European officials highlight private sector help in major cybercrime takedowns

SAN FRANCISCO — Private sector partners got a special shoutout in a panel of top European cyber law enforcement officials Wednesday as they discussed industry involvement in major takedowns of cybercrime groups.

At RSAC Conference, Dutch National Police cybercrime director Stan Dujif, UK National Crime Agency cyber crime unit lead Paul Foster, and Germany’s Bundeskriminalamt cyber division head Carsten Meywirth all acknowledged industry’s role in takedowns of cybercriminals’ digital infrastructure and the arrests of those allegedly involved in hacking schemes.

Just days before the U.S. and international partners went after LockBit — a prolific ransomware group — Foster said that private sector partners were brought in to be briefed about the forthcoming takedown. Industry was especially helpful in affirming that the takedown was legitimate so other criminal hackers couldn’t fill the void. 

“So much of the amplification narrative came from private partners, rather than just law enforcement,” Foster said.

Private sector partners also estimated how long any law enforcement action would keep the notorious Scattered Spider group suppressed before it was able to reconstitute. Last July, arrests of alleged criminal gang operatives commenced. Paul said that estimates came in at six weeks and the true number ended up being five weeks.

Cybercrime is unique in the cybersecurity world because, unlike nation-state intelligence services, criminal hackers can operate across jurisdictions and rely on commercial infrastructure, often leaving a trail that private cybersecurity firms can track and help disrupt.

Industry involvement was designed as part of Operation Endgame, an ongoing international law enforcement initiative led by Europol and others that launched in May 2024 to dismantle critical criminal hacker infrastructure, said Maywirth.

“Nowadays for us, it is quite normal to integrate private partners as well in the operations. We proved that, and we had a very good success from those corporations,” he said. 

The private sector often partakes in “covert” investigation support phases where they identify digital infrastructure for law enforcement to take down, Maywirth added.

And about two weeks ago, European officials and private company representatives came together in Germany to discuss strategy and approaches for takedowns and disruptions of hackers’ infrastructure, Maywirth said.

The discussions underscore how modern cybercrime responses increasingly hinge on collaboration between law enforcement and the private sector, with industry playing a hands-on role in tracking, disrupting and sometimes helping dismantle criminal operations, rather than just supplying intelligence.

“If we look at the intelligence job that we have to do, we would like to understand, really, how the kill chain of cybercrime is working,” Dujif said. “So we need information from our colleagues, from law enforcement agencies, but also from the private sector to understand … what’s the most impactful intervention we can take?”