Bjorn Clevers, Head of the Cybercrime Team at the Federal Judicial Police West Flanders in Belgium, brings over two decades of law enforcement experience and a tactical mindset to the digital front lines. Since co-founding a local computer crime unit in 2018, he has focused on combining technical expertise with operational strategy to combat ransomware, crypto scams, and complex cyber threats. In this interview, Bjorn shares how his team is adapting to fast-evolving threats, why first responders need crypto awareness, and how public–private collaboration can make or break a case.

1. With over two decades in law enforcement and a specialization in cybercrime since 2018, how has your investigative philosophy evolved—especially when combining technical and tactical approaches to cybercrime?

That’s a great question to start with. In the past there was little attention paid to the tactical side of cyber-related crime. Once an IT system was involved, the case was usually considered a purely technical investigation that was passed on to the computer crime unit of the Federal Police. We didn’t have many tactical investigators with an appetite for IT crime, those investigations weren’t considered “trendy” enough.

In 2018, when I co-founded the computer crime unit in my former local police force, I decided to prioritise the tactical approach rather than focus solely on forensics as other units did. That allowed us to better understand how cybercriminals operate, which infrastructure they use, and how they launder money. I also learned the value of international law-enforcement cooperation and of working with the private sector — the latter was new for us, because we were not used to share investigative information with private partners.

We don’t all need to be network specialists, software engineers, or computer scientists. Equally important is understanding how a cybercriminal thinks, how to shape an operational action plan, knowing the relevant legislation, and having an analytical mindset to link and correlate data.

If we truly want to successfully investigate cyber-related crimes, tactical and technical investigators must work in tandem — as a strong chain. We should be convinced that “tactics meet techniques”, combined with public-private cooperation, is the way forward.

2.Your team focuses on high-impact threats like ransomware, crypto scams, and BEC fraud. Which of these do you see as the most urgent and why—and how are Belgian authorities adapting to stay ahead?

It’s hard to choose one above the others, as they all have a major impact on victims and society. However, if I have to choose, I would say crypto investment scams. Based on interviews we conducted with victims over the past few years, we learned that the majority have lost all their savings and even their faith in humanity. These scams lead to a capital outflow of hundreds of millions, which is not being invested in the local economy, and can affect generations, as the “family fortune” cannot be passed on to the next generation. This is also the only form of crime I have encountered in my career that causes such severe psychological harm to victims, including several cases of attempted suicide.

Based on the number of cases and the financial losses, I believe that crypto scams generate the second-largest criminal revenue after drug trafficking.

It’s hard to stay ahead, definitely in a fast-moving world like crypto, with the rise of artificial intelligence and the cross-border nature of these crimes. Nevertheless, Belgian authorities are convinced that we need to raise awareness and prevention, invest in training and specialized tools for blockchain forensics, and implement dedicated cybercrime teams within law enforcement.

Cyber-related crimes are also included as a priority in both the Framework Note on Integrated Security and the National Security Plan in Belgium.

3. You co-authored and teach a basic cryptocurrency course for first responders. What essential knowledge do you think every frontline officer should have today when encountering crypto-related evidence or activity?

With our training, we aim to raise awareness about what crypto assets are, that they are here to stay, and that they are no longer a niche. Our goal is to provide first responders with a “toolkit” so they know how to identify crypto traces in the evidence collected from the victim. Identifying these traces is the most important step for them. Based on these traces, they should be able to perform basic initial analyses to determine whether there are opportunities to recover the lost funds. Following these steps saves a lot of time for the crypto investigator who may eventually take over the case.

First responders need to have a basic understanding of crypto, be able to identify a crypto address, wallet, or transaction, and perhaps most importantly, be convinced that these are not dead ends, but in fact opportunities for the case.

4. You’ve built a track record in uncovering crypto investment scams. What patterns or red flags do you most often see—and how can the public and financial institutions become more resilient to these schemes?

Well, one of the first and most important red flags is the “celebrity” promoting huge gains through investment brokers you have never heard of. Secondly, all these scams typically start with a small amount, around €250, followed by almost daily calls from an account manager. If you think about it, you should realize that this way of operating would be far too costly for legitimate companies.

Other red flags include the recent registered domain names the suspects use, the fact that they take control of your computer or phone via remote access tools, requests to open new bank accounts with online banks, and platforms that change every three months.

All of these practices are completely at odds with how traditional banks or investment firms operate.

Financial institutions are already doing a lot to monitor suspicious transactions, but I believe they should implement additional verification steps when transactions deviate from a client’s normal behavior. While it is not their nature to freeze transactions, it could be beneficial to temporarily freeze suspicious transactions, giving the bank time to check with their clients and alert them if they are potentially in contact with scammers. This requires extra effort from the bank, but if the money leaves the system, the bank also incurs a loss.

Additionally, there should be more cooperation between banks and crypto-asset service providers to identify suspicious patterns, such as funds coming from multiple banks being withdrawn in crypto to the same wallets.

From a public perspective, we need to raise awareness through large-scale campaigns during prime time on TV, in popular newspapers (both digital and print), and on social media.

But the victims also bear a responsibility: if something seems too good to be true, it most likely isn’t! 

5. You’re known for advocating strong public–private cooperation. Can you share a recent example where collaboration with industry partners significantly impacted a cybercrime case or prevention effort?

Not long ago, we were notified of a live ransomware attack on critical infrastructure. Based on our initial investigative steps, we contacted a cloud hosting provider to obtain information about an account that was used during the attack. Although this was not a Belgian company, it immediately provided the requested information following a subpoena from the public prosecutor.

Based on these results, the account—which also appears to have been used in other successful ransomware attacks—was frozen within 24 hours. Additionally, we were able to freeze a crypto wallet containing a significant amount of funds within a few days.

We have a few of these nice examples, but unfortunately there can still be made huge steps in the public-private cooperation. Far too often, we have to wait weeks or even months before receiving necessary information from private partners. Needless to say, this is undermining an effective approach of cyber related crimes. 

I think the most important aspect of public-private cooperation is that there must be mutual trust and a clear understanding of how both parties operate.