Individuals convicted of a wide range of hacking offences in the EU will face a minimum of 2 years in prison anywhere in the 27-nation bloc under new proposals accepted by an influential European Parliament committee.
The Civil Liberties Committee voted 50 in favour, 1 against with only 2 abstentions to accept a harmonisation of the EU’s anti-hacking laws that would also crack down on those found possessing or distributing tools that could be used in attacks.
Tougher still, the Committee proposed imposing sentences of at least five years on those found guilty of disrupting services with large-scale attacks using botnets, DDoS or where financial loss was incurred, a clear warning to Anonymous-style hacktivism.
"We are dealing here with serious criminal attacks, some of which are even conducted by criminal organisations,” said German MEP and Committee rapporteur, Monika Hohlmeier.
“The financial damage caused for companies, private users and the public side amounts to several billions each year. No car manufacturer may send a car without a seatbelt into the streets. And if this happens, the company will be held liable for any damage. These rules must also apply in the virtual world," she said.
The proposals cover criminal hacking, hacktivists wielding cyberattack tools, the hijacking of individual accounts to commit offences, and those found guilty of industrial espionage.
A number of EU states including the UK already have in place tough sentencing guidelines for anyone convicted of hacking but the EU wants to harmonise these laws to a minimum standard across all nations.
“Standardising what constitutes a data breach or hack and harmonising the penalties puts cyber attackers on notice. Hackers no longer will be able to count on poor international cooperation to escape accountability,” commented Andrew Miller, CEO of security company, Corero Network Security.
However, he had some anxiety about the definition of hacking tools used in the proposals.
“In an effort to combat cyberattacks, security researchers and ethical hackers are continuously seeking these [hacking] tools to demonstrate weaknesses within an organisation’s network and as a way to reverse engineer solutions to combat hacks. The spotlight should be on the crimes committed with the hacking tools rather the tools themselves, “ he said.
The Civil Liberties Committee hopes it can reach an agreement between the political parties in the Parliament by this summer.