What works and what doesn’t: helping the police to find the best strategy

According to what was published by the Rand corporation, the so-called focused deterrent is not new, as it was initiated by the Boston police force in the mid-90s by the pioneering Operation Cessos, which was aimed at chronic violent offenders and involved activities to help to reduce the city’s murder rate.As part of the focused deterrent, the police intervened high-risk groups and individuals in order to prevent future violence.

Key strategic steps of the focused deterrent

1Identify high-risk criminals, a process that involves community leaders and frontline police officers.
2 Have a communication meeting; explain why the intervention is taking place; and involving social services, families and members of the community.
3Provide services for those who wish to change their behaviour.
4Provide support for community members.
5 Creationof rapid and proportional sanctions for those who continue to be involved in violent crime.

In the United States there are over 18,000 police agencies. There is no database nor a sole objective source that shows what works better and how to apply it.

Bearing in mind that evidence shows that the focused deterrent is successful, why isn’t it used in more police departments?

This is when the RAND Tool Guide Better Policing is introduced. It is designed to help police agencies to find and learn about effective police strategies and apply them.

The set of tools could be a valuable resource for the police in a climate involving police strategies being more necessary than ever.

Feedback of the strategies

The set of tools specifies three very effective surveillance strategies. The first focused deterrent helps those with a high risk of participating in violence; the second, the police service aimed at problem solving, which addresses problems taking place in specific places; and the third, surveillance of legitimacy, is centred on community trust. The tool kit is also linked to a previous guide from the Department of Justice that describes the best practices to resolve homicides and other serious crimes.

The most effective police strategies in the Better Policing tool kit:

Focused deterrent
Intervene high-risk people and groups

Problem oriented policing
Address crimes in risky places

Legitimacy policy
Focus on relations with the community and elicit trust

_____

Aquest apunt en català / Esta entrada en español / Post en français

The global initiative ‘No More Ransom’ tries to avoid more computer victims

Although recently there haven’t been incidents of high-profile ransomware like the Wannacry and NotPetya outbreaks, this year, the increase in variants of GandCrab and SamSam demonstrates that the ransomware threat continues to be very active and highly adaptable.

It is believed that malware to block files with GandCrab has infected over half a million victims since it was first detected in January 2018.

With cyber criminals experimenting with self-propagating tactics that are increasingly sophisticated and technical, ransomware could have been a highly profitable option for them, if it were not for the fact that decryption tools No More Ransom prevented some 22 million US dollars making its way into their pockets.

Launched in July 2016, the online portal No More Ransom is now available in 35 different languages and contains 59 free deciphering tools, which cover some 91 typologies of ransomware.

More recently, the Romanian police force, Europol and Bitdefender, published a universal deciphering tool for the aggressive blocking of files by malwareGandCrab. This tool has allowed for the recovery of encrypted files, until now, of over 4,400 victims from over 150 countries, with several hundreds of thousands of victims who may need help.

There are already over 129 members, the latest: Bleeping Computer, Cisco and ESET are new associated members of No MoreRansom, while Microsoft, Symantec, Coveware and Northwind Data Recovery joined a support unit.

Cyprus, Estonia, Scotland and Sweden also joined during the course of last year, which meant that 41 organisms are now involved in law enforcement.

To date, the tools provided by No MoreRansom have managed to decrypt the infected computers of over 72,000 victims worldwide, but there are still many more victims that need help.

The best remedy for ransomware continues to be diligent prevention. Users are recommended to:

  • Always have copies of the most important files in a different place: on the cloud, in another unit, in a memory or on another computer.
    • Use reliable and up-to-date antivirus programmes.
    • Not to download programmes from suspicious sources.
    • Not to open files from emails from unknown senders, even if they are thought to be important and credible.
    • And if you are victims, never pay the ransom!

