On the occasion of the 32nd ASEAN summit, the leaders of ASEAN countries issued a Statement on cybersecurity cooperation. The leaders reaffirmed that the international law, and particularly the UN Charter, is applicable to cyberspace, and acknowledged that sovereignty and norms flowing from it apply to the conduct by states with regards to ICT. The leaders recognised the need to build closer cooperation and coordination among ASEAN Member States on cybersecurity policy development and capacity building initiatives. They tasked relevant Ministers to recommend options of coordinating cybersecurity policy, diplomacy, cooperation, technical and capacity building efforts among various platforms of the three pillars of ASEAN. They also tasked Ministers to identify a concrete list of voluntary practical norms of responsible State behaviour in cyberspace that ASEAN could adapt and implement, taking into consideration the report of the UN GGE from 2015. The Ministers are further requested to facilitate cross-border cooperation in addressing critical infrastructure vulnerabilities, and encourage capacity building and cooperation for combating criminal and terrorist use of cyberspace.

Webstresser.org, which was considered the biggest DDoS-for-hire-service in the world, was dismantled in 'Operation Power OFF', Europol said in an official statement. The illegal service was shut down, its infrastructure was seized in the Netherlands, the US and Germany; and its alleged administrators were arrested in the United Kingdom, Croatia, Canada and Serbia. Further measures were taken against the top users of this marketplace. The investigation was led by the Dutch National High Tech Crime Unit and the UK National Crime Agency (NCA), with support from Europol and national law enforcement agencies from Serbia, Croatia, Spain, Italy, Germany, Australia, Hong Kong, Canada and the United States of America. The platform sold 4 million Distributed Denial of Service attacks against online services of banks, government institutions, police forces and the gaming world to its 136,000 registered users. The UK National Crime Agency stated that individuals with little or no technical knowledge could rent the Webstresser service to launch crippling DDOS attacks across the world.

The European Commission is proposing new rules to make it easier and faster for police and judicial authorities to obtain the electronic evidence needed for investigation, prosecution and conviction of criminals and terrorists. The proposals will create a European Production Order, which will allow a judicial authority in one Member State to request electronic evidence, regardless of the location of data, directly from a service provider offering services in the Union and established or represented in another Member State. Moreover, a European Preservation Order will prevent deletion of specific data by service providers, in order to enable judicial authorities to request this data later via mutual legal assistance. Under new rules, service providers will be obliged to designate a legal representative in the EU, to ensure that all service providers are subject to the same obligations. The rules also aim to provide legal certainty for businesses and service providers.

Expedia has found evidence of hackers gaining access to as many as 880,000 credit cards by hacking into an older version of Orbitz’s website, a travel booking platform now a subsidiary of Expedia. Orbitz has confirmed the hack that have potentially affected customers who made purchases in 2016 and 2017, though they didn’t find evidences that personal information was actually taken. Billing information as well as other personal data including names, emails, phone numbers, billing addresses and gender could have possibly been exposed. Orbitz’s investigation suggests that travel itineraries, passport information, and social security numbers were not part of the hack. The current platform is not part of that breach.

Beh Lih Yi of the Thomson Reuters Foundation reports on a study partnered by Interpol and ECPAT International that shows boys are more likely than girls to suffer the worst online sexual abuse. According to Yi, 'Although girls account for two-thirds of the victims, the latest study said online images or videos depicting boys, including very young children, often involve more severe abuse, such as sadism and other forms of sexual assault.' In its announcement of the study, Interpol highlighted the high percentage of prepubescent victims; the high priority of identifying offenders; the high proportion of material which was both abusive and exploitative; the challenge of determining core characteristics of victims; and the roles of women and youth among other important points.

A new estimate of the costs of cybercrime on business is almost 600 billion US Dollars, or 0.8 percent global GDP, a study “Economic Impact of Cybercrime - No Slowing Down” by McAfee and the Center for Strategic and International Studies reveals. The costs are up from USD 445 billion estimated in 2014, mainly thanks to new technologies, expanding number of cybercrime centres, and the growing financial sophistication of top-tier cybercriminals. Each day there are 80 billion automated scans for vulnerable targets, 300,000 to a million new malware developed, over 30,000 phishing attempts, and almost 800,000 records lost due to hacking, the study estimates. Such estimations should be taken with reservations, since there is lack of information available on incidents due to underreporting; in addition, studies commonly don’t reveal sources or methodology for estimations of costs.



The GIP Digital Watch observatory is provided by



and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top