Romania's anti-cybercrime efforts lack a social component

Cybercrime investigations are increasing, but IT industry experts say more effort must be made to tackle causes of crime

Romania has long been considered a hotbed for cybercriminal activity, but in recent years law enforcement authorities have made significant efforts to crack down on online fraud gangs that steal millions every year from victims worldwide.

Media reports and official statistics both show a visible increase in the number of law enforcement actions in this area. The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) reported 1,157 cybercriminal investigations opened in 2010, with 977 new cases already registered during the first eight months of this year.

The fact that law enforcement authorities are making efforts to bring those responsible to justice can only be a good thing but, according to Bogdan Manolea, cyberlaw expert and executive director of the Romanian Association for Technology and Internet (ApTI), this is only treating the symptom and not the cause.

"As long as the Romanian authorities only treat this problem as individual cases and not as a phenomenon, I don't think there's much progress to be made in the long or medium term," Manolea said.

Despite DIICOT's increasing efforts to stamp out cybercrime, more and more teenagers are getting involved in such activities, and backsliding after serving prison time for associated offenses. This happens because of a combination of factors, from the poor state of the economy and the lack of work opportunities to sentences that some consider too lenient. However, little is being done to identify and tackle the causes.

"I'm talking about the need and capacity of the authorities to work with the private sector towards determining the factors that transformed this into a phenomenon, the motives of those involved, the prevalence of the problem, and to adopt solutions at the national level that discourage the involvement of young people in this type of activity. So far we're pretty bad at this," Manolea said.

Nearly all forms of cybercrime are present in Romania, including fake online auctions, VoIP fraud, credit card cloning and the manufacturing of skimming devices. The most popular type of online fraud among Romania's cybercriminals, though, is phishing.

The simplicity of phishing might explain why it is so attractive to Romanian fraudsters. Despite being a significant threat for years now, phishing attacks continue to have a high success rate because protection largely relies on user education.

Phishing is so widespread in Romania that it has almost become a national brand, coloring how foreigners perceive the country, especially in cyberspace.

Another reason for phishing's popularity is that it is not heavily punished. DIICOT announcements and news articles frequently mention sentences with a maximum 20 years in prison, but the actual punishments are far less than that.

Manolea analyzed public data on court rulings and found that average phishing sentences are between two and four years in prison. Defendants receive suspended sentences in some cases.

Each case has attenuating or aggravating circumstances and it's normal for the maximum sentence to only rarely be handed down, Manolea noted. However, the big difference between reported and actual punishments distorts the public opinion and leads to feelings that the legal system is broken.

Manolea doesn't believe that harsher sentences are a solution, because such measures hardly ever lead to a decrease in the number of crimes. However, he feels that the social dangers associated with these acts should be discussed more.

"This topic hasn't been debated enough, with only one or two events dedicated to cybercrime each year. There are probably some judges that don't yet have a clear picture of what these teenagers actually do," he said.

Despite increasing collaboration with foreign partners -- DIICOT exchanges information with law enforcement agencies in more than 50 countries, a spokesperson said -- there are still many hurdles that prosecutors face when building their cases. The anonymity conferred by the Internet and the hard task of identifying and questioning victims, especially when most of them are foreign citizens, are just some of them.

It's not only Romanian authorities that are cracking down on cybercrime. Other Eastern European countries with long histories of online fraud, including Ukraine and Bulgaria, have also stepped up their efforts. However, these governments haven't yet realized that raising awareness and educating youngsters is as important as putting criminals behind bars.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitylegalscamslegislationgovernmentRomanian Association for Technology and InternetcybercrimefraudRomanian Directorate for Investigating Organized Crime and Terrorism

More about Technology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts