Rob Wainwright, Director of Europol HARDtalk


Rob Wainwright, Director of Europol

Similar Content

Browse content similar to Rob Wainwright, Director of Europol. Check below for episodes and series from the same categories and more!

Transcript


LineFromTo

In every aspect of our public and private life we have become

:00:00.:00:22.

dependent on the power of the Internet and computing. That makes

:00:23.:00:26.

us vulnerable to those who would do us harm. Look at the widespread

:00:27.:00:36.

ransomware WannaCry. It shut down public institutions around the

:00:37.:00:42.

world. My guess is Rob Wainwright head of Europol. Part of the

:00:43.:00:49.

cyber-criminals steps ahead of the cyber cops?

:00:50.:01:14.

Rob Wainwright, welcome to heart talk. For the last few days you have

:01:15.:01:23.

been somewhat preoccupied with WannaCry, this ransomware which has

:01:24.:01:28.

spread across the world. How seriously should we be taking it? It

:01:29.:01:34.

is one of 200 high profile investigations against cyber crime

:01:35.:01:39.

and including that there has been this trend of these growing threat

:01:40.:01:44.

from ransomware we have never seen anything on this scale spreading

:01:45.:01:49.

across 150 countries, over 200,000 victims. It is unique characteristic

:01:50.:01:56.

combining ransomware with a wormlike function. Another very stark warning

:01:57.:02:04.

to many years that is that we have to take cybersecurity seriously. We

:02:05.:02:10.

have been aware of it for 72 hours, your team have been working on it

:02:11.:02:17.

since then. Is it still spreading? We saw over the weekend, it was

:02:18.:02:24.

spreading quite quickly. As we started the working week, new

:02:25.:02:28.

infections in the hands of thousands in parts of Asia and Russia but not

:02:29.:02:34.

in Europe. What that shows is that those responsible for security in

:02:35.:02:41.

companies have heeded our warning and they patched their systems so

:02:42.:02:45.

when the working week begins again they will not all victim to it. It

:02:46.:02:51.

has been a good exercise in public-private partnership to get

:02:52.:02:59.

the message out. EC three, top quality computer experts on the

:03:00.:03:05.

case, where is it from? We do not know yet. A lot of the focus of the

:03:06.:03:10.

attention by national agencies across the world has been really

:03:11.:03:14.

about disaster recovery. We are starting to peace together some

:03:15.:03:20.

samples and we are hoping many authorities around the world now

:03:21.:03:26.

will look at what this looks like. I will talk to you a lot about

:03:27.:03:30.

co-ordination and intelligence sharing across Europe but how about

:03:31.:03:36.

globally? Oettl into America, China, the Russians? In the global

:03:37.:03:42.

co-ordination is absolutely needed. Our focus is on protecting the

:03:43.:03:49.

European space. To do that we have the huge trans- Atlantic engagement.

:03:50.:03:54.

The Americans, the FBI are with us on fighting cyber-terrorism... I

:03:55.:04:01.

wanted to ask you about the Russians because Russia is a cyber threat but

:04:02.:04:06.

on this occasion it is fair to say that it was not originated in

:04:07.:04:11.

Russia. Are you working closely with the Russians? We do not know where

:04:12.:04:16.

it originated and we are not working closely with China or rush at...

:04:17.:04:22.

Because you do not trust them? -- Russia. A relationship is different.

:04:23.:04:30.

Interpol are helping to do that but it is true, this is the landscape we

:04:31.:04:36.

are working in. There is no single view on how to deal with cyber

:04:37.:04:42.

crime. Vladimir Putin has gone on the record saying he believes this

:04:43.:04:47.

is something that originated in the United States and pointed the finger

:04:48.:04:51.

at the US government. We know that Microsoft and we know that this

:04:52.:04:59.

ransomware attacks Microsoft windows. Microsoft says that as far

:05:00.:05:08.

as they are concerned, this ransomware was developed by the

:05:09.:05:11.

