WWW.IAP-ASSOCIATION.ORG/GPEN 1

Global Prosecutors E-Crime Network Newsletter Issue 34 –July 2016 Welcome to the July 2016 edition of the GPEN newsletter.

This month we the second

interview in the new Insight

series, looking at how

cybercrime units work around

the world. We are delighted to

welcome the Cybercrime Unit in

Mauritius who talk about the

way they work and the

challenges they face.

We also have a report from

Koen Hermans, Member of the

IAP and Vice Chair of the

Eurojust Taskforce on

Cybercrime about the European

Judicial Cybercrime Network

which has been founded by the

European Union Justice Ministers with the aim of providing a centre of expertise, supporting

prosecutors and (investigative) judges dealing with cybercrime.

Along with a roundup of this month’s cybercrime prosecution news from around the world, a list of

conferences and events and this