NBIP logo

Crash course abuse mitigation during Capture the Red Flags

Events

On Wednesday 17 January 2024, the Capture the Red Flags event took place for the second time. After a first successful edition, organised by the Dutch Cloud Community, the second edition was organised by NBIP. The event took place in Utrecht with over 20 participants from the Dutch hosting and ISP sector, the Public Prosecution Service (OM) and the police. After a welcome speech by NBIP director Octavia de Weerdt, Andrew Silonero, policy advisor at the OM, explained the background to the game and how it works.

Illegal practices

Capture the Red Flags is a role-playing game developed by the Public Prosecution Service (OM). The game revolves around recognising deviant behaviour (red flags) among customers in the day-to-day operations of hosters. Participants in the game learn to empathise with the roles and responsibilities of hosters, police and the judiciary when a hoster’s customer is (potentially) engaged in illegal practices.

One of the reasons for developing this game was that the Netherlands’ excellent digital infrastructure brings a lot of good, but unfortunately also attracts ‘bad actors’. It is attractive for cybercriminals around the world to conduct their activities from the Netherlands because of its good connectivity and wide choice of hosting services. As a result, much cybercrime originates or is directed from servers located in the Netherlands. This causes reputational damage to the entire industry. Bona fide hosters therefore suffer because it is difficult for them to see what customers are doing on their systems. It is important for them to tackle abuse in a timely and adequate manner.

In the Netherlands, there is a unique public-private approach to this problem. Police and OM seek cooperation with the sector in fighting cybercrime. This regularly involves the deployment of resources based on specific (legal) powers, for example for Lawful Interception, Lawful Disclosure or, more drastic and in extreme cases, confiscation of equipment such as servers. The latter is obviously not a desirable situation from a hoster’s perspective, but at the same time it is also in the hoster’s interest that no abuse takes place in its network. Hoster, OM and police have shared interests in this respect. It helps enormously if they know from each other how they can tackle these kinds of cases together and work together effectively.

Race against the clock

So much for the theory. In day-to-day practice, it is important for all parties involved to make the right considerations at the right time. That, then, is exactly what Capture the Red Flags is about. From spotting a possible ‘bad actor’ when accepting a customer (how do you spot that?) to contributing to the eventual capture of a cyber criminal: during Capture the Red Flags, participants had to deal with all aspects.

Four teams of 5 or 6 participants from different backgrounds started the game under the watchful eye of a jury. A scenario was run through which various actions had to be taken and questions answered. In doing so, the role of the team changed from time to time: part of the scenario was run through as a host, other parts of the same scenario from the perspective of an investigative agency or the public prosecutor. The teams also had to solve the case in a race against the clock, which put extra pressure on the participants.

In-depth discussions

Despite the time pressure, the discussions on the steps to be taken sometimes went into great depth. What can and cannot be legally done in a situation where every second counts and where, for instance, data from a customer’s account has to be retrieved quickly? What about privacy and what is allowed by the law? Sometimes the most logical option turned out to be incorrect. At other times, the most obvious action did not seem legally permissible, but was. As a result, participants had to be constantly alert and draw from each other’s expertise to move forward in the case.

In the end, all teams solved the case, but the red team did so with the most expertise. Besides eternal glory, they also received a prize. The general mood after the game was that it had been an instructive afternoon, where it was very useful to approach this shared issue from different roles. It is therefore likely that there will be a follow-up to this event from NBIP, because the problem of abuse can only be combated quickly and effectively through close cooperation between the sector and the government.

News

NBIP NEXT 2025: Europe is on track to strengthen its digital resilience (but we are not there yet)
Events, News
DDoS attacks in Q3 2025
NaWas, News
How do you prepare for eEvidence?
News
NBIP publishes latest edition of the Annual Monitor
Reports

Wil je meer informatie of je abonneren op onze nieuwsbrief?

NBIP logo
NBIP NEXT
Platform- and supplier-independent Cloud with Haven

Thursday, 27 November – 1:50 p.m. – 2:30 p.m.

Haven is an open solution for platform- and supplier-independent Cloud services. Haven is a building block of the pGDI and the NDS. Haven offers agnostic configuration of Cloud technology and provides organisations with a feasible exit plan. Expect an inspiring story about the practice of ecosystem-driven collaboration, in which we use the power of digitisation for the benefit of society.

Highlights:

  • Haven+
  • Ecosystem-driven collaboration
  • Platform- and supplier-independent cloud services
  • Data sovereignty

About Jacco Brouwer

Jacco Brouwer works for the Association of Netherlands Municipalities as Cloud Policy Coordinator and represents municipal interests in the NDS implementation programme on Cloud. From the Innovation Knowledge Centre at VNG, Jacco is the initiator of the public Incubator GROEI, through which VNG guides municipal collaboration and innovations based on a start-up philosophy in scaling up to broad and collective use among municipalities and fellow authorities.

Jacqueline van de Werken is bijna 10 jaar actief als global general counsel bij Leaseweb, na een loopbaan in de advocatuur en actief te zijn geweest in legal & regulatory affairs bij buitenlandse telecom/ datacom aanbieders.

Sinds enige tijd is Jacqueline ook board member & secretaris van brancheorganisatie Dutch Cloud Community. Als president/chair bij Cloud Infrastructure Service Providers Europe richt ze zich ook op het behartigen van regulatory belangen van de IAAS cloud sector.

Woensdag 26 november 

Van vrijwillig naar verplicht: de nieuwe werkelijkheid van regelgeving voor providers

Interactieve sessie

11:15 – 12:00 uur

Ir. Bas Dunnebier EngD

Bas Dunnebier is Chief Science and Technology Officer (CSTO) bij de Algemene Inlichtingen- en Veiligheidsdienst (AIVD). De CSTO speelt in op de kansen en uitdagingen die technologische en wetenschappelijke innovatie met zich meebrengen, onder meer voor de offensieve en defensieve taken van de dienst.

Eerder vervulde Dunnebier verschillende andere functies binnen de AIVD, waaronder die van hoofd Unit Weerbaarheid. Hij heeft daardoor een brede expertise ontwikkeld op het gebied van (cyber)weerbaarheid, inlichtingen, en technologieën zoals AI, quantum en cryptologie. Hij studeerde Toegepaste Wiskunde aan de Universiteit Twente, en Informatie- en Communicatietechnologie aan de Technische Universiteit Eindhoven. Voordat Dunnebier bij de AIVD kwam werken, werkte hij onder meer bij Thales, TNO en Technolution.

Het huidige dreigingsbeeld volgens de AIVD: wat nu te doen?

Woensdag 26 november 
14:00 – 14:35
Parkzaal: Wet- en Weerbaarheid

During his presentation, Dr. Alberto P. Martí will provide an update on the European IPCEI Cloud Infrastructure and Services (CIS) project.

Thursday, 27 November

3:00 p.m. – 3:45 p.m.

Parkzaal: Towards digital autonomy

During NBIP NEXT, René will share more about the implementation of the eEvidence legislation that will come into force for internet service providers on 18 August 2026.

Wednesday 26 November

3:00 p.m. – 3:35 p.m.

Parkzaal: Track Law & Resilience

During NBIP NEXT, Johan will give a presentation as part of the DDoS Mitigation track on how to use a WAF to mitigate layer 7 attacks.

Wednesday, 26 November
1:15 p.m. – 1:50 p.m.
Fonteinzaal: Collaborative DDoS mitigation track (ENGLISH)

Dr. Cristina Caffarra is one of the driving forces behind EuroStack. This movement, which has the ear of politicians and policymakers in Europe, is campaigning for more investment in European technology, based on the belief that this is the only path to digital autonomy.

Caffarra is a competition expert and knows the world of big tech companies from the inside. She has made important contributions to competition investigations into mergers and antitrust cases for the European Commission. Caffarra does not mince her words and tells it like it is: we must work together to give shape to European digital autonomy as quickly as possible. At NBIP NEXT, she will share her vision during an inspiring keynote speech, followed by an opportunity for discussion.

Thursday 27 November
1:15 p.m. – 1:50 p.m.
Parkzaal: Towards digital autonomy