The cybercrime challenge: does the Romanian legislation answer adequately? 43
perpetrated from outside2 or inside3, the potential economic, operational or
reputational consequences of successful computer attacks can be very significant,
at individual, organizational and even national or international level4.
Consequently, as the European Commission emphasizes5, the fight against
cybercrimes should be a core element in the overall strategy that aims to protect
the security of information systems.
Cybercrimes now represent an important percentage of all crimes. This
increase in cybercrimes is the result of the unprecedented opportunities that
cyberspace and the global economy present to perpetrators, whether small-scale
criminals or highly organized crime syndicates6. These criminal opportunities arise
foremost from the very large number of software vulnerabilities7 (some allowing
zero-day attacks8) and evolving threats9. Of particular concern are botnets10,
2 There is a very large number of potential attack vectors from the outside. According to Internet
Systems Consortium, in July 2012 there were 908,585,739 hosts on the Internet,
http://ftp.isc.org/www/survey/reports/current/ (last visited Feb. 20, 2013). According to Internet
World Stats, in June 2012 there were over 2.4 billion Internet users, http://www.internetworldstats.
com/ (last visited Feb. 20, 2013). The same number of individuals using the Internet is advanced by
the International Bank for Reconstruction and Development in The Little Data Book on Information and
Communication Technology (2012), http://www.itu.int/ITU-D/ict/publications/material/LDB_ICT
_2012.pdf (last visited Feb. 20, 2013), with the number of fixed broadband subscriptions reaching
about 600 million at the end of 2011.
3 The threat posed by insiders is very real and is discussed in numerous publications. See Adam
Cummings et al., Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services
Sector (2012); Verizon, 2012 Data breach investigations report, Study conducted by the Verizon RISK
Team with cooperation from United States Secret Service et al. (2012); Frank L. Greitzer et al.,
Combating the Insider Cyber Threat, IEEE SECURITY & PRIVACY, January/February, 6(1), 61-64 (2008).
4 See Ioana Vasiu & Lucian Vasiu, Criminalitatea în Cyberspaiu (2011); Eurojust News, Cybercrime,
7, 1-4 (2012).
5 Commission of the European Communities, Towards a general policy on the fight against cyber
crime, COM(2007) 267 final (2007).
6 See, e.g., Aditya K. Sood, Rohit Bansal & Richard J. Enbody, Cybercrime: Dissecting the State of
Underground Enterprise, IEEE INTERNET COMPUTING, 17 (1), 60-68 (2013).
7 Vulnerability can be defined as a coding error that allows a perpetrator to execute commands
as a legitimate or authorized user, to access computer data contrary to the access restrictions in place,
or to conduct a denial of service attack.
8 See Derek E. Bambauer, Ghost in the network (2013), available at http://papers.ssrn.com/sol3/
papers.cfm?abstract_id=2232471 (last visited Oct. 10, 2013); L. Bilge & T. Dumitras, Before We Knew It:
An Empirical Study of Zero-Day Attacks in the Real Wo rld, ACM Conference on Computer and
Communications Security (2012).
9 See Seetharam Narasimhan, Hardware Trojan Detection by MultipleParameter Side-Channel
Analysis, IEEE TRANSACTIONS ON COMPUTERS, 62(11), 2183-2195 (2013); Hilarie Orman, Twelve Random
Characters: Passwords in the Era of Massive Parallelism, IEEE INTERNET COMPUTING, 17(5), 91-94 (2013);
OECD, Cybersecurity Policy Making at a Turning Point: Analysing a New Generation of National
Cybersecurity Strategies for the Internet Economy (2012).
10 Botnets are sets of computers controlled remotely by the perpetrator(s) and used in large-scale
attacks against other computer systems. See details in Rafael A. Rodríguez-Gómez, Gabriel
Maciá-Fernández & Pedro García-Teodoro, Survey and taxonomy of botnet research through life-cycle,
ACM COMPUTING SURVEYS, 45(4), 45 (2013).