16 Jul 2017

The social network botnet called Siren algorithmically created Twitter accounts and generated more than 8.5 million spam tweets. ZeroFOX, a company that discovered the botnet, believes this has been one of the largest spam campaigns on social media so far. The botnet used sophisticated techniques in order to deceive various anti-spam tools used by Twitter and Google. Siren gained over 30 million clicks from its victims. Although the links led to sites related to porn services they, reportedly, did not contain any malware.  Nevertheless this case demonstrates some weak points and vulnerabilities of new communication tools. Spammers have been increasingly re-focusing their vectors of attack shifting from email to other channels like social media and instant messengers. 

27 Jun 2017

A new ransomware, named Petya, spread around Ukraine, then Europe and the world, infecting and disabling Windows systems in various industries, from airports and shipping ports, to petrol and the financial industry, to supermarkets and law firms. According to Microsoft, the infection was identified in at least 65 countries, including Belgium, Brazil, Germany, Russia, and the USA. Petya is based on a code of a ransowmare developed in 2016, which locks the master boot records of the disk, effectively rendering the disc and computer dysfunctional until a ransom of USD$300 in Bitcoins is paid. Unlike its older version, the 2017 version – also dubbed ‘notPetya’ by some researchers – spreads like a worm through the infected systems (that is without a need for a user to activate it by opening an infected link or an attachment) by exploiting the same vulnerability that WannaCry did, and for which Microsoft issued a patch in March. NotPetya also uses a range of other tools, such as recovering administrator passwords on the infected systems and gaining top access privileges. While the malware has all the features of a ransomware, it appears the attackers have put relatively little effort in ensuring that payments are received, since there is only one Bitcoin wallet used for all the infected computers (which makes it easier to track and possibly locate the criminals when the funds are eventually withdrawn). In addition, the e-mail address offered for communication with the attackers was hosted on a public platform by German company Posteo, which immediately suspended it after the infection broke out. This is why some experts believe that the malware is not designed to make money, but to spread fast and cause damage, The Register reports.

22 Jun 2017

Google has proposed setting up a new policy framework of direct requests by countries to the US Internet industry to obtain digital evidences for serious crimes conducted in their jurisdictions. The framework would apply to countries that honour privacy, human rights and due process. According to Google, the US national legal framework, including the Electronic Communications Privacy Act (ECPA), should be adapted to base the requests of law enforcement authorities (LEA) on the location of the authority rather than of evidences. Google also considers the International Communications Privacy Act (ICPA) as a good base to allow US Congress to update laws governing digital evidences. Further, Google proposes countries to sign bilateral agreements with the US, creating a functional alternative to very lengthy diplomatic Mutual Legal Assistance Treaties (MLAT) process of acquiring digital evidences. According to a speech by Kent Walker, Google SVP & General Counsel, delivered at The Heritage Foundation in Washington, DC, non-existance of international legal framework for cross-border access to evidences, coupled with provisions of the existing US laws like ECPA, make it complicated for US-based Internet industry to provide timely assistance to countries. Currently, most LEA cooperation rely on MLATs, which can take almost a year to resolve a case. At the same time, Internet industry faces responses by governments to these challenges that are not in the interests of the industry: requests for localisation of personal data, and extraterritorial jurisdiction of courts over global business. The new framework is a proposed response by Google to such challenges.


Cybercrime is crime committed via the Internet and computer systems. One category of cybercrimes are those affecting the confidentiality, integrity and availability of data and computer systems; they include: unauthorised access to computer systems, illegal interception of data transmissions, data interference (damaging, deletion, deterioration, alteration of suppression of data), system interference (the  hindering without right of the functioning of a computer or other device), forgery, fraud, identity theft.  

Other types of cybercrimes are content-related, and involve the production, offering, distribution, procurement and possession of online content deemed as illegal according to national laws: online child sexual abuse material, material advocating a terrorist-related act, extremist material (material encouraging hate, violence or acts of terrorism), cyber-bullying (engaging in offensive, menacing or harassing behaviour through the use of technology).


