Skip to main content

tv   HAR Dtalk  BBC News  May 17, 2017 12:30am-1:00am BST

12:30 am
tried to get the fbi to drop an investigation into one of his aides. the new york times claims the president asked the fbi directorjames comey to drop the investigation in february. mr comey was subsequently sacked. after north korea's latest missile test, the un security council has been meeting in closed session. the us wants it to tighten sanctions against pyongyang. and this video is trending on bbc.com — researchers at aukland university in new zealand think that performing the haka may help maoris keep dementia at bay. they say older maoris tend to play a substantial role in the ritual, keeping them mentally and physically agile. that's all from me now. stay with bbc world news. now won bbc news it is time for hardtalk. welcome to hardtalk. i'm stephen sackur.
12:31 am
in every aspect of our public and private life we have become dependent on the power of the internet and computing. that makes us vulnerable to those who would do us harm. you need proof? well, look at the world—wide spread of the ransomware known as wannacry, which shut down vital computer systems in businesses, in public institutions, around the world. my guess is rob wainwright, head of the european police agency, europol. are the cyber—crooks several steps ahead of the cyber cops? hardtalk theme music. rob wainwright, welcome to hardtalk.
12:32 am
thank you. for the last few days you have been somewhat preoccupied with wannacry, this ransomware which has spread across the world. how seriously should we be taking it? well, it is one of around 200 high—profile investigations europol is helping to co—ordinate around the globe against cyber crime and including that there has been this trend of this growing threat from ra nsomwa re over the last couple of years, but we have never seen anything on this scale, spreading across 150 countries or more, over 200,000 victims. it is a unique characteristic of combining a ransomware with a wormlike function, which explains why it's spreading around the world. it's a step up in cyber crime activity. another very stark warning to many sectors that we have to take cybersecurity seriously. we have been aware of it for 48—72 hours, you and your team have been working on it extensively since then. but you just used the present tense — you just said "it is still spreading" —
12:33 am
is it still spreading? we saw over the weekend, certainly it was spreading quite quickly. as we started the working week, some new infections, you know, in the tens of thousands, in parts of asia, in russia, but not that in europe. and i think what that shows is that those responsible for information security in companies have heeded our warning that we put out very strongly over the weekend, that they should patch their systems if they're still sitting on vulnerabilities, so that when the working week begins again they don't fall victim to it. and i think it has been a very good exercise in public—private partnership to get that message out. you've got a cyber—crime team, i think you call it ec3, you've got some, you know, really top quality computer experts on the case, so where is it from? we do not know yet, actually. a lot of the focus of the attention by national agencies across the world have been really about disaster recovery, threat mitigation, at this stage. we are starting to piece together
12:34 am
some of the malware samples around this and we are helping many of the authorities around the world through the taskforce that exists at our cyber—crime centre now to look at what this looks like. it is interesting, i'm going to talk to you a lot in this interview about co—ordination and intelligence sharing across europe but how about globally? are you talking to the americans, the china, the russians? we know the russians have been very badly hit by this. so how much global co—ordination is there? well, the global co—ordination is absolutely needed. our focus at europol, understandably, is on protecting the european space. to do that we have a huge tra ns—atla ntic engagement. so the americans are with us, the fbi, on cyber, on fighting terrorism. many other us federal agencies... i specifically asked you about the russians advisedly because... (crosstalk). ..discussion about russia being a cyber threat but on this occasion it is, i think, fair to say it looks pretty clear this was not originated in russia. are you working closely with the russians to try to find out who did it? we do not know where it originated
12:35 am
and in answer to your question, no, we are not working closely with china or russia... because you do not trust them? no, our relationship with them is not the same as it is with the united states, for reasons i'm sure your viewers will understand. there are other organizations like interpol that are helping to do that but it is true, that is the landscape that we are working with across the internet space. there isn't a single government's architecture, there isn't a single view about how to deal with cyber crime. vladimir putin has gone on the record over the last 2a hours as saying he believes this is something that originated in the united states and he's pointed a finger at the us government. what we do know is that microsoft — and we know that this malware, this ransomware attacks windows operating systems, particularly the older ones like xp — microsoft say that, as far as they are concerned, this malware or at least the information behind the malware, was actually developed by the us nsa, national security agency, and they were then hacked by the people who've propagated this as ransomware. can you confirm that is what you understand happened? no, i have no independent
12:36 am
