top of page

Criminal Networks in EU Ports: Risks and Challenges for Law Enforcement

Focus on the misappropriation of container reference codes in the ports of Antwerp, Hamburg, and Rotterdam

Organized crime is constantly evolving its methods to try to avoid detection. This is especially true for the movement of illegal shipments; drugs, counterfeits, and other illicit goods are constantly being uncovered and intercepted by law enforcement in unexpected places. One key avenue for the movement of illicit goods is through Europe’s ports, where organized criminal networks attempt to hide their cargo amongst legitimate shipments within the EU free trade area.

According to our experience, establishing an advanced and holistic cyber security environment, an employee reliance check, supply chain security management, and Artificial Intelligence based cameras and control system are the first necessary steps to reduce the risks.


In 2018, law enforcement authorities of the port of Rotterdam detected a new MO used by criminal networks involved in the trafficking of illicit goods: the misappropriation of container reference codes. As a result, the port of Antwerp was also affected. Based on the analysis, Antwerp and Rotterdam port authorities estimate that this MO has trafficked hundreds of tonnes of drugs through their ports.

To tackle this problem and enhance the EU approach to the trafficking of illicit goods in ports, the Security Steering Committee of the ports of Antwerp, Hamburg/Bremerhaven, and Rotterdam, together with Europol, agreed to draft a joint analysis report assessing the threat of infiltration of port infrastructure by organized crime in the EU.

This joint analysis describes and assesses criminal networks’ infiltration in EU ports in general, as well as their activities and modus operandi – including how they use vulnerabilities in port security and maritime shipping procedures to organize the trafficking of illicit goods.

The report highlights drug trafficking using containers and the MO to extract illicit goods from the ports.

The focus is on the situation in the ports of Antwerp, Hamburg, and Rotterdam, where the MO of misappropriation of container reference codes (so-called PIN code fraud) illustrates how criminal networks exploit the loopholes in port and logistic procedures.

The ultimate objectives of the report are to raise awareness among private and public authorities, to encourage EU-wide information exchange, and to provide recommendations to develop a European approach.

The report analyzes the strategic and operational information from law enforcement authorities participating in the Security Steering Committee of Antwerp, Hamburg/Bremerhaven, and Rotterdam ports.

It is also informed by the information collected throughout EU Member States’ investigations and the findings of the EU Serious and Organized Crime Threat Assessment (EU SOCTA) 2021. This is complemented with information from recent Europol reports, from EU Member States and Europol Third Partners, and open sources.

The report's key points

EU ports are critical infrastructures that facilitate the transportation of goods across the continent and ensure the smooth functioning of the European market.

While most of the trade run through EU ports is legitimate, ports are also exploited for moving illegal goods into the EU. As a result, they are vulnerable to infiltration by criminal networks. In addition, the sheer volume of containers (over 90 million) handled each year, and the low percentage (between 2 and 10 %) that can be physically inspected make detecting illicit goods extremely challenging.

With many public and private actors having access to port infrastructure and port information, opportunities for infiltration and facilitation of illicit shipments are manifold.

Criminal networks arrange the infiltration of ports and coordinate local networks of corrupted port insiders to organize the passage of containers containing illicit goods into the EU. For this, they rely on worldwide networks of cells with trusted members or use dedicated service providers. They work in a targeted way by analyzing insider data to select container shipments less likely to be inspected and organized by logistics companies with access to corrupted actors.

Among the various methods to extract illicit goods from ports, misappropriated container reference codes (or so-called PIN code fraud) have recently gained traction among criminal networks.

This modus operandi (MO) has mainly been detected in the container ports of Antwerp and Rotterdam and allows for inconspicuous criminal operations. At least 200 tonnes of cocaine have been trafficked through these ports using this MO in the last years. Relying largely on two factors – a corrupted logistics company employee to provide the reference code and a driver to pick up the container with the reference code – there is no need for physical presence within the port area.

The MO of misappropriation of container reference codes reflects how criminal networks continuously look for loopholes in port procedures and gaps in security.

One of the most effective measures to close loopholes/gaps in the logistics process is the principle of access to data and data systems on a need-to-know basis. Logistics companies limiting access to container reference codes have proven to be an effective solution against this MO.

Other preventive measures to be taken by ports and port-related actors include logging and traceability of database access to sensitive data, warning systems to detect irregularities, and increased checks of truck driver credentials at the terminals to strengthen container release procedures.