Cybercrime is part of a broader cybersecurity approach, and is aimed ensuring Internet safety and security.

Cybercrime: Threats and attacks

The techniques used to facilitate the types of cybercrime that affect the confidentiality, integrity and availability of data and system are very diverse and more and more sophisticated. Some of the most widespread techniques include:

Malicious software: This includes viruses, spyware, and other unwanted software that is installed on computer and other devices without permission and performs unwanted tasks, often for the benefit of the attacker. These programs can damage devices, and can be used to steal personal information, monitor and control online activity, send spam and commit fraud, as well as infect other machines on the network. They also can make devices vulnerable to viruses and deliver unwanted or inappropriate online advertisements.

Viruses, trojan horses, adware, and spyware are all types of malware. A virus can replicate itself and spread to other devices, without the user being aware. Although some viruses are latent, most of them are intended to interfere with data or affect the performance of devices (reformatting the hard disk, using up computer memory, etc). A trojan horse is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on users, steal sensitive data, and gain backdoor access to users’ system. Adware collects marketing data and other information without the user's knowledge, or redirects search requests to certain advertising websites. Spyware monitors users, gathers information about them and transmits it to interested parties, without the use being aware. Types of information that is gathered can include: the websites visited, browser and system information, the computer IP address, as well as more sensitive information such as e-mail addresses, and passwords. Additionally, malware can cause browser hijacking, in which the user’s browser settings are modified without permission. The software may create desktop shortcuts, display advertising pop-ups, as well as replace existing home pages or search pages with other pages.

Botnets: Botnets are networks of hijacked personal computers that perform remotely commanded tasks without the knowledge of their owners. A computer is turned into a bot after being infected with specific type of malware which allows remote control. Botnets are used for a wide variety of crimes and attacks: distributing spam, extending malware infections to more computers, contributing to pay-per-click frauds, or identity theft. One of the most worrying uses of botnets is to perform distributed denial of service (DDoS) attacks.

Researchers and cybersecurity companies have warned that botnets are becoming the biggest Internet security threat, as they are increasing the effects of viruses and other malicious programs, raise information theft, and boost denial of service attacks.  As an illustration of the dimension of this threat, the Simda botnet, taken down in April 2015, affected computers in 190 countries and involved the use of 14 command-and-control servers in five countries.

Denial of service (DoS) attacks: These attacks involve flooding a computer or website with information, preventing them to function properly. These attacks are aimed to exhaust the resources available to a network, application or service, in order to prevent users from accessing them. They are more frequently targeted as businesses, rather than individuals. Distributed denial-of-service (DDoS) attacks are those attacks in which multiples compromised computers attack a single target.

A DoS attack does not usually result in the theft of information or other security loss, but it can cause financial or time loss to the affected organisation or individual, because of its effects (particular network services becoming unavailable, websites ceasing operation, targeted email accounts prevented from receiving legitimate emails, etc.)

Legal frameworks

Since cybercrime transcends borders, any legal framework needs to be common among countries and this requires improved international cooperation. This international cooperation may be bilateral, regional, continental, or universal.

Most bilateral agreements on law enforcement come by way of Mutual Legal Assistance Treaties (MLATs). This provides an effective tool for cross-border investigations and prosecution.

At regional level, various regional blocks have developed frameworks for their regions in cybercrime legislation. The Organization of American States (OAS) created a framework of guidelines to manage cybercrime as early as 1999. In 2009 the Economic Community of West African States (ECOWAS) adopted a directive on fighting cybercrime, and in 2011 the Common Market for Eastern and Southern Africa (COMESA) presented the Cybersecurity Draft Model Bill. In June 2014, the African Union adopted the Convention on Cybersecurity and Personal Data Protection.

Several international frameworks have already been created to fight cybercrime, the most prominent of which is the Council of Europe's Convention on Cybercrime, which contains provisions on types of offenses, procedural Laws and international cooperation among countries.

