2024 Mid-Year Newsletter

Welcome to the CYBERSPACE newsletter!

CYBERSPACE  is a three-year project funded by the European Union's Internal Security Fund - Police programme. The project aims to provide policymakers, law enforcement agencies and the private sector with a  more comprehensive understanding of cybercrime and cyberattacks in the EU. Insights will be used to develop investigative tools, improve information sharing, and better detection, response and prevention of cybercrime. 

Every six months CYBERSPACE will release a newsletter with project activities and project related content such as blogs, reports, events and conferences. 

Read more about the project on our  website  or keep scrolling down to check out our latest news below.

Watch CYBERSPACE's introduction video:

The CYBERSPACE team

The CYBERSPACE consortium is made up of 11 partners from eight EU countries, covering a variety of sectors related to cybersecurity: research and technology organisations, law enforcement agencies, governmental institutions, cybersecurity, privacy and ethical technology companies. The CYBERSPACE project is coordinated by Hochschule für den öffentlichen Dienst in Bayern (University of Applied Sciences for Public Administration and Legal Affairs in Bavaria). 

Latest news and updates from CYBERSPACE 

Privanova conducts a study to identify the current state of cybercrime awareness 

As part of the CYBERSPACE project’s objectives, a study was conducted by Privanova to assess the baseline of cybercrime awareness - where we currently stand in terms of cybercrime awareness, what we're doing right, and, importantly, where we can improve. The aim of the study was to (i) evaluate cybercrime reporting understanding, (ii) spotlight misconceptions and knowledge gaps, and (iii) highlight training improvement area.

The study drew on a diverse group of participants, cutting across various sectors, organizational roles and geographies. In total, 55 participants were involved in the study. Nevertheless, the vast majority (66%) of entries were from private organizations, with the IT sector being prominently represented. 

The survey itself was meticulously designed, comprising of both direct questions to assess general knowledge and follow-up questions for deeper insights. This structure allowed us to gather rich, nuanced data on participants' understanding and attitudes towards cybercrime and reporting. A total of 15 questions were asked to gauge awareness. Findings revealed a cybersecurity community that is engaged but seeks deeper, more actionable knowledge. Indeed, the demand for clear, concise information on cybercrime reporting and threat mitigation is evident across all sectors and roles.

CYBERSPACE is now entering the next crucial stage of the study: the after-study survey. This survey aims to assess the progress and impact of the knowledge shared during the workshop and through our online resources. We are eager to understand how these interventions have influenced the participant’s approach to cybercrime reporting and prevention.

CYBERSPACE’s Latest Workshop: Empowering Cyber Resilience

The main objective of CYBERSPACE’s latest workshop was to bring awareness to some of the most pressing cybersecurity challenges faced by organisations in this day and age. 

On the agenda were the following topics:

• Results of the Before-Study (study conducted by Privanova to identify the current state of cybercrime awareness)
• Knowledge Hub focus topics:
  • Insider Threats
  • BEC Attacks
  • Ransomware Attacks
• Where to Report Cybercrime: case study France
• AI solutions for countering cybercrime

Creation of a Knowledge Hub – Focus topics

In February 2024, we launched a brand-new Cybercrime Knowledge Hub on our project website: https://cyberspaceproject.eu/cybercrime-knowledge-hub/. Our Knowledge Hub offers a wealth of resources and insights, designed to empower professionals and businesses in navigating the complex realm of cyber threats. 

The following focus topics were presented during our April workshop:

• Insider Threats, by Michael O’Callaghan (UCD)
• BEC Attacks, by Carlos Urquizo (ERTZAINTZA)
• Ransomware Attacks, by Police Captain Katerina Triantafyllopoulou and Police Captain Theodoris Anatolitis (Hellenic Police)

To read about these focus topics, explore our Hub!

Creation of a new subpage on CYBERSPACE’s website – Where to Report Cybercrime

Upon conducting research into cybercrime reporting in the EU, partners of the CYBERSPACE project uncovered that no comprehensive platform providing useful links to report cybercrimes per EU country exists. And, while Europol does indeed have a reporting page with includes the reporting websites of each EU country, when clicking on a specific country it merely redirects to the police authority webpage.

To address this gap, we conducted extensive research on where to report specific cybercrimes in each EU country. With the data gathered, we created a subpage on our project website. Our aim is to provide guidance on where to report online crimes such as scams, fraud, phishing, hacking or data breaches in an efficient manner and to the correct authorities. Indeed, depending on the type of cybercrime you fall a victim of you should contact the most relevant authority. For example, if an individual has lost money from its bank account due to a phishing attack, the first step would be to contact the bank directly, rather than report it to the police. 

So far, we have issued guidance for 6 EU countries: France, Germany, Greece, Ireland, Spain and Sweden. Over the next few months, leading up to the project’s completion, we will aim to conduct additional research into cybercrime reporting platforms across various other EU countries.

CYBERSPACE T4.3 Hackathon in Paris, 25 April

Left: Mr. Thierry HARTMANN giving to Mr. William JENNY, CEO of AEGIS, the DCIS award for their victory in the competition.

Right: Mr. Harry MANIFAVAS and Mr. Kostas PACHNIS from FORTH presenting their T4.2 tools during the event. 

The DCIS - Ministère de l'Intérieur et des Outre-Mer - was honoured to host the T4.3 hackathon for the European CYBERSPACE project on Thursday 25 April. Commissioner General Thierry HARTMANN, alongside the CYBERSPACE project manager for DCIS, Mr. Lucas CIABRINI and all the teams from the Europe Sub-Directorate organised this event, which brought together representatives from the French and European security forces, European institutions (EUROPOL, EACTDA) and companies specialising in cybersecurity.

Within the CYBERSPACE project, the DCIS is leading the activities of Work Package 4, dedicated to decrypting the data of cybercriminals. On 25 April, the DCIS put five companies in competition to present tools and solutions designed to tackle the problem of decrypting the data of cybercriminals on online forums, a challenge that European LEAs face on a daily basis in their fight against terrorism and child pornography.

This presentation of the tools by the companies was supplemented by work on a dataset provided by EUROPOL and responding to the use case of automated clarification of passwords contained in the hash format of databases supporting online forums.

To determine the tool best suited to this need and to the missions of the CYBERSPACE project, Mr HARTMANN chaired a jury made up of representatives of the European institutions as well as project partners, in particular Ertzaintza and SPA (Swedish Police). Our partners from FORTH, leaders of task 4.2 within WP4, also had the opportunity to present the tools they are developing in this task to the jury.

At the end of the day, AEGIS won the competition and all the prizes promised to the winner, including support towards European funding with a view to encouraging the industrialisation of the winning tool in the long term, and making it available as quickly and efficiently as possible to our specialist units. This tool will also be the subject of a report to be submitted to the European Commission at the end of May 2024.

For further information, please contact lucas.ciabrini@interieur.gouv.fr

Coming soon: CYBERSPACE’s Tools for LEAs Event in Crete, Greece (June 5-6, 2024)

For the past couple of months, CYBERSPACE partners’ KEMEA and FORTH have been organising a two-day event in Crete, Greece at the premises of the Foundation for Research and Technology – Hellas. The two-day event aims to engage Law Enforcement Agencies (LEAs) and stakeholder board members in demonstrations, training, and both quantitative and qualitative evaluations of the latest technological tools developed within the CYBERSPACE project. 

The first day will focus on hands-on training and quantitative assessment of the tools, while the second day is dedicated to qualitative evaluations through panel discussions and separate meetings for LEAs and stakeholder board members to discuss ongoing progress, share updates on recent results, and explore new methodologies and technologies for combating cybercrime.

CYBER-opinions: Our blogs

Responding to cyberattacks: a European approach

Cyberattacks and cyberthreats have become increasingly prominent in the news. Every month there is at least one major cyberattack featured in European mass media, while thousands go unnoticed and unreported. If cyber threats and cyberattacks are becoming an everyday reality, how can society respond, and who is responsible for that response? This piece, written by Nikola Tomíc (Trilateral Research) provides interesting insights on the current European approach to responding to cyberattacks.  

CYBERSPACE’s Latest Workshop: Empowering Cyber Resilience

On the 4th of April 2024, a workshop organised by Privanova on “CYBERSPACE Enhancing Cyber Resilience: Addressing Key Gaps in Cybersecurity Knowledge” took place. Over 50 participants from various sectors attended and participated in the workshop. Indeed, present were several representatives from SMEs, law enforcement agencies (LEAs), computer emergency response teams (CERTs) and cybersecurity professionals. This blog provides further information on the topics presented during the workshop. 

Swedish Phone Operators Unite Against Fraud: Introducing the Short-Number Solution

In this latest blogpost, we explore the project of a handful of phone operators in Sweden who came together for the cause of combatting the large number of fraudulent text messages sent to citizens. The result of their collaboration is a short number that can be used to forward fraudulent messages to these operators.

Advancing Digital Forensics investigations with the utilization of Cryptographic Inventories

Cryptography’s dual use presents a significant challenge in the realm of technology. On the one hand, it offers a positive application by safeguarding our secrets. This is achieved, for example, through the encryption of sensitive information and ensuring access is limited to authorized individuals only. On the other hand, the same cryptographic methods can be exploited by cybercriminals. They use these techniques to obscure their actions, effectively concealing evidence of their illegal activities. This post, written by CYBERSPACE partner FORTH, recommends the inclusion of cryptography inventories in digital forensics toolkits.

Rudolph the Red Nosed Cybercriminal: Unveiling the Holiday Scams you need to watch out for

The holiday season is the perfect opportunity for any tech-savvy criminal to strike. To help individuals better defend themselves against scammers, we provide a detailed list of the top 12 scams to watch out for during the holiday season (but also the rest of the year). 

CYBERSPACE LEA Working Group

In November 2022, the CYBERSPACE LEAs Working Group was established and hosted its first meeting under the new leadership of the CYBERSPACE project, taking over from the CC-DRIVER project. 

The LEAs working group is formed of members from numerous EU countries working in law enforcement, from different service background (Cybercrime Investigation and Operational Divisions, Digital Forensics, Intelligence Divisions, International Police Cooperation Depts, Project Management Divisions, etc). 

Since the last Newsletter released in Winter 2023/2024, the LEA Working Group convened on 19 February 2024 for its fifth meeting:

Meeting #1 - November 2022 

The LEAs working group members discussed the role of LEAs on EU-funded cybersecurity projects taking part in activities such as the evaluation of results, testing and demonstration of new developments and exploitation of project outputs. Group members also discussed the reporting of cybercrime and gaps and challenges to reporting cybercrimes. 

Meeting #2 - February 2023

In the second LEAs working group meeting, the CYBERSPACE research findings on the ‘Gaps and Factors Analysis and Recommended actions on Reporting of Cyberattacks & Cybercrimes were presented. 

Meeting #3 - June 2023 

Findings from CYBERSPACE's work on practices, methodologies and technologies for enhancing LEAs’ cross border collaboration in the cybersecurity domain were discussed within the LEAs Working Group. In the second half of the meeting explored the challenges and capacities of LEAs to address cybercriminal use of encryption and deal with encrypted evidence during investigations.

Meeting #4 – October 2023 

Presentations and views on “Technologies/tools used, and data exchanged between the Cyber Crime Units and the Forensics/Investigation Divisions of LEAs for reported cyberattacks and cybercrimes as well as the data exchange with other LEAs in the context of LEAs' cross-border collaboration” were exchanged as the main topic of discussion. In this context, recommendations for future actions were highlighted and a presentation was given on the topic of the previous meeting (enhancement of the LEA’s capacity to address cybercriminal use of encryption and the tools currently under development). 

The next LEAs WG meeting is planned to take place at the end of January-mid February, as follow-up to the same agenda item with additional presentations from different participating countries. 

Meeting #5 – February 2024 

CYBERSPACE partner KEMEA (Center for Security) opened the meeting with a short summary of the “technologies/tools used, and data exchanged between the Cyber Crime Units and the Forensics/Investigation Divisions of LEAs for reported cyberattacks and cybercrimes as well as the data exchange with other LEAs in the context of LEAs’ cross-border collaboration”, discussed during the 4^th meeting in October. Presentations were then held by Ranieri Argentini (Netherlands Forensic Institute) and Asa Granstrom (Swedish Police Authority) on (i) a case study that required internal and external exchange of data, (ii) technological tool(s) that they may have used to manage this case, and (iii) recommendations to increase LEAs’ capacities in terms of tools, data and human resources. Views were also exchanged on issues/concerns/ideas/proposals that could be put before representatives of CEPOL, EUROPOL, INTERPOL for further consideration.

WP7 Policy Working Group

The CYBERSPACE Policy Working Group was established during the summer of 2023 and hosted its first meeting under the leadership of Trilateral Research on the 27^th of July. This working group comprises several highly qualified participants such as consortium partners, stakeholders, academics, LEAs, policymakers, and cybersecurity experts. 

The members of the working group contribute to CYBERSPACE's outputs on policy options in response to cyberattacks against the EU, its institutions, businesses and citizens. Their contribution to the briefing paper on policy options to the European Commission and Member States (D7.3) plays a crucial role in guaranteeing the success of Task 7.3 of Work Package 7. 

The following meetings have taken place so far:

Meeting #1 – July 2023

Inaugural meeting of the CYBERSPACE WP7 working group of partners and stakeholders on its activities leading to the briefing paper on policy options for responding to cyberattacks (D7.3). Meeting began with a round of introductions of participants, followed by an overview of the CYBERSPACE project and details of WP7: Policy options in response to cyberattacks.

Meeting #2 – September 2023

Second meeting of the CYBERSPACE WP7 working group of partners and stakeholders on its activities leading to the briefing paper on policy options for responding to cyberattacks (D7.3). Meeting began with a PowerPoint presentation of D7.1 public version “EU responses to cyberattacks” and Task 7.3 – Preparing a set of policy options for possible EU responses to cyberattacks. Engaging discussions were then held with the goal of establishing a provisional structure of the policy recommendations for D7.3 – Policy options for responding to cyberattacks.

Meeting #3 – December 2023

Third meeting of the CYBERSPACE WP7 working group of partners and stakeholders on its activities leading to the briefing paper on policy options for responding to cyberattacks (D7.3). During this meeting, threats, scenarios and policy gaps were identified and discussed. An animated conversation took place around the numerous policy options and recommendations crafted by the consortium partners and Working Group members ahead of the meeting. The Working Group members provided intriguing feedback that added depth to the discussion on policy options.

Meeting #4 – March 2024

During this meeting, a presentation was given by Trilateral Research providing updates on Deliverable 7.3 (WP7). Discussions were held around the numerous policy options and recommendations drafted by the consortium partners and Working Group members. Working Group members were asked to brainstorm on the policy options and provide the pros and cons of each. Overall, valuable feedback was provided by the meeting’s participants, which will be used when finalising the deliverable. 

CYBERSPACE project partner news

NOTIONES Project celebrates its 3^rd conference: Securing the future – Data Privacy, AI and the Evolution of Intelligence

NOTIONES project celebrated on the 21st of May its 3rd conference, Securing the future: Data Privacy, AI and the Evolution of Intelligence. The event was held as part of the IoT Solutions World Congress and Cybersecurity Congress in Barcelona.

The 3rd NOTIONES conference had a focus on the critical intersection of Artificial Intelligence (AI) and the protection of sensitive data. The event served as a vibrant platform for practitioners, policymakers, academics, and industry professionals to engage in meaningful dialogue about the emerging challenges and opportunities presented by data privacy and AI in the Intelligence & Security industry.

The conference was marked by a series of enlightening keynote addresses and panel discussions, offering attendees the opportunity to gain insights from experts on the topics. A representative from EUROPOL gave a compelling presentation on the role of AI in Law Enforcement Agencies (LEAs). Additionally, two technical experts shared their perspectives on AI and Data Privacy, contributing to the depth of the discourse.

The day was marked by productive exchanges, with the NOTIONES project consortium and external experts engaging in insightful discussions. The event was a testament to the power of collaborative dialogue in advancing our understanding of complex issues at the nexus of AI, data privacy, and security. It was indeed a day of great learning and fruitful discussions.

#Data Privacy #Intelligence #Security #AI #ML #BarcelonaCybersecurityCongress #IOTSWC24 #Innovation #IoT #LEA #NOTIONES

CYBERSPACE partner Ertzaintza investigates WhatsApp group chats of students from several schools in San Sebastián containing “inappropriate” content 

End of last year, the Aldapeta María Ikastetxea school in San Sebastián alerted CYBERSPACE partner Erzaintza that students were receiving invitations to join WhatsApp groupchats. It was revealed that these groupchats contained “highly unpleasant and innapropriate content for young people of that age” and were likely not to have been organized by school students but rather adults with ulterior motives. According to the school, some groupchats contained more than 1000 students from various education centers. Unfortunately, this is not the first time a situation like this has happened. Indeed, investigations were already held by the Mossos d’Esquadra (autonomous police force in the Spanish autonomous community of Catalonia) regarding chat rooms with minors under 12 years of age in which pornographic images, violence and hate messages were circulating. In this particular case, Erzaintza received queries from concerned parents and students to gather information on the content of these groupchats and establish whether crimes had been committed. 

(Image sourced from: https://www.elconfidencial.com/espana/pais-vasco/2023-11-22/investigan-dos-chats-san-sebastian-colegio-inapropiados_3779045/)

LEA Cluster News & Events

CYBERSPACE is proud to be leading the LEA Cluster, a network of thirty-four European Commission funded security projects: AI4CYBER, ALIGNER, CC-DRIVER, CEASEFIRE, COPKIT, CounteR, CTC - Cut the Cord, CYBERCRIME EXIT, CYCLOPES, DARLENE, DYNAMO, EU-HYBNET, FREETOOL, GRACE, HEROES, INSPECTr, KINAITICS, LAW-GAME, LOCARD, NOTIONES, ODYSSEUS, POLIIICE, PRECINCT, PREVISION, popAI, PROTAX, RAYUELA, ResilMesh, ROXANNE, STARLIGHT, Tools4LEAS, TRACE, TRACY and UNCOVER.

Recognising that our projects have common stakeholders and similar objectives, the LEA cluster was formed with the aim of supporting research and innovation for law enforcement to be equipped to tackle organised crime and terrorism.

4^th LEA Project Cluster Meeting – May 23, 2024

We are glad to announce that the 4^th LEA Project Cluster meeting took place on Thursday, May 23, 2024, from 1:00 to 2:30 PM CET. This meeting kept its promise to be a pivotal moment for our cluster as we explored significant updates and developments from several key projects.

Here are the meeting highlights:

• ALIGNER Project: Slated to conclude on September 30, 2024, the ALIGNER team provided an in-depth update on the project's outcomes and the tools they have developed. This segment offered insights into the advancements made in artificial intelligence applications for policing and law enforcement.
• HEROES Project: As we approach the project's end date on November 30, 2024, the HEROES initiative shared their latest achievements in combating child sexual exploitation and human trafficking. This update covered the tools and methodologies developed to aid law enforcement agencies.
• CounteR Project: With the project concluded on April 30, 2024, this update was a wrap-up of the CounteR project's journey, focusing on the tools and outcomes developed to tackle radicalization and extremist content online.

The Stakeholder Board - Meetings & News

During the latest meeting, which took place on 28 February 2024, Trilateral Research presented an update on Deliverable 7.3 of WP7. This deliverable consists of policy options for responding to cyberattacks. SB members were asked to provide feedback on the presented policy recommendations during the meeting. Furthermore, CYBERSPACE partner KEMEA introduced the various technologies identified in the cyber domain, in the context of T5.3. Lastly, the SB members were given the necessary time to ask questions to the leading partners of the meeting.

The next Stakeholder Board meeting will take place on the beautiful island of Crete (Greece) during the in-person meeting organised by KEMEA and FORTH on the 6^th of June 2024 at the premises of the Foundation for Research and Technology in Heraklion.

Your content goes here...

You are receiving this newsletter because you have opted in via our website or expressed interest in the project (informed consent, GDPR Art. 6.1.a), or because you work in a field related to the topics covered by the project (legitimate interest, GDPR Art. 6.1.f). 

Our mailling address is:

CYBERSPACE Project

Marine Point (2nd Floor), Belview Port

Waterford, X91 W0XW

Ireland