Joint Cybercrime Action Taskforce (J-CAT)

Fighting cybercrime around the world

Cybercrime knows no boundaries. Cybercriminals are constantly coming up with new ways to profit from their crimes at the expense of citizens, businesses and governments, across national borders and jurisdictions.

Police forces around the world thus encounter similar cybercrimes and similar criminal targets, and that calls for a coordinated, international approach to the problem.

The Joint Cybercrime Action Taskforce (J-CAT), which was launched in September 2014, fills that need. Located at Europol’s European Cybercrime Centre (EC3), it helps fighting cybercrime within and outside the EU.

J-CAT Objectives

J-CAT’s objective is to drive intelligence-led, coordinated action against key cybercrime threats and targets by facilitating the joint identification, prioritisation, preparation and initiation of cross-border investigations and operations by its partners. It tackles:

  • high-tech crimes (such as malware, botnets and intrusion);
  • the facilitation of crimes (bulletproof hosting, counter-antivirus services, infrastructure leasing and rental, money laundering, including virtual currencies);
  • online fraud (online payment systems, carding, social engineering);
  • online child sexual exploitation.

Contributions

The taskforce is open to occasional contributions on a case-by-case basis from non-participating countries and non-law enforcement partners.

It consists of a standing operational team of cyber liaison officers from several EU Member States and non-EU cooperation partners, who are based in Europol headquarters and complemented with EC3 staff. The cyber liaison officers come from:

  • committed and closely involved EU Member States (Austria, France, Germany, Italy, the Netherlands, Spain and the United Kingdom);
  • non-EU law enforcement partners (Australia, Canada, Colombia and the United States, which is represented by two agencies: the Federal Bureau of Investigation and Secret Service);
  • EC3.

All these officers work from the same office to ensure that they can communicate with each other easily.

In addition, national experts seconded from Eurojust to Europol regularly cooperate with EC3 and attend the weekly J-CAT meetings to discuss cases and projects of mutual interest. J-CAT chooses and prioritises which cases to pursue based, among other things, on proposals from the country liaison officers. Members:

  1. select the most relevant proposals;
  2. share, collect and enrich data on the cases in question;
  3. develop an action plan, which is led by the country that submitted the selected proposal;
  4. go through all the necessary steps to ensure the case is ready to become a target of law enforcement action — a process that involves consulting with judicial authorities, the identification the required resources and the allocation of responsibilities.

Scoring successes

In 2015, the J-CAT was involved in eight successful operations, including operations Triangle, Bugbyte, Bluebonnet, R2D2 and B58 (Dorkbot), as well as one international crime prevention campaign: Blackfin.

The taskforce was also involved in several of the operations outlined in the 2015 and 2016 Internet Organised Crime Threat Assessment (IOCTA), thus contributing significantly to their success.

An example of an action that the J-CAT and EC3 have supported was the Austrian-initiated operation against the cybercriminal group Distributed Denial of Service for Bitcoin (DD4BC), which had exploited the increasing popularity of pseudonymous payment mechanisms and had been responsible, starting in mid-2014, for several Bitcoin extortion campaigns.