recognise production methods of illicit drugs, especially synthetic substances; identify production equipment/chemicals seized in production units; implement precautions and safety measures to protect colleagues during raid operations on illicit drug laboratories, including the decontamination process; plan and organise future raids as well as the collection of evidence; understand the new trends and developments in the area of synthetic drugs.