By Albena Spasova
Gordon Brown, the British prime minister, will soon announce a new UK national cyber security centre to combat growing attacks on computer systems within government departments and big business. His initiative follows an earlier move by US President Barack Obama to appoint a “cyber czar.”
Britain has been holding talks with the US and Canada to co-ordinate operations against cyber attacks by foreign powers, terrorists and criminals. But there is growing evidence of the need for a truly pan-European response, including by the UK, to what is a rapidly accelerating threat across the whole of the EU – and to its businesses and 500 million citizens.
Organised criminal groups are using the Internet to attack a large number of European citizens and businesses for huge gains. But the widely different jurisdictions and legal systems in the EU make it almost impossible for law enforcement agencies and the judiciary to successfully investigate and prosecute a pan-European criminal case. That’s what has come home to me after taking part in the prosecution of more than 400 criminal cases.
The focus at the EU policy-making level is on protecting what is called critical information infrastructure. But what policy-makers also need to do is find mechanisms to address organised cybercrime in Europe. It’s so easy to move from one country to another and there are certainly no borders on the Internet but there are borders when it comes to judicial co-operation.
The EU is having a large penetration of high speed broad band connections – a top priority for Viviane Reding, the EU information society and media commissioner. Unfortunately besides the great opportunity Internet offers in our daily life and business it is used as well for illegal gains. And we need to find solutions to make it difficult for fraudsters to use the Internet to commit crimes – to defraud businesses and citizens to download illegal content, to move funds illegally etc.
Ms Reding is also pressing the EU to appoint its own cyber czar but primarily to combat attacks on infrastructure such as in Estonia, Lithuania and Georgia in the past two years. This was the main topic of a cyber warfare conference this month in Tallinn, the Estonian capital, where EU ministers initially discussed it in late April.
But it’s clear that gaps in judicial co-operation in Europe are creating a paradise for the bad guys to use the Internet and commit fraud. It’s also clear that the majority of cyber threats in Europe are not related to cyber warfare but to cyber fraud, a much bigger and more widespread phenomenon – and growing exponentially.
A typical example of a fraudulent scheme would look like this: fraudster X masterminds a criminal ring in, say, Italy organising cross-border phishing (sending spoof emails) attacks from several EU countries that target financial institutions and e-commerce globally. By recruiting online “money mules” in other countries to move the money from one jurisdiction to another and paying them a small fee X creams the bulk of the huge profits. Fraudsters are even creating their own ISPs (internet service providers) to use the IPs (internet protocols) for their criminal activities.
But there’s an extraordinary lack of data on the scale of cybercrime in the EU and not even a unified system for reporting it. Europol is setting up a European platform for reporting crime but officials admit that the 27 EU member states are under no obligation to provide them with information and they have no precise data on either the scale or the cost of cybercrime in Europe.
What we know is that available statistics show that cybercrime costs $1 trillion worldwide each year. An April 2009 study 1 by internet security firm McAfee shows that data theft and other online offences have robbed global businesses of that staggering amount. But Europe’s share is unknown.
Online credit card fraud alone cost the UK £223.8m in 2007, according to online identity protection company Garlik. This type of phishing is rising, with information about cards representing 32% of data illegally available online in 2008 – up from 21% in 2007, according to internet security firm Symantec. And this is just the tip of the iceberg. We need cross-border co-operation in Europe to fight a borderless crime that puts at risk the benefits of a digital society and economy.
Albena Spasova is a Bulgarian lawyer and strategy advisor based in Brussels