 Then let's go and let me first, you know, to welcome to all the participants to the security seminar and especially I would like to welcome as well the two presenters that, by the way, one of them would not be presentially today here and his speech is recorded and the other one, which is Jonathan Luzhouse and the other one, Tobias Vloch, who is going to be, let me say, participating to the session. In the way that we are going to operate is that we are going to listen first, the first presentation, and then we will record and pick up your Q&A and obviously pass to Jonathan in order that in offline he give us the answers and then we will try to reach or we will reach you to give you your answers because we will not be able to get it real time obviously because he's not present. On the case of Tobias, yes, I mean he's going to be here and then we will have these Q&A sessions and that will be a real event, I mean that we can take up today. So let's go to start with the first presentation and few words about the presenter, Jonathan Luzhouse, he's director of the Human Cyber Criminal Project and senior research fellow in the Department of Sociology of the University of Oxford. He is also research fellow in the Newfield College and a joint associate professor in UNSW Cambria Cyber. Jonathan research focus, it's mainly focus on human side, and as well the profit driven, driven cyber security or cybercrime. So mainly try to find out, you know, who are the cyber criminals and what are the organization else behind. And he's regularly speaking in many conferences, so he had a large experience to talk in conferences, and he's author as well to research articles and as well articles, for instance, the one that was in the Harvard University Press like also the industry anonymity inside the business of the crime published by the Harvard University as was said. So I will propose that we move to the presentation, the presentation is called inside the business of cybercrime. And I wish you enjoy this first speaker. So I'm presenting on a talk today based on my academic research called inside the business of cybercrime. It's a shame that I can't be there live for this event, but I'm very happy to engage with any questions for this event at another point. And I hope that it's a very successful event. So I, as I mentioned, I'm talking about this topic of cybercrime from the academic perspective, but I really am talking about it from a specific academic perspective, which is as a sociologist to someone who studies people. And so what I like to start with is images of two particular cyber criminals. And these are two of the most important cyber criminals in the history of all of cybercrime in my view. And why they're important is that they founded a website almost decades ago now so we're talking about the early 2000s. And this website was called Carter planet and its function was to provide a location where cyber criminals come together online, where they could trade they could do business. The kind of well known business that they're doing the time was credit card fraud of different kinds, but they were involved in a whole range of different types of criminality. In a sense, this website Carter planet became a model for a lot of marketplaces that followed online. So we talk a lot now today about the dark net or the dark web. And what we're talking about here is 20 years ago, really like a prototype for this type of activity. And this was individuals who were rooted in certain cases, these two gentlemen, Dimitri Golubov and Roman Vega. They were based in the Ukraine originally anyway, and they were core members but there was a network of people from across the region and also across the world who were getting involved in this. And it was highly professional this was the kind of turning point for cybercrime where not only did they trade various elements so you're talking about trading credit card data talking about trading services. They also had escrow systems, they had reputation systems they had a system of vetting and vouching. And so it was very sophisticated in terms of trying to establish the and protect the network. It's also very famous case because a lot of the people involved in this actually met in person so they met for a number of conventions in Odessa in Ukraine. So basically big meetings, business conferences as you would in any other industry, they came together to discuss the state of the credit card fraud industry and brought a cybercrime, and it was very important for them to be able to meet up in person from time to time. So I like to introduce this so we see the kind of human angle of what we're talking about here when we begin talking about cybercrime. In terms of the evolution of cybercrime. This is something that over time has shifted from kind of kind of amateur type of activity one was built more around fun messing around not really heavily profit driven but over time we get that emergence of a profit driven cyber criminal industry in my view. So we see in the 90s. So many cases started to come into existence, but it's really the 2000s Carter planet is one example but there's many others where we start to see offenders from around the world become increasingly successful increasingly professional. And so this, in my mind it is the shift towards industrialization shift occurs because we start to put more and more things value online. There's more money floating around a lot more data floating around in terms of how we use the internet and other types of platforms. And this is because we're seeing the value in