By 2015, countries in the European Union must toughen penalties for people convicted of cyber hacking under a directive approved by union leaders this week.
But the stiffer prison sentences aren’t likely to have much of an effect without more cooperation between countries being attacked and the countries that are home to many malicious hackers.
Security experts say many attacks originate from countries in Eastern Europe and South Asia and nations such as Russia and China. In these spots, hackers often brag about being untouchable by Western authorities. And they market their abilities to interested parties around the globe, offering attacks as a service.
Still, the penalties in the EU will be more in line with those in the U.S. as the two countries try to work together to combat cyber crime.
Recent discussions in Congress have focused on actually reducing some penalties by more clearing defining terms in the Computer Fraud and Abuse Act, the nation’s main cyber-security law. The idea is to separate misuse of data from the stealing of data and to ensure penalties are more commensurate with the crime.
U.S. lawmakers also are considering bills that would target specific offshore hackers by giving authorities more flexibility to freeze bank accounts and to create other financial disincentives.
The EU’s new maximum sentence for trying to break into personal or business computers will be two years in prison. Intrusions that lead to data or financial breaches are set a three-year sentence. The maximum rises to five years for illegally entering computers linked to critical infrastructure or the government.
Copyright © 2015, Los Angeles Times