Prison sentences for hacking and cyber crime are set to rise across Europe if a new draft directive becomes law, as the EU looks to combat cyber espionage and cyber attacks against critical national infrastructure.
A draft directive set out by the European Parliament looks to raise the minimum jail term for cyber criminals across all EU member states to three years, higher than the current maximum imposed by many states. Attacks against infrastructure, government and power facilities will be met with a minimum prison sentence of five years, under the proposal.
Further reading Computing research: Industrial control systems under attack Microsoft and FBI take down Citadel cyber crime ring 'We're not winning the war on cyber crime,' MPs told
"The perpetrators of increasingly sophisticated attacks and the producers of related and malicious software can now be prosecuted, and will face heavier criminal sanctions," Cecilia Malmstrom, European Commissioner for Home Affairs said in a statement.
Etay Maor, fraud prevention manager at cyber crime prevention firm Trusteer, welcomed the proposals, but warned that tracking down cyber criminals is easier said than done.
"While any news of progress in cyber-crime laws is encouraging, we have to keep in mind that in many cases the people running the botnets and hijacked computers do not reside at the place where the crime takes place," he said.
"Unfortunately, in most cases the people who get caught are the money mules (that may not even be aware they are committing a crime) and not the bot masters or ring leaders. To apprehend these masterminds, law enforcement agencies will need to have cooperation with local agencies all around the world.
"This is not an easy task, and cyber-criminals know this. This is why they usually reside in a country where they will stay safe from most western governments. Until the day that we see tight cooperation between LEAs and criminals brought to justice it is up to organisations and users to prevent fraud," Maor continued.
"We have to make sure that users' devices stay malware-free and that organisations worldwide have a clear picture of what is targeting them and how they can mitigate the threat quickly and effectively," he added.
The EU directive is expected to be formally adopted in the near future, with member states then having two years to integrate it into national law.
