Feb. 24, 2015

As Internet use has proliferated in both business and everyday life, from electronic authorization and signatures to Internet connections from mobile devices, the incidence of reported cybercrime has also increased. The adverse impacts on the economy and society caused by these crimes have grown inevitably severe. This report discusses the current state of cybercrime and countermeasures in the European Economic Area (EEA).

1.State of cybercrime in the European Union

Despite being ambiguously defined, the United Nations (UN) has accepted the definition of cybercrime as crimes on computers as well as networks. As internet use has grown, so too has the number of cybercrimes. Diverse cases of cybercrime exist, but there is no accurate statistical picture to understand its current global impact. However, it has been estimated that the world’s annual total economic loss owing to cybercrime has reached €290 billion, meaning these crimes generate a higher profit than today’s illegal drug trade, including marijuana and heroin. The intensification of cybercrime is prominent when compared with all other types of crime. For instance, only one third of French companies reported incidents of cyber-attacks in 2009 but this jumped to 50% in 2012. Impacts of cyber-attacks on businesses encompass not only economic losses from interference with business activity, but also loss of confidence, and in some cases, litigation risk by unintentionally taking part in illegal activities, such as sending fraudulent email.

2.The European Cybercrime Center

No other crime is as borderless as cybercrime. Cybercrimes can involve as many as a few million victims and criminal suspects are spread around the world, making it difficult for one country’s domestic policing system to respond adequately and independently. Hence, the fight against digital crime requires a collective response engaging the legislative authorities of all relevant countries. In response to the growing threat of cybercrimes, the Council of the European Union (EU)*1 founded the European Cybercrime Center (EC3), an organization that aims to play a central role in cybercrime control in Europe under the European Police Office, or Europol. EC3 supports the EU member states and 7 institutions*2 to enhance capacities of performance and analysis in cybercrime forensics and consolidate global partnerships.

EC3 began operations in January 2013 and functions as the cybercrime information hub of Europe. EC3 promotes solutions to broad types of crime by collecting useful information for criminal investigations and housing experts in various fields, sharing the results from the analysis with Europol. Additionally, EC3 attempts not only to enable the latest digital forensics at all times, but also to prevent cybercrime by utilizing expert communities from various fields of social science. While Europol has always worked to provide support, management, and expertise in the past, EC3 allows more proactive coordination.

It was predicted that the operation of EC3 would cost approximately €3.36 million in the first year (from January to December in 2013). This estimate included labor, training facilities, business trips and other operational costs for EC3 management teams, as well as the Digital Forensic Union (DFC), and in addition, costs for development of a platform reporting standard. The costs in the second year and onwards are expected to increase if more aggressive crime information analysis and operational support takes place, which would result in increased costs from human resources and information collection. For example, forensics costs can range from €7 to €42 million depending on how investigation activities are conducted.

  • *1The Council of the European Union (also called the Council of Ministers) has higher authority than the European Parliament, and can even replace present European laws.
  • *2European Parliament, European Council, Council of the European Union, European Commission, Court of Justice of the European Union, European Central Bank, and Court of Auditors.

3.Case studies of cybercrime control

EC3 has successfully cracked down on international cybercrime groups by supporting cybercrime investigations in European countries. Example cases from 2014 investigation reports follow.


In continuation of an investigation from February 2014, Bulgarian and Spanish legislative authorities, in close coordination with EC3, took down a large organized crime network based in Bulgaria in October 2014. Forty buildings were searched and 31 suspects were arrested. This crime network had repeatedly committed large-scale fraud, including ATM skimming, electronic payment fraud, and document forgery. Investigations were done simultaneously in Malaga, Spain, and Sophia, Bulgaria, and there was support from the EC3 Joint Cybercrime Action Taskforce (J-CAT).*3

  • *3J-CAT is the organization established by EC3 of the Europol, FBI, and The British National Crime Agency (NCA) and handles the coordination of the legislative authorities in the EU member states as well as non-EU member states to control cybercrimes. The member states of J-CAT include the United Kingdom, Germany, France, the Netherlands, Italy, Spain, and Austria, as well as the United States and Australia. Andrew Archibald, an expert official from the cybercrime unit of the British NCA, is chairperson.


An international cybercrime network comprised mainly of Romanians was taken down in Romania and France with support from EC3. This organization had intercepted electronic payment systems by using malware designed to misdirect customers to their fraudulent system and steal money. They also made illegal transactions using skimmed card data, and even laundered funds gained through drug trafficking. The malware used was a Remote Access Tool (RAT) and was found in unspecified numbers of computers used for fund transfers. In this cybercrime investigation, to beat the movement of the illegal funds, the legislative authorities of France and Romania, under close cooperation, immediately granted permission to publish records of suspicious fund transfers as needed, allowing quick and smooth progress in the investigations.


The British National Crime Agency (NCA) played a key role in taking down a criminal organization using Shylock, a Trojan-horse malware. Private experts, Europol, U.S. Federal Bureau of Investigation (FBI), BAE Systems Applied Intelligence, Dell SecureWorks, Kaspersky Lab,*4 and even British Government Communications Headquarters (GCHQ) also had contributed to the investigation of Shylock. There was a particularly significant contribution from the Kaspersky Lab in track down of Shylock. The tracking investigation was performed with its base established in the EC3 and in coordination with not only NCA and FBI but also Italy, the Netherlands, and Turkey and affiliated organizations in Germany, France, and Poland. Shylock infects a computer when a user clicks on the link, and the virus finds bank account details stored in the computers and then illegally remits funds to the account of the crime syndicate from that of the user’s. Computers with Microsoft Windows were at risk of infection, but Shylock specifically targeted the United Kingdom.

  • *4Kaspersky Lab is a company based in Russia that provides the world’s eminent information security service.


By cooperating with 11 different legislative authorities across 8 countries and Europol, U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI) jointly shut down 188 illegal domains that sold fake products to customers. Belgium, Bulgaria, France, Italy, Romania, Spain, the United Kingdom, and the ICE-HSI led National Intellectual Property Rights Coordination Center (IPR Center) in Washington, D.C., participated in the investigation. This crime not only sold fake merchandise, but also put the victims’ personal financial information at risk of being leaked. The fake merchandise included headphones, sportswear, cosmetics, shoes, mobile phones, and other small electronic devices.


A very refined malware called Gameover Zeus, a type of botnet virus, which infects a computer from another computer, and it is estimated that half a million to one million computers were infected, causing damage worth US$75 million. Furthermore, CryptoLocker, a type of ransom-demand virus spread through Gameover Zeus, infected computers and decoded and unlocked coded files. In total, 234,000 computers were estimated to be infected, and according to the FBI’s preliminary calculations, the total estimated damages may have been as much as US$27 million in just two months. Other countries that participated in the investigation were Germany, Canada, France, Italy, Japan, Luxembourg, New Zealand, the Netherlands, Ukraine, and the United Kingdom. Companies, specifically, Dell SecureWorks, Microsoft, McAfee, and Symantec provided particularly important support and prevented reinstallation of such malware. It is difficult to contain these harmful viruses and prevent cybercrimes unless the Internet as a whole can join together to counteract them. Consequently, a system of cooperative investigation is viewed as being exceedingly effective.

4.Preparing for rapidly evolving cybercrimes

In August 2013, the European Parliament passed Directive 2013/40/EU*5 on attacks against information systems, replacing the Council Framework Decision 2005/222/JHA. This directive calls for a regulation to penalize illegal attacks against information systems and upon implementation, attacks that compromise vital social infrastructure will be penalized more severely. In accordance with this directive, EU member states are obligated to consolidate their civil laws by September 4, 2015. In addition, while the EU continues to strictly monitor cybercrime activities, it has just started consolidating statistical indexes in order to understand the situation, and utilize developing policies. Experimental data collection from 2012 to produce statistical indexes had been planned; however, the index list is to be finalized in late 2014 and the data collection will follow afterwards. Currently no statistical data is available to show the actual extent of cybercrimes, and new criminal methods are continually evolving in response to technological advancement. For instance, a new type of fraud in which artificial intelligence tricks human beings may arise in the future. Increasing numbers of multinational companies are being unexpectedly fined for unpreparedness against cybercrimes and are struggling with the weight of the burden. This report demonstrates the need for continued efforts to fight against an ever evolving body of cybercrime.