Updates

Cybercrime

2019

The European Parliament voted for the establishment of a border management system known as the Common Identity Repository (CIR). The database will collate the identity and biometric records of over 350 million persons. Apart from EU citizens identification data, data from tourists, immigrants, and asylum seekers will also be captured. It will include identity records such as names, dates of birth, passport numbers, and other identification details as well as biometrics such as fingerprints and facial scans. Reports indicate that the CIR will consolidate data from the Schengen Information System, Eurodac, the Visa Information System (VIS) and three new systems: the European Criminal Records System for Third Country Nationals (ECRIS-TCN), the Entry/Exit System (EES), and the European Travel Information and Authorisation System (ETIAS).  The CIR will be among the world’s largest digital identification databases, similar to India’s Aadhar. It will be available to border and law enforcement officers.

Telecommunications Vice Minister of Ecuador revealed that hacking attempts on Ecuador doubled after it revoked WikiLeaks founder Julian Assange’s asylum. According to the Vice Minister, Ecuador 'jumped from 51st place to 31st place worldwide in terms of the volume of cyber-attacks' on 11 April as its institutions had received 40 million hacking attempts per day since Assange's arrest. The websites for the country’s presidency, central bank and foreign ministry were the most affected by the hacking attempts. The attempts principally came from the US, Brazil, Holland, Germany, Romania, France, Austria, UK and Ecuador itself, but did not result in theft of any government data. According to Ecuador's Interior minister, the government has identified two Russian hackers living in Ecuador, though they have not yet been arrested.

Norsk Hydro, one of the world’s biggest aluminum producers, suffered a cyber-attack in which hackers blocked its systems with ransomware. This caused Hydro to switch some of its production units to manual operation. The Norwegian National Security Authority (NNSA, the state agency in charge of cybersecurity) said the hackers used LockerGoga ransomware in the attack, which originated from the USA. The attack may have cost the company more than $40 million in the week it occurred.

The Council of the European Union adopted the EU Law Enforcement Emergency Response Protocol that gives a central role to Europol’s European Cybercrime Centre (EC3) to support EU law enforcement authorities in providing response to cross-border cyber incidents of a suspected criminal nature.
The protocol determines the procedures, roles, and responsibilities of key agencies and players; promotes rapid assessment of cyber threats; secure and timely sharing of critical information through special communication channels and points of contact; as well as co-ordination of cross-border investigations. It aims to complement the EU's crisis management processes by streamlining transnational co-operation and enabling collaboration with network security community and partners from the private sector.



 

Singapore is another country which announced investment in experts to deal with issues connected to cyberdefence such as cyber incident responses, network monitoring and vulnerability assessment. It opened a school to arm future recruits with the necessary skill sets.

The Australian Parliament has adopted the Telecommunications and Other Legislation Amendment (Miscellaneous Amendments) Bill 2019. The Bill replaced the definitions of systemic weaknesses and vulnerabilities, which are now defined only as affecting ‘a whole class of technology’, and don’t include those ‘selectively introduced to one or more target technologies that are connected with a particular person’, thereby possibly creating space for those selectively introduced to be exploited by the law enforcement agencies. In addition, the new section (317ZG) introduces certain limitations to law enforcement measures, by specifying that technical assistance requests and notices, and technical capability notices, cannot have the effect of creating new decryption capabilities or weakening existing authentication or encryption mechanisms, or create a risk that otherwise secure information be compromised by unauthorised third parties.

Pages

 

The GIP Digital Watch observatory is provided by

 

 

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top