_____

Aquest apunt en català / Esta entrada en español / Post en français

 

The EU Policy Cycle: a European mechanism to address organised crime together

In 2010, the European Union established a four-year cycle to develop certain policies in terms of organised International crime and the threats this poses for different European states and citizens. The objective of these policies is to ensure cooperation between the different actors involved to achieve a coherent and coordinated performance to address the threats to the European Union posed by organised crime. On 1st January of this year the second cycle started, to succeed the first (2014-2017), which ended in 2021.

On 5th June, during the Council of Justice and Interior of the Council of the European Union, which took place in Luxemburg, the ministers of justice and the interior of the different countries of the Union and/or permanent representatives of these on the Council reviewed and assessed the impact of the first cycle (2014-2017), and also dealt with issues like the policy regarding the granting of visas, migration policy and the European system of asylum. The participants at the Council agreed to declare the success of the Policy Cycles project as a tool of cooperation between European states to combat organised crime and the added value it provides.

Moreover, different aspects that needed to be focused on and worked on were determined:

  • Strengthen coordination between organisms at a national level
  • Make the EU Policy Cycle known to the competent authorities
  • Promote knowledge of the project externally
  • Promote the commitment of organs of the European Union to the project
  • Develop new solutions beyond the traditional application of the law to address the priorities and needs of the Union

The areas to be focused on in the cycle 2018-2021 are those adopted as priorities by the Council of the European Union in May of last year, based on recommendations made by the SOCTA (Serious and Organised Crime Threat Assessment):

  • Cyber crime
  • Drug trafficking
  • Illegal immigration trafficking
  • Organised crime against property
  • Unknown intracommunity operator fraud
  • Environmental crime
  • Capital laundering and financial crime
  • Falsifying documentation

Based on adopted action points and priorities, EUROPOL is designing the strategic plans (MASP – Multi Annual Strategic Action Plans) that define specific objectives to combat this threat. Once the plans are defined, the different projects of the EMPACT (European Multidisciplinary Platform against Criminal Threats) establishes the action plans (OAP – Operational Action Plans). For each priority area a different OAP is designed that will be implemented in a coordinated way by the different states and organisations of the Union. The fourth and last step of the cycle is the revision and assessment of the effectiveness of the different OAPs when combating each of the priority threats by the Permanente Operative Cooperation Committee in terms of Internal Security (COSI), and also based on the SOCTA drawn up by EUROPOL. With the assessment of results, the COSI is responsible for recommending adaptations and modifications in any area.

In accordance with the different assessments of the project both by EUROPOL and by the Council of Ministers of Justice and the Interior of the Council of the European Union, the results of the EU Policy Cycle are positive and noteworthy in each of the priority areas. We are still, however, in the first year of the second cycle and it is therefore too soon to determine its success. It will be necessary to, at least, wait until the next assessment by the COSI or until 2021, when the assessment report will be published with recommendations for the next four years.

For further information:

Justice and Home Affairs Council (04-05/06/2018): https://www.consilium.europa.eu/en/meetings/jha/2018/06/04-05/

EU Policy Cycle (EMPACT): https://www.europol.europa.eu/crime-areas-and-trends/eu-policy-cycle-empact

_____

Aquest apunt en català / Esta entrada en español / Post en français

 

Seven fraudulent ways of making money disappear

The Europol Cyber Crime Centre (EC3), the European Banking Federation and their members from the public and private sector have disseminated an awareness-raising campaign related to the seven most common online financial swindles. The campaign, called #CyberScams, was done last October within the framework of the European Month of Cybernetic Security and promotes cybernetic security for citizens and organisations, putting the stress on simple steps to protect personal, financial and professional data.

Police forces from 28 EU member states, from five non-member states of the EU, of 24 national bank associations and banks and many other investigators against cybercrime want to heighten the public’s awareness of this criminal phenomenon. This pan-European effort promoted was pushed forward by a communication campaign via social channels and the application of national laws, banking associations and financial institutions.

Following the recommendations of the IOCTA 2018, the most effective defence against social engineering is the education of potential victims that could be any of us when we are on line. Making the public aware of how to identify these deceptive techniques can provide us with both personal and financial security online.

For this campaign, the support material,  which includes information concerning the 7 most common online financial scams and how to avoid them, has been done in 27 different languages and is available to be downloaded by the public:

  • CEO fraud: the swindlers pretend to be your CEO or a senior representative of the organisation and invite you to pay a false bill or make a non-authorised transfer from your current account.
  • Invoice fraud: they pretend to be one of your clients or suppliers and they deceive you into paying future bills into a different bank account.
  • Phishing / smishing / vishing: they tell you or send you a text message or email to cheat you into sharing your personal, financial or security information.
  • Fraudulent use of bank webpages: they use bank phishing emails with a falsified web link. Once you click on the link, a range of methods are used to gather your personal and financial information. The site looks like the legitimate page, with minimal differences.
  • Romantic scam: they pretend to be interested in a romantic relationship. This usually happens on online dating websites, but the fraudsters often use social networks or email to make contact.
  • Theft of personal details: they gather your personal information via social network channels.
  • Investments and swindles involving online purchases: they make you think that you are an intelligent investment or present you with a great but false online offer.

Internet has become very attractive to cybercriminals. Attackers use sophisticated tricks and promises to make money or to obtain valuable financial information. Swindles involving a lost family member or Nigerian princes are not the only tricks any more. The tactics used by cybercriminals are getting more innovative and increasingly difficult to detect. From pretending to be the CEO of your organisation and pretending to have a romantic interest, today’s swindlers will do whatever it takes to get what they want: your money and your bank credentials.

Social engineering continues to grow as the driving force of many cybernetic crimes, with phishing being the most frequent form. Criminals use them to meet a range of objectives: to obtain your personal data, seize your accounts, steel your identity, begin illegal payments or persuade you to continue with any other activity against your interests, like transferring money or sharing personal data. One simple click could be enough to compromise your entire organisation.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The European Commission asks for a step forwards in terms of security

Until the beginning of October 2018, a range of legislative proposals presented by the Commission have been passed, but many important files that should be processed before the European Parliament elections in May 2019 are still due. The Commission therefore asks for such tasks to be accelerated and for all pending security-related projects to be adopted quickly. In particular, the one that is defined by the joint Declaration and the new measures proposed by President Juncker in his speech on the state of the Union in 2018.

Over the last three years, the Commission has adopted measures to reinforce the security of the EU and its external borders. Attempts at terrorist attacks, the use of chemical weapons in the streets of a member state and, more recently, the cyber attack that was aborted in the headquarters of an international organisation reveal that Europe is still an objective and, therefore, security and collective resilience must be improved. It is therefore necessary to gain an insight into the following aspects:

  • Protect Europeans on the network. Bearing in mind the latest hostile cybernetic operations, it is vital that all legislative proposals are given full priority. Moreover, in order to ensure that Internet platforms are not used to disseminate online terrorist content, the European Parliament must approve the obligation to suppress content of this kind within an hour.
  • Inter-operability of EU information systems: it is necessary to allow EU information systems in terms of security, migration and border administration to work together efficiently and thereby improve the security of information. It is also necessary to modernise the European Criminal Records Information System (ECRIS), Eurodac and the Visa information System (VIS).
  • The fight against cross-border crime: the commission urges the European Council and the Parliament to broaden the functions of the European Prosecutor so that it can facilitate the investigation of cross-border crime and supports Commission proposals related to electronic proof, in order to help both the police and judicial authorities.
  • To reinforce borders: there is a request to approve the necessary tools to guarantee the effective management of external borders, as with the European Border and Coastguard Agency, EU return-related regulations and the European Asylum Support Office.

To support the efforts of the member states with the aim of improving EU security, the Commission assigned security finance amounting to 70 million Euros for the 2018-2019 period, distributed in the following way:

  • The fight against radicalisation: 5 million Euros.
  • The fight against QBRN threats, restricting access to home-made explosives and the protection of public areas and critical infrastructures: 9.5 million Euros.
  • Support for the application of current norms of the European register of names of passengers: 1.5 million Euros.
  • 100 million Euros for Innovative Urban Actions such as, for example, the protection of public areas.

Links of interest:

_____

Aquest apunt en català / Esta entrada en español / Post en français

Europol is working to avoid victims of flight ticket fraud

Between the 18th and  22nd June 2018, 61 countries, 69 airlines, 226 airports and 6 online travel agencies participated in the 11th edition of the Global accessibility awareness day(GAAD), focusing on criminals suspected of travelling with plane tickets purchased using stolen, copied or false credit cards. 334 suspicious transactions were informed of and several investigations started. 141 people were arrested.

The Air Transport Association (IATA) estimates that the airline industry loses over a thousand million dollars annually as a result of fraudulent online plane ticket purchases. Moreover, millions of innocent people are affected by the improper use of their credit card data.

Online fraudulent transactions are not only highly lucrative for organised crime, they are also often used to facilitate more serious criminal activities, like illegal immigration, people trafficking, drug smuggling and terrorism.

Eurojust collaborated throughout the week of action, along with the European Border and Coast Guard Agency (Frontex), which deployed officials in 22 airports. The airport communication project (AIRCOP), implemented by the United Nations Office on Drugs and Crime(UNODC), in collaboration with Interpol and the World Customs Association (WCA), also developed activities to apply the law in airports in Africa and the Middle East.

How to avoid airline fraud

Here is some advice from the Europol to avoid becoming the next victim of a too-good-to-be-true holiday package.

  • Purchase from official sources

Reserve your holidays directly with an airline or hotel, or via a reputed agent or tour operator. Look for the IATA logo on the company’s website.

  • Do your own search

Do a complete online search to guarantee that the company is legitimate. If it is suspicious, other people may have published their experiences to warn others.

  • Surf safely online

Pay special attention to the name and domain of the website. Small changes in the name or the domain, like a change from .com to .eu, may redirect you to a completely different company.

  • Pay safely

Make sure that the website uses a secure payment system and that the payment protocol is also secure (https) in order to make the payment.

  • Check the small print

Check that the webpage includes terms and conditions, a refund policy and a privacy policy.

  • Use your instinct

If something sounds too good to be true, it probably is.

  • Keep all proof and inform the police immediately.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Canada, the second country in the world to legalise cannabis

On 17 October 2018 the law passed by the Canadian senate(52 votes in favour, 29 against and 2 abstentions) in June this year came into force, that officialises the legalisation of the sale, consumption, cultivation and possession of marihuana for recreational purposes in Canada (Cannabis Act, 2018). The use of marihuana for medicinal purposes was authorised in 2001. The initiative was part of the electoral programme of the current Prime Minister, Justin Trudeau, of Canada’s Liberal Party, the same one that legalised gay marriage in the country in 2005.

Canada is the first country of the G20 that has taken this step (in the United States, it is only legal in 9 of the states and in the city of Washington) and the second in the world, a little over a year after Uruguay applied the initiative driven forward by ex-president José Mujica to legalise the consumption and purchase of marihuana by Uruguayan citizens (Law nº 19.172, 2013).

The purchase, sale and possession of cannabis cannot involve more than 30 grams (Cannabis Act, article 8, 2018). Besides, the minimum age permitted to acquire and consume cannabis is regulated in a provincial context: in all provinces, the legal age to buy and consume cannabis is 19, with the exception of Quebec and Alberta, where it is 18. The minimum age to consume marihuana coincides with the one to drink alcohol and all provinces except Manitoba, where the legal age for the consumption of alcohol is 18. Regarding places where consumption is permitted, in some provinces marihuana can be smoked in the same places where cigarettes can be smoked, and in others, it is limited to private areas.

Another regulation that is also delegated to provincial authorities is the one related to sale and distribution permits (Cannabis Act, article 69, 2018): in general, they are private companies authorised by a provincial authority licenced to cultivate and distribute cannabis, except in some provinces, where a public company is responsible for marketing the substance.

According to the Canadian Centre on Substance Use and Addiction, the objectives of the new law are mainly the following:

  • Stop Young people from having access to cannabis.
  • Protect public health and security by guaranteeing the quality of cannabis.
  • Deter criminal activity by imposing legal sanctions on those who operate outside the legal framework.
  • Reduce the amount of crime related to cannabis in the penal justice system.

Although the authorities predict that the price will be 25% higher than on the black market (about 10 Canadian dollars, equivalent to 6.7 euros), the quality will be better, which is expected to encourage consumers to acquire cannabis via legal channels. The money raised with the tax charged for cannabis will be shared between provincial (75%) and federal (25%) treasuries.

Meanwhile, with the coming into force of the Cannabis Act, a pardon is expected to be given to all those sentenced for marihuana possession -hundreds of thousands of people-, as long the amount is no more than 30 grams. This measure will mean that those sentenced for possession of marihuana will no longer be banned from entering the United States, as is the case now.

The case of Canada will be closely followed by the rest of the world, as it is the first economic power to end the prohibition of the sale and consumption of marihuana for recreational purposes. This example will surely serve to elicit debate in many other G20 countries, and the results will encourage or discourage the promotion of similar laws in other states.

For further information, you can consult the following links:

_____

Aquest apunt en català / Esta entrada en español / Post en français

#BuySafePaySafe: how to avoid becoming a victim of fraud when making card payments

Police operations against fraud with card payments are continuously taking place, even on a large scale, like that coordinated by Europol this last summer that led to 95 arrests in a joint operation involving 28 countries

Investigative measures are very complex because of the virtual and international dimension of such crime. Not only individual fraudsters but also organised crime groups are involved in this phenomenon. There are indications of professionalism and links to other criminal formats like phishing, malware attacks, the creation of web pages and the use of social network platforms to commit fraud.

Currently, approximately 80% of credit card fraud is done online. Social networks are used to create sales profiles (shops), publishing everything at half price. When something is ordered, the fraudsters make the purchases, often very expensive ones, with subtracted credit card data. The data of the stolen card is often bought on the dark net, originally filtered via data theft and with malware. When making these purchases on their web pages, victims cannot be aware that the data of their cards is also being stolen, to go on to be stolen by a seller on another criminal forum. The previously mentioned sellers tend to have tens of thousands of happy customers and receive great reviews. In the end, the banks and dealers are the ones who suffer the losses due to such fraudulent activities, which amount to thousands of millions of Euros worldwide.

The eComm 2018-Europol is an operation created as part of the fight against payment card fraud EMPACT (PCF) directed by Austria. This operation is a practical continuation of the e-commerce work group, a private-public association network established in 2014 with key actors, including the Market Risk Council (MRC) – a network of 490 electronic dealers worldwide -.E-Commerce: tips and advice to avoid becoming a fraud victim.

Some preventive advice

It is always better to avoid a crime. It is for this reason that this operational action is followed by a prevention and awareness raising campaign, #BuySafePaySafe. There are a series of security norms that can be followed to avoid being a victim of such fraud:

  • ensure that the device you use to make online purchases is well-configured and that the Internet connection is secure.
  • using a card is a secure payment method for online purchases as long as you take the same care as with other purchases
  • there are simple warning signs that can help to identify fraud. If you are a victim of online fraud, report it to the police. If you have bought the product with a credit or debit card, also inform your bank
  • Regularly review your online bank account. Immediately notify your bank if you see payments or withdrawals that you have not made.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Situation and trends in the penitentiary field in the world in 2018

The report Global Prison Trends 2018 is the fourth edition of an annual study that has been elaborated with the support of the Thailand Institute of Justice and the Penal Reform International(PRI).

Penal Reform International is a non-governmental and independent organisation that develops and promotes effective and proportionate responses to criminal justice around the world.

For example, the PRI defends the use of measures and sanctions without deprivation of liberty, a method that has expanded over recent years. This way, with alternative measures to prison, the overcrowding of centres can be reduced, especially in the case of sentences for non-violent acts or drug-related low-level offences.

For another year, the report explains that the prison situation in the world is, in general, very bad because of the degradation of conditions and the growing number of people in prison. It is for this reason that a list of recommendations has been elaborated for states and their penitentiary policies:

  • States should introduce new legislation to reduce prison rates, focussing on priorities related to measures to prevent crime, alternatives to prison and rehabilitation.
  • It is necessary to implement strategies to address the overpopulation of prisons by extending the use of alternatives to prison and fight for the reduction of poverty and inequality.
  • States should abide by, respect and the protect human rights and the procedural safeguards of those detained. This way, mistreatment and torture would be avoided.
  • Preventive prison should only be used as a last resort, and should bear in mind thepresumption of innocence and the principles of need and proportionality.
  • Monetary bale policies should be revised to ensure that people with limited resources are not discriminated against.
  • Sentencing should be guided by international law, including the UN agreements of Tokyo and Bangkok.
  • States should reduce the use of the life sentence. Life sentences without the option of parole should be abolished.
  • The living conditions of prisoners sentenced must correspond to the norms established by the so-called “Rules” of Nelson Mandela.
  • States that still apply the death penalty should move to abolish it, establishing a moratorium as a first step towards its extinction.
  • States should revise their policies related to drugs. It is necessary to decriminalise minor offences and apply proportional sentences.
  • The imprisoning of children should be a last resort, and the death penalty and life sentences should be prohibited in the case of minors.
  • States should adopt justice and protection policies and systems for children to address violence and mistreatment.
  • The UN Bangkok norms must provide guidance for states in penal justice reform in order to guarantee that systems meet the needs of imprisoned women.
  • The sentencing of women should bear in mind any victimisation, child-care responsibilities and the context of the criminal conduct, potentiating reclusion-free sanctions.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Interpol Stadia project: providing security for great sporting events

The major international sporting events, such as the Olympic Games and FIFA World Cup competitions, set many police and security-related challenges for host countries.

Apart from taking place in large, complex and scattered venues, these events can attract a range of criminal activities, from skirmishes and violence to cyber attacks and even terrorism.

With its global network of experts, Interpol is in an ideal position to serve as a central core to provide research, design, planning, coordination and training to address this challenge, within a structure that ensures certain standards of quality.

The Stadia project was founded by Interpol in 2012 and financed by Qatar, with the aim of creating a centre of excellence to help Interpol member states to plan and execute security preparation measures for major sporting events.

By combining good practices and lessons learned by member countries that have hosted major international sports events, the project can help future hosts to improve preparation measures thanks to the latest knowledge and experience.

The Stadia project organises annual meetings of experts about key issues concerning legislation, physical security and cybernetic security.

These meetings gather together police experts from all over the world, events organisation committees, government, the private sector, the academy and civil society to explore cutting-edge research and analysis and develop independent recommendations to plan and execute security arrangements for major international sporting events.

All countries that host an important sporting event want to avoid problems and be successful. Every event offers many valuable lessons, not only for the host, but also for anyone wishing to host important events in the future.

To gather good practices and lessons learned before, during and after major international sports events, the Stadia project carries out observation programmes and debates with experts from the security field, both within the public sector and the private one, that have direct responsibilities in surveillance and security operations.

The Stadia project works with recognised academic institutions to identify training needs and develop training study plans, along with a programme with international accreditation.

The accumulated learning based on a range of activities previously described is consolidated and is shared among countries that are members of Interpol via a system of knowledge based on a latest generation website with two components:

  • A broad repository of knowledge of good practice in all aspects of security of the sporting event, to which all member countries can contribute and all of which can benefit from.
  • An online collaboration platform where experts in the field can share, debate, analyse and publish information about evolutionary aspects of sports-related security regarding important events.

_____

Aquest apunt en català / Esta entrada en español / Post en français