Cybercrime:Cybercrime:

New Threat and Global ResponseNew Threat and Global Response

Department on New Challenges and Threats

Сhernukhin Ernest

First Secretary – MFA Russia

Expert Group on Cybercrime

Vienna, 17-21 January 2011

What are the recent developments?What are the recent developments?

((Documents Documents ))

19 United Nations Commission on Crime 19 United Nations Commission on Crime

Prevention and Criminal Justice (CCPCJ) Prevention and Criminal Justice (CCPCJ)

ResolutionResolution on on CybercrimeCybercrime ((Vienna, 12Vienna, 12--19 19

May 2010)May 2010)

12 United Nations Congress on Crime 12 United Nations Congress on Crime

Prevention and Criminal Justice ResolutionPrevention and Criminal Justice Resolution

on on CybercrimeCybercrime ((Brazil, 12Brazil, 12--19 April 2010)19 April 2010)

UN CounterUN Counter--Terrorism Implementation Task Terrorism Implementation Task

Force Report Force Report ““On the use of Internet for On the use of Internet for

Terrorist PurposesTerrorist Purposes”” (New(New--York, February York, February

2009)2009)

What are the recent developments?What are the recent developments?

((Documents Documents ))

International Narcotics Control Board International Narcotics Control Board

(INCB) Recommendations (INCB) Recommendations oon Internet n Internet

misuse in illegal drug traffickingmisuse in illegal drug trafficking

(Vienna, 26 November 2008)(Vienna, 26 November 2008)

Draft International Telecommunication

Union Toolkit for Cybercrime legislation

(Geneva, 2007)

Draft International Telecommunication Draft International Telecommunication

Union Toolkit fUnion Toolkit foorr CybercrimeCybercrime legislation legislation

((Geneva, 2007)Geneva, 2007)

International Telecommunication Union

Agenda on Global Cybersecurity

(Geneva, 16 November 2007)

International Telecommunication Union International Telecommunication Union

Agenda on Global CybersecurityAgenda on Global Cybersecurity

(Geneva, 16 November 2007)(Geneva, 16 November 2007)

What are the recent developments?What are the recent developments?

(Events)(Events)

12 United Nations Congress on Crime Prevention and 12 United Nations Congress on Crime Prevention and

Criminal Justice Criminal Justice ((Brazil, 12Brazil, 12--19 April 2010)19 April 2010)

The OSCE expert workshop on CybersecurityThe OSCE expert workshop on Cybersecurity

(Vienna, 17(Vienna, 17--18 March 2009)18 March 2009)

The Council of Europe The Council of Europe ““Octopus InterfaceOctopus Interface””

Conference on Conference on ““ Cooperation against CybercrimeCooperation against Cybercrime””

(Strasbourg, 23(Strasbourg, 23--26 March 2010)26 March 2010)

19 United Nations Session on Crime Prevention and 19 United Nations Session on Crime Prevention and

Criminal Justice Criminal Justice ((Vienna, 12Vienna, 12--19 May 2010)19 May 2010)

What are the challenges of cybercrime?What are the challenges of cybercrime?

� Uncertainty of extent (absence of reliable information about

the extent of the problem and financial losses, as well as about

arrests, prosecutions and convictions)

� Uncertainty of extent (absence of reliable information about

the extent of the problem and financial losses, as well as about

arrests, prosecutions and convictions)

�Transnational dimension (difficulties for investigating)�Transnational dimension (difficulties for investigating)

� Differences in national legal approaches (preventing safe

havens for criminals – a key aspect of preventing cybercrime)

� Differences in national legal approaches (preventing safe

havens for criminals – a key aspect of preventing cybercrime)

� Organized crime (use of IT by traditional organized

criminal groups and organized crime groups focusing on

committing cybercrime)

� Organized crime (use of IT by traditional organized

criminal groups and organized crime groups focusing on

committing cybercrime)

What is the response to cybercrime?What is the response to cybercrime?

� Legislation

Due to limited reach of existing regional legal instruments

there is necessity at the global level to harmonize

legislation on cybercrime

� Law enforcement

Depends on the availability of investigation tools like

forensic software, management software or databases

� Capacity-building

Cybercrime is an issue not only for developed countries,

but also for developing countries

� Training

Important to provide training to law enforcement officers,

prosecutors and judges

What are the new high-tech forms of

committing cybercrime?

� “Phishing”

� “Botnet attacks”

� Digital piracy

� Malicious spreading of viruses

� Attacks of criminal groups on critical

information infrastructure

� Hacking

Web serverWeb server

BOTBOT--netnetBBОТОТ--netnet

BOTBOT--netnet

DDoSDDoS--attattааck scheme onck scheme on InternetInternet--serverserver

Use of computer networks by cybercriminals Use of computer networks by cybercriminals

and cyberterroristsand cyberterrorists

ComputerComputer

as a as a targettarget

ComputerComputer

as a as a tooltool

Why do terrorists turn to cyberattacks?Why do terrorists turn to cyberattacks?

To instill fear and shape public opinion with only small teams To instill fear and shape public opinion with only small teams

and minimal fundsand minimal funds

To be far away, making borders and other physical barriers To be far away, making borders and other physical barriers

irrelevantirrelevant

To cloak their true identities and locations, choosing to To cloak their true identities and locations, choosing to

remain anonymous or pretending to be someone elseremain anonymous or pretending to be someone else

To amplify the effect of other attacksTo amplify the effect of other attacks

What Are Their Aims?What Are Their Aims?

To spread havoc and cause enough harm to generate fear To spread havoc and cause enough harm to generate fear

To inflict death to a large scaleTo inflict death to a large scale

To cause mass destructionTo cause mass destruction

To compel a government or an international organisation to To compel a government or an international organisation to

do or to abstain from doing any actdo or to abstain from doing any act

CYBERTERRORISMCYBERTERRORISM

-- intentional use or threat of use of electronic information

systems for the perpetration of terrorist acts inspired by

certain motives (e.g., political, ideological or religious)

with the aim to cause death or serious bodily injury,

serious material damage, create a state of fear, compel a

government or an international organization to do or to

abstain from doing any act.

How Do They Achieve Their Aims?How Do They Achieve Their Aims?

Remotely disrupt the information technology underlying the Remotely disrupt the information technology underlying the

Internet, government computer networks, critical civilian Internet, government computer networks, critical civilian

systems such as financial networks or mass media; or systems such as financial networks or mass media; or

telephone switching equipmenttelephone switching equipment

Use computer networks to take over machines that control Use computer networks to take over machines that control

traffic lights, power plants, or dams in order to wreak havoc traffic lights, power plants, or dams in order to wreak havoc

Destroy the banks files by using anything from logic bombs to Destroy the banks files by using anything from logic bombs to

electromagnetic pulses and highelectromagnetic pulses and high--emission radio frequency emission radio frequency

gunsguns

Block emergency communications or cutting off electricity or Block emergency communications or cutting off electricity or

waterwater

How Do They Achieve Their Aims?How Do They Achieve Their Aims?

Remotely hijack control systems, with potentially dire Remotely hijack control systems, with potentially dire

consequences: breaching dams, colliding airplanesconsequences: breaching dams, colliding airplanes

Hack into a hospital computer system and changing Hack into a hospital computer system and changing

someone's medicine prescription to a lethalsomeone's medicine prescription to a lethal ddosage osage

Identify and recruit potential members of terrorist groups, Identify and recruit potential members of terrorist groups,

collect and transfer funds, organize terrorist acts, as well as collect and transfer funds, organize terrorist acts, as well as

to incite terrorist actions, including through the use of to incite terrorist actions, including through the use of

propaganda; shutting down the power grid propaganda; shutting down the power grid

What Will We Have in The Nearest Future?

Next generation of terroristsNext generation of terrorists

More powerful and easyMore powerful and easy--toto--use hacking tools at their disposal use hacking tools at their disposal

Greater potential for cyberterrorism than the terrorists of Greater potential for cyberterrorism than the terrorists of

today today

Greater level of knowledge and skill relating to hacking Greater level of knowledge and skill relating to hacking

What Sectors of Critical Infrastructure Are What Sectors of Critical Infrastructure Are

Potentially Vulnerable to Cyberterrorist Attacks?Potentially Vulnerable to Cyberterrorist Attacks?

energyenergyinformation, communication information, communication

technologies, ICTtechnologies, ICTwater water

food food health health financial public and legal public and legal

order and safetyorder and safety

civil civil

administration administration transport

space and space and

researchresearch

chemical and nuclear

industry

What legal basis do we have today? What legal basis do we have today?

Council of Europe Convention on CybercrimeCouncil of Europe Convention on CybercrimeCouncil of Europe Convention on CybercrimeCouncil of Europe Convention on CybercrimeCouncil of Europe Convention on CybercrimeCouncil of Europe Convention on CybercrimeCouncil of Europe Convention on CybercrimeCouncil of Europe Convention on Cybercrimemost important international legal instrument aimed at most important international legal instrument aimed at most important international legal instrument aimed at most important international legal instrument aimed at most important international legal instrument aimed at most important international legal instrument aimed at most important international legal instrument aimed at most important international legal instrument aimed at

combating crime against computer securitycombating crime against computer securitycombating crime against computer securitycombating crime against computer securitycombating crime against computer securitycombating crime against computer securitycombating crime against computer securitycombating crime against computer security

