Originally from Glengormley, Neil Walsh is head of the United Nations global programme on cyber crime based in Vienna. He tells Deborah McAleese about fighting terrorism with the FBI, hunting international drug dealers and saving children from being abused online.
QHow does a guy from Glengormley end up running the United Nations global programme on cyber crime?
AI haven't a clue. I still ask myself that every day. I went to school at St Malachy's College on the Antrim Road in Belfast. I always thought about becoming a doctor but I didn't get the A-level grades for medicine. My back-up was criminology and psychology. I went off to university at Teesside and that's what I studied.
QWhere did that interest come from?
AOne day when I was 11 a bomb went off in Belfast's High Street. I was with my dad. We were lucky, the way the blast went we were fine. Other people weren't. People were lying dead, cops were hurt. That's when I started thinking about getting into policing, law enforcement and intelligence and stuff like that. I had always been curious about crime and offender profiling and psychological profiling.
QDid you ever think about joining the police?
AI did. When I was at university I applied to join the Met but I had slipped a disk when I was 15 so I was ruled out medically. So I applied for other posts in Government and got offered a job in the National Criminal Intelligence Service (which is now the National Crime Agency). It had a national remit for intelligence on organised crime. While there I worked as an intelligence analyst doing organised crime work out of central and southern Europe, so mainly (cocaine) coming into Spain and Portugal, up towards the UK. I was doing analysis of that. Then September 11 happened and I was really lucky to get the opportunity to go and work in the United States on the joint terrorism taskforce with the FBI.
QYou worked with the FBI? What was your role there?
ADoing counter-terrorism links. I was investigating UK links to that and potential terrorism links. There was so much crime, organised crime and terrorism that hadn't been focused on before 9/11. There wasn't really the recognition of the threat that existed. It was the game changer for everybody. We really started looking at what the threat was, how it emerged and what needed to be done about it. So I was involved in looking at the trafficking of weapons, the trafficking of surface-to-air missiles, looking at grey market weapons, trying to work out where these things were being moved to, who is using them and where they are going to be used.
It is a very different area of work from traditional organised crime because it links crime and terrorism. You may have people who, as corrupt weapons brokers, aren't terrorists in a typical sense of it but they are supplying the terrorist. Or more importantly, they don't care who they are supplying to.
QSo how long were you with the FBI?
AOn and off from 2002 to 2004. At the time I was also studying for a master's in criminal investigations. I spent another eight years doing counter-terrorism work.
I then started doing anti-corruption work, looking at corruption within my own organisation and working with other police forces in the UK where there was a corruption link.
QYou have provided some assistance to the PSNI haven't you?
AI was based at Europol at the time in The Hague. We received some intelligence that was linked to a drug trafficking group in Northern Ireland. The case is still live so I can't go into details. But by some of the analytical resources I had, and just being from here, I saw some intelligence that linked to a drug trafficker who had a plane ticket bought using a link to an address that had a BT postcode. It's not often you see a Northern Ireland postcode coming up in an international drugs operation. So I referred that back to Soco who then put me in touch with PSNI's Organised Crime Branch. I had a phone conversation with Detective Chief Inspector Dougie Grant (of the PSNI's cyber crime team) and we realised that he had an investigation that was based here in Northern Ireland and I had intelligence on an investigation in another EU country and the South American link to it. So through my job I was able to fund him and his team coming over to The Hague to meet with the investigators from the other EU country and for my agency to take him to South America and link investigations together. Doing that you can identify targets of choice.
QWhat do you mean by targets of choice?
ARather than arresting a drugs trafficker coming off a plane, you want to look at the best time to take someone out so you have a total disruptive effect on an organised crime group. Arresting the low-level people moving sums of money around never gets you close to disruption.
But if you get to the point where you have a joint investigation between a number of countries then you are at the point where you can decide "everybody, tomorrow morning we are hitting this, this and this".
That gives you asset recovery capability. Just because you may have someone who takes drugs in Northern Ireland or sex trafficking, the links back to that are global.
QDo you miss counter-terrorism work?
ANo, there's still a terrorism link to what I do now. In the UN Office on drugs and crime, where I'm based, we have an organised crime branch that I am one of the senior leaders of and then there is the terrorism prevention branch as well, which looks much more at preventing terrorism through legislation and training and capacity building. That's what I do as well.
In the past I did a lot of work which involved counter-terrorism online - terrorists operating online from the al-Qaida, IS/Daesh side of things. That is still very much present. Cyber-enabled crime sits across all facets of terrorism and organised crime. A lot of people think when we talk about cyber crime it is geeks sitting behind computers doing stuff. It's not. You have cyber criminals operating as a service where they all service other organised crime groups and other terrorists to help them do what they are doing.
QWhat sort of things do these criminals do?
ASay you want to move a load of drugs from Colombia to the EU. One way of doing that may be to physically hide that on a ship. But then you have to hide that box of drugs electronically as to where it is hidden on the ship, so you have a cyber criminal who is employed to hide that on a server of a port control system so that the villains can take it off when it arrives without anyone seeing it was ever there. Terrorists using cyber criminality is a big way of doing their business. You have recruitment of foreign fighters online through social media. You've got the social media aspect when there is a suicide attack.
For instance, the IS attack in France strayed out online from friendly news services for terrorist groups. My programme now is about developing capability with digital evidence collection in developing countries as well as developing their investigative powers.
QSome of the countries you work with would have very little cyber capability?
ASome have nothing. We are lucky in the UK. For at least 15 years, if not more, we have had some form of cyber capability and we are in a good space to fight that. But we still need more resources put behind it. But if you are dealing with a country that literally has no concept of it whatsoever - I was delivering training in eastern Africa earlier in the year for Ethiopian and Tanzanian judges and they said: "Well, we don't have child abuse here in our country, there is no online child abuse". Within a few minutes I was able to show online that yes, you do. So if you are raising a cultural awareness to something that "doesn't exist" then they probably don't have legislation to tackle it. The key thing we are about is to raise awareness, build a capability and then mentor that response.
QWhat is the biggest cyber threat to the general public?
AI think ransomware attack is one of the biggest threats for the general public and also for business. That is when cyber criminals send a target payload - be it an email, a file within an email, a word document, a PDF document - to you in a way where they try to socially engineer you to open it. So it could be something saying "here is your bill". If you're not paying attention, the moment you click on it then critical files on your system get encrypted.
So you might have your photos and music encrypted or it actually encrypts the operating system on your computer so it is dead. Your computer screen simply says: "Your computer is locked. If you want it unlocked you have to pay with bitcoin (a virtual currency) by 23 hours time." If you don't do that they destroy your encryption key. You are being held to ransom. It is no different to a physical kidnap where someone takes you and holds you to ransom until someone pays for you. They have taken your data hostage, your files hostage. So, as a member of the public, it might be photos of your kids. If you own a small business and they have taken your business offline it is a massive financial risk. Then it comes to the decision. Do you pay them? Do you not? It is preventable. Back up your data.
QWe keep hearing stories about children and young people falling victim to cyber crime, like revenge porn.
AThere is a website www.thinkuknow.co.uk that has resources for kids from the age of three. When you look at revenge porn, it is a big problem. We have to get kids to understand: you wouldn't take your clothes off in a room or on the street so why are you taking that risk doing it over the phone?
QCyber crime is so fast-paced. How can you keep ahead of it?
AThe UN has a remit for dealing with serious organised crime through the United Nations Office on Drugs and Crime, my agency. We are based in Vienna but are globally present. We look at building capacity. We go to member states which don't have capacity in a certain area and we help them to do that. So we provide technical assistance, that might be implementing a piece of legislation, conducting an investigation or an education prevention awareness programme.
QYour programme is based in places like El Salvador, Guatemala, countries in east Africa and cities such as Bangkok. Why these places?
AThese are areas of significant risk to cyber crime. If you have an economy with a low amount of money but everybody has a 3G or 4G phone or a computer, they can make themselves quite vulnerable to being exploited. We also identified that a number of these countries didn't have any counter online child sexual exploitation knowledge or equipment. So through my programme we funded a national cyber crime unit in El Salvador. In the past two years alone we have had 285 cyber crime cases in El Salvador. That's from a country that would have had nothing beforehand. We trained the cops, the investigators and the judges.
QWhat sort of education work are you doing in these countries?
AWe teach kids, their parents and their faith groups how to be safe online, how to recognise a computer-based threat like sextortion. We had a case in El Salvador last year where a 14-year-old girl had formed a relationship with what she thought was a boy in her area. She was groomed through an online game. That's very common. Photos were being sent back and forth. It got to the point the 'sextorter' got her to send naked photos of herself. He then came back and said: "Give me money... if you don't give me money this is going to your parents or your Facebook account." That did happen. He went to the mother's work email account. Thankfully she did something about it and went to the prosecutor in El Salvador. They took the report, saw the evidence, started an investigation. Very quickly, through the resource we had given them, they were able to identify the IP address, identify the bill payer, where he was based. They went around to his house. He was a man in his 40s, living with his mum and his own kids. He was doing the same to 53 female victims in his town.
QIt is frightening to think that your child could be being abused while sitting in the same room as you.
AEducation and prevention is so important, not just for kids but also the parents. When I think back to when I was a kid my parents always knew where I was. I wasn't allowed to go past a certain part of the street. But if you are sitting in a room now, we see so many cases of kids being abused online while mum and dad are sitting on the sofa.
Thankfully, I am now in a position where we are helping keep people safe. When I get home I can actually sit back and know that there have been 300 investigations in a country this year that had nothing before, where kids are safe because of that.
It feels good to be able to think that what we are doing now is keeping people safe.