RSS

Botnet creators and herders will face at least three years in prison under the new directive from EU

11 Jun

The EU has drafted a new directive that includes harsher penalties for those convicted of hacking.

The European Parliament last week approved a draft of the proposal and will vote on it in July.

Those found guilty of the following types of illegal hacking will face at least two years in prison, if they do so with criminal intent and cause serious harm, if they breach a security measure while doing so, and if they neglect to tell a system operator all about the vulnerability in a timely manner:

  • Illegal, intentional access to an information system.
  • Illegally interfering with data.
  • Illegally intercepting communications. This includes recording communications and covers the time spanning data transfer from the sender to the receiver, by cable or wireless, and the devices and technologies that record, including software, passwords and codes.
  • Intentionally producing and selling tools used to commit these offenses.

The proposal calls for a minimum of five years imprisonment for attacks against critical infrastructure and also applies if an attack is carried out by a criminal organisation or if it causes serious damage.

Botnet creators and herders will face at least three years in prison under the new directive.

The directive, approved by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, also stipulates that EU member states respond within 8 hours, maximum, 24 hours a day, 7 days a week, to urgent security requests from other member states experiencing cyber attacks, to at least let somebody know how and when they plan to answer the request for help.

EU cyber attack, image courtesy of ShutterstockThe directive also calls for penalties for actions such as hiring hackers to disrupt the competition, in which case companies could lose their public benefits or even get shut down.

The directive is clear about distinguishing attacks that lack criminal intent, which would cover testing or protection of information systems and thereby shield whistleblowers.

That’s reassuring. Pen testing and whistleblowing are essential activities that deserve legal protection.

Advertisements
 
Leave a comment

Posted by on June 11, 2013 in Uncategorized

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: