Europol acts as a global command center in the fight against cybercrime, connecting people, data and operations across borders to identify and dismantle criminal groups faster. Marijn Schuurbiers, head of operations at Europol’s European Cybercrime Centre (EC3), revealed the inner workings of the agency during the ESET World conference.
Schuurbiers described Europol as the largest police hub in the world, where officers from member states and partner countries like the US, UK and Japan work together under one roof. The Joint Cybercrime Action Taskforce (J-CAT) brings together specialist investigators who collaborate in real time, often in a single room.
– If a new ransomware attack emerges in the morning, an officer does not have to search for the right desk – they just look up and ask a colleague if they have experience with that specific malware. That is how you build operational momentum – added Schuurbiers.
Data hub with real-time intelligence
Beyond personnel, Europol functions as a data hub. The Europol Information System (EIS) automatically ingests data from ongoing investigations across EU states every night, giving the agency a near-real-time overview of all cases related to its mandate. For information that goes beyond EIS, member states use SIENA – a secure communication platform that enables cross-border data sharing.
– If France wants to ask Spain about a cybercriminal group, and Norway simultaneously contacts Germany about the same group, Europol sees all these inquiries and can merge them into a single joint investigation – explained Schuurbiers.
Private sector partners contribute through the Cyber Intelligence Gateway, sharing threat data and analytical expertise directly with Europol’s operational teams.
Hybrid threats and the poker table
Schuurbiers compared the fight against cybercrime to a poker game, with law enforcement, intelligence agencies and private companies on one side, and cybercriminals, state actors and hacktivists on the other. The key is collaboration among the 'good players’ – they must be willing to show their cards when an operation demands it.
– I don’t care who at our side of the table wins a given round, as long as someone on the other side loses – he stated.
A major challenge is the blurring of lines between different types of threat actors. State-sponsored groups increasingly pursue financial gain through ransomware, while hacktivists carry out politically motivated attacks on critical infrastructure. This hybrid reality complicates the division of responsibilities between police and intelligence services.
– What was once clearly separated is now merging. In a hybrid world, the boundaries between actors are no longer clear – stressed Schuurbiers.
Europol’s operations focus on targeting the entire criminal ecosystem rather than individual victims. By taking down a key service used by multiple criminals, they disrupt hundreds of attacks at once. Even when arrests are not possible, the agency places suspects on the EU Most Wanted List to send a message that they are not untouchable.
Źródło: WNP.PL, Fot. Nikola Bochyńska / PTWP
