Browse content similar to Rob Wainwright, Director of Europol. Check below for episodes and series from the same categories and more!
Line | From | To | |
---|---|---|---|
In every aspect of our public and private life we have become | :00:00. | :00:22. | |
dependent on the power of the Internet and computing. That makes | :00:23. | :00:26. | |
us vulnerable to those who would do us harm. Look at the widespread | :00:27. | :00:36. | |
ransomware WannaCry. It shut down public institutions around the | :00:37. | :00:42. | |
world. My guess is Rob Wainwright head of Europol. Part of the | :00:43. | :00:49. | |
cyber-criminals steps ahead of the cyber cops? | :00:50. | :01:14. | |
Rob Wainwright, welcome to heart talk. For the last few days you have | :01:15. | :01:23. | |
been somewhat preoccupied with WannaCry, this ransomware which has | :01:24. | :01:28. | |
spread across the world. How seriously should we be taking it? It | :01:29. | :01:34. | |
is one of 200 high profile investigations against cyber crime | :01:35. | :01:39. | |
and including that there has been this trend of these growing threat | :01:40. | :01:44. | |
from ransomware we have never seen anything on this scale spreading | :01:45. | :01:49. | |
across 150 countries, over 200,000 victims. It is unique characteristic | :01:50. | :01:56. | |
combining ransomware with a wormlike function. Another very stark warning | :01:57. | :02:04. | |
to many years that is that we have to take cybersecurity seriously. We | :02:05. | :02:10. | |
have been aware of it for 72 hours, your team have been working on it | :02:11. | :02:17. | |
since then. Is it still spreading? We saw over the weekend, it was | :02:18. | :02:24. | |
spreading quite quickly. As we started the working week, new | :02:25. | :02:28. | |
infections in the hands of thousands in parts of Asia and Russia but not | :02:29. | :02:34. | |
in Europe. What that shows is that those responsible for security in | :02:35. | :02:41. | |
companies have heeded our warning and they patched their systems so | :02:42. | :02:45. | |
when the working week begins again they will not all victim to it. It | :02:46. | :02:51. | |
has been a good exercise in public-private partnership to get | :02:52. | :02:59. | |
the message out. EC three, top quality computer experts on the | :03:00. | :03:05. | |
case, where is it from? We do not know yet. A lot of the focus of the | :03:06. | :03:10. | |
attention by national agencies across the world has been really | :03:11. | :03:14. | |
about disaster recovery. We are starting to peace together some | :03:15. | :03:20. | |
samples and we are hoping many authorities around the world now | :03:21. | :03:26. | |
will look at what this looks like. I will talk to you a lot about | :03:27. | :03:30. | |
co-ordination and intelligence sharing across Europe but how about | :03:31. | :03:36. | |
globally? Oettl into America, China, the Russians? In the global | :03:37. | :03:42. | |
co-ordination is absolutely needed. Our focus is on protecting the | :03:43. | :03:49. | |
European space. To do that we have the huge trans- Atlantic engagement. | :03:50. | :03:54. | |
The Americans, the FBI are with us on fighting cyber-terrorism... I | :03:55. | :04:01. | |
wanted to ask you about the Russians because Russia is a cyber threat but | :04:02. | :04:06. | |
on this occasion it is fair to say that it was not originated in | :04:07. | :04:11. | |
Russia. Are you working closely with the Russians? We do not know where | :04:12. | :04:16. | |
it originated and we are not working closely with China or rush at... | :04:17. | :04:22. | |
Because you do not trust them? -- Russia. A relationship is different. | :04:23. | :04:30. | |
Interpol are helping to do that but it is true, this is the landscape we | :04:31. | :04:36. | |
are working in. There is no single view on how to deal with cyber | :04:37. | :04:42. | |
crime. Vladimir Putin has gone on the record saying he believes this | :04:43. | :04:47. | |
is something that originated in the United States and pointed the finger | :04:48. | :04:51. | |
at the US government. We know that Microsoft and we know that this | :04:52. | :04:59. | |
ransomware attacks Microsoft windows. Microsoft says that as far | :05:00. | :05:08. | |
as they are concerned, this ransomware was developed by the | :05:09. | :05:11. | |
National Security Agency in the US and they were then hacked by the | :05:12. | :05:15. | |
people who propagated this is ransomware. Can you confirm that is | :05:16. | :05:22. | |
what happened? No, I have no Independent evidence of that. I have | :05:23. | :05:27. | |
seen what Microsoft had said and what Vladimir Putin has said. We | :05:28. | :05:32. | |
have no confirmation. It is a massive exploitation of the flaw | :05:33. | :05:36. | |
within the Microsoft operating system by a criminal group stop who | :05:37. | :05:40. | |
developed that flow? That is my question as well. You have just told | :05:41. | :05:47. | |
me what close ties you have with US sister agencies say he would know if | :05:48. | :05:53. | |
the NSA was indeed responsible for storing knowledge about the | :05:54. | :05:58. | |
vulnerabilities in some Windows Microsoft operating systems. We are | :05:59. | :06:04. | |
still working to get to the bottom of this. Cannot answer that question | :06:05. | :06:10. | |
today. If I to say someone like that better know my facts were not a year | :06:11. | :06:15. | |
telling me you cannot tell me all you generally do not know... We have | :06:16. | :06:23. | |
had 4080 hours during which our focus has been stopping the | :06:24. | :06:27. | |
spreading of this. The investigation is a high priority but it will take | :06:28. | :06:34. | |
some time. A different point, the chief officer at Microsoft said | :06:35. | :06:41. | |
State Security agencies spent a lot of time actually working out the | :06:42. | :06:44. | |
vulnerabilities of all operating systems but they do not tell us what | :06:45. | :06:49. | |
they discover and they do not tell us what knowledge say is boring | :06:50. | :06:55. | |
about vulnerabilities in our systems and it is about time to come clean | :06:56. | :07:00. | |
about these. Has he got a point? To be honest, and I am sorry to dodge | :07:01. | :07:05. | |
the question, but you should be asking the security agencies. They | :07:06. | :07:09. | |
have a job to protect our security. My job is to help police agencies | :07:10. | :07:19. | |
about criminals. State sponsored actors can be criminals. There is a | :07:20. | :07:26. | |
blurring of the lines, absolutely, but our primary focus of about those | :07:27. | :07:34. | |
who are in it for commercial gain. Let's move on, if that is the limit | :07:35. | :07:39. | |
you can tell me right now to your investigation into the ransomware we | :07:40. | :07:42. | |
have seen spread around the world. Looking wider at cyber crime, there | :07:43. | :07:49. | |
are people around the world who look at the scale of it at the moment and | :07:50. | :07:53. | |
its origins and they point the finger at the Dikili at Russia. -- | :07:54. | :08:02. | |
particularly. At Europol be prepared to echo what has been set in the US, | :08:03. | :08:08. | |
the National Father Security Centre in the UK, both saying Russia is | :08:09. | :08:13. | |
responsible for a huge surge in cyber crime at liberty? We see | :08:14. | :08:21. | |
criminals originating for several countries in the world but we do see | :08:22. | :08:24. | |
a large proportion coming from Russian speaking places. Not just | :08:25. | :08:31. | |
Russia. There are a number of regions of concern for art. The | :08:32. | :08:36. | |
Russian speaking world is one of them. We are speaking where we can | :08:37. | :08:43. | |
with police agencies around the world. You make a difference between | :08:44. | :08:49. | |
state-sponsored cyber attacks and criminal cyber attacks but a | :08:50. | :08:55. | |
comeback to this point you can often described state-sponsored activity | :08:56. | :09:00. | |
is criminal. Case in point, the allegations of Limerick and may | :09:01. | :09:05. | |
about Russians cyber meddling in their elections. -- the Americans | :09:06. | :09:14. | |
made. The Germans are now saying they are braced for Russian activity | :09:15. | :09:19. | |
in their election as well. Is this something that you are looking at? | :09:20. | :09:26. | |
No, it is not. I made it clear I working against criminal actors. In | :09:27. | :09:35. | |
this case it is state sponsored activity against the National | :09:36. | :09:38. | |
security of those countries and be security agencies in those countries | :09:39. | :09:43. | |
will lead those investigations. I am concerned about the million-dollar | :09:44. | :09:50. | |
ransom crime. The multibillion-dollar hacking attempts | :09:51. | :09:57. | |
on the global banking system is by sophisticated cyber crime groups | :09:58. | :10:03. | |
developing banking Trojans and other aspects in which Internet technology | :10:04. | :10:13. | |
has transformed the criminal world. Tell me whether you think important | :10:14. | :10:18. | |
institutions, both private and public, whether they have made | :10:19. | :10:24. | |
anything like the right sort of protective measures and actions to | :10:25. | :10:31. | |
safeguard themselves from what you describe the surge of cyber | :10:32. | :10:35. | |
criminality? For the banking that which has been in the firing line of | :10:36. | :10:40. | |
most cyber attacks in recent years, they have learnt through painful | :10:41. | :10:44. | |
lessons of that they should take this as a top level responsibility | :10:45. | :10:49. | |
and they have committed to the right kind of investment and strategic | :10:50. | :10:53. | |
framework and they are still in the firing line and still getting caught | :10:54. | :10:57. | |
by their protection is much higher and that is why you saw on the | :10:58. | :11:00. | |
weekend that very few banks in Europe were caught up cause their | :11:01. | :11:06. | |
defences were quite high. In other sectors, public services, the health | :11:07. | :11:12. | |
sector, there is a lesson. Many years still using Windows XP which | :11:13. | :11:19. | |
is very old. We paid this picture of cyber-criminals being these | :11:20. | :11:23. | |
futuristic geeks that can hit us anywhere and any time. They prey on | :11:24. | :11:27. | |
the fact that we have vulnerabilities that we do not fix, | :11:28. | :11:32. | |
that we make stupid mistakes, that we recycle old cyber tools and they | :11:33. | :11:39. | |
catch us out. They are getting the ASICS right. How is your digital | :11:40. | :11:47. | |
hygiene at Europol? I think it is a strong. You had to think about that | :11:48. | :11:53. | |
and that is slightly alarming. You are an agency that is trying to | :11:54. | :12:05. | |
achieve trust. I am wondering whether your hygiene in this field | :12:06. | :12:11. | |
of data collection storage is as good as it could be. I think it is. | :12:12. | :12:16. | |
I pause because I will be honest, there is no organisation that can | :12:17. | :12:21. | |
get the threat down to zero because of the nature of the cyber-criminal | :12:22. | :12:27. | |
activity depends on technological advances, a Kishore staff members | :12:28. | :12:30. | |
are suitably aware of the threat and so on. For the moment we have no | :12:31. | :12:39. | |
concerns. We take this practice readings from the UK and other | :12:40. | :12:43. | |
governments. But I am not going to say we're absolutely safe. D using | :12:44. | :12:51. | |
government cut corners because they cannot or will not afford the | :12:52. | :12:54. | |
investment to upgrade their cyber defence. I do not think in the end | :12:55. | :13:00. | |
it is about money but responsibility. It does not take a | :13:01. | :13:06. | |
lot of money to take systems of XP. The patch older systems. It takes a | :13:07. | :13:14. | |
recognition that this is a responsibility to put in place a | :13:15. | :13:18. | |
security framework, to reach out to law enforcement and so on. There are | :13:19. | :13:24. | |
institutions that give good advice. Follow that and that is 90%... Many | :13:25. | :13:29. | |
public institutions in the UK have not in following that, why it do you | :13:30. | :13:36. | |
think it is? It is frustrating, frankly, because in the health | :13:37. | :13:40. | |
sector there have been multiple ransomware attack in the United | :13:41. | :13:46. | |
States and Europe long before WannaCry came along. There are | :13:47. | :13:50. | |
complexities to the IT systems in the health sector which I understand | :13:51. | :13:55. | |
and are difficult to work around but in the end, this is really about | :13:56. | :14:02. | |
taking responsibility and sorting this out in the way most global | :14:03. | :14:06. | |
banks have been doing in many respects. | :14:07. | :14:11. | |
To you think Europol is capable of keeping up with the abolition of | :14:12. | :14:19. | |
more criminal activity on the Internet? If a challenge every day | :14:20. | :14:23. | |
because we see the way in which the Internet helps to conceal the | :14:24. | :14:28. | |
identity and communication of the offenders, particularly on the dark | :14:29. | :14:31. | |
net. With see this wonderful technological advances coming out | :14:32. | :14:36. | |
which is fabulous for society, we all know that. But of course, being | :14:37. | :14:40. | |
exploited by ever more enterprising criminals and to a certain extent, | :14:41. | :14:45. | |
terrorists. We are in this difficult challenge, I have to say. But that | :14:46. | :14:53. | |
is why yielding... Is the gap between what you can do | :14:54. | :14:56. | |
realistically to police the Internet and you just talked about the | :14:57. | :15:00. | |
Duckworth and I would like to talk about that some more -- dark Web. | :15:01. | :15:06. | |
The gap between what you can do and what the bad guys can do, is it | :15:07. | :15:11. | |
getting wider? The river gap because we are working within legal | :15:12. | :15:14. | |
constraints, of course we are, and they not. -- there is gap. We have | :15:15. | :15:22. | |
the combined resources of some of the best investigators around the | :15:23. | :15:26. | |
world and not to mention some of the wonderful partnerships we have with | :15:27. | :15:30. | |
the private sector. If we can get that right and exercise that kind of | :15:31. | :15:33. | |
interconnection between these different communities, we have a lot | :15:34. | :15:36. | |
of power and we are beginning to show that. A lot of power but | :15:37. | :15:41. | |
whatever kind of talks you have got, there are places that you can't | :15:42. | :15:46. | |
shine its -- porch. The dark Web, it has become a huge underground | :15:47. | :15:51. | |
criminal environment. You talk about the ways in which people, terrorists | :15:52. | :15:56. | |
or straightforward committals can buy a British passport via the dark | :15:57. | :16:01. | |
Web, untraceable, for 750 British pounds, about 850 US dollars. You | :16:02. | :16:08. | |
can't keep up, that's the problem. Well, we find a particular it | :16:09. | :16:12. | |
difficult to do that, I will be honest with you, particularly on the | :16:13. | :16:17. | |
dark Web. It is transforming the nature of how criminal markets | :16:18. | :16:23. | |
function. It has changed the way in which drugs are bought and sold | :16:24. | :16:27. | |
because it protects the identity of the buyer and seller. We found one | :16:28. | :16:33. | |
major crypto market on the dark Web back in 2015. Today it is 20. | :16:34. | :16:37. | |
Selling hundreds of listings of drugs and other commodity. It is | :16:38. | :16:41. | |
growing and it is very difficult for us to track it. We have had a number | :16:42. | :16:45. | |
of successes, most recently regarding a major sexual | :16:46. | :16:50. | |
exploitation network that was operating on the dark web. We are | :16:51. | :16:55. | |
updating our side that we are in a race with those guys. Is anything | :16:56. | :16:59. | |
you can see collectively to close down this criminalised dark net or | :17:00. | :17:05. | |
dark Web? It's difficult to legislate against the dark net. Not | :17:06. | :17:11. | |
to mention, there is a good part of it that is used for good purposes | :17:12. | :17:15. | |
are round the world. Those people living in some countries that try to | :17:16. | :17:22. | |
exercise freedom of speech for example. It will be difficult to ban | :17:23. | :17:26. | |
the dark Web. What we need to make sure is that the police services and | :17:27. | :17:30. | |
public security have better capability to investigate this. This | :17:31. | :17:35. | |
means, I think, especially, having better partnerships with the tech | :17:36. | :17:39. | |
sector. Are you a fan of governments, and am thinking at | :17:40. | :17:42. | |
about the British government in the wake of the recent terrible | :17:43. | :17:47. | |
Westminster attack, you a fan of governments that say, "As a result | :17:48. | :17:51. | |
of what we learn of the way terrorists operate, using, as they | :17:52. | :18:02. | |
do, encrypted communications", the politicians' response is that we | :18:03. | :18:06. | |
need to make sure the people behind those services give us a state | :18:07. | :18:12. | |
backed door into their system so that when required we can to survey | :18:13. | :18:18. | |
all people, even on these supposedly encrypted systems. You a fan of | :18:19. | :18:22. | |
that? I'm not sure the British government asked for a backdoor but | :18:23. | :18:30. | |
they express some frustration at apps like that do not offer the | :18:31. | :18:36. | |
ability to monitor the communications of potential | :18:37. | :18:42. | |
terrorists. We have a means of communication, we can intercept a | :18:43. | :18:46. | |
telephone call between two people but we cannot interrupted their | :18:47. | :18:58. | |
WhatsApp messages. So you want total surveillance? No, not absolutely. -- | :18:59. | :19:04. | |
absolutely not. I want to give police investigators around the | :19:05. | :19:07. | |
world at the right kind of proportionate control and | :19:08. | :19:10. | |
supervision, the right means by which to protect our public from | :19:11. | :19:15. | |
terrorism. That isn't the problem the public don't trust a | :19:16. | :19:18. | |
state-sponsored organisations, people, frankly, such as yourself, | :19:19. | :19:25. | |
to find the right balance. It is too easy for state actors such as | :19:26. | :19:29. | |
yourself to use it what you might portray as a 1-off right to turn it | :19:30. | :19:33. | |
into something which it looks as very much like 20 four sevenths | :19:34. | :19:40. | |
surveillance, electronically, of everybody, all the time. Rola Winnie | :19:41. | :19:44. | |
to avoid that. It is clearly not a proportionate way to manage the | :19:45. | :19:50. | |
balance between privacy and security in a technocratic societies. -- we | :19:51. | :19:57. | |
need to avoid that. There is something needs to be drawn within | :19:58. | :20:01. | |
some parts of society and not in others. It is proportionate which is | :20:02. | :20:05. | |
difficult to do in the Internet because of the technological design. | :20:06. | :20:08. | |
What are your relationships like with the bosses of successful into | :20:09. | :20:13. | |
