Updates

Cybercrime

2019

Bank of Valletta (BOV) has suspended all its operations, including ATM machines, point-of-sale systems, online banking, website, and communications systems, after unknown hackers broke into its network and transferred 13 million euro to accounts in the US, the UK, the Czech Republic, and Hong Kong. According to Times of Malta, BoV has confirmed that customer accounts, funds, and data, were not compromised, because hackers breached the payment processing system from BOV’s account, not customers’. Contrary to the initial belief expressed by the Maltese Prime Minister that stolen funds would be retrieved, BOV officials expressed concerns that this may not be possible. Several local businesses that rely on BOV were affected, not being able to process related payments. BOV accounts for about half of Maltese banking transactions.

E-mail provider VFEmail suffered a hack aimed at destroying user data, almost losing 18 years’ worth of customer e-mail. On 11 February,  VFEmail tweeted that all externally facing systems in multiple data centers were down. Later, the company revealed that an attacker formatted all disks on every server and that every VM, file server and backup server were lost. On 17 February the company unearthed an older backup server which was last backed up in August 2016. The next day, all mailboxes prior to August 2016 became available at nl101.vfemail.net port 1144. The company tweeted it will not shut down and that it hopes it can recover user data between June 2016 and February 2019. They also clarified that the US data center has been vacated and that the company will run entirely from the data center in Netherlands.

EU’s Horizontal Working Party on Cyber Issues is developing a sanctions regime to deter and respond to cyber-attacks, which builds on the EU Cyber Diplomacy Toolbox. An internal memo ‘Cyber Diplomacy Toolbox – Options for a restrictive measures framework to respond to or deter cyber activities that threaten the security or foreign policy interests of the Union or its Member States’ outlined a regime to sanction foreign hacker groups, involved in data breaches, intellectual property theft and stealing of classified information, attacks on IT and critical infrastructure, as well as election hacks, Bloomberg reports. Sanctions, which include asset freezes and travel bans, can be put in place regardless of the attack succeeding or not, if the victim is an EU country or an EU partner. Measures will, however, have to be accompanied by criminal evidences, defensible at the European Court of Justice, thus allowing prosecuted parties to appeal the decision. In addition, when imposing sanctions, unanimity will be required among EU member states. According to Politico, the plan will be forwarded to foreign affairs attachés, and the regime is expected to be in place before the elections for the European Parliament in May, in order to avoid possible interference with the elections.

The European Commission has recommended engaging in two international negotiations on cross-border rules for obtaining electronic evidence. The Commission presented two negotiating mandates, one for negotiations with the United States and one on the Second Additional Protocol to the Council of Europe “Budapest” Convention on Cybercrime. By negotiating with the US, the Commission aims to ensure timely access to electronic evidence for law enforcement authorities in the EU and the US, as well as address legal conflicts by setting out definitions and types of data covered and clarifying legal obligations. By negotiating under the Budapest Convention in the name of the EU member states, the Commission aims to ensure the compatibility of the Second Additional Protocol with EU law in the area of cross-border access to electronic evidence; as well as enhance international cooperation through more effective mutual legal assistance and direct cooperation of law enforcement with service providers in other jurisdictions. Both negotiating mandates contain safeguards on data protection, privacy and procedural rights of individuals. The Commission has submitted the recommendations for negotiating mandates to the Council, which will consider whether to authorise the Commission to open negotiations.

The Bangladeshi government has filed a lawsuit at the US District Court in the Southern District of New York against Philippine bankers who conspired with North Korean hackers to steal US $81 million from Bangladesh’s Central bank. In 2016 the Central Bank of Bangladesh held funds at the US Federal Reserve Bank in New York which were fraudulently transferred to Rizal Commercial Banking Corp. (RCBC) in the Philippines by hackers. The cyber-heist included eight RCBC officers who conspired with casino operators, Chinese citizens and the hackers who are believed to be North Korean. The court in this case will have to deal with multiple questions of jurisdiction since it is a multinational cybercrime.

At the 73rd session of the UN General Assembly (UNGA) on Human Rights, the  resolution the right to privacy in the digital age (A/RES/73/179) was adopted.

The general assembly noted that every individual, especially children and women are more vulnerable to have their privacy violated. It was also recognised that the right to privacy is important to prevent gender-based violence, abuse and sexual harassment cyber-bullying, cyberstalking  especially against women and children.The UNGA also emphasised the need to adopt preventive measures and remedies to protect the privacy and rights of all especially women and children.

 

Pages

 

The GIP Digital Watch observatory is provided by

 

 

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top