14 DAY TRIAL // The EU Council of Ministers has backed up an extension to the European cyber crime legislation which includes tougher penalties and defines new criminal offenses.
The extension proposed by the Commission introduces penalties for the creation of botnet and password stealing tools. The circumstances are aggravated and penalties are higher if those tools are used to commit online crimes.
"These new forms of aggravating circumstances are intended to address the emerging threats posed by large-scale cyberattacks, which are increasingly reported across Europe and have the potential to severely damage public interests," the Council said in a statement.
The new legislation aims to discourage the development and creation of crimeware toolkits such as ZeuS or SpyEye, however, most such tools are already developed in countries that are not part of the European Union.
The minimum penalties have also been changed. For example, an attack against a single computer system would carry jail sentences of at least two years, but if the attack involves a botnet or has a higher number of systems, the sentence would be of at least three years. Furthermore, if the attack is carried out by an organized criminal organization, the minimum sentence would be five years in jail.
The extension would also require authorities in each member state to report cyber attacks to the relevant European points of contact within eight hours since discovering them. This aims to improve co-operation in fighting cyber crimes.
Also, the illegal interception of computer data will become a criminal offense across the entire European Union. At the moment, this is a criminal offense only in certain member states.
The Council of the European Union, informally known as the Council of Ministers, is made up by ministers representing each member state. It plays the role of a upper legislative chamber, but most of its decisions also have to pass a vote through the European Parliament, the lower house.