Combating cybercrime

The application of technical solutions to combat cybercrime has always been the preferred option for most cybersecurity experts. However, most law enforcement personnel are not equipped with the requisite technological knowledge while most cybercriminals are experts in computer technology. Various organisations, such as the United States Department of Justice and the International Telecommunication Union (ITU), have initiated capacity building programmes for developing countries in Africa, the Caribbean, and Pacific as well as other countries in legislative drafting and prosecution of cybercrime.

As measures to combat cybercrime continue to multiply, various organisations have established their individual structures for cybersecurity. It is not uncommon for private organisations to have their own in-house rules on the acceptable use of their networks and also to educate their clients or staff on the issues of cybercrime. Some groups of organisations have also set up Computer Emergency Response Teams (CERTs) to assist in the technical handling of cybercrime, especially those targeted at computer networks.

Several multinational organisations have also contributed to the fight against cybercrime. These organisations have a unique role as some of them control the infrastructure on which the Internet runs, and include the US National Cyber Security Alliance and INTERPOL.

Other regional legal instruments include: the League of Arab States Convention on Combating IT Offences (2010), the Shanghai Cooperation Organisation Agreement on Cooperation in the Field of International Information Security, and the African Union Convention on the Confidence and Security in Cyberspace (2014).

On the global level, the UNODC is the leading organisation, with a set of international instruments to fight cybercrime. Since cybercrime often involves an organised approach, the UNODC’s Convention against Transnational Organised Crime could be used in the fight against cybercrime. Interpol facilitates a global network of 190 national police organisations, which plays a key role in the cross-border investigation of cybercrime. The ITU hosts the World Summit on the Information Society (WSIS) implementation process in cybersecurity, labelled the ITU Global Security Agenda.




Convention on Cybercrime (Budapest Convention) (2001)

Resolutions & Declarations

Wuzhen World Internet Conference Declaration (2015)
IPU Resolution on the Contribution of new information and communication technologies to good governance, the improvement of parliamentary democracy and the management of globalization (2003)

Other Instruments

UNODC Comprehensive Study on Cybercrime (2013)
Directive on fighting cybercrime within ECOWAS (2011)



Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)


Towards a secure cyberspace via regional co-operation (2017)
Comparative analysis of the Malabo Convention of the African Union and the Budapest Convention on Cybercrime (2016)
One Internet (2016)
Stocktaking, Analysis and Recommendations on the Protection of CIIs (2016)
The Global Risks Report 2016 (2016)
National Security Implications of Virtual Currency. Examining the Potential for Non-state Actor Deployment (2015)
Best Practices to Address Online, Mobile, and Telephony Threats (2015)
A Survey on the Transposition of Directive 2011/93/EU on Combating Sexual Abuse and Sexual Exploitation of Child and Child Pornography (2015)
Global Cybersecurity Index & Cyberwellness Profiles (2015)
Quarterly Spam Reports
Infoblox DNS Threat Index

GIP event reports

Global Survey of Internet User Perceptions (2017)
Cybersecurity and Cybercrime: New Tools for Better Cyber Protection (2017)
Report for World Economic Forum Annual Meeting 2017 (2017)

Other resources

Symantec 2015 Internet Security Threat Report (2015)
Symantec Monthly Threat Report


Sessions at IGF 2016

Sessions at WSIS Forum 2016

Sessions at IGF 2015

WSIS Forum 2016 Report

Session 161 on Cyberlaw, Bitcoins, Blockchains, Cybercrimes & Darknet looked at obstacles faced by the enforcement of existing national cyber-related laws, such as multiple jurisdictions applying to cloud and web content (especially the Dark Web) and generic Top-Level Domains (gTLDs) and Internationalised Domain Names (IDNs), the unclear ownership of personal data collected by gadgets such as wearables and stored in the cloud, and the criminal misuse of new technologies like bitcoin and cryptocurrencies.


The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top