Cyber Security in Romania

Cyber crime is a phenomenon with an increasing occurrence rate in Romania with mainly two causes: the high level computer skills and the large number of young people who are not able to find a job after graduation, who are attracted by the chance of rapid enrichment.

The awareness among the officials is quite significant. From several years now, Romanian authorities are closely cooperating with the American Federal Police both for training and investigations.

Two important initiatives taken by Romanian authorities are the establishment of CERT-RO which was mandated via Romanian government decision H.G. 494 / 11 May 2011, and the Service for Countering the Cyber Criminality.

CERT-RO is the Romanian National Computer Security Incident Response Team, established as an independent structure for research, development and expertise in the field of cyber-security. It is a specialised organisation responsible for preventing, analysing, identifying and reacting to cyber-incidents. (source: www.cert-ro.eu )

The Service for Countering the Cyber Criminality has competence for prevention, investigation of cyber criminality and functions within the Directorate for the Countering Organised Criminality. The service elaborates assessments and analyses of the cyber criminality phenomenon in Romania and provides training programs and necessary endowment of officers who carry out activities in the field of prevention and investigation (source: www.efrauda.ro)

Laws Governing Cyber Crime in Romania

In regard to laws, rules and regulations on the use of Internet, Romania have laws on electronic commerce, online author rights, electronic signature, electronic payment, online advertising, protection of personal data, cyber crime, internet pornography and electronic communications. There are also some draft laws developed by the Ministry of Communications and the Information Society for minimum security conditions for the digital systems for the Public Administration and the national electronic records. (cepeoffice.wordpress.ro; 2012)

As a part of the national policy for preventing and suppressing cybercrime, the following have been adopted:

  • Government Decision No. 2.074 of 24 November 2004 approving the National Strategy for the Prevention of Crime (2005 to 2007);

  • Government Decision No. 2.209 of 9 December 2004 approving the National Strategy on Suppressing Organised Crime (2004 to 2007)

These two normative acts include provisions on preventing and suppressing cybercrime and on the setting-up of a portal to receive online notices on cybercrime

The Supreme Council of National Defence Decision No. 36/2002 approving the National Romanian legislation does not specifically incriminate the misuse of cyberspace for terrorist purposes.

The general legal framework in this field is represented by the following normative acts:

  • Law No. 161/2003/Title III – Preventing and Suppressing Cybercrime, subsequently amended and supplemented;

  • Law No. 365/2002 on E-Commerce, republished;

  • Law No. 656/2002 to Prevent and Punish Money Laundering, and Setting Forth Measures to Prevent and Suppress the Financing of Terrorist Acts, subsequently amended and supplemented;

  • Law No. 535/2004 to Prevent and Suppress Terrorism

The general framework for the prevention and suppression of cybercrime is set forth in Title III of Law No. 161/2003 on Certain Measures to Ensure Transparency in the Exercise of Public Dignity of Public Office and in the Business Environment, and to Prevent and Punish Corruption.

The conclusion drawn in a 2012 by McAfee report, the world’s second largest antivirus producer, Romania received 2.5 points out of 5, because of lack of clear cyber legislation, insufficient funds needed for the development of the national cyber security dimension, but also because of unawareness of regular users of IT products with the dangers posed by cyber crimes or cyber attacks. (“România, printre cele mai vulnerabile ri la atacuri cibernetice”, Cotidianul, February 2, 2012)

The Estimated Level of Cyber Crime in Romania

At the beginning of this year, the Romanian Police have announced that several members of the Anonymous Group, a group of hackers, have been arrested. DIICOT, the Romanian Organised Crime Unit, raided the homes of 12 members, out of the 14 that they believe were part of the group, located in 10 different cities. The group was believed to have launched several attacks on local and international websites. Some of the most recent attacks targeted the official website of the Bucharest City Hall and a government portal. Their preferred method of attack, SQL Injection according to the police, wasn’t particularly sophisticated, but it was enough to bring down some 29 sites that the police know of (www.ziuaveche.ro ; 2012)

The collaboration between the US Embassy, the American police agencies and the Romanian authorities was marked by several successes (in the first months of 2012 there were approx. 107 joint cases registered regarding both cybernetic frauds and attacks with over 220 residence raids and approx. 57 arrests. (www.ziare.ro ; 2012)

According to a survey carried out by Bitdefender in the first six months of 2012 regarding cybernetic threats, a new method used by Romanian felons operating on the social network Facebook, consists of attracting compatriots in different scams promising prizes. The volume of spam received by Romanian users remains constant and accounts for approx. 70 % of the total electronic messages. (www.ziare.ro ; 2012)

Another category of spam, phishing, represents 0.9 % of the total spam messages sent from Romania. Even if banks have done considerable effort to reduce phishing through additional login mechanisms, the level of bank phishing that harms card holders remains stubbornly high.

According to the Police, over 80 % of the cyber crimes committed in Romania target either American citizens or companies. The US Embassy in Bucharest stresses that the losses recorded by the latter raise to one billion of dollars per year (www.business24.ro ; 2012)

Regardless of the successes recorded during the recent years, with over 820 cases sent to the Court in 2010, there are still obstacles to overcome. On one hand, the legislation in place is not very well adapted and on the other hand the punishments are hardly deterrent. Moreover, as a SRI expert states `there is undoubtedly a strong interference of organised crime in the field of justice`. (www.business24.ro ; 2012)

The Romanian Intelligence Service manages a system through which it collects security incidents from different public partners. This system collects weekly over 1.2 million of incidents from over 100.00 different IPs. (www.HotNews.ro ; September, 26, 2012)

Newspaper Articles on Cyber Crime

Iai Newspaper writes on September, 18, 2012 that two Romanian men who remotely hacked into the point-of-sale payment systems of dozens of U.S. retailers, including Subway restaurant franchises, in an attempt to steal credit card information pleaded guilty to computer fraud charges on Sept. 17. The men were part of an alleged international electronic fraud ring that compromised the point-of-sale (POS) terminals at what federal officials said were more than 50 U.S. retailers, compromising the credit cards of 146,000 customers between 2009 and 2011. The scheme allegedly netted as much as $10 million, said the Department of Justice.

Gândul Newspaper writes on June, 26, 2012 that the members of a group accused of cyber crimes after defrauding 350 American, Canadian and English citizens with almost 8 million dollars are being investigated by DIICOT prosecutors after a series of residence raids carried on in Bucharest, Arges, Teleorman and Valcea. The group was posting fictive selling ads on specialized e-commerce sites. After the persons were agreeing on the transactions, the group members using false identities were sending them via email the transactions` details and the false invoices.

Whereas every effort has been made to ensure that the information given in this document is accurate, neither UK Trade & Investment nor its parent Departments (the Department for Business, Innovation and Skills, and the Foreign & Commonwealth Office), accept liability for any errors, omissions or misleading statements, and no warranty is given or responsibility accepted as to the standing of any individual, firm, company or other organisation mentioned.

Sectors: Defence & Security
Countries: Romania
Menu
Export Action Plan