russia and cybercrime
DESCRIPTION
Presentation of Russia's policy towards cybercrime delivered at March 2012 London conference by the Russian Ministry of Foreign AffairsTRANSCRIPT
Countering cybercrimeCountering cybercrime
Ministry of Foreign Affairs of the Russian FederationDepartment on New Challenges and Threats
10-th E-Crime CongressLondon, 13-14 March 2012
New general trends in the cybercrime market in 2011
Targeted attacks on the financial sector
Increase in online banking fraud incidents
Surge in the number and complexity of DDoS attacks
New general trends in the cybercrime market in 2011
Spread of hacktivism, attacks with socio-political motives
Use of social engineering techniques to steal personal information and other online fraud
Targeted attacks on the facilities of critical infrastructure
Main indicators of the cybercrime market in 2011
Creation of organized groups with a centralized management system
Penetration of the cybercrime market by traditional organized crime groups, attempting to not only control the cashing of stolen funds, but the entire theft process
Growth of the internal market. This market covers the so-called Cybercrime to Cybercrime (C2C) services, provided on a paid basis by specialized teams of hackers
Main indicators of the cybercrime market in 2011
Strong growth this past year, reflected in the number of crimes and the volume of profits earned by the hackers
Professionalization of cybercrime, expansion of provided services, and interest from traditional organized crime groups, leading to an increase in damages from hacker activities
No clearly defined global geographical centers with a high concentration of cybercriminals, they can carry out their attacks from anywhere in the world
What are the quantitative results in 2011?
Preliminary estimate of the financial
performance of the global cybercrime market in 2011: $12.5 billion
Two-thirds of global cybercrime is online fraud and spam
What does the International Information Security (IIS) mean?
IIS based on the nature of the inseparable «triad» of threats:
Politico-military Terrorist Criminal
What legal basis do we have today? What legal basis do we have today?
Council of Europe Convention on Council of Europe Convention on CybercrimeCybercrime
most important regional legal instrument most important regional legal instrument aimed at combating crime against aimed at combating crime against
computer securitycomputer security
Council of Europe Convention on Council of Europe Convention on CybercrimeCybercrime
one of the first attempts to codify the rules one of the first attempts to codify the rules for combating cybercrime, which is an for combating cybercrime, which is an
especially dangerous phenomenon owing to especially dangerous phenomenon owing to its scale and consequences for national and its scale and consequences for national and
international securityinternational security
Is Convention enough to respond effectively to the new
dynamic challenges in the computer sphere?
NONO
- The notions of cybercrime and cyberterrorism have not been - The notions of cybercrime and cyberterrorism have not been codified yet, and its components, in their entirety, have not been codified yet, and its components, in their entirety, have not been
criminalized at the international levelcriminalized at the international level
- There is no definition of terrorist intentions, without which - There is no definition of terrorist intentions, without which criminal sanctions would hardly commensurate with the terrorist criminal sanctions would hardly commensurate with the terrorist
threat of this criminal actthreat of this criminal act
- Convention on Cybercrime does not provide any systematic - Convention on Cybercrime does not provide any systematic response to the new challenge of cyberterrorismresponse to the new challenge of cyberterrorism
- Convention on Cybercrime does not provide any systematic - Convention on Cybercrime does not provide any systematic response to the new trends of cybercrimeresponse to the new trends of cybercrime
- Convention on Cybercrime does not incorporate provisions - Convention on Cybercrime does not incorporate provisions excluding fully impunity of a person, who has committed an illegal excluding fully impunity of a person, who has committed an illegal
actact
- Responses to the threat of cyberterrorism could not be found - Responses to the threat of cyberterrorism could not be found through the combined application of the Council of Europe through the combined application of the Council of Europe
conventions on Cybercrime (2001) and on the Prevention of conventions on Cybercrime (2001) and on the Prevention of Terrorism (2005)Terrorism (2005)
What Sectors of Critical Infrastructure Are What Sectors of Critical Infrastructure Are Potentially Vulnerable to Cyber Attacks?Potentially Vulnerable to Cyber Attacks?
energyenergy information, communication information, communication
technologies, ICTtechnologies, ICT water water
food food health health financial public and legal public and legal order and safetyorder and safety
civil civil administration administration
transport space and space and researchresearch
chemical and nuclear industry
Russian strategy to fight Cybercrime
• Based on the comprehensive and balanced approach
• Necessity to codify global cyberspace
• Start working out the universal glossary or terminology on the IIS issues for further elaboration of the UN regulatory documents in this area and generally recognized international norms and criteria for fighting cyberthreats
Russian Initiatives
• CIS Agreement on cooperation to combat information computer crimes was signed in 2001 (July, Minsk)
• In 2009 for the first time in international practice it was signed an Agreement among the Governments of the SCO Member States on Cooperation in the Field of Ensuring International Informational Security
• In 2010 the Russian Federation and Brazil signed a bilateral agreement on cooperation in the field of international security for information and communication
Russian Initiatives
• Initiated in 2010 within the framework of the UN Commission on Crime Prevention and Criminal Justice Resolution 19/3 «Strengthening public-private partnerships to counter crime in all its forms and manifestations»
• Prepared the draft “Rules of conduct” in the sphere of international security disseminated as an official document of the 66-th session of the UN General Assembly
• Offered the concept of Convention on ensuring international security submitted at the 2nd International Meeting of High-Ranking Officials Responsible for Security Matters in Yekaterinburg (2011)
Russian Initiatives
• Strongly supports and shares the idea (reflected in the Declaration of the 12-th UN Congress of CPCJ) of drafting the universal Convention on cooperation in combating information/cyber crime under the aegis of the UN
What is the purpose of the UN Convention on Cybercrime?
• Promote and strengthen measures to prevent and combat cybercrime more efficiently and effectively
• Promote, facilitate and support international cooperation and technical assistance in the providing of an adequate response to all criminal challenges in the computer sphere