Mușat & Asociații este întotdeauna cu un pas înainte în ceea ce privește evoluția cadrului legislativ și a mediului de afaceri, anticipând nevoile clienților și acționând că un deschizător de drumuri în domeniu.

New threats in cybercrime and how to overcome them

By Managing Associate Stefan Diaconescu

Cybercrime is rapidly growing in numbers in the current economic and social context in which communication, trading, business meetings or shopping take place mostly online. Threats arising from cyberspace are more and more sophisticated, with recent surveys showing that persons who perpetrate frauds are becoming ever more adept at misleading companies, but also individuals, in a variety of new ways.

Criminal investigation authorities remain vigilant and resilient. They are adapting their techniques or develop new ones, suitable for the discovery of e-crimes and the identification of perpetrators in order to bring them to justice. In an attempt to keep up with the new methods cybercriminal use, measures have been taken at an EU level to prevent and fight such criminality.

The most recent is the establishment of a Center of competence in the field of Cybersecurity. Based in Bucharest, the center aims to ensure the security of the Internet and other essential networks and devices. Furthermore, in order to ensure an adequate cyberspace for the development of economic and human relations, the EU has adopted the European Convention on Cybercrime, requiring Member States to adapt criminal legislation to include regulations specific to this field.

New threats in cybercrime

More and more ways are being developed to compromise the cyber security of internet users, who become victims of crimes with severe consequences.

The following represent just a fraction of the new trends and threats in cybercrime and the legal qualification attributed to such actions by the authorities, as they have been observed in our practice:

  • Cryptojacking – also known as cryptomining or coinjacking malware, recently incriminated by the Romanian Criminal Code (hereinafter “RCC”) in Art. 250 under the name illegal transactions with cashless payment instruments (cryptocurrency), consists of any process through which cryptocurrencies are redirected without the user’s permission to another destination. This crime can be perpetrated in variety of ways: malware software, cloning mobile applications or web pages, browser extensions or Wi-Fi hacking.
  • CEO/CFO Fraud – representing a new way of perpetrating misrepresentation, as provided by Art. 244 RCC, which includes different means through which perpetrators collect online data about the target companies, data that is then used to induce the appearance of legitimacy, practically stealing the identity of the target company or of its managers.
  • Phishing – incriminated by Art. 249 of the RCC as computer fraud, consisting of sending messages/e-mails, usually containing an URL of a web page in order to give the perpetrator access to personal/confidential data.
  • EAC – Email Account Compromise – incriminated in the RCC under Art. 360 as Illegal access to a device, which represents the compromise of an e-mail address, thus using a false identity for the intrusion into the data and information belonging to a certain person (natural or legal).
  • Hacking – also represents a way of perpetrating the crime of illegal access to a device. This method of sabotaging a device is one of the most common methods of perpetrating cybercrimes, by hacking the electronic system and gaining access to all of the data stored by a user on his device.
  • Skimming – incriminated by Art. 250 of the RCC as performing fraudulent financial transactions, it consists in reproducing a credit or a debit card without the consent of the holder, at the moment when the victim uses the card at an ATM or a POS.
  • Cyberbullying – representing a new way of perpetrating the crimes of threat, blackmail or harassment in cyberspace and is incriminated by the provisions of Art. 206-208 RCC, which involves the use of text messages, videos, e-mails or websites in order to verbally abuse the victim.
  • Cyberstalking – representing another means of perpetrating the previously mentioned crimes, consisting of a form of aggressive intrusion into the victim’s personal life, which can be performed by repeatedly sending text messages, videos, phone calls or even installing software in order to spy on the victims’ personal devices.

The fight against cybercrime

In order to streamline the prevention and fight against the cybercrime, it is necessary to continuously update and adapt the means of cooperation and of investigation, but also the legislative measures, both at a national and international level.
Analyzing the growing numbers of cybercrimes, we have found that an increased rigor is required in terms of the devices we use, given that economic relations between natural or legal persons are increasingly exposed to cyber-attacks. All of your personal life, assets, trade secrets or capital can be in danger if you do not ensure the security of communication lines.
Organizations and individuals alike must consider enhancing their e-security when communicating/trading online, due to some of the new ways of perpetrating complex cybercrimes, as presented briefly above.
Over time, we have been involved in numerous criminal cases involving various crimes related to the integrity of computer security (e.g. CEO Fraud, EAC Fraud, Hacking, Cryptojacking), assisting and representing clients both in the criminal investigation phase, but also in front of courts of law.
As such, we have noticed that prior to any other measures or strategies to eliminate the consequences of cybercrime, the main way to combat this phenomenon is prevention, by combining a series of preventive measures with the implementation of rigorous actions specifically designed for this purpose.

Article also appeared on Chambers & Partners here.