Inside the Google of Counter-Terrorism
(Bloomberg) -- Shortly after taking over Europol a decade ago, former British MI5 officer Rob Wainwright met with then-FBI Director Robert Mueller to pitch the idea of sharing data, figuring he couldn’t turn the European Union’s budding criminal-intelligence service into a global force without America’s help.
Mueller wasn’t interested, so the Welshman says he winged it.
“If the FBI doesn’t engage here with their equivalents, the leading lights of the police world in Europe, then you’re a second-rater basically,” Wainwright said in his corner office at Europol’s headquarters in The Hague, a state-of-the-art complex with bulletproof windows. “I had to do something about that.”
Milking cooperation accords with hundreds of other agencies across Europe and abroad, Wainwright, who’s stepping down in May, has turned Europol into a transnational clearing house for information on terrorism, trafficking, laundering and hacking that now has 38 U.S. attaches—including four from the FBI. Often confused with Interpol, which operates more like the United Nations, Europol has a bigger budget, more staff and arguably greater impact than its better-known cousin.
In the last year, Europol has worked with U.S. officials to take down two of the dark web’s largest bazaars, the result of an elaborate sting that Wainwright announced in Washington alongside U.S. Attorney General Jeff Sessions. Europol and the FBI have also helped arrest 900 people linked to a global pedophile ring and, just two weeks ago, assisted Spanish authorities in capturing the Ukrainian who allegedly masterminded a malware scheme that stole 1 billion euros ($1.2 billion), including by hijacking ATMs across Europe.
But it’s Wainwright’s obsession with expanding a kind of in-house Google for terrorism that paved the way for greater cooperation with U.S. law enforcement. Recruited by MI5 after graduating from the London School of Economics in the 1980s, the affable and fit 50 year-old said learning the art of counter-terrorism at a time when Irish nationalists were still bombing English towns taught him an invaluable lesson: always work to maximize your knowledge.
When he was named executive director in 2009, Europol’s database of suspected terrorists and their networks held fewer than 6,000 “objects,” a term that refers to everything from names and addresses to phone numbers and license plates. Now it contains more than half a million, including more than 46,000 individuals.
“Europol was not really prominent in our minds seven or eight years ago, but Rob’s ability to make people aware of its capabilities has made it relevant,” said Kumar Kibble, the U.S. Department of Homeland Security’s lead representative in The Hague. “It’s taken on a momentum of its own. He’s been a visionary.”
Wainwright said Europol’s reputational arrival came hours after the attacks on Paris in November 2015, when teams of gunmen and suicide bombers killed more than 130 people at six different locations. Europe had never seen an assault like that and the French were desperate for leads, so they asked Europol to join the probe and arrange assistance from Washington.
“It takes events and live cases like that to really break the mold of what your reputation is,” Wainwright, who stands 6’5 (1.96 meters), said after a late-night flight from Bulgaria, where he was awarded the Foreign Ministry’s highest honor. “And from that, they said, ‘Ok, well what else can you do?”’
Europol, which doesn’t have arrest powers, has played a key role in major terrorism investigations since, including the bombing of American singer Ariana Grande’s concert in Manchester, England, last May. The agency, which has a staff of about 1,200 and a budget of 123 million euros, was formally founded in 1999 to combat the most sophisticated criminal networks, a mandate that now includes coordinating the cyberdefenses of the bloc’s 28 members.
The agency is currently helping with probes into the Wannacry ransomware attack that crippled parts of Britain’s National Health Service and NotPetya, which caused two companies losses of about $300 million. While not surprising to Europol’s cybercrime sleuths, Wainwright said these and other digital assaults, including Russia’s alleged burrowing into the U.S. electric grid, have served as belated wake-up calls in capitals throughout Europe.
“We recognized there was a gap in our collective systems,” he said. Each country already has a team ready to respond to major cyber incidents “and now we’re trying to network them across Europe in a more effective way.”
Wainwright, who will help run Deloitte LLP’s cybersecurity unit later this year, pointed to a recent series of bank heists as a prime example of the ever-expanding arsenal of tech weaponry that criminal groups are continuously deploying.
A gang that’s been active since at least 2013, first in conjunction with mafia in Russia and then in Moldova, infected more than 100 financial institutions in Moscow and around the globe with malware called Carbanak and Cobalt that allowed the criminals to manipulate payment systems and commandeer cash machines.
All over Central and Eastern Europe, he said mules would show up at ATMs in the middle of the night and fill up suitcases with bills that spewed out at designated times. Then they’d move down the street to the next machine and do it again a few minutes later.
It was a “brilliant, Hollywood-type scene,” he said, “probably the most advanced form of social engineering that we’ve seen.”
As the Europol chief prepares to pivot to the private sector after fighting crime on behalf of the public for 28 years, he’d like to say that he’s helped make Europe a safer place, but that would be naively optimistic.
In the last year, 18 months, there’s been “a perceptible trend towards a blending of state-actor capability with the criminal community,” Wainwright said without elaboration. “It’s therefore becoming a more dangerous game.”
©2018 Bloomberg L.P.