that in terms of legitimate society and as a result of that we're creating more opportunity for people to try and compromise that data to try and make money from from theft from fraud from extortion, my whole range of activities. And so what we see now what we've seen over the past years from the 2000s up to the present is a process of increasing industrialization of increasing sophistication and organization. And so the industry of cybercrime today is one that's highly specialized. We're seeing a whole range of different disciplines is very clear division of labor we have people who are very good at organizing with others who are very technical. One of the mistakes people made is assuming everyone involved in cybercrime is super technical at a high level code or a hacker or something like this. Actually, we see some people involved who are not particularly technical at all. They're good at organizing or they might be involved on the money side of things, which is an area where you need less of a technical skill set and more of a traditional criminal one in terms of how to manage the proceeds of crime. How do you learn the money? How do you move money? How do you keep people under your control make sure that they're not going to run away with the money that is the sort of output a lot of the cybercriminal schemes. So this is hugely important this kind of massive area, the massive number of specialties and subspecialties involved in cybercrime. And so as a result of that you need people who are trained in those in those particular skill sets and that's very important. And so that's why you see a whole range of different people getting involved in cybercrime. It's not just one type of profiles. It's a number of different types of people. And what we also see is I mentioned before is these types of marketplaces which in some cases very large we're talking about up to thousands of members and other cases much smaller. And we also see operational groupings that I think look very much like firms. And in my view are kind of like cybercriminal startups. These are groups of people who've come together around a particular project or idea. There's a very strong technical focus in certain settings. And they're kind of doing exactly the same thing you'd expect someone to do in a regular startup. It's just that they're doing this for a criminal end. And often you're even seeing very similar types of people. So when I talk about being professional, we're seeing people who are highly educated, highly capable and actually could work in the legitimate industry if they wished. And sometimes they actually do and move between the two or they have some kind of interests at any one time, some of which are criminal and some of which are in legitimate tech sector. So that's very important to note in terms of the threat that we're coming up against. So the core puzzle in terms of the research that I've done and that I find particularly fascinating is really trying to understand how this process of industrialization has taken place. And when cybercrime seems to be very low trust type of environment. So it's an environment where not only is everyone involved with criminals. So these are not the types of people you'd expect that they're trustworthy, they're going to work well together. But also, the bigger problem tied to that is that you don't necessarily know even who you're dealing with. So if you're working with someone online, how do you know who they are? How do you come to an agreement? So what we're seeing is really a very interesting puzzle form. And this is the puzzle that's driven a lot of my research up to this point, which is how do cybercriminals collaborate with others in order to carry out illegal enterprises on an industrial scale. And so I'm trying to really pick that apart and talk you through that very quickly in this short presentation. So what I did was actually travel around the world for about seven years, interviewing 238 participants. These are people from law enforcement from the tech sector, we're tracking this type of stuff and former cybercriminals who are very, very useful source of information in terms of that real detail and nuance of how this world works. So I went to 20 different countries. I tried to make sure that I went to a number of the hotspots of places that are known to have some association with cybercrime of one kind or another. So places like Ukraine, Russia, Romania, Nigeria, Brazil, and a number of other locations as well, and to really get a sense of the different flavors of cybercrime. So what was the local kind of variation or local specialization in terms of cybercrime that was coming out of some of these locations. That was a huge part of my work to try and get to these different places and see what was happening on the ground. And so this in one slide, I'm going to try and sum up about seven years at work, hopefully successfully. Which is how do we solve this puzzle of these cybercriminals working together on this industrial scale. And so when I began this work, I thought, well, it's best to instead of stuff from first principles to actually just take what was known within academia already so there's a huge literature within the social sciences on trust and on cooperation. And so I tried to draw on that that knowledge, rather than start again. And one point that I looked at was the issue of trust but what I discovered when I started doing research into this area was that the concept of trustworthiness was actually more valuable so trust is kind of an incorporation of a particular type of