With more than 600 negotiations to his credit, Geert Baudewijns, CEO of Secutec, has established himself among the most recognized cybernegotiators in the world.
JDN. Every year, a secret meeting between cybernegotiators from around the world is organized. Who is behind it?
Geert Baudewijns. To explain it, allow me a little detour. When cybernegotiators negotiate a ransom for ransomware victims, they must ensure that the payment they make does not support a terrorist group. To do this, they must carry out what is called a “sanctions check” with one of the three organizations responsible for this verification in the world. Among these, we can cite Digital asset redemption (DAR), with which I work. These organizations therefore have the capacity to invite all the listed cybernegotiators to very confidential meetings.
For my part, I go every year to the meeting organized by the DAR. It usually takes place in North America or Europe, which is where the majority of cybernegotiators are located. It could be in San Francisco, Miami or in a large European city very close to Paris, but I won’t say more. This annual meeting lasts one day and concludes with a very pleasant dinner attended by guests other than cybernegotiators.
Who are the other guests?
Generally, around ten people who come from intelligence services and police agencies like Interpol and Europol also join us. Sponsors are also present. These are often cybersecurity companies, insurance companies, etc. Cybercriminals could also join in, posing as cybernegotiators using “sanctions checks”. But this is unlikely because only professional cybernegotiators, who practice negotiation at least once or twice a week, are admitted to this meeting.
What are you talking about in this secret meeting?
I can’t say everything, because I don’t have the right to do so. But above all, these meetings allow information to be shared between cybernegotiators, secret services and police organizations on emerging cybercrime trends. Throughout the year, each of us works alone in our own corner. This meeting therefore allows us to update our knowledge and benefit from enriching feedback from colleagues. Together, we discuss the new cybercriminal groups that we faced during the year, their origin, the errors they make during negotiations to better identify their weak points, the amounts paid, etc. We also share this data with the Interpol and Europol agents present, who enrich it with their observations.
This day is also a moment of conviviality thanks to which we distance ourselves from our profession. We share original anecdotes. For example, I surprised my colleagues by telling them the response of a cybercriminal when I asked him what he planned to do with the money. He told me he was going to buy a horse. This surprised them so much that each of them then gave their own original anecdote.
How does this network serve you throughout the year?
With agents of intelligence services, Interpol or Europol, we sometimes continue to exchange information on cybercriminal groups. They also sometimes ask me to keynote at events. I also established close relationships with certain colleagues.
We also all have access to a very secure communication platform created by organizations that validate the “sanctions check”. Thanks to this platform, we can continue to communicate and organize what we call “combo deals”. When the same cybercriminal group targets several organizations simultaneously, we use this platform to appoint a negotiator responsible for leading a joint negotiation in order to obtain a reduction in the ransom for all victims.