National Security Agency in the US and they were then hacked by the

:05:12.:05:15.

people who propagated this is ransomware. Can you confirm that is

:05:16.:05:22.

what happened? No, I have no Independent evidence of that. I have

:05:23.:05:27.

seen what Microsoft had said and what Vladimir Putin has said. We

:05:28.:05:32.

have no confirmation. It is a massive exploitation of the flaw

:05:33.:05:36.

within the Microsoft operating system by a criminal group stop who

:05:37.:05:40.

developed that flow? That is my question as well. You have just told

:05:41.:05:47.

me what close ties you have with US sister agencies say he would know if

:05:48.:05:53.

the NSA was indeed responsible for storing knowledge about the

:05:54.:05:58.

vulnerabilities in some Windows Microsoft operating systems. We are

:05:59.:06:04.

still working to get to the bottom of this. Cannot answer that question

:06:05.:06:10.

today. If I to say someone like that better know my facts were not a year

:06:11.:06:15.

telling me you cannot tell me all you generally do not know... We have

:06:16.:06:23.

had 4080 hours during which our focus has been stopping the

:06:24.:06:27.

spreading of this. The investigation is a high priority but it will take

:06:28.:06:34.

some time. A different point, the chief officer at Microsoft said

:06:35.:06:41.

State Security agencies spent a lot of time actually working out the

:06:42.:06:44.

vulnerabilities of all operating systems but they do not tell us what

:06:45.:06:49.

they discover and they do not tell us what knowledge say is boring

:06:50.:06:55.

about vulnerabilities in our systems and it is about time to come clean

:06:56.:07:00.

about these. Has he got a point? To be honest, and I am sorry to dodge

:07:01.:07:05.

the question, but you should be asking the security agencies. They

:07:06.:07:09.

have a job to protect our security. My job is to help police agencies

:07:10.:07:19.

about criminals. State sponsored actors can be criminals. There is a

:07:20.:07:26.

blurring of the lines, absolutely, but our primary focus of about those

:07:27.:07:34.

who are in it for commercial gain. Let's move on, if that is the limit

:07:35.:07:39.

you can tell me right now to your investigation into the ransomware we

:07:40.:07:42.

have seen spread around the world. Looking wider at cyber crime, there

:07:43.:07:49.

are people around the world who look at the scale of it at the moment and

:07:50.:07:53.

its origins and they point the finger at the Dikili at Russia. --

:07:54.:08:02.

particularly. At Europol be prepared to echo what has been set in the US,

:08:03.:08:08.

the National Father Security Centre in the UK, both saying Russia is

:08:09.:08:13.

responsible for a huge surge in cyber crime at liberty? We see

:08:14.:08:21.

criminals originating for several countries in the world but we do see

:08:22.:08:24.

a large proportion coming from Russian speaking places. Not just

:08:25.:08:31.

Russia. There are a number of regions of concern for art. The

:08:32.:08:36.

Russian speaking world is one of them. We are speaking where we can

:08:37.:08:43.

with police agencies around the world. You make a difference between

:08:44.:08:49.

state-sponsored cyber attacks and criminal cyber attacks but a

:08:50.:08:55.

comeback to this point you can often described state-sponsored activity

:08:56.:09:00.

is criminal. Case in point, the allegations of Limerick and may

:09:01.:09:05.

about Russians cyber meddling in their elections. -- the Americans

:09:06.:09:14.

made. The Germans are now saying they are braced for Russian activity

:09:15.:09:19.

in their election as well. Is this something that you are looking at?

:09:20.:09:26.

No, it is not. I made it clear I working against criminal actors. In

:09:27.:09:35.

this case it is state sponsored activity against the National

:09:36.:09:38.

security of those countries and be security agencies in those countries

:09:39.:09:43.

will lead those investigations. I am concerned about the million-dollar

:09:44.:09:50.

ransom crime. The multibillion-dollar hacking attempts

:09:51.:09:57.

on the global banking system is by sophisticated cyber crime groups

:09:58.:10:03.

developing banking Trojans and other aspects in which Internet technology

:10:04.:10:13.

has transformed the criminal world. Tell me whether you think important

:10:14.:10:18.

institutions, both private and public, whether they have made

:10:19.:10:24.

anything like the right sort of protective measures and actions to

:10:25.:10:31.

safeguard themselves from what you describe the surge of cyber

:10:32.:10:35.

criminality? For the banking that which has been in the firing line of

:10:36.:10:40.

most cyber attacks in recent years, they have learnt through painful

:10:41.:10:44.

lessons of that they should take this as a top level responsibility

:10:45.:10:49.