evidence of that at all. but i have seen what microsoft have said, seen what vladimir putin has said as well. we have no independent confirmation of that. what we see is a massive exploitation of a flaw in the microsoft operating system by the criminal groups. the question is, who developed that flaw? that is my question as well and we're still looking at that. you have just told me what close ties you have with us sister agencies so you would know whether the nsa was indeed responsible for storing knowledge about the vulnerabilities in some windows microsoft operating systems. we are still working with many federal agencies, including the fbi, to get to the bottom of this. today, i can't answer that question because we don't know for sure. if i'm going to say something like that, i better know my facts, and i don't yet. are you telling me you can't tell me or you...because it seems surprising to me you do not know,
12:37 am
you've had days working on this now. we have had about 48 hours during a period of which our focus has been on stopping the spreading of this into other public services, for example. the investigation is a high priority but it will take some time before we get to the bottom of this. let me ask you a slightly different point, which again comes from brad smith, the chief legal officer at microsoft said, he said "state security agencies spent a lot of time actually working out the vulnerabilities of our operating systems but they do not tell us what they discover and they do not tell us what knowledge they are storing about flaws in our systems and it is about time to come clean about this, not least with us." has he got a point? to be honest, and i am sorry to dodge the question, you really should be asking the intelligence agencies about that. they have a job to do, of course, as well, to protect our national security as well. myjob is to help police agencies around the world do something about cyber—criminal actors, not state—sponsored actors,
12:38 am
and i'm very clear about that. they can be both, can't they? state sponsored actors can be criminals. there is a blurring of the lines, absolutely, but our primary focus is on those that are in this business for illicit commercial gain, and that's what we're focussed on at europol. let's move on, if that is the limit what you can tell me right now about what's happening to your investigation into the ransomware that we have just seen spread around the world. let's look a little wider at cyber crime. there are people around the world who look at the scale of it at the moment and its origins and they point the finger particularly at russia. at europol are you prepared to echo what has been set in the us, what's been said by the head of the national cyber security centre at gchq in the uk, both of which institutions say russia is responsible for a huge surge in cyber crime activity? we see cyber—criminal actors
12:39 am
originating from almost every country in the world but we do see a large proportion of them coming from russian speaking places. not only russia itself. that doesn't mean it's the cyber—crime capital of the world but there are a number of regions of concern for us. the russian—speaking world is one of them. and we are working, of course, where we can, with international police agencies top combat that. you made an interesting distinction just a minute ago between state—sponsored cyber attacks and criminal cyber attacks but i come back to this point that you can often describe state—sponsored activities as criminal. i suppose case in point would be the allegations the americans made about russian cyber meddling in their election. hacking into the democratic party emails, for example. same allegation emerged in the macron campaign, in france. the germans are now saying that they are braced for russian activity in their election too.
12:40 am
is this something that you, particularly in france and germany, are actively looking at? no, it is not. i made it very clear i'm working against cyber—criminal actors. in this case there seems to be concern of possible state—sponsored activity against the national security interests of those countries and so the security intelligence agencies of those countries are quite properly leading those investigations. i am much more concerned with the billion—dollar ransomware industry that has grown up in the last two years which is propagated by cyber criminal groups by the multibillion—dollar hacking attempts on the global banking system by very sophisticated cyber crime groups as well, developing ever more sophisticated banking trojans and by many other aspects of the way in which internet technology has transformed the criminal underworld to be something much more dangerous than it has been. tell me whether you think important institutions,
12:41 am
both private and public — let's talk about the private sector if we're talking about outright criminality, whether they have made anything like the right sort of protective measures and actions to safeguard themselves from what you describe as the surge of cyber criminality? it depends on which sector you're talking about. for the banking sector which has been in the firing line of most cyber attacks in recent years, they have learnt through painful lessons that they should take this as a top level executive responsibility and so they have committed to the right kind of investment, to the right kind of strategic framework and they are still in the firing line and they're still getting caught but their protection is much higher and that is why you saw over the weekend of this ransomware attack, there were very few banks in europe, if any, were caught up in it because their defences were quite high. in other sectors, including public services like the health sector, that is not the same case and i think there is a learning lesson here. many of them are still using windows xp, which is many, many years old.
12:42 am
yes, and very often, we paint this picture of cyber—criminals being these futuristic geeks that can hit us anywhere at any time. they prey on the fact that we have vulnerabilities that we do not fix, that we make stupid digital hygiene mistakes, and they recycle old cyber tools time and time again to catch us out. a lot of this is around awareness about getting the basics right. and that is 80% of the problem. how is your digital hygiene at europol? well, um, i think it is strong. you had to think about that. i mean, that is slightly alarming in its own way, not least because you are an agency that is trying to persuade 28 european member states to trust you and trust each other in terms of co—ordination, intelligence sharing, particularly data sharing and i am just wondering whether, over all these fine words, your hygiene, as you put it, in this field of data collection storage is as good as it could be. i think it is. i did pause and that's because i will be honest, there is no organisation in this
12:43 am
world, public or private, that can get the threat down to zero because of the nature of the cyber—criminal activity depends on the highest possible technological advances, making sure that all your staff members are suitably aware of the threat and so on. for the moment we have had no breaches that are of concern to us. i think our defences are very, very strong. we take best—practice reading from the uk and other governments so i think it is strong but i am not going to say we're absolutely impenetrable, no. do you think governments have tried to cut corners because they cannot afford or won't afford the investment it takes to seriously upgrade their cyber defences. i do not think in the end it is about money, it is about leadership responsibility. it does not take a lot of money to get systems off xp. it doesn't take a lot of money to patch older systems. it takes actually a recognition this is a top—line executive responsibility, put in place a security framework, make sure you're getting the basics right, reach out to law enforcement and so on.
12:44 am
there are institutions, like the national cyber security centre in the uk, that give very good advice. follow that and that is 80%—90%... patently many public institutions in the uk have not been following that, ijust wonder why you think that is? it is frustrating, frankly, because in the health sector there have been multiple ransomware attacks in the united states and europe for the last two years, long before wannacry came along. and so the lessons should have been heeded by now. i think there are complexities to the it systems in the health sector which i understand is not difficult to work around, i understand that, but in the end, this is really about taking executive responsibility and sorting this out in the way that most global banks have began to do in many respects. do you think europol is capable of keeping up with the constant evolution and development of more sophisticated criminal, whether private or state—sponsored, criminal activity on the internet?
12:45 am
it's a challenge every day because we see the way in which the internet helps to conceal the identity and communication of the offenders, particularly on the dark net. we see these wonderful technological advances coming out of silicone valley and elsewhere which is fabulous for society, we all know that. but of course, being exploited by ever more enterprising criminals and to a certain extent, terrorists. we are in this difficult challenge, i have to say. but that is why yielding international partnerships are so important. is the gap between what you can do realistically to police the internet and you just talked about the dark web and i would like to talk about that some more, the gap between what you can do and what the bad guys are certainly right not able to do, is it getting wider? there is a gap of course, because we are working within legal constraints, of course we are, and they're not. that said, we have the power
12:46 am
of leveraging, if we do our work properly, the combined resources of some of the best investigators around the world, not to mention some of the wonderful partnerships we have with the private sector. if we can get that right and exercise that kind of interconnection between those different communities, we have a lot of power and we are beginning to show that. a lot of power but whatever kind of torch you've got, there are places you can't shine it. i'm quoting yourself, when you said of the dark web, it has become "a huge underground criminal environment." you talk about the ways in which people, terrorists or straightforward criminals, can buy a british passport via the dark web, untraceable, for 750 british pounds, about 850 us dollars. you can't keep up, that's the problem. well, we find it particularly difficult to do that, i will be honest with you, particularly on the dark web. it is transforming the nature of how criminal markets function. it has changed the way
12:47 am
in which drugs are bought and sold in an illicit way because it protects the identity of the buyer and seller. in 2013, we found one major crypto market on the dark web. today it is more like 20. selling something like 100,000 different listings of drugs and other illicit commodities. it is growing and it is very difficult for us to track it. we have had a number of successes, most recently regarding a major child sexual exploitation network that was working on the dark net. we are evolving our techniques as well. but yes, we are in a race with those guys. is there anything you can see that governments can do collectively to close down this criminalised dark net or dark web? it's difficult to legislate against the dark net. not least to mention, there is a good part of it that is used for good purposes around the world. those people living in some countries that are trying to exercise freedom of speech, for example. it is difficult to ban the dark net.
12:48 am
i certainly wouldn't be in favour of that. we need to make sure that those responsible for our public security, the police services, have a better forensic capability to investigate this. this means especially having better partnerships with the tech sector. are you a fan of governments, and am thinking of the british government in the wake of the recent horrible westminster terror attack, are you a fan of governments that say, as a result of what we learn about the way terrorists communicate, trying to use, as they do, encrypted communications, which are offered to them very easily now via apps like whatsapp. the politicians‘ response is, we need to make sure the people behind those services give us a "state back door" into their system so that when required we can survey people,even on these supposedly encrypted systems. are you a fan of that? i'm not sure the british government
12:49 am
asked for a back door but they do express some frustration that apps like that do not allow the security authorities, in the most urgent of situations, to monitor the communications of potential terrorists. it's very frustrating that we have a legislative technical means by which under lawful supervision, we can intercept a telephone call between two people but we cannot intercept their whatsapp messages. the same two people planning the same terrorist attack. so there is an inconsistency in the way in which we've legislated. so you want total surveillance? no, i don't want that, absolutely not. i want to balance security and privacy but i want to give police investigators around the world, under the right kind of proportionate control and supervision, the right means by which to protect our public from acts of terrorism. but isn't the problem that the public don't trust state—sponsored organisations,
12:50 am
people, frankly, such as yourself, to actually find the right balance? it is too easy for state actors such as yourself to use what you might portray as a one—off right to turn it into something which it looks very much like 24—7 surveillance, electronically, of everybody, all the time. clearly, we need to avoid that. not only the impression of it, but we need to avoid that. it is clearly not a proportionate way to manage the delicate balance between privacy and security in our democratic societies. my concern is that there is an inconsistency in the balance between what we do in some parts of society and not in the other. it is about a targeted, proportionate response. very difficult to do in the internet because of the technological design of it. what are your relationships like with the bosses of the biggest, most successful infotech companies in the world? i'm asking because the boss of twitterjack dorsey, said this recently, "yeah,
12:51 am
of course the security services need to be able to keep people safe but these disproportionate powers they are now seeking are straight out of an 0rwellian nightmare and have no place in a democratic society." yes, well, he will take that view, i understand that. he comes from a different angle, i respect that. what i will say is that twitter is one of those companies we have an excellent partnership with in removing terrorist content online. europol is doing it through its internet referral unit without exercising any new legislative powers. it's actually a voluntary code of conduct between us, twitter, facebook and many other social media partners, over 50 of them in fact, that have helped us more aggressively take away this terrible daesh—related content in the online space. i applaud twitter for doing that.
12:52 am
not every social media company is doing that but most of the big ones are. it is an example of where sometimes, i think, public and private sector partners, even in this space, can come together and find their interests meeting in a way that supports the general public‘s good. before we end, i must ask you about something that has happened since we last spoke to each other, a year or more ago, and that is brexit. here you sit as the director of europol, as a brit. frankly, you're going to be the last british director of europol, that's quite obvious. you said to me when we spoke more than a year ago, fighting crime and terrorism in the uk will be more costly and much less effective if the country leaves the eu. are you still feeling that today? i still feel the uncertainty about what will happen, stephen. because what i certainly see in the ransomware events of the last few days, terrorist incidents we have seen, make the point even more strongly than what i was making a year ago. fighting crime and terrorism has become an international game. we need the closest possible collaboration in europe. the extent to which britain
12:53 am
will continue to have access to tools has become rather dependent on, and depends upon the outcome of the negotiations. that sounds somewhat like theresa may when she presented that article 50 letter to her colleagues in europe and the commission, saying this, "in security terms, a failure to reach an agreement would mean our co—operation in the fight against crime and terror would be weakened." many in europe saw that as a form of blackmail and you seem to be playing the same game. i'm absolutely not. and i didn't read that letter that way and i'm not sure most of those in brussels read it that way. she was simply stating the reality that, as i said, security co—operation in europe is very important to counter these growing cross—border threats. why on earth would britain, for a minute, think of reducing its co—operation, even if you couldn't get a deal on a trade agreement or anything else, why are you conflating and putting the two together? i'm not here to be the prime minister's spokesman but the way i read her letter, she was simply setting out her strategic objectives under the article 50 process
12:54 am
and she is quite rightly, in my view, putting security is one of those top line objectives alongside trade and others. simply stating the facts that this is in the common interest of the uk and the rest of the eu to get the right kind of security deal because of the way in which what it takes these days to fight terrorism. let me put it bluntly. who loses out more if britain cannot do a full—fledged security agreement with the 27 remaining members of the eu in the future? who loses out more, britain or the eu member states? this is not a zero sum game, this is about the collective security interests of europe and i think both sides understand that and we'll go into negotiations with that in mind. we have to end there. rob wainwright, thank you for being on hardtalk. hello there, good morning.
12:55 am
tuesday is probably going to be a day remembered for the high temperatures. looking outdoors, we had some blue skies at times here in lossiemouth, in scotland, and more blue skies and some more humid air here in kent. those two are significant, because in scotland it was the warmest day of the year so far, and with a temperature of 26 degrees at gravesend, the warmest day in the uk so far. but, in between this band of cloud, which didn't produce an awful lot of rain, but that cloud was beginning to give us a bit more rain today. and the warm air is going to get pushed ever so slowly away into the near continent. we are going to get into this cooler, fresher air, with sunshine and showers
12:56 am
over the next few days. a chilly start, though, for scotland and northern ireland this morning. one or two showers in the north—west, but by the morning, the rain more extensive across a large part of england and wales. now, through the day we will enjoy some sunshine in scotland and northern ireland, but we will enjoy some showers, some of them heavy, coming into the north—west. whereas, for a large part of england and wales, it is going to be cold and wet all day, with some warmth, though, before that rain really gets going in east anglia and the south—east. but temperatures will be a bit lower than they were on tuesday in scotland and northern ireland, and many eastern and southern parts of scotland staying dry, with some sunshine. but showers to the north—west and across northern ireland, and if you are stuck underneath this rain across a good part of northern england, wales, and the south—west, it really is going to feel quite cold. the rain is going to stick into the afternoon, but cold and wet all day through the midlands, central and southern england. ahead of the rain in east anglia and the south—east, it will be warm and humid. but once that rain arrives,
12:57 am
late afternoon and into the evening, it could be very heavy and thundery across the east midlands, east anglia and the south—east. the rain begins to clear away from areas further west. so that is the first soaking rain for the gardens we have had for some time towards the south—east, but could lead to some difficult travelling conditions. by thursday, it is all gone. we are into sunshine and showers. most of the showers out to the west, some heavy ones. it may well be a dry day across east anglia and the south—east. that is where we are seeing the highest temperatures, but they are tending to slip away. numbers are dropping, typically into the mid—teens. and sliding in from the atlantic, slowly but surely, we have this area of low pressure, which isjust going to amplify the showers into longer spells of rain for northern ireland and for western scotland, closer to the centre of the low. 0therwise, some sunshine and some showers scattered about, some of them still on the heavy side, and temperatures typically 14 or 15 degrees, not getting any warmer over the weekend. yes, there will be some sunshine at times, but some further heavy showers, and with clear skies at night, it will be on the chilly side.
12:58 am
i'm rico hizon in singapore, the headlines — the white house rejects claims that president trump asked the head of the fbi to end an investigation into possible links between a senior official and the kremlin. following north korea's latest missile test, the un security council meets behind closed doors — and the us vows to call out states backing pyongyang. i'm kasia madera in london — also in the programme. is the jailing of a top indonesian politician a sign of the country's growing religious intolerance? and ruined by rubbish — the south pacific island with more plastic waste than anywhere else in the world.
12:59 am
1:00 am

22 Views

info Stream Only

Uploaded by TV Archive on