EU’s anti-cyber-crime agency ENISA will start working with Europol to track down hackers and the creators of botnets like Conficker and Stuxnet, the EUobserver reports. A new law is about to be adopted, making the setup of these zombie networks illegal. The EU commission says it does not want to terrify people but notes that the Stuxnet could be used to sabotage a nuclear plant.
“To anyone who thinks that cyber-attacks are an abstract concept, I would say that for millions of people each year there are already direct practical consequences.”
During a press briefing in Brussels Thursday, the EU commission for Home Affairs highlighted the creation of two large-scale cyber weapons in the past two years as examples of the increasingly dangerous environment on the Internet, citing internal alerts from British, French and Germany military intelligence. In January and February last year the Conficker prevented French fighter planes from taking off, in addition to shutting down the British and German army websites.
The so-called Conficker botnet has since 2008 installed malicious software on an estimated 12 million personal computers worldwide turning them into “zombies,” capable of collectively sending 10 billion spam emails a day without the owners’ knowledge.
The massive spamming can be used to steal money, blackmail banks or other firms with the threat of a shutdown or to get hold of classified information.
Conficker in January and February 2009 prevented French fighter planes from taking off and shut down British and German army websites.
The Stuxnet botnet is designed to take over the control systems of industrial plants, including nuclear installations, in order to sabotage operations.
It has reportedly affected facilities in China and Iran prompting speculation on the involvement of Israeli and US secret services.
A former US National Security Agency officer, Charlie Miller, estimates that a hostile foreign power, given just €86 million ($105 million) and a team of 750 spies and hackers, could launch a devastating cyber attack on the EU.
In Miller’s worst case scenario, the 27 EU countries would wake up one day to find electricity power stations shut down, phone and internet communications disabled, air, rail and road transport impossible, stock exchanges and bank transactions frozen, crucial data in government and financial institutions stolen and military units cut off from central command or receiving fake orders.
“I don’t want you to walk out of here totally terrified, but just to give you an idea that there is a threat,” EU Commissioner for Home Affairs, Cecila Malmstrom, said at the press briefing in Brussels, on Thursday, according to the EUobserver.com.
“To anyone thinking that cyber-attacks are an abstract concept, I would say that for millions of people each year there are already direct practical consequences. When your money is quietly stolen from your bank account or your country is shut down – as happened to Estonia in 2007 – the threat suddenly becomes very real,” EU’s Information Society Commissioner, Neelie Kroes, said at the same event.
5 Years In Prison For Cyber Crime Attempt
The Malmstrom-Kroes package, presented today, gives new powers to the EU Crete-based European Network and Information Security Agency (ENISA), as well as new anti-cyber-crime legislation that could put people in jail for years.
Ms. Kroes wants ENISA to work with Europol (the EU version of Interpool) and Frontex (the EU’s Warsaw-situated border security agency) in forensic operations to track down the people behind cyber attacks.
The agency’s mandate has up until now been limited to research on security of e-commerce.
The Malstrom directive draft, approved by the commission today, is aimed to obligate the EU countries to criminalize the creation of botnets, and to collect and share cyber-crime data.
It will also demand that member states punish cyber criminals and the “instigation, aiding, abetting and attempt” of cyber crimes with up to five years in prison.
Ms. Kroes says she hopes the new measures will be in place by 2012, and that she is “rather hopeful” of success after the first contacts with the members of the EU Parliament and member states who will have to give the new developments a green light.