and they have committed to the right kind of investment and strategic

:10:50.:10:53.

framework and they are still in the firing line and still getting caught

:10:54.:10:57.

by their protection is much higher and that is why you saw on the

:10:58.:11:00.

weekend that very few banks in Europe were caught up cause their

:11:01.:11:06.

defences were quite high. In other sectors, public services, the health

:11:07.:11:12.

sector, there is a lesson. Many years still using Windows XP which

:11:13.:11:19.

is very old. We paid this picture of cyber-criminals being these

:11:20.:11:23.

futuristic geeks that can hit us anywhere and any time. They prey on

:11:24.:11:27.

the fact that we have vulnerabilities that we do not fix,

:11:28.:11:32.

that we make stupid mistakes, that we recycle old cyber tools and they

:11:33.:11:39.

catch us out. They are getting the ASICS right. How is your digital

:11:40.:11:47.

hygiene at Europol? I think it is a strong. You had to think about that

:11:48.:11:53.

and that is slightly alarming. You are an agency that is trying to

:11:54.:12:05.

achieve trust. I am wondering whether your hygiene in this field

:12:06.:12:11.

of data collection storage is as good as it could be. I think it is.

:12:12.:12:16.

I pause because I will be honest, there is no organisation that can

:12:17.:12:21.

get the threat down to zero because of the nature of the cyber-criminal

:12:22.:12:27.

activity depends on technological advances, a Kishore staff members

:12:28.:12:30.

are suitably aware of the threat and so on. For the moment we have no

:12:31.:12:39.

concerns. We take this practice readings from the UK and other

:12:40.:12:43.

governments. But I am not going to say we're absolutely safe. D using

:12:44.:12:51.

government cut corners because they cannot or will not afford the

:12:52.:12:54.

investment to upgrade their cyber defence. I do not think in the end

:12:55.:13:00.

it is about money but responsibility. It does not take a

:13:01.:13:06.

lot of money to take systems of XP. The patch older systems. It takes a

:13:07.:13:14.

recognition that this is a responsibility to put in place a

:13:15.:13:18.

security framework, to reach out to law enforcement and so on. There are

:13:19.:13:24.

institutions that give good advice. Follow that and that is 90%... Many

:13:25.:13:29.

public institutions in the UK have not in following that, why it do you

:13:30.:13:36.

think it is? It is frustrating, frankly, because in the health

:13:37.:13:40.

sector there have been multiple ransomware attack in the United

:13:41.:13:46.

States and Europe long before WannaCry came along. There are

:13:47.:13:50.

complexities to the IT systems in the health sector which I understand

:13:51.:13:55.

and are difficult to work around but in the end, this is really about

:13:56.:14:02.

taking responsibility and sorting this out in the way most global

:14:03.:14:06.

banks have been doing in many respects.

:14:07.:14:11.

To you think Europol is capable of keeping up with the abolition of

:14:12.:14:19.

more criminal activity on the Internet? If a challenge every day

:14:20.:14:23.

because we see the way in which the Internet helps to conceal the

:14:24.:14:28.

identity and communication of the offenders, particularly on the dark

:14:29.:14:31.

net. With see this wonderful technological advances coming out

:14:32.:14:36.

which is fabulous for society, we all know that. But of course, being

:14:37.:14:40.

exploited by ever more enterprising criminals and to a certain extent,

:14:41.:14:45.

terrorists. We are in this difficult challenge, I have to say. But that

:14:46.:14:53.

is why yielding... Is the gap between what you can do

:14:54.:14:56.

realistically to police the Internet and you just talked about the

:14:57.:15:00.

Duckworth and I would like to talk about that some more -- dark Web.

:15:01.:15:06.

The gap between what you can do and what the bad guys can do, is it

:15:07.:15:11.

getting wider? The river gap because we are working within legal

:15:12.:15:14.

constraints, of course we are, and they not. -- there is gap. We have

:15:15.:15:22.

the combined resources of some of the best investigators around the

:15:23.:15:26.

world and not to mention some of the wonderful partnerships we have with

:15:27.:15:30.

the private sector. If we can get that right and exercise that kind of

:15:31.:15:33.

interconnection between these different communities, we have a lot

:15:34.:15:36.

of power and we are beginning to show that. A lot of power but

:15:37.:15:41.

whatever kind of talks you have got, there are places that you can't

:15:42.:15:46.

shine its -- porch. The dark Web, it has become a huge underground

:15:47.:15:51.

criminal environment. You talk about the ways in which people, terrorists

:15:52.:15:56.

or straightforward committals can buy a British passport via the dark

:15:57.:16:01.

