On Wednesday 17 January 2024, the Capture the Red Flags event took place for the second time. After a first successful edition, organised by the Dutch Cloud Community, the second edition was organised by NBIP. The event took place in Utrecht with over 20 participants from the Dutch hosting and ISP sector, the Public Prosecution Service (OM) and the police. After a welcome speech by NBIP director Octavia de Weerdt, Andrew Silonero, policy advisor at the OM, explained the background to the game and how it works.
Illegal practices
Capture the Red Flags is a role-playing game developed by the Public Prosecution Service (OM). The game revolves around recognising deviant behaviour (red flags) among customers in the day-to-day operations of hosters. Participants in the game learn to empathise with the roles and responsibilities of hosters, police and the judiciary when a hoster’s customer is (potentially) engaged in illegal practices.
One of the reasons for developing this game was that the Netherlands’ excellent digital infrastructure brings a lot of good, but unfortunately also attracts ‘bad actors’. It is attractive for cybercriminals around the world to conduct their activities from the Netherlands because of its good connectivity and wide choice of hosting services. As a result, much cybercrime originates or is directed from servers located in the Netherlands. This causes reputational damage to the entire industry. Bona fide hosters therefore suffer because it is difficult for them to see what customers are doing on their systems. It is important for them to tackle abuse in a timely and adequate manner.
In the Netherlands, there is a unique public-private approach to this problem. Police and OM seek cooperation with the sector in fighting cybercrime. This regularly involves the deployment of resources based on specific (legal) powers, for example for Lawful Interception, Lawful Disclosure or, more drastic and in extreme cases, confiscation of equipment such as servers. The latter is obviously not a desirable situation from a hoster’s perspective, but at the same time it is also in the hoster’s interest that no abuse takes place in its network. Hoster, OM and police have shared interests in this respect. It helps enormously if they know from each other how they can tackle these kinds of cases together and work together effectively.
Race against the clock
So much for the theory. In day-to-day practice, it is important for all parties involved to make the right considerations at the right time. That, then, is exactly what Capture the Red Flags is about. From spotting a possible ‘bad actor’ when accepting a customer (how do you spot that?) to contributing to the eventual capture of a cyber criminal: during Capture the Red Flags, participants had to deal with all aspects.
Four teams of 5 or 6 participants from different backgrounds started the game under the watchful eye of a jury. A scenario was run through which various actions had to be taken and questions answered. In doing so, the role of the team changed from time to time: part of the scenario was run through as a host, other parts of the same scenario from the perspective of an investigative agency or the public prosecutor. The teams also had to solve the case in a race against the clock, which put extra pressure on the participants.
In-depth discussions
Despite the time pressure, the discussions on the steps to be taken sometimes went into great depth. What can and cannot be legally done in a situation where every second counts and where, for instance, data from a customer’s account has to be retrieved quickly? What about privacy and what is allowed by the law? Sometimes the most logical option turned out to be incorrect. At other times, the most obvious action did not seem legally permissible, but was. As a result, participants had to be constantly alert and draw from each other’s expertise to move forward in the case.
In the end, all teams solved the case, but the red team did so with the most expertise. Besides eternal glory, they also received a prize. The general mood after the game was that it had been an instructive afternoon, where it was very useful to approach this shared issue from different roles. It is therefore likely that there will be a follow-up to this event from NBIP, because the problem of abuse can only be combated quickly and effectively through close cooperation between the sector and the government.