risk. And it's the risk that you don't know if the person on the other side of the bargain is going to live up to what they say trustworthiness is actually more relevant to these types of discussions because what we're looking at is how do I assess whether this person is going to be less risky to deal with and so those things are going to be really important. But when I did delve into both the theoretical literature and then also went and interviewed all these people around the world. What I discovered was that cybercriminals were far less innovative than we talk about so we like to think of this as being very fast moving dynamic area that come out with all sorts of new stuff. But in reality what I found was they were using the same kind of principles to assess trustworthiness to enhance cooperation as we do in legitimate world. And so you know it's very well known to people reputation is one area that's that's important you'd like to work with people that you know something about them. You know what their track record is you might have worked with them personally before that's going to be very important in terms of deciding whether you want to continue working with such a person and for cyber criminals reputation is huge. And it's very important to them to find someone that they that they can work successfully with a good relationship with, and a lot of the interviews I did with former cyber criminals indicated this is really key if they found someone who was a good partner they wanted to stick with them for as long as possible. You see other aspects of this also relevant to trustworthiness in terms of performance which is kind of like getting people to pass tests of one kind or another so often they might start with a small type of business or try to get someone to demonstrate their capability. To move to more significant tasks at a time and appearance is also quite important but very difficult in cyber, because you can manipulate so many aspects of your appearance but what I found is things like language, whether you speak Russian whether you speak English, the amount of time that you spend online, these elements that are harder to kind of fake, and they're quite appealing to people if you've been around on a community for a really long time or I can sense that we have some type of cultural connection that might play a role in someone that's trustworthy. So this is really important. The other part of this is enforcement. This is not so much about whether we have trust for a particular individual but actually there's a system in place where we think okay it's highly likely that the agreement will be honoured, because we have maybe our own enforcement, or we have an external enforcer some sort of guarantor who can provide escrow or who can enforce the deal or provide some kind of dispute resolution if things go wrong. And cyber criminals actually have done this. They have a dispute resolution function in certain forums and marketplaces, as I mentioned, they have escrow systems. But again what they're doing it's very interesting and very effective but it's taking what's known in other aspects of human life and what's known to work in other aspects of human life and applying it to this particular cyber criminal setting. So the last substantive point I want to address quickly is just one of the solutions to the puzzle that I found was quite surprising which is some of the cyber criminals actually were cheating in a sense that they were taking on this puzzle not so much as one where we just are going to deal with people online, that this is the issue of dealing with online criminals, they decided well actually I'll work with people I know in person. So I found a surprising number of cases where cyber criminals were working with people from their local community or they knew from their neighbourhood or they'd grown up with, went to school with, or university with. And in other cases where they met people online and then over time developed a kind of offline relationship and this was actually very important for how they trusted each other and how they co-operated together. And it's something that we often don't think about. So I think it's important to mention that this is kind of backdoor to getting very effective cyber criminal cooperation and getting to that level of industrialisation that I'm talking about. In certain cases what we've seen is is whole, you know, villages or areas where there's really a strong sense of industry. So these types of cyber criminal startups as I'm referring to you get some instances of people operating out of a physical office building. So they're operating very much at the most extreme form as a tech company and that's what we're seeing in cyber crime. That's how sophisticated it's become. So to conclude very quickly, I think we're talking about cyber security awareness here. So it's very important to be aware of the motivated and professional threat here. So what I've tried to explain in human terms that these are people and they're very effective and capable people, sometimes highly educated people who we might expect to see in the tech sector. We're kind of seeing a shadow industry at what I call a criminal Silicon Valley emerging where we're seeing this highly capable and organised industry that is really the function of which is to attack and is to steal and to defraud and carry out these types of criminal activity. So that's very important to note because it tells us what we're up against. But what I think is the one kind of nice point or in some sense the value we can take out of that which makes it less scary is that as effective as they are the other point of being trying to make is that they're not as innovative as we think. So why they're effective is that if something works, they keep using it, they keep evolving, they keep trying to improve their business. But it's much rarer for them to completely have a kind of revolution to completely start and do something new. So it's much more a process of evolution. And as a result of that, what that means on the defence side is that if we can be serious about dealing with this threat, if we can be serious about trying to respond to it, it's actually about implementing the fundamentals in many cases. So coming up against this organised industry, it's about doing what we need to do in reverse rather than something that's much more complicated. And so that for me is a kind of silver lining here and something which you think about going forward in terms of trying to deal with this threat. So on that note, thank you very much and I hope you enjoy this event. Okay, we will pass over. Thank you to Jonathan. Please feel free to put some questions. I copy three times you know these things it was not intentionally so I'm not so insistent. I will assume as well that the research will be easy to find. And if I have a question that we can take, we will try to find some of these, let me say public articles and then in the reply we will put you know some of the links that you have access. So I will ask you know Jonathan to pass some of this material as somebody was requested in the chat. Any wish? Any other requirements? There is also a book available on this topic and Professor Lustos will be also available to if there is a general interest to make another live session with the bank. Okay, thank you Monica. For the time being let's let's at least you know retrieve some of this information to share with the colleagues that today participate and then we will see. Then if that it is on the first, let me say round of questions, I will say that we move to Tobias Vilo. Okay, maybe Tobias Tobias, we are we have the pleasure to have Tobias with us today. And I'm going to, to your bio Tobias Tobias Vilo works in the European cyber crime center at the Europol and leads the dark web team. The particular focus of the dark web team is investigations to dismantle organizations of crime groups operating in the dark market places. In 2014, he built up this, this task or this group, and, and to combat mainly with together with international police, all these computer cyber creep at the Europol this group, mainly objective are to drive and to coordinate actions against the key cyber crime threats. Before that Tobias Vilo conducted cyber investigations at the German Federated Criminal Police Tobias the floor is your and the title of the presentation will be European Europol fights against cyber crime. It was a very interesting presentation from Jonathan. And now we will talk about the economy of cyber crime and the Europols fight against cyber crime. First and foremost, thanks very much for the invitation to the European Central Bank, very privileged to speak here today. The European Central Bank is a valued and trusted member of the European cyber crime centers advisory groups, which we have a constant exchange with. And it's good to share our knowledge and this is what I'm going to take up on here. So in the next 25 30 minutes, I will talk about cyber crime and I will concentrate on the most nefarious threats of cyber crime or talk about dark market places or talk about ransomware. I'll talk about carding and all those things. If that doesn't ring a bell to you. No worries. I'm going to go through it with you. I'll also give you an outlook of the most. And if there's one takeaway from this presentation that I would like you to remember is that no one can fight cyber crime on its own. And I will also take up on this quotes during my presentation and you will see it. So let's jump right into it. And I wanted to start with then a concrete example that we had. And as you can see here, there's a press release from Europe or that we published yesterday and resulted in a rest of 150 targets that we were able to identify it. And these targets where vendors mostly drug vendors operating on one of the largest dark market places or dark, dark market. And this marketplace was taken down earlier this year. One of the services operation is that we concentrated on the so called high value targets. These are the vendors and drug vendors. And as you can see here, on the right hand side also a few numbers of the drug seizures that we had and also the cash and virtual currency seizures that we had in the course. And I would say that this operation is not finished yet. We will still working on other targets and go through them one by one. This was just a spotlight on those targets that we considered the most nefarious ones. The countries that took part in this operation is Australia, Bulgaria, France, Germany, Italy, the Netherlands, Switzerland, the UK and various agencies from the United States. And if you're wrong to take all the praise, the praise goes mostly to the law enforcement agencies of those involved countries. So, let's go to the next slide. And what you can see here is a press release that I just mentioned. This is the takedown of dark marketplace called dark markets, what you see on the right hand side is a so called seizure banner. So this marketplace was taken down and beginning of this year and then took us eight months roughly to work on the targets to prepare them to identify them to work with the agencies to coordinate it. And that also resulted in the action of 150 arrests. It's not always easy. It takes a long time, but we eventually very successful. And what you can also see on the seizure banner, it's in German language because the operation was run by the German police. And below, which is a little bit blurred out is the English text and then you can see also the agencies that were involved in this operation. So when you talk about a dark marketplace. And how big a dark marketplaces I listed up some figures for you. And this dark marketplace had 500,000 registered users. And out of those 500,000 registered users, they were buyers and sellers. They were like 2,400 sellers and over 300,000 transactions. That is quite a lot. And these marketplaces are actually very high in demand. They're also built up like a normal marketplace as you would see on Amazon or eBay. And the reason why it is, is because it's it replicates those marketplaces also replicates the shopping experience. You can search for all kinds of illegal commodities for illegal services, whatever you're interested in. So if you think about where's a place to buy drugs weapons explosives. And it's specifically dark market places. You can also buy all other illegal commodities on forums on image boards on car shops and various other things. But it's mostly on dark market places. And the most important question is actually not only where can you buy these things. It is more important to think about where do criminals get educated. You don't wake up and say like, okay, today I will become a cyber criminal. It's more like a process. So he starts from a young age and then you develop. But where do you get your knowledge from. And this is the dark one. And if you're successful criminal, then you might end up as a vendor on one of these dark market places. And that's why we put so much effort into into it to not only take down these marketplaces, but also to identify the users. What are dark marketplaces. You can picture it's as the surface web and the deep web and the dark web so surface web is everything that you probably use in your daily life so use your client which can be a Mozilla Firefox or Chrome or Safari and you search on the internet on a clear web, whatever you want. And then there's a deep web. These are pages that are not indexed by Google, but they are also there. And then there's a dark web and this is an area that you can only access with a special client that's a tool browser. You can also only access these marketplaces with the help of this tool browser. Now the criminals use it because these kind of domains are so-called onion domains and the hosting location is not visible or very, very hard to identify almost impossible to identify. But before we go into some of the threats, let me just quickly show you how the cyber crime center is built up. So, and the areas that we are responsible for. So you have a payment fork you have high tech crime you have child sex for expectation, you have cyber intelligence area and then the dark web area. And that is my team running these investigations and operations. Let's talk about some high profile attacks. So, again, I can talk for hours about cyber crime, but I only concentrate on the on the high profile attacks. So we had a recent attack in Germany where ransomware attacked a hospital and not only encrypted data, but also encrypted server infrastructure. So this gets very serious because you might think that, okay, you can't access patients data anymore. That is severe on its own. But if it also access the communication of machines that keep people alive that it can then can get very life-threatening. And this is also a very serious case. Another case that we worked on was a cyber attack on SolarWinds, an energy provider that was also the beginning of this year. And another case that you might know from the press is the ransomware attack on the colonial pipeline. What does all these attacks have in common apart from the fact that ransomware was dropped? All these attacks happened on critical infrastructure. Now, if you get infected by malware and your personal computers affected and your file are encrypted and you can't access your family photos or any sensitive documents, sensitive personal documents that you have on your laptop. That is not nice. If you have a backup, that's good. But let's say you can't access those family photos. And that is not so nice. But if IT infrastructure is encrypted and you can't communicate anymore and it's critical infrastructure, then it's getting very serious. And it can also happen with various other sectors. So critical infrastructure is divided in the healthcare sector, in the financial sector, in the energy sector, in the transportation sector and so on. So let's imagine a big bank or a few banks are attacked with a ransomware and you as a customer on a Monday morning can't conduct any transactions anymore because it's not possible. The effect that would result in is chaos. So we don't want this to happen. So our job is to identify those criminals go after the infrastructure and also stop those ransomware payments. Here's one of the latest successes that we have. Two members that were arrested in the Ukraine. You can see that the press releases from the 4th of October. We worked very closely with the French authorities and the Ukraine authorities and collaboration with the US FBI. And that resulted also in two arrests and two search for seven surfboards. Now you might think like, okay, two arrests. That's actually not that much if