Web, untraceable, for 750 British pounds, about 850 US dollars. You

:16:02.:16:08.

can't keep up, that's the problem. Well, we find a particular it

:16:09.:16:12.

difficult to do that, I will be honest with you, particularly on the

:16:13.:16:17.

dark Web. It is transforming the nature of how criminal markets

:16:18.:16:23.

function. It has changed the way in which drugs are bought and sold

:16:24.:16:27.

because it protects the identity of the buyer and seller. We found one

:16:28.:16:33.

major crypto market on the dark Web back in 2015. Today it is 20.

:16:34.:16:37.

Selling hundreds of listings of drugs and other commodity. It is

:16:38.:16:41.

growing and it is very difficult for us to track it. We have had a number

:16:42.:16:45.

of successes, most recently regarding a major sexual

:16:46.:16:50.

exploitation network that was operating on the dark web. We are

:16:51.:16:55.

updating our side that we are in a race with those guys. Is anything

:16:56.:16:59.

you can see collectively to close down this criminalised dark net or

:17:00.:17:05.

dark Web? It's difficult to legislate against the dark net. Not

:17:06.:17:11.

to mention, there is a good part of it that is used for good purposes

:17:12.:17:15.

are round the world. Those people living in some countries that try to

:17:16.:17:22.

exercise freedom of speech for example. It will be difficult to ban

:17:23.:17:26.

the dark Web. What we need to make sure is that the police services and

:17:27.:17:30.

public security have better capability to investigate this. This

:17:31.:17:35.

means, I think, especially, having better partnerships with the tech

:17:36.:17:39.

sector. Are you a fan of governments, and am thinking at

:17:40.:17:42.

about the British government in the wake of the recent terrible

:17:43.:17:47.

Westminster attack, you a fan of governments that say, "As a result

:17:48.:17:51.

of what we learn of the way terrorists operate, using, as they

:17:52.:18:02.

do, encrypted communications", the politicians' response is that we

:18:03.:18:06.

need to make sure the people behind those services give us a state

:18:07.:18:12.

backed door into their system so that when required we can to survey

:18:13.:18:18.

all people, even on these supposedly encrypted systems. You a fan of

:18:19.:18:22.

that? I'm not sure the British government asked for a backdoor but

:18:23.:18:30.

they express some frustration at apps like that do not offer the

:18:31.:18:36.

ability to monitor the communications of potential

:18:37.:18:42.

terrorists. We have a means of communication, we can intercept a

:18:43.:18:46.

telephone call between two people but we cannot interrupted their

:18:47.:18:58.

WhatsApp messages. So you want total surveillance? No, not absolutely. --

:18:59.:19:04.

absolutely not. I want to give police investigators around the

:19:05.:19:07.

world at the right kind of proportionate control and

:19:08.:19:10.

supervision, the right means by which to protect our public from

:19:11.:19:15.

terrorism. That isn't the problem the public don't trust a

:19:16.:19:18.

state-sponsored organisations, people, frankly, such as yourself,

:19:19.:19:25.

to find the right balance. It is too easy for state actors such as

:19:26.:19:29.

yourself to use it what you might portray as a 1-off right to turn it

:19:30.:19:33.

into something which it looks as very much like 20 four sevenths

:19:34.:19:40.

surveillance, electronically, of everybody, all the time. Rola Winnie

:19:41.:19:44.

to avoid that. It is clearly not a proportionate way to manage the

:19:45.:19:50.

balance between privacy and security in a technocratic societies. -- we

:19:51.:19:57.

need to avoid that. There is something needs to be drawn within

:19:58.:20:01.

some parts of society and not in others. It is proportionate which is

:20:02.:20:05.

difficult to do in the Internet because of the technological design.

:20:06.:20:08.

What are your relationships like with the bosses of successful into

:20:09.:20:13.