Closing one loophole will likely steer criminal networks to other opportunities. Besides shifts to other MO for extraction, criminal networks may divert their operations to secondary EU ports with less stringent security measures in place.

The development of the EU project to link 328 ports, including secondary ports, to the comprehensive Trans-European Transport Network by 2030 could reinforce this trend.

Corruption is the key enabler for criminal infiltration of ports. The logistical processes carried out in ports entail participation from various actors that can be targeted for corruption, all providing targets for corruption.

This includes port workers and personnel of shipping companies, freight forwarders/shipping agents, importers, transport companies, terminals, security companies, law enforcement, and customs. Bribery fees may reach hundreds of thousands of euros. The highest fees are paid to essential links in the extraction chain, often crane operators, planners, or employees providing access to information via IT systems.

Coordinators of extraction teams receive between 7 to 15 % of the value of the illicit load.

As a side effect of the criminal operations in ports and the rivalry it entails, violence often spills out of major transportation hubs onto the streets of surrounding cities, where competition for distribution occurs. This has already resulted in the victimization of innocent bystanders.

International information exchange on the criminal networks’ activities in ports with Europol and amongst EU Member States should be further enhanced. To combat criminal networks in the international context in which they operate – and tackle the high-value targets behind them – timely international information exchange is indispensable.

An adequate response against the misappropriation of container reference codes and other MO for the extraction of drugs requires a Europe-wide approach, including a common approach to port security and closer cooperation with private partners.

Public-private partnerships can be platforms where port authorities, law enforcement and justice agencies, and private companies involved in port-related activities come together. These partnerships can offer the opportunity to exchange tactical and operational intelligence, identify vulnerabilities in port procedures on a European level, and promote and implement security measures to close the loopholes.


Many ports are expanding by adding capacity and speeding up the processing of containers. With higher levels of automation in ports and increasing digitalization of cargo handling procedures, adequate mitigation measures must be put in place by private and public partners.

Major ports are already looking to counter illicit goods trafficking with procedure changes and developing more secure database systems. They are looking into innovative technologies combining imaging and artificial intelligence to increase the screening rate of containers and goods.

As major EU ports increase security, secondary EU ports will likely become more attractive to criminal networks. Although the volume of containers passing through secondary EU ports is still small compared to the major EU ports, cocaine trafficking through secondary EU ports is increasingly being observed, likely due to less stringent security measures in place.

The development of the EU project to link 328 ports to the comprehensive Trans-European Transport Network (TEN-T) by 2030 could reinforce this trend.16 With stronger prevention and law enforcement measures in place inside the ports, other displacement effects have to be considered, such as a displacement of criminal network actions to locations outside the ports, e.g., violence against legitimate truck drivers unknowingly transporting containers with illicit goods or increased corruption, intimidation and violence against personnel working in import companies.

To combat international criminal networks and the high-value targets leading and coordinating their worldwide criminal activities, timely international information exchange of operational, tactical, and strategic information is crucial for a coordinated approach.

Through joint investigations, operational task forces (OTF), and EMPACT, EU law enforcement and justice authorities can take concerted action supported by Europol. The infiltration of ports by organized crime is a major threat to the legitimate economy and security of the EU.

A common Europe-wide approach with attention to regional aspects must be implemented in EU ports to tackle this threat since criminal networks continuously look for security loopholes, adapt their modus operandi, or switch from one port to another seeking more favorable conditions for their operations.

This requires strengthening ports’ resilience to infiltration and preventive and investigative actions. Furthermore, with the further modernization and expansion of many EU ports, continuous attention must be paid to integrating security features in port infrastructure design. This includes the development of legislative initiatives at the European level to streamline security measures in ports and implementing public partnerships to involve all port actors essential for tackling the infiltration of criminal networks in EU ports.

Implementing such measures at the European level will ensure a level playing field, avoiding competition at the cost of security.

Our Recommendations

According to our experience, to reduce risks, the first necessary steps are:

  • Establishing an advanced and holistic cyber security environment, including automatic fraud detection AI-based systems, 24/7 security operation center (SOC), and other relevant solutions

  • An employee reliance periodic check.

  • Supply chain security management.

  • Artificial Intelligence-based cameras and control systems.


bottom of page