you talk about ransomware and I just mentioned 150 arrests. But if those two are administrators and responsible for spreading malware as through the whole of Europe and the US, then it's quite a big deal to arrest two individuals. Now, let's talk a little bit about how a cyber criminals operating and I would like to take you on a small journey with me. And most people asked me to be as what is cyber crime as a service and how has cyber crime developed and how has it specialized and I would like to give you a concrete example. So you have a cyber criminal and this is in the middle of this chart. And the cyber criminal is let's say he's 14 years old he's unexperienced. He would like to conduct a cyber crime attack and let's take maybe a ransomware attack, but he has zero knowledge. It's something that we see very often that somebody is not very knowledgeable, but he can actually buy every service that he wants. He has to pay for it of course, but he has to buy every service and he doesn't need to have the knowledge. So, let's say he's looking for a specific piece of malware. Where's he going to buy it. He's going to buy it on an underground forum or any other communication platform. Now he has this piece of malware, but he doesn't know if this piece of nowhere is actually worse or what is worse is it actually possible to deploy it or not. So he has a tested against a so called counter antivirus service is this CAV counter antivirus service. So these are services that are offered in the underground economy and you can upload and test your malware against common antivirus services. So see if it's been detected or not. If it's not being detected, if it's more, it's more worse and then more success of and you have a higher success rate of deployment. But what else you would need a botnet to spread your malware, because you don't want to affect one machine. You want to have a wide reach you want to affect multiple machines. Maybe you want to even target critical infrastructure. You want to target big corporations, not even the end user but big corporations that might pay you a ransom. That could be possible. And therefore need an infrastructure. BPH stands for bulletproof hosting bulletproof hosting is an internet service provider that provides you various servers and also infrastructures to split your malware. These services very often don't block any details and they also don't like to work with law enforcement. So it makes it harder for us to get on the bottom of identifying or dismantling that infrastructure. And then you want to attack your banks, but you don't want to attack only one bank, you want to attack multiple banks. So you have various identifiers here, and you are the cyber criminal and you are the middle and again, you are not very knowledgeable. And for us, it's very often that goes for every criminal case that's like solving a puzzle and you have a piece of a puzzle everywhere, but even more that goes for cyber crime cases. So let's take this example. You have a malware on an underground forum that was designed, let's say by a Russian speaking individual in Eastern Europe, and I'm taking here a random example. And this malware is using an IT infrastructure that's being hosted in Germany, France and the Netherlands. And the malware itself attacks banks in the US and the UK. And there you go. That's your classic cybercrime case. And this is what we deal with on a daily basis. And every cybercrime investigator will definitely assure you that is a normal cybercrime case. You will very rarely find a case where you have a Dutch individual is operating with a Dutch infrastructure and only targets Dutch banks. That is what I have not seen so far in my career. And then at the end, you also need meals, you need money meals because you also want to cash out your funds. But again, all those services you can buy. You can buy the malware, you can buy the botnet, you can buy the infrastructure. You can pay the money meals and then eventually hide your traces. All these identifiers need to be brought together. And that is being done at Europol and the JKIT, the Joint Cybercrime Action Task Force. That is here at Europol and consists of dedicated law enforcement officers from various countries and their cybercrime units. So let's talk about some challenges that we have in fighting cybercrime. And no worries. I'm not trying to educate you here as a dark web investigator. But just to make you aware of what kind of challenges we deal with and why does cases take eight months for preparation until they come into action. So I start clockwise and I start with a loss of data that we have. So every European country has a different data retention and data might not be there anymore. If an attack happens later than a year or you get data that is later than a year or a hard drive that you need to evaluate and need to analyze. And there's data on there and that is older than a year and it makes it much harder for us to get maybe subscriber information on an email address or telephone number. Criminals also work with encryption. If we get a data set, it doesn't mean that it's decrypted. We might need to encrypt it. We might do decrypted first. And that can take maybe days, weeks, months. It depends on the encryption on the level of encryption. Criminals also work with cryptocurrencies. They don't use a bank account that would be good for us, but that would be very stupid for a criminal. So I use cryptocurrencies. Bitcoin is only the most prominent one. But there are loads of other cryptocurrencies and especially those monsters are