U.S. Department
of Justice
Cyber & IP Europe
Background
The U.S. Transnational and High-Tech Crime Global Law Enforcement Network (GLEN) program is the result of a partnership between the U.S. Department of State’s Bureau of International Narcotics and Law Enforcement Affairs and the U.S. Department of Justice’s (DOJ) Computer Crime and Intellectual Property Section (CCIPS) and Office of Overseas Prosecutorial Development, Assistance and Training (OPDAT).
The GLEN is a worldwide law enforcement network of International Computer Hacking and Intellectual Property (ICHIP) attorney advisors, computer forensic analysts (Global Cyber Forensics Advisors or GCFAs), and federal law enforcement agents who together promote America first priorities by developing the ability of foreign law enforcement, prosecutorial, and judicial partners to combat intellectual property and cybercrime activity, as well as to assist in the collection and use of electronic evidence to combat all types of crime, including transnational organized crime. The ICHIPs also provides strategic guidance to key justice sector partners in the region to hold criminals fully accountable, particularly on those crimes with a U.S. nexus. The ICHIPs work closely with OPDAT and CCIPS headquarters staff and U.S. interagency partners to ensure lines of effort meet Departmental and U.S. Government objectives.
The objective of the GLEN is to protect Americans from criminal threats emanating from abroad by delivering targeted technical assistance to encourage both immediate improvements as well as long-term institutional change. This assistance includes skills development workshops, case-based mentoring, legislative review, and promoting institutional reform such as the formation of specialized units to address these criminal threats. The ICHIPs also encourage countries to join the Council of Europe’s Convention against Cybercrime (Budapest Convention), as well as the G7 24-7 High Tech Crimes Digital Evidence Sharing Network, an informal network that provides high-tech expert contacts to assist in preserving and sharing digital evidence.
Currently, ICHIPs are posted to regional positions in Africa (Tanzania and Ethiopia), Asia (Hong Kong S.A.R.; Malaysia; and IPR-focused part-time support from the DOJ Attaché in Thailand), Europe (Romania; Croatia; and Netherlands), and Western Hemisphere (Brazil and Panama). Two subject-matter expert ICHIPs—the ICHIP for Global Internet Fraud and Public Health (IFPH) and the ICHIP for Global Dark Web and Cryptocurrency (DWC)—as well as DOJ computer forensic analysts and law enforcement officials with intellectual property and cybercrime expertise, also form part of the GLEN.
IPR-Focused ICHIP
ICHIP Bucharest supports the needs in partner nations throughout Europe (Central and Eastern Europe and Central Asia) by assessing their ability to combat criminal activity in violation of intellectual property rights (IPR); designing and implementing technical assistance designed to improve their ability to enforce IP crime; assisting in developing or strengthening institutions dedicated to IPR enforcement; monitoring regional trends in IPR protection; and furnishing expert assistance in support of U.S. intellectual property in the region. The ICHIP also assists foreign partners with IPR-related legislative drafting and preparing country submissions for the U.S. Trade Representative’s annual Special 301 Report. Finally, the ICHIP acts as a liaison among foreign law enforcement partners, U.S. law enforcement, and American rightsholders, whose support is critical for IPR investigations and prosecutions that protect U.S. interests.
Cyber-Focused ICHIPs
ICHIP Hague and ICHIP Zagreb help to improve the ability of partners in Europe (Central and Eastern Europe and Central Asia) to combat transnational cybercrime and cyber-enabled crime by assessing the ability of law enforcement and prosecutorial and judicial authorities to detect, investigate, prosecute, and adjudicate cybercrime; providing technical assistance; assisting in developing or strengthening institutions dedicated to cybercrime enforcement; and monitoring regional cybercrime trends and providing expert assistance. They also review and comment on draft legislation that seeks to address cybercrime and related digital evidence issues. ICHIP Hague is also the Cybercrime Liaison Prosecutor at Eurojust, and in that capacity advances U.S. interests in multinational cybercrime investigations and disruptions by leading coordination between U.S. DOJ prosecution teams and prosecution teams from other countries represented at Eurojust and Europol.
Recent Cyber-Focused ICHIP Activities
- February 2025: With the international legal assistance of an ICHIP-mentored Estonian prosecutor, U.S. DOJ obtained convictions of two Estonian nationals as part of a $500 million cryptocurrency fraud scheme.
- January 2025: Two ICHIP-mentored Romanian prosecutors contributed to the multinational operation and Europol takedown of two of the largest cybercrime markets in the world, Cracked and Nulled. Annual revenue from sales on these sites totaled over $5 million and impacted over 17 million American victims.
- December 2024: ICHIP Hague assisted a U.S. DOJ prosecution team investigating the LockBit ransomware criminal organization with coordination with prosecution teams from multiple other countries. The coordination has spanned multiple years and resulted in the disruption of the organization’s infrastructure and the arrest and conviction of multiple individuals involved in the operation of the LockBit organization.
- December 2024: ICHIPs The Hague and Zagreb welcomed prosecutors and law enforcement from around the world to The Hague for the first meeting of the Global Cybercrime Disruption Initiative (GCDI). The GCDI is an ICHIP initiative leveraging the ICHIP network’s global reach for proactive law enforcement actions to disrupt cybercrime networks. GCDI members from Croatia, Poland, Romania, Argentina, Brazil, Costa Rica, Ghana, Nigeria, Kenya, Malaysia, Thailand, Singapore, and the Philippines discussed relevant cases and methods from recent years, as well as legal tools and frameworks.
- November & December 2024: ICHIP Zagreb and ICHIP DWC hosted the sixth in-person meeting of the U.S.-Eastern European Cryptocurrency Working Group (EECWG) in Opatija, Croatia, with participants from Bulgaria, Croatia, Czech Republic, Estonia, Latvia, Lithuania, North Macedonia, Poland, Romania, Serbia, Slovakia, and instructors from the FBI, NCET, and Chainalysis. In December, an EECWG member from North Macedonia reported a final conviction in a case for which ICHIP provided mentoring and the use of the Reactor license. This was a money laundering case where the target was a money mule in connection with a crypto-investment scam. €80,000 was confiscated. This is believed to be the first successful money laundering conviction involving crypto assets in the country. Police and prosecutors credit the success largely to ICHIP mentoring.
Recent IPR-Focused ICHIP Activities
- March 2025: ICHIP-mentored and trained Romanian economic crime police officers conducted a significant operation targeting pirated architecture and engineering software. Economic crime police officers executed 42 search warrants connected to this software piracy case with estimated damages of more than $800,000.
- February 2025: An ICHIP-mentored Romanian prosecutor secured an indictment against three defendants in a case involving illegal streaming of TV shows and movies from American content providers. The lead economic crime police officer involved in the investigation leading to this indictment benefited from ICHIP-led workshops, mentoring, and study visits that provided skills to the officer to advance the investigation into a chargeable case.
- November 2024: As a direct result of close collaboration between Europol and ICHIP Bucharest, Europol coordinated a takedown of one of the world’s largest illicit IPTV TCOs with involvement of law enforcement from Bulgaria, Croatia, France, Germany, Italy, Romania, and others. The investigation was two years in the making, as Croatian authorities reached out to an OPDAT-mentored Europol investigator at an ICHIP workshop in Split, Croatia in 2022. Two years later, the resulting international operation led to 11 arrests, 29 servers seized, and 100 domains taken down. Authorities also seized €1.6 million in cryptocurrency, and €40,000 in cash. ICHIP Bucharest’s longstanding relationship with Europol has helped facilitate better and more efficient law enforcement coordination as we work across borders to combat criminal networks involved in IP crime.
- November 2024: ICHIP-mentored and trained investigators from Bulgaria’s General Directorate for Combatting Organized Crime Cybercrime Unit disrupted operations of four illegal streaming websites hosting more than 32,000 copyright-infringing audiovisual works (many involving copyright protected works of American producers). Two of the four disrupted sites were on the list of the top six illegal streaming websites in Bulgaria for 2023.