ARN

Romania's anti-cybercrime efforts lack a social component

Cybercrime investigations are increasing, but IT industry experts say more effort must be made to tackle causes of crime

Romania has long been considered a hotbed for cybercriminal activity, but in recent years law enforcement authorities have made significant efforts to crack down on online fraud gangs that steal millions every year from victims worldwide.

Media reports and official statistics both show a visible increase in the number of law enforcement actions in this area. The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) reported 1,157 cybercriminal investigations opened in 2010, with 977 new cases already registered during the first eight months of this year.

The fact that law enforcement authorities are making efforts to bring those responsible to justice can only be a good thing but, according to Bogdan Manolea, cyberlaw expert and executive director of the Romanian Association for Technology and Internet (ApTI), this is only treating the symptom and not the cause.

"As long as the Romanian authorities only treat this problem as individual cases and not as a phenomenon, I don't think there's much progress to be made in the long or medium term," Manolea said.

Despite DIICOT's increasing efforts to stamp out cybercrime, more and more teenagers are getting involved in such activities, and backsliding after serving prison time for associated offenses. This happens because of a combination of factors, from the poor state of the economy and the lack of work opportunities to sentences that some consider too lenient. However, little is being done to identify and tackle the causes.

"I'm talking about the need and capacity of the authorities to work with the private sector towards determining the factors that transformed this into a phenomenon, the motives of those involved, the prevalence of the problem, and to adopt solutions at the national level that discourage the involvement of young people in this type of activity. So far we're pretty bad at this," Manolea said.

Nearly all forms of cybercrime are present in Romania, including fake online auctions, VoIP fraud, credit card cloning and the manufacturing of skimming devices. The most popular type of online fraud among Romania's cybercriminals, though, is phishing.

The simplicity of phishing might explain why it is so attractive to Romanian fraudsters. Despite being a significant threat for years now, phishing attacks continue to have a high success rate because protection largely relies on user education.

Phishing is so widespread in Romania that it has almost become a national brand, coloring how foreigners perceive the country, especially in cyberspace.

Another reason for phishing's popularity is that it is not heavily punished. DIICOT announcements and news articles frequently mention sentences with a maximum 20 years in prison, but the actual punishments are far less than that.

Manolea analyzed public data on court rulings and found that average phishing sentences are between two and four years in prison. Defendants receive suspended sentences in some cases.

Each case has attenuating or aggravating circumstances and it's normal for the maximum sentence to only rarely be handed down, Manolea noted. However, the big difference between reported and actual punishments distorts the public opinion and leads to feelings that the legal system is broken.

Manolea doesn't believe that harsher sentences are a solution, because such measures hardly ever lead to a decrease in the number of crimes. However, he feels that the social dangers associated with these acts should be discussed more.

"This topic hasn't been debated enough, with only one or two events dedicated to cybercrime each year. There are probably some judges that don't yet have a clear picture of what these teenagers actually do," he said.

Despite increasing collaboration with foreign partners -- DIICOT exchanges information with law enforcement agencies in more than 50 countries, a spokesperson said -- there are still many hurdles that prosecutors face when building their cases. The anonymity conferred by the Internet and the hard task of identifying and questioning victims, especially when most of them are foreign citizens, are just some of them.

It's not only Romanian authorities that are cracking down on cybercrime. Other Eastern European countries with long histories of online fraud, including Ukraine and Bulgaria, have also stepped up their efforts. However, these governments haven't yet realized that raising awareness and educating youngsters is as important as putting criminals behind bars.