very high privacy component that are being used by cyber criminals. Then criminals itself, they operate on the dark web. As I said before, they try to hide their hosting location. So we have a loss of location. We don't know where to start. We don't know where the legislation is. Then we work in a public private corporation and partnerships. So Europol doesn't claim that we have knowledge of all the data. It's actually the other side. We need to work with private industry partners. If you think of, for instance, breadcard details that are being sold online, and that is victim data that we don't know if that is valid or not. That can only be verified by the banks or by the car teams. So that's why we also need to work with private industry partners very closely and also with academia. As I said before, no one can fight cybercrime honestly. Also every other country has different legal frameworks, different legislations that we need to respect. We have an MLA process, a mutual legal assistance process that is in place that we try to harmonize. But again, it's still cross-border and we also need to respect different legislations of other countries. And then also the last point we need to train ourselves. Cybercrime modus operandis are constantly evolving and crime will never disappear. It will always develop and we need to adapt it. Here are some of the key aspects and the assets that we have at Europol. So that's first and foremost our expertise and what it may be in analyzing data sets. We are very knowledgeable on big data, on decryption for instance. We provide operational support on the spot to support if any country plans an operational action. We have the data storage. We have a large database where we run our identifiers through and create cross-match reports. We have the network, we have the liaison bureaus so we can reach out to any law enforcement agency. At Europol has an operational agreement with that can be a European country, but that can also be a third party country. Let's say Canada, the US or Australia for instance. And we also provide the secure exchange. So as a police agency, we communicate with other police agencies on a very secure exchange and make sure that that's operational data that we exchange is not going to get lost. But only to give an idea of what Europol is doing and how we conduct our operations. What is also very interesting for us is the type of cyber threats that we deal with. So what is the motivation somebody is doing an attack? It's very often, you might think it's very often financially motivators and it might be also an organized crime group, but also very often we don't know if it's an organized crime group. As I showed before, when you saw the cyber crime as a service example, crime as a service example, you can buy all these services. So criminals don't need to know each other. They just need to buy the service in. And actually this model also developed as ransomware as a service or hacking as a service. If you look at the administrators of dark marketplaces, we had in the past, Wall Street markers, one of the biggest dark marketplaces that was taken down. The three administrators, they are running into the court proceedings right now. They haven't physically never met before. They only operate online. And if you talk about dark marketplaces, that's like a minimum trust environment. So you need to generate this trust. You need to build up your username and you need to communicate a lot and trust doesn't come overnight. But we also have hacktibers, we have insiders, we have criminals that are politically motivated. So all that is important to do our threat assessment and also to get to the bottom of this case and eventually put all the pieces of puzzles together, connect the dots and try to see the bigger picture. So this is one of the other actions that we had that I just want to quickly highlight. We not only try to do or help agencies and operational actions, but we also try to get to a stage where we say, okay, we do something on a preventive site before a crime happens. And then this carding action that's also press release from last year, we were able to identify 90,000 pieces of credit card details that were not for sale on dark web forms yet. We were able to identify servers where those credit card details were hosted, and we very closely work with the car teams together in order for them to provide these details to their frauds units and identify the customer. And then also notify the customer and block the card or flag any future transactions. So we try to get actually to the point before a cyber crime happens. And therefore we need to work very closely with private industry partners. But this is just another example of our cooperation. Let's go into the trends. And I'm also coming to the end of the presentation. These are the key findings from the eye of the 2020 that you see here. The eye of the internet organized crime threat assessment. These are only the trends that I wanted to highlight. There is loads of more trends that we saw. And it's also from last year, because a new eye author for 2021 is not out yet. It will be released very shortly beginning of November. Keep your eyes peeled. The members of our advisory group, they will get a copy before the official release date. Here, I just highlighted for you some of the trends that we see. So that we always say what we've said for the past years that ransomware will remain a dominant threat. And that also social engineering is one of the things that criminals use. If they can't overcome technical measures