Aubrey Lovell (00:00):
Hello friends and welcome back to Technology Now, a weekly show from Hewlett Packard Enterprise, where we take what's happening in the world and explore how it's changing the way organizations are using technology. We're your hosts, Aubrey Lovell.

Michael Bird (00:22):
And Michael Bird. Now in this episode, we are looking into the work that Interpol is doing to bring down international cyber criminals, pretty cool. For much of its existence, the International Police Organization had to work with catching criminals carrying out physical crimes. Nowadays, cyber attacks can be carried out worldwide regardless of location or physical borders. Phishing, ransomware and data breaches are just some of the challenges being faced by governments, businesses, and international police. So what can organizations across the world do to prevent themselves from becoming victims? And how are international crime agencies working together in 2024 to stem the increasingly sophisticated methods of cyber criminals?

Aubrey Lovell (01:08):
Well, if you're the kind of person who needs to know why what's going on in the world matters to your organization, this podcast is for you. And if you haven't yet subscribed to the podcast app of choice so you don't miss out. All right, let's get into it. The idea for crime agencies to collaborate globally first came about in 1914 at the first International Criminal Police, Congress and Monaco. The aim of Interpol was for police across different nations to cooperate on solving crimes, notably by building a fingerprint database. Now, it's fair to say Interpol's challenges have developed a lot in the last a hundred years, and one of the most recent emerging criminal trends is of course, cybercrime. According to estimates from Statista's Market Insights, the cost of cybercrime to the global market is going to soar from 9.22 trillion in 2024 to 13.82 trillion by 2028. It's a huge issue for individuals, organizations, and even governments. So what's being done on an international level to help protect us?

Michael Bird (02:14):
Well, our guest on this episode is Craig Jones, director of Cybercrime at Interpol, which I think will agree is one of the coolest job titles we've had on this podcast.

Aubrey Lovell (02:25):
That's so awesome.

Michael Bird (02:26):
It's pretty cool, isn't it? Now he heads a unit which works with global governments, police forces, public organizations, and the private sector to protect potential victims and help bring down cybercriminals worldwide. Craig, thank you so much for joining us. Welcome to the show. Craig, what exactly is Interpol's job when it comes to cybercrime?

Craig Jones (02:45):
Effectively, the mandate of our program is to reduce the global impact of cybercrime and protect communities for a safer world, so that to say, policing mandate. Within that, we then have four categories that we work in, prevention, detection, investigation and disruption, and dependent on the information and data sets we get, law enforcement has a different role level within each of that. So globally Interpol helps coordinate facilitate that, but as we know, it's a global threat and impacts the world, but can impact different communities at different levels effectively.

Aubrey Lovell (03:20):
Tell us about how Interpol is working with other countries to reduce cybercrime in particular?

Craig Jones (03:25):
We have about 80 activities, so we have to plan out all of those activities and it comes back to people, process and technology. What is Interpol able to do? How are we able to leverage on the coordination piece that we can have globally, but also working with a number of private entities, NGOs, United Nations, and of course 196 countries. But I think what underpins cybercrime, cybersecurity is trust and how do you build that trust? So we can do that on a local level very easily in police because we all meet at a police station or we have that local ship that we work into. But here we have to do that on a global level, and that involves us as leaders coming together in different fora, whether it's for operational, whether it's for a conference, whether it's for counter ransomware initiative. So those face-to-face meetings and that face-to-face contact is really important.

(04:20):
We connect into 196 countries, so we connect physically into the countries and software-wise using I247, so max out 24/7 network of secure transmission of messages. They can then share data and information within Interpol. So we then aggregate data sets and then we can share those data sets with other countries. We can also bring data sets in from private partners, and we have a thing called the rules of processing data, which is, it rules exactly how we can use data. We've got special committees that oversee this. And at our general Assembly in Vienna just back in December, some new rules came in for processing data. One of them was about how we handle large data sets as well, so those volume data sets that we can bring in. And this is really important because it builds that trust.

Michael Bird (05:06):
Just on that subject of trust and respecting the wishes of other countries, can you give us an example where you felt that trust and cooperation between Interpol and other countries has really come into play?

Craig Jones (05:17):
In 2019, I did a meeting in Nairobi. We had about 14 people in the classroom, and it was a lot of willingness there, but we didn't really have the talk, we didn't have that structure. Now with the desk, we have a framework. In Rwanda in 2022, we probably had about 40 heads of cybercrime from those countries. We agreed a regional framework for the way we would operate and deal with cybercrime. We identified compromised infrastructure and internet service providers. We then have secure tools and platforms that those countries come onto. So we share the information on there. Then they're able to go into an internet service provider in a country. They're able to say, "Right, this infrastructure is actually contributing to crime and the activities actually break laws in your country, so you need to take that down." Or they look at the terms and conditions that the internet service provider has with the customers and they're able to say, "Actually, this is breaking your terms and conditions, you take it down." So when we look at our program, we look at prevention, detection, investigation and disruption.

Aubrey Lovell (06:19):
So sharing that information and being proactive in how you work with other countries is a big part of what you do. And I know you're very active in terms of campaigns to highlight the threat of cybercrime too. Can you talk us through some of those campaigns?

Craig Jones (06:32):
Over the last three years we've looked at what's the crimes that have been impacting in different countries and what sort of awareness campaign can we put out there? We focus very heavily in cybercrime that has or causes high harm. High impact is of high volume or high interest. So you may be next was one looking at digital extortion threats, sex extortion, ransomware, distributed style of service. So it was more of those technical type attacks and what we were looking at there is trying to highlight who is likely to become a victim of cybercrime. It's around trying to raise that awareness that when you're online and you are providing your details into someone, or you are striking up a conversation with someone online who you think is your friend, and then they ask you to do certain activities which they may be recording, and then they can basically blackmail you afterwards.

(07:32):
So it was very much about raising the awareness on that. The one we did in 2021 was called Just One Click. We are just one click away from either a site that we shouldn't be going onto, for example, or a couple of clicks away, or we just click and we've given all our details away. So this is what we were looking at. And another one again we did in 2020 was wash your cyber hands. So that's about that, linking it with cyber hygiene. So last year there was a sort of a world password day by, it was led by an NGO, the global Cyber Alliance, and that was to promote stronger online authentication, so things like two-factor authentication, so within the industry when you was talking about these things. But it was really trying to push that message out for all the channels available to us. And once we've got the law enforcement channels, we can share that with Interpol is a worldwide recognized brand, so we're able to reach out to very, very large audiences as well.

Michael Bird (08:30):
So Craig, we know Interpol is heavily focused on spreading awareness to prevent cyber crime, but what element of that is the big thing keeping you awake at night?

Craig Jones (08:40):
That business model of cyber criminals, it is quite challenging to disrupt that business model. So looking at ways and coming up with ways that we can disrupt that business model going forward is certainly one thing that taxes my small mind quite a lot. And also when we look at the expansion in the sort of digital connectivity sort of during COVID, post COVID and the digital majority of countries, we are seeing a wider attack surface being presented to cyber criminals to exploit. There are noble global rules or regulations. We have providers able to sell into a country, a continent, a region quite easily in that sense. So what we're looking at there is how do we reduce the vulnerabilities in those systems and networks?

(09:30):
We are looking at how AI can make us more secure. So what can be done in the background that makes us more secure online that we don't actually have to manually download those patches. So what can be done in that space? And I know there's a lot of work going on with some of those AI sort of partnerships out there around how we can be made secure. But then on the flip side of that, people saying, "Well, cyber criminals are going to use AI." Well, we've seen the cyber criminals becoming more professional in the way they operate, and the reason they're doing that is because it's an online service but a lot of individuals or organizations now offering to cyber criminals.

Aubrey Lovell (10:09):
And the explosion of gen AI in the last year or so must have really opened up those doors even more to the cyber criminals. So tell us a bit more about how you're seeing them work globally and how you at Interpol are having to adapt to that.

Craig Jones (10:23):
We are attacked on a daily basis, on an hourly, on a minute basis by cyber criminals, by others as well that want to get into our systems, want to get into our networks because the data sets we have are really, really valuable. And whether you're a financial institution, whether you are a large provider of software or hardware, whether you are running an international or regional business as well, your data, your information is important because it could be sold on, it could be some IP or something like that. So again, that commodity based crime type such as drugs, human trafficking now online and data and information is that commodity that is looked to be taken and stolen. Or when you look at the extortion side of this, that can then be used to extort further money from companies as well. So changing the way that we operate nationally as police and recognizing we need to work more regionally and internationally, we have to counter this in that geopolitical space as well.

(11:26):
And I think this is one of those areas which some countries will not speak explicitly about, but some countries will not facilitate and will not work together. So that's why I see Interpol's roles and neutral interlockers saying to those countries, "Right, use us as that neutral interlocker, we can have our staff go into those countries, we can provide that information and data sets, but we only work at the crime level." But let's remember the criminals are taking advantage, the systems and networks and the vulnerabilities that others are. So some of the criminal enterprises now have access to tools and tool sets that previously would've only been available at that state level, that state sponsored level because of the scalability now and the volume and that technology moving forward. So how do we build in those protective layers to that? This is where Interpol working across those communities are really trying to shine a light on the vulnerabilities.

(12:29):
We share a lot of information with law enforcement through our cyber activity reports where our private partners have identified a vulnerability and we provide those through our purple notices. So Interpol is very well known for our red notices, wanted people. These are purple notices where we look at vulnerabilities or a potential crime could be committed. So we've got different ways that we work, but I think in the last 24 months, I don't want to shy away from the geopolitics that are involved in this space and countries through different reasons or conflicts that are going on, not collaborate and co-operating the same as they used to be or we're moving towards. So I think and know that's where Interpol's role is very, very clear that we work across all of our 196 countries in that, not just the cyber crime space. We've got a financial crimes program, we've got an organized emerging crime program and a counterterrorism one. So there's a number of different crime programs that we work into as well.

Aubrey Lovell (13:29):
Absolutely fascinating, thank you so much. And we'll be back with Craig in a moment, so don't go anywhere.

Michael Bird (13:37):
All right then. Well, it is time for Today I Learned, the part of the show where we take a look at something happening in the world that we think you should know about.

Aubrey Lovell (13:47):
And this week we are taking a look at the incredible innovation in a brain computer interfaces that can have a huge impact for people with motor disabilities. Previously, devices used to help brain functions of individuals have had to be calibrated to each person specifically, and that takes time and a number of experts to carry out each fitting. But engineers in Austin, Texas have developed machine learning capabilities in a device that can adapt to whoever is wearing it, and that would drastically reduce manpower and time and could lead to mainstream adoption. It would also mean that one device could be worn by many patients at different times.

(14:24):
The way the researchers went about it was to develop a cap with a number of electrodes attached to it, hooked up to a computer, then they played a car racing game with someone wearing the cap, the electrodes picked up the brain signals, decoded them and translated them into what was happening on the screen. And that method trains the device, which acts as a base for other users and cuts out that long calibration process. And even though it requires several steps ahead to make turns, the decoder meant that users could play the game very well indeed. The man behind this is José del Milian whose research is published in PNAS Nexus. He and his team are currently working on a wheelchair that users can drive with this brain-computer interface which Milian says will help more people in their everyday lives.

Michael Bird (15:17):
Thank you so much for that, Aubrey. Right now it is time to get back to our interview with director of cybercrime at Interpol, Craig Jones. So Craig, do you think a global set of regulations on cybercrime is possible?

Craig Jones (15:32):
When we look at the whole online and cybercrime space, when we look at boundaries and we look at borders, there has to be a general agreement and principle within this space. It's not going to be a panacea, it's not going to be a silver bullet, far from it, but what it will give us is a basis to initiate communication between countries. But as Interpol, we will still have our global cybercrime programme. We will still have our mandates, we will still have our resolutions. We'll still have the countries and law enforcement level agreeing to cooperate, so there'll be always some form of cooperation going on in there. I think this is more at that state level and government level, that there is sign-off in governments that they're going to be able to coordinate and make sure that they can support a prosecution in one country as opposed to another. So the convention will hopefully help iron out those conflict areas.

Aubrey Lovell (16:30):
What do you want to happen that can help you and Interpol face the global issue of cybercrime in the next few years?

Craig Jones (16:36):
So when I hear people say, "Cybercrime is borderless," and that wonderful terminology, everybody news, I bang my head on my desk here. I think, "No, for law enforcement, we are totally, not constrained, but we have those boundaries and those borders that we have to work to." So the cybercriminals don't have to, but no criminal's empty. When we look at drug trafficking, they're not constrained by borders because they look to traffic across borders or human traffic across borders. We can work in that space because we understand that. In the online space it's different. So we're on a journey, all of us here, but I think we need leaders that can see what steps we need to take. We need leaders that can help bring it all together. We need leaders in countries to recognise no, we do not want our communities harmed by cybercriminals. There's got to be buy-in to that. And that's got to be more than just piecemeal, it's got to be just more than words. We need the private sector buying into this as well, providing the data sets to Interpol or to the member countries that can help us reduce the global impact of cybercrime and protect communities for a safer world.

Aubrey Lovell (17:44):
Thanks so much, Craig. It's been great to talk to you. And you can find more on the topics discussed in today's episode in the show notes.

Michael Bird (17:53):
Right. Well, we are getting towards the end of the show, which means it is time for this week in history, a look at monumental events in the world of business and technology, which has changed our lives. Now Aubrey, what was last week's clue?

Aubrey Lovell (18:06):
Okay. So the clue last week was it's 1623, and this mathematician was certainly calculating under pressure, and it was of course the birth of French mathematician, philosopher, and inventor of the first calculator, Blaise Pascal. Pascal was a child prodigy writing his first academic papers on geometry at 16 years old.

Michael Bird (18:29):
Wow.

Aubrey Lovell (18:30):
Before the age of 20, his work on probability theory helped define modern economics and social science. And in 1642 at the age of 19, he began his pioneering work on building so-called Pascal's calculators or Pascalines, a box full of brass machinery able to add, subtract, divide, or multiply, which is designed specifically to help speed up his father's work as a tax collector. He built up to 70 calculators, 50 prototypes, and 20 production models, nine of which still exist, talk about overachieving. And if that wasn't enough, he was also a master in the study of fluid dynamics and his work on pressure and vacuum was internationally recognized. In fact, he's got a standard unit of pressure and tensile strength, the Pascal, named after him. He did all of this in an incredibly short life, dying at the age of 39 in 1662. Pretty amazing really though.

Michael Bird (19:28):
Wow, yeah. Gosh, my goodness. Well, next week the clue is it's 1956. Let me type that up for you. Gosh, these are getting harder every week.

Aubrey Lovell (19:40):
It can't be that easy.

Michael Bird (19:41):
Oh, you think.

Aubrey Lovell (19:42):
It can't be that easy though. I think I know what it is.

Michael Bird (19:45):
No.

Aubrey Lovell (19:45):
But I'm not going to say it.

Michael Bird (19:46):
No, it's older than that. It's older than, the thing you're thinking of is definitely older than that. Anyway, that brings us to the end of Technology Now for this week, thank you to our guest, Craig Jones, director of Cybercrime at Interpol. And to you, thank you so much for joining us. Technology Now is hosted by Aubrey Lovell and myself, Michael Bird. And this episode was produced by Sam Datta-Pauline and Al Booth with production support from Harry Morton, Zoe Anderson, Alicia Kempson, Alison Paisley Alyssa Mitri, Camilla Patel, and Chloe Sewell.

Aubrey Lovell (20:16):
Our social editorial team is Rebecca Wissinger, Judy Ann Goldman, Katie Guarino. And our social media designers are Alejandra Garcia, Carlos Alberto Suarez, and Ambar Maldonado. Technology Now is a lower street production for Hewlett Packard Enterprise, and we'll see you next week. Cheers for now.

Michael Bird (20:34):
Cheers.