-- Infotech companies? I'm asking because the head of Twitter said | :20:14. | :20:19. | |
this recently, "Yeah, of course security services in each to keep | :20:20. | :20:22. | |
people say -- safe but these disproportional surveillance they | :20:23. | :20:28. | |
are seeking have no place in a democratic society." He will take | :20:29. | :20:34. | |
that view, I respect that. What I will say is that Twitter is one of | :20:35. | :20:38. | |
those companies we have an excellent partnership with in terms of | :20:39. | :20:44. | |
removing terrorist content online. This is a voluntary code of conduct | :20:45. | :20:51. | |
between us, Twitter, Facebook and many of the other partners, 50 of | :20:52. | :20:55. | |
them in fact, who have helped us more aggressively take away this | :20:56. | :20:59. | |
terrorist content in the online space. I applaud Twitter for doing | :21:00. | :21:03. | |
that. Not every social media company is doing that but most of them are. | :21:04. | :21:08. | |
It is an example of where sometimes, I think, public and private sector | :21:09. | :21:12. | |
partners, even in this space, can come together and find their | :21:13. | :21:15. | |
interests meeting in a way that supports the general public 's' | :21:16. | :21:22. | |
good. I must ask you, something that has happened since we last spoke to | :21:23. | :21:26. | |
each other, and that is Brexit. He used it as the director of Europol, | :21:27. | :21:31. | |
as a Brit. You will be the last British director of Europol, that's | :21:32. | :21:35. | |
quite obvious. You said to me when we spoke more than a year ago, | :21:36. | :21:39. | |
fighting crime and terrorism in the UK will be more costly and much less | :21:40. | :21:43. | |
affective if the country leaves the EU. Are you feeling that today | :21:44. | :21:58. | |
still? I still feel the uncertainty about what will happen, Stephen. | :21:59. | :22:01. | |
What I certainly see in the ransomware events of the last few | :22:02. | :22:04. | |
days, terrorist incidents we have seen, make the point even strongly | :22:05. | :22:08. | |
than what I was making a year ago. Writing crime and terrorism has | :22:09. | :22:10. | |
become an international game. We need the closest possible | :22:11. | :22:13. | |
collaboration in Europe. The extent to which Britain will continue to | :22:14. | :22:16. | |
have access to it is rather dependent upon and depends upon the | :22:17. | :22:19. | |
outcome of the negotiations. That sounds somewhat like to read the May | :22:20. | :22:23. | |
when she presented that Article 50 letter to her colleagues in Europe | :22:24. | :22:27. | |
saying this, "In security terms, a failure to reach an agreement will | :22:28. | :22:31. | |
mean our ability to fight against crime and terror will be weakened." | :22:32. | :22:36. | |
-- Theresa May. Many in Europe thought that was a form of blackmail | :22:37. | :22:41. | |
and you seem to be playing the same game. You're didn't read the letter | :22:42. | :22:44. | |
that way and I'm not sure most of those in Britain and read it that | :22:45. | :22:50. | |
way --. She was steeply stating the reality that co-operation in Europe | :22:51. | :22:56. | |
is growing because of cross-border threats -- she was simply stating. | :22:57. | :23:03. | |
Even if you couldn't get a trade agreement or anything else, why are | :23:04. | :23:07. | |
you conflating and putting the two together? I'm not here to be the | :23:08. | :23:11. | |
Prime Minister's spokesman that the way I read her letter, she was | :23:12. | :23:14. | |
simply setting out her strategic objectives under the Article 50 | :23:15. | :23:18. | |
process and she is quite right as putting security is one of those top | :23:19. | :23:23. | |
line objectives as well as trade. Simply stating the fact that this is | :23:24. | :23:27. | |
in the common interest of the UK and the rest of the EU to get the right | :23:28. | :23:31. | |
kind of security deal because of the way in which what it takes these | :23:32. | :23:35. | |
days to fight terrorism. Let me put it bluntly. Who loses out more if | :23:36. | :23:40. | |
Britain cannot do a full-fledged security agreement with the 27 | :23:41. | :23:45. | |
remaining members of the EU in the future? Who loses out more, Britain | :23:46. | :23:51. | |
or the EU member states? This is about the collective security | :23:52. | :23:54. | |
interests of Europe and I think both sides understand that and we're go | :23:55. | :23:58. | |
into negotiations with that in mind. We have two went there. Rob | :23:59. | :24:02. | |
Wainwright, thank you for being on HARDtalk. -- we have to end there. | :24:03. | :24:30. | |
Here in the UK, winter and spring have been drier than normal. | :24:31. | :24:34. | |
But could May be the month that bucks the dry trend? | :24:35. | :24:38. |