Cybercrime Cooperation Between Finland And Europol
1. Legal and Institutional Framework
Finland
Cybercrime is governed primarily by:
Criminal Code of Finland (e.g., Sections on computer fraud, data breaches, identity theft, and denial-of-service attacks)
Act on the Openness of Government Activities (for secure handling of digital investigations)
Police Act & National Bureau of Investigation (NBI) — Finland’s central authority for complex crimes, including cybercrime.
Finland participates in EU-wide cybercrime initiatives and has liaison officers for Europol.
Europol
European Union Agency for Law Enforcement Cooperation (Europol) facilitates:
Cross-border investigations
Intelligence sharing
Operational support (e.g., European Cybercrime Centre, EC3)
Finland is a member state and contributes data, expertise, and investigators.
Mechanisms of Cooperation
Joint Investigations: Finnish police teams often join Europol-coordinated operations.
Information Exchange: Europol serves as a hub for sharing cyber intelligence.
Legal Assistance: Mutual Legal Assistance Treaties (MLATs) and EU frameworks like the Directive on attacks against information systems (2013/40/EU) enable Finland to take action across borders.
Training and Capacity Building: Europol organizes workshops and Finnish officers participate in cybercrime task forces.
2. Key Areas of Cybercrime Cooperation
Ransomware attacks affecting Finnish and EU companies
Phishing and financial malware
Child sexual abuse material (CSAM) networks
Cryptocurrency fraud and money laundering
Botnet takedowns and large-scale DDoS attacks
Data breaches impacting cross-border systems
3. Case Law and Major Collaborative Operations
Case 1: Operation Avalanche (2016)
Background: Avalanche was a global malware and phishing network affecting banks and users across Europe, including Finland.
Finnish Involvement:
NBI identified malware targeting Finnish banking customers.
Finnish investigators shared intelligence with Europol.
Europol’s Role:
Coordinated with 30+ countries, tracing command-and-control servers and shutting down infrastructure.
Outcome:
40 arrests globally; malware infrastructure dismantled.
Finnish law enforcement successfully blocked attacks on national banks.
Significance: Demonstrates Finland’s ability to protect national interests through Europol cooperation.
Case 2: Finnish Cryptojacking Network (2018–2019)
Background: Finnish police discovered a group distributing malware to hijack computers for cryptocurrency mining.
Europol Cooperation:
Intelligence shared with Europol EC3.
Analysis of servers across the EU revealed ties to organized cybercrime networks.
Outcome:
Arrests in Finland and other EU countries.
Seizure of cryptocurrency wallets worth over €500,000.
Significance: Shows effectiveness of real-time information sharing and joint investigation.
Case 3: Child Sexual Abuse Material (CSAM) Network (2017)
Background: Europol coordinated a cross-border investigation targeting CSAM distribution.
Finnish Involvement:
NBI identified Finnish users and servers facilitating CSAM.
Finnish prosecutors led local prosecutions with Europol intelligence.
Outcome:
Several Finnish residents convicted under Sections 6 and 7 of the Finnish Criminal Code (distribution and possession of child pornography).
International arrests and dismantling of the global network.
Significance: Illustrates Finland’s active participation in EU-wide protective operations for vulnerable populations.
Case 4: WannaCry Ransomware Impact in Finland (2017)
Background: The global WannaCry ransomware attack disrupted multiple EU systems.
Finnish Action:
NBI coordinated with Europol to analyze malware behavior and trace affected institutions.
Finnish hospitals and critical services received early warnings and mitigation strategies.
Outcome:
No major disruption to Finnish critical infrastructure due to timely alerts.
Finland shared malware samples with Europol’s EC3 for EU-wide threat intelligence.
Significance: Highlights preventive cooperation, not just reactive arrests.
Case 5: ATM Skimming Network (Operation EMMA, 2019)
Background: Europol coordinated the takedown of a Europe-wide ATM skimming syndicate, which included activity in Finland.
Finnish Role:
NBI identified Finnish locations of skimming devices.
Provided data for cross-border tracking of suspects.
Outcome:
Several arrests and prosecution of Finnish perpetrators.
Hundreds of thousands of euros recovered from criminal accounts.
Significance: Demonstrates joint cross-border law enforcement and evidence sharing.
Case 6: Trickbot Botnet (2020–2021)
Background: Trickbot was a botnet targeting European banks with malware.
Finnish Involvement:
NBI participated in disabling servers and command infrastructure within Finland.
Europol Coordination:
Europol provided technical support for network shutdown and evidence collection.
Outcome:
Reduction in Trickbot attacks on Finnish businesses.
Coordination enabled prosecutions across multiple jurisdictions.
Significance: Shows the technical and legal synergy between national police and Europol.
Case 7: COVID-19 Fraud Phishing Networks (2020)
Background: Pandemic-related phishing attacks targeted Finnish citizens and EU relief funds.
Finnish Action:
Rapid identification of fraudulent websites and emails.
Europol Cooperation:
Shared indicators of compromise (IoCs) with member states.
Outcome:
Multiple arrests in Finland and cross-border takedowns.
Enhanced public awareness campaigns based on Europol intelligence.
Significance: Demonstrates real-time operational support and cybersecurity intelligence sharing.
4. Key Legal and Operational Principles
Cross-border investigations require legal coordination:
Finnish prosecutors use MLATs and Europol channels for international evidence gathering.
Early intelligence sharing is critical:
Threats like ransomware or botnets require rapid alerts and mitigation.
Joint operations combine technical, forensic, and legal expertise:
Europol provides digital forensics, while Finnish NBI leads local prosecutions.
Cybercrime prosecutions rely on EU Directives:
Directive 2013/40/EU on attacks against information systems is implemented in Finland.
Effective prosecution requires integrated databases:
Europol’s SIENA platform facilitates secure communication of evidence and operational data.
5. Summary Table of Cases
| Case | Cybercrime Type | Finnish Role | Europol Role | Outcome / Significance |
|---|---|---|---|---|
| Operation Avalanche (2016) | Malware / Phishing | Identify Finnish victims | Coordinated multi-country takedown | 40 arrests; Finnish banking attacks blocked |
| Finnish Cryptojacking (2018–19) | Cryptocurrency malware | Local arrests, wallet seizure | Joint investigation, intelligence sharing | €500,000 seized; arrests in EU |
| CSAM Network (2017) | Child exploitation | Identify Finnish users, prosecute | Multi-country intelligence | Finnish convictions; network dismantled |
| WannaCry (2017) | Ransomware | Early warning & mitigation | Malware analysis & threat sharing | Finnish infrastructure protected |
| ATM Skimming (Operation EMMA, 2019) | Fraud / skimming | Identify devices & perpetrators | EU-wide tracking & coordination | Arrests; €100,000+ recovered |
| Trickbot Botnet (2020–21) | Banking malware | Disable Finnish servers | Technical & operational support | Reduced attacks; coordinated prosecutions |
| COVID-19 Phishing (2020) | Fraud / phishing | Rapid detection & arrests | Real-time IoC sharing | Arrests & public awareness campaigns |
6. Key Takeaways
Finland relies heavily on Europol for cross-border cybercrime operations.
Legal frameworks and EU Directives facilitate prosecution of crimes that span jurisdictions.
Operational cooperation includes technical support, intelligence sharing, and joint investigations.
Timely and effective legal processes ensure successful prosecution in Finland.
Cases demonstrate that prevention, mitigation, and prosecution all benefit from international cooperation.
RELATED Blog
comments