EU nations give nod to tougher cybercrime jail terms

EU nations give nod to tougher cybercrime jail terms

Summary: The European Council has approved rules which, if passed by the European Parliament, will make it a crime to create malware and botnets, and see maximum sentences for cybercriminals rise

TOPICS: Security

European countries have agreed to tougher penalties for cybercrimes, including new punishments for botnet creators, in an effort to clamp down on massive attacks.

Read this

Osborne: Treasury hit by hundreds of hacking attacks

Hostile foreign intelligence agencies launch frequent attacks on the Treasury's systems, averaging out at one attempt per day, according to chancellor George Osborne.

Read more+

The new rules are part of a European Commission proposal, adopted by the Council of the European Union on Friday, which now goes to the European Parliament for approval. It aims to update existing EU rules on cybercrime, introduced in 2005, which cover interference with data and systems, and illegal access.

One new measure is the introduction of penalties for people who develop and supply malware or other tools for creating botnets or stealing passwords. Additionally, the illegal interception of computer data will become a criminal offence.

If a botnet is used to commit crime online, or if the perpetrators spoof the identity of a business, these will be seen as aggravating factors that will carry more punishment.

"These new forms of aggravating circumstances are intended to address the emerging threats posed by large-scale cyberattacks, which are increasingly reported across Europe and have the potential to severely damage public interests," the Council said in a statement.

New minimum thresholds for maximum penalties were also introduced. General cybercrimes should carry a highest sentence of at least two years, while offences involving a large number of IT systems, such as the creation of a botnet, should carry a top penalty of at least three years. If the attacks have been made by an organised criminal group or have caused serious damage by affecting a critical IT system, the lowest maximum term of imprisonment is five years.

In addition, the scheme aims to strengthen European co-operation on cybercrime by including an obligation for member states' authorities to provide feedback within eight hours of urgent requests and to collect basic statistical data on cybercrimes.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topic: Security

Jack Clark

About Jack Clark

Currently a reporter for ZDNet UK, I previously worked as a technology researcher and reporter for a London-based news agency.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Wrong Institution

    It is not the Council of Europe, it is the Council of Ministers.

    The council of europe is a 47 member body that has nothing to do with the EU.

    The Council of Ministers, otherwise known as the Council of the European Union is the second part of the legilsator for the EU. The other part is the European Parliament
  • Thank you for alerting us to that error. We have corrected it in the story.
    Karen Friar
  • Source reference:

    3096th Council meeting
    Justice and Home Affairs
    Luxembourg, 9 and 10 June 2011"

    The relevant section starts on page 18.