The 'game-changing' attitude behind a very creative dark web takedown

What do you get when you pair hard-bitten cops with cyber whiz kids? One of the largest, most creative dark market takedowns in the history of the internet.

In 2017, police with the Netherlands’ National High Tech Crimes Unit did more than shut down Hansa, once Europe’s most popular dark web market. For nearly a month, a group of computer nerds and boots-on-the-ground police officers took it over — running the site from the inside, setting up cyber booby traps and showing how a marriage of technical and tactical specialists can enable an operation for the ages.

That combination — old-school cops working with a younger cyber set — is still paying dividends for the Dutch national police. In an exclusive interview with the Click Here podcast, Matthijs van Amelsfort, head of the National High Tech Crimes Unit, discusses the legacy of the Hansa operation, his team’s unique structure and how a “game-changing” ethos is helping law enforcement stay a step ahead of cybercriminals.

This conversation has been edited and condensed for clarity.

CLICK HERE: FIve years after the takedown and takeover of the Hansa marketplace, we’re still talking about it. Why do you think that is?

MATTHIJS VAN AMELSFORT: Well, we want to be the game-changers in combating cybercrime. Every investigation has to have new innovative elements or new advanced technical difficulties for us to start this investigation. If we [did] the same sort of investigations every time, then we won't get further with our knowledge. So that's how we choose new investigations. Of course, I cannot say if the next Hansa market will be this year or next year. But I can assure you that there will be another one.

CH: If we think of this team as being half hard-bitten cops and half computer nerds, where would you place yourself?

MVA: Exactly in between, actually. My first job actually was as an application manager. There was also [the] possibility to work as a police volunteer, so in that way I was able to work on the streets. In 2001, digital investigations started, and I [joined]. Of course, the internet wasn't that big back then, but I grew into it.

CH: How do you bring those two cultures together?

MVA: I think we select people who are willing to learn from each other. [By] nature, they need to know how others do [what they do], what their opinions are, how to reach the goal. You can have a lot of business understanding, but you also need a data understanding. We are lucky that we have the opportunity to get people with a technical background in these kinds of positions because we noticed [over] the years that it's much easier to [teach] a technical guy some policing, than for a [traditional] police officer to learn everything about cybercrime. We can make somebody a police officer with only three months of education. Then they are allowed to investigate and have police powers only on the subject of cybercrime. But being the “game-changer” is in the DNA of the people who work over here. My biggest goal is to facilitate it [so] that people can use their knowledge and skills and work together, learn new things and apply that knowledge in the investigations.

CH: It’s interesting because a lot of these different teams that we've talked to, whether it's Task Force ARES in the U.S. Cyber Command or teams at a cybersecurity company, it seems like the most effective teams have a very flat structure. Why do you think that is?

MVA: Well, I think the most important thing is that we don't have to tell [employees] how they have to do their work. So we can set the goals for the team, and they figure out by themselves how they get to where we want them to be. Having a team with the [technical] specialists and the tactical specialists working together — they don’t really need steering in that way.

CH: As someone who's in charge of this, how do you handle that from a management perspective? What's your philosophy?

MVA: I think it's all about trust — giving trust and getting trust. And knowing the high knowledge of the staff that we have, it's quite easy to give a team an investigation, and they will handle it by themselves. It’s much more about creating the right environment and giving them the space that they need.

CH: The sense we get from talking to you and your team is that there's a sort of creativity that comes together because of this team.

MVA: Yeah, and that's of course what we really want to stimulate. The hardest part of my job is that I have to deal with the police organization — all the rules, education possibilities, wages, etc. A police force, [by] nature, is not an IT company. So it's more about creating the environment and getting the awareness in the organization that we have to deal with different kinds of stuff than we used to. What we've noticed is that some people, after year five or six, will leave for the commercial market. But of course, there's no other job where you are able to use your knowledge and skills to make arrests and get an investigation done. That’s actually what we hear if people leave. They miss that feeling.

CH: You’ve mentioned being “game-changers” when it comes to combating cybercrime. In that vein, your unit has started something called the Cyber Offender Prevention Squad [COPS]. Can you explain that program and how it fits in with the broader goals of NHTCU?

MVA: Of course. In combating cybercrime, we have to look at crime and where people come from. And we've noticed when making arrests that the suspects that we had were all young guys. It felt [like] a bit of a waste of our time and also of the lives of the suspects that we detained. So we started to think about: How can we change them from going [down] the wrong path [and instead] get them to use their talents? We warn them about things that they do on the internet that they aren’t even aware [might be] illegal. For instance, if somebody in the Netherlands is using Google and looking for [how to launch] direct denial of service attacks, they will get a warning that it's illegal to do a DDoS.

CH: Do you think that having this program brings a new kind of understanding for the people in the High Tech Crimes Unit as to who the adversary is?

MVA: Yeah, we do have a very good understanding of who the offenders are. But what's important to know is that no country can combat cybercrime by themselves. So we really need international partners — in the United States, in Europe, Europol, Interpol. It’s something we all do together.

CH: Because there are no borders to cybercrime.

MVA: There are no borders. I think nowadays, the rules and the laws that we have are all based on borders. But of course it's a borderless crime and that's something I think we have to look at in the future. Data can be anywhere nowadays, [just] as the subjects are.