Inside Interpol's digital crime centre

Investigators in Interpol's new cybercrime centre are finding themselves up against geopolitical conflict, cross-border legal differences and data sovereignty policies when conducting investigations into digital crime, according to Interpol digital crime centre director Sanjay Virmani.

Interpol digital crime centre director Sanjay Virmani

Launched late last year, the Interpol global complex for innovation (IGCI) in Singapore collaborates with Interpol's French head office cybersecurity matters.

One of the IGCI’s two main directorates, overseen by Virmani, is Interpol's operational arm for cyber investigations, known as the digital crime centre (DCC).

The DCC includes a digital forensics laboratory and also provides assistance to member law enforcement agencies.

On the sidelines of the AISA national conference in Melbourne last week, Virmani told iTnews the IGCI was the first specialist centre of its kind.

“We’re based in Singapore with an eye towards Southeast Asia… but our scope is global. We’re supporting all 190 member countries and it’s a huge mandate because every country will have its own capabilities and requests,” Virmani said.

But it hasn't all been smooth sailing in the centre's first year of operation.

Dealing with multiple countries and jurisdictions makes investigating international cybercrime a tricky terrain to traverse.

"You’re going to run into a lot of issues when it comes to being able to exchange information in an expeditious manner,” Virmani said.

The situation is particularly prickly when a cybercrime investigation involves two countries involved in an ongoing diplomatic or geopolitical dispute.

“What we’ll try to do is work with them, but what works best is police-to-police co-operation, and going back to that regional working group construct, getting agencies to share intelligence,” Virmani said.

He noted that investigations into state-sponsored cyber attacks fell outside the DCC's scope.

“Clearly, when you’re dealing with certain kinds of cyber activities, it will not always be apparent initially who the actual originators of the attacks are,” he said.

“But as soon as we find out that it’s state-sponsored, or there may be state actors involved, we back away from that.”

Cross-border legal issues

Even if the countries engaged in an investigation are not involved in a diplomatic rift, differences in national laws pose challenges for investigators.

In a number of developing countries, cybercrime legislation remains weak if it exists at all. On this front, the DCC is working with such nations to improve their cyber posture.

“We have a new initiative called a national cyber review where we’ll go into a country upon their request and do a top-to-bottom assessment to identify gap areas and areas for improvement,” Virmani said.

“Then we’ll provide them with honest feedback to say ‘here are the things you can do to tighten up your posture against cybercrime’ when it comes to law enforcement or your legal framework, your technical framework, and we’ll bring in the right partners to do that.

Further complicating matters, a growing number of countries have implemented data sovereignty laws that control the transfer of various kinds of information across borders.

When member countries provide the DCC with information, they are able to put handling caveats on the data so the nation can retain control of who has access to it.

“By default, if there’s no restrictions, we’ll open it up to all our member countries, but if there are certain restrictions we’ll respect that,” Virmani said.

“And we have very strict rules when it comes to data sovereignty and privacy, based on our constitution. We have rules of processing data that goes along with that.”

Central to the DCC is the cyber fusion centre, which can provide member agencies with actionable information for investigations.

The DCC also includes four regional working groups made up of the heads of cybercrime units from different countries that meet at various times of the year.

“That makes a big difference. Often times they have expertise, but they also have insight into actionable intelligence,” Virmani said.

“If we’re working a cyber investigation, and we need to have contact with the Finnish national police, we’ll have somebody seconded there and we can use that as a conduit."

The DCC’s partners are not limited to law enforcement agencies, with private sector partnerships including Kaspersky Lab, Trend Micro, and Japan’s Cyber Defence Institute.

“We realise most of the expertise will be external to law enforcement. It’s going to be in private industry and academia. We’re in the process now, on the operational side, to links up with the folks who have that knowledge,” Virmani said.