-- Infotech companies? I'm asking because the head of Twitter said

:20:14.:20:19.

this recently, "Yeah, of course security services in each to keep

:20:20.:20:22.

people say -- safe but these disproportional surveillance they

:20:23.:20:28.

are seeking have no place in a democratic society." He will take

:20:29.:20:34.

that view, I respect that. What I will say is that Twitter is one of

:20:35.:20:38.

those companies we have an excellent partnership with in terms of

:20:39.:20:44.

removing terrorist content online. This is a voluntary code of conduct

:20:45.:20:51.

between us, Twitter, Facebook and many of the other partners, 50 of

:20:52.:20:55.

them in fact, who have helped us more aggressively take away this

:20:56.:20:59.

terrorist content in the online space. I applaud Twitter for doing

:21:00.:21:03.

that. Not every social media company is doing that but most of them are.

:21:04.:21:08.

It is an example of where sometimes, I think, public and private sector

:21:09.:21:12.

partners, even in this space, can come together and find their

:21:13.:21:15.

interests meeting in a way that supports the general public 's'

:21:16.:21:22.

good. I must ask you, something that has happened since we last spoke to

:21:23.:21:26.

each other, and that is Brexit. He used it as the director of Europol,

:21:27.:21:31.

as a Brit. You will be the last British director of Europol, that's

:21:32.:21:35.

quite obvious. You said to me when we spoke more than a year ago,

:21:36.:21:39.

fighting crime and terrorism in the UK will be more costly and much less

:21:40.:21:43.

affective if the country leaves the EU. Are you feeling that today

:21:44.:21:58.

still? I still feel the uncertainty about what will happen, Stephen.

:21:59.:22:01.

What I certainly see in the ransomware events of the last few

:22:02.:22:04.

days, terrorist incidents we have seen, make the point even strongly

:22:05.:22:08.

than what I was making a year ago. Writing crime and terrorism has

:22:09.:22:10.

become an international game. We need the closest possible

:22:11.:22:13.

collaboration in Europe. The extent to which Britain will continue to

:22:14.:22:16.

have access to it is rather dependent upon and depends upon the

:22:17.:22:19.

outcome of the negotiations. That sounds somewhat like to read the May

:22:20.:22:23.

when she presented that Article 50 letter to her colleagues in Europe

:22:24.:22:27.

saying this, "In security terms, a failure to reach an agreement will

:22:28.:22:31.

mean our ability to fight against crime and terror will be weakened."

:22:32.:22:36.

-- Theresa May. Many in Europe thought that was a form of blackmail

:22:37.:22:41.

and you seem to be playing the same game. You're didn't read the letter

:22:42.:22:44.

that way and I'm not sure most of those in Britain and read it that

:22:45.:22:50.

way --. She was steeply stating the reality that co-operation in Europe

:22:51.:22:56.

is growing because of cross-border threats -- she was simply stating.

:22:57.:23:03.

Even if you couldn't get a trade agreement or anything else, why are

:23:04.:23:07.

you conflating and putting the two together? I'm not here to be the

:23:08.:23:11.

Prime Minister's spokesman that the way I read her letter, she was

:23:12.:23:14.

simply setting out her strategic objectives under the Article 50

:23:15.:23:18.

process and she is quite right as putting security is one of those top

:23:19.:23:23.

line objectives as well as trade. Simply stating the fact that this is

:23:24.:23:27.

in the common interest of the UK and the rest of the EU to get the right

:23:28.:23:31.

kind of security deal because of the way in which what it takes these

:23:32.:23:35.

days to fight terrorism. Let me put it bluntly. Who loses out more if

:23:36.:23:40.

Britain cannot do a full-fledged security agreement with the 27

:23:41.:23:45.

remaining members of the EU in the future? Who loses out more, Britain

:23:46.:23:51.

or the EU member states? This is about the collective security

:23:52.:23:54.

interests of Europe and I think both sides understand that and we're go

:23:55.:23:58.

into negotiations with that in mind. We have two went there. Rob

:23:59.:24:02.

Wainwright, thank you for being on HARDtalk. -- we have to end there.

:24:03.:24:30.

Here in the UK, winter and spring have been drier than normal.

:24:31.:24:34.

But could May be the month that bucks the dry trend?

:24:35.:24:38.

Download Subtitles

SRT

ASS