implemented by companies, they will always rely on social engineering. And what we also see is that life cycles of dark web marketplaces have shortened. That is due to law enforcement work. We've taken down these marketplaces. And new marketplaces are constantly popping up. But again, the life cycle is rather shortened. Let's have a quick outlook for you on the trends that we see in 2021 and also in the years coming that are highlighted here for you. It's a little bit exclusive. So again, the eye doctor 2021 will come out. You can download it. It's for free. It's nothing that is confidential. Instead, we actually would like to educate European citizens. And so here you can see some of the trends. So again, ransomware will remain one of the most inferior threats. Specifically, those kinds of ransomware that targets third party providers as they also create a potential significant damage for other organizations specifically in the supply chain and also in the critical infrastructure. The ransomware tax that we have seen last year and this year, they will certainly increase. And they will also target other organizations. It's for us, not a matter of if organizations are being targeted, but when. Also, what we will see is that cryptocurrencies will continue to facilitate payments for various forms of cyber crimes. And specifically those ones that are privacy orientated and crypto coins, but also decentralized exchange services and so on. Some of the coins that we saw over the years and also popping up and will be continuous. For instance, Monero dash or Zcash. Those are kind of coins that are predominately used by cyber criminals. And what you find now is marketplaces that only accept Monero, for instance, as method of payment and not Bitcoin anymore. Clueless will also migrate to other businesses, specifically encrypted communication apps, because the user interaction is much more direct and also they can hide their location, they can act more anonymous. And they can instantly get a feedback on what they need, whatever it is. If they need some credit card details or maybe compromised locking credentials, they can easily buy it. And it's not only dark marketplaces anymore. It's also telegram channels, for instance, we definitely can see and we will see the decrease of large scale marketplaces. The marketplaces that are popping up will be taken down quicker. And it also makes harder for criminals. And we heard earlier from Johnson that reputation plays a big role for cyber criminals. And so does for vendors in this minimum trust environment. You need to build up your reputation if you want to be a so called power seller. You also need to have a lot of feedback you need to have a lot of good reviews and order for customers to buy from you. What we also see that people will rely on those kind of customers that are by very often and the customers will rely on those kind of vendors that have only a high rating of positive feedback. What we also see is in terms of dark marketplaces. We see wallet less marketplaces we will see user less marketplaces. So these are the kind of things that makes it harder for us. And doesn't make our life easier, but we are definitely we're definitely on it and try to conduct our investigations. As I said before, nobody can fight cybercrime on its own. We work as a private sector. We work on the internet governance side with academia institutional partners. And of course, our main important partners are the law enforcement agencies. All these partners together will help us to fight cybercrime and also for will help us to fight cybercrime on a sustainable level, and not only for the snapshot. Here are some of the prevention campaigns that I listed up and then I'm already coming to the end of my presentation and the last slides. We try to educate European citizens. What is money mulling? How can you prevent sexual online sexual harassment? How can you do safe online shopping? What you need to take into consideration for mobile malware, for instance, those kind of things that we try to reach the public and try to raise awareness and try to educate them. One of the most successful campaigns that we had is the normal ransom campaign that I listed here up for you. So victims that are infected with ransomware, they can either upload the files themselves or the ransomware note and then see if there's a decryptor key and it will help them to decrypt their data. We had a lot of successes. I mean that also you can see from the numbers. For now, I think we started with a very low numbers of partners that increased and now we have 140 partners. We have the website available in several languages. There's several tools. There's several decryption keys. So we helped a lot of victims. It doesn't mean that we can help all of the cases, but we try to help a lot of the cases. And this is the last slide of my presentation. That is what we're also trying to do is to raise awareness in the public. So if you're buying on the dark web, be aware because what you're buying might be fake. And also, if you're dealing specifically on the marketplaces you're operating with criminals, you work in this zero trust environment, and the criminals have their data. And for sure, if they find an opportunity to rip off you, you and your data, they will certainly go for it. So was that I showed you some of the trends that we see in cyber crimes or the prevention campaigns that we did some of the actions that we conducted. I hope you have any questions. If you have, I'm definitely looking forward to it. Thanks very much for your attention.