Council of Europe Convention on CybercrimeCouncil of Europe Convention on CybercrimeCouncil of Europe Convention on CybercrimeCouncil of Europe Convention on CybercrimeCouncil of Europe Convention on CybercrimeCouncil of Europe Convention on CybercrimeCouncil of Europe Convention on CybercrimeCouncil of Europe Convention on Cybercrimeone of the first attempts to codify the rules for combating one of the first attempts to codify the rules for combating one of the first attempts to codify the rules for combating one of the first attempts to codify the rules for combating one of the first attempts to codify the rules for combating one of the first attempts to codify the rules for combating one of the first attempts to codify the rules for combating one of the first attempts to codify the rules for combating

cybercrime, which is an especially dangerous cybercrime, which is an especially dangerous cybercrime, which is an especially dangerous cybercrime, which is an especially dangerous cybercrime, which is an especially dangerous cybercrime, which is an especially dangerous cybercrime, which is an especially dangerous cybercrime, which is an especially dangerous phenomenon owing to its scale and consequences for phenomenon owing to its scale and consequences for phenomenon owing to its scale and consequences for phenomenon owing to its scale and consequences for phenomenon owing to its scale and consequences for phenomenon owing to its scale and consequences for phenomenon owing to its scale and consequences for phenomenon owing to its scale and consequences for

national and international securitynational and international securitynational and international securitynational and international securitynational and international securitynational and international securitynational and international securitynational and international security

Is Convention enough to

respond effectively to the new

dynamic challenges in the

computer sphere?

NONO

-- The notions of cybercrime and cyberterrorism have not been The notions of cybercrime and cyberterrorism have not been

codified yet, and its components, in their entirety, have not codified yet, and its components, in their entirety, have not

been criminalized at the international levelbeen criminalized at the international level

-- There is no definition of terrorist intentions, without which There is no definition of terrorist intentions, without which

criminal sanctions would hardly commensurate with the criminal sanctions would hardly commensurate with the

terrorist threat of this criminal actterrorist threat of this criminal act

-- Convention on Cybercrime does not provide any systematic Convention on Cybercrime does not provide any systematic

response to the new challenge of cyberterrorismresponse to the new challenge of cyberterrorism

-- Convention on Cybercrime does not provide any systematic Convention on Cybercrime does not provide any systematic

response to the new trends of cybercrimeresponse to the new trends of cybercrime

-- Convention on Cybercrime does not incorporate provisions Convention on Cybercrime does not incorporate provisions

excluding fully impunity of a person, who has committed an excluding fully impunity of a person, who has committed an

illegal actillegal act

-- Responses to the threat of cyberterrorism could not be Responses to the threat of cyberterrorism could not be

found through the combined application of the Council of found through the combined application of the Council of

Europe conventions on Cybercrime (2001) and on the Europe conventions on Cybercrime (2001) and on the

Prevention of Terrorism (2005)Prevention of Terrorism (2005)

What Can We Suggest to Fill This Gap?What Can We Suggest to Fill This Gap?

First, to encourage the First, to encourage the international community to international community to

establish a comprehensive international legal establish a comprehensive international legal

instrument against the use of cyberspace by instrument against the use of cyberspace by

terrorists, including through closing everywhere the terrorists, including through closing everywhere the

moving webmoving web--sites of international terrorist groupssites of international terrorist groups, ,

criminalize cyberterrorismcriminalize cyberterrorism

Second, to work with other countries, Second, to work with other countries,

international groups, international groups, private sectorprivate sector to develop to develop

comprehensive and global plans for addressing comprehensive and global plans for addressing

the complex and challenging legal issues raised the complex and challenging legal issues raised

by unlawful conduct in the cyberspaceby unlawful conduct in the cyberspace

What could be the possible structure of

the UN Convention on cybercrime?

• Preamble

• I. General provisions

• II. Preventive measures on cybercrime

• III. Criminalization, incl. establishing of jurisdiction

and prosecution

• IV. Law enforcement

• V. International cooperation

• VI. Technical assistance and information exchange

• VII. Mechanisms for implementation

What is the purpose of the UN

Convention on Cybercrime?

• Promote and strengthen measures to prevent

and combat cybercrime more efficiently and

effectively

• Promote, facilitate and support international

cooperation and technical assistance in the

providing of an adequate response to all

criminal challenges in the computer sphere

What could be the scope of application

of the UN Convention on Cybercrime?

• This Convention shall apply, to the prevention,

investigation and prosecution of:

• criminal attempt on the computer systems and

databases; and

• using the computer systems or databases with the

intent to commit criminal offence, incl. covering

such offences established in accordance with the

UN counter terrorism and drug Conventions, as

well as UNCATOC.

Obligatory incorporated

provisions

• Fix the fundamental principle of the protection of

the state sovereignty (for example based on the

article 4, pp. 1 and 2 of the UNCAC)

• confirm the principle “aut dedere aut judicare”

with a view to bring an alleged offender to justice

• confirm the rule “excluding fully impunity of a

person, who has committed an illegal act”

• Stress the importance of state-business partnership

by elaborating the codes of conduct for private

sector

Obligatory incorporated

provisions

• Apply innovative mechanisms – “24/7

Network” – to respond effectively and more

flexible to the new dynamic challenges of

cyberthreat

Pending issues

• Asset recovery

• Cyberterrorism

• Using the provisions of the Convention on

cybercrime of COE (for example Chapters

I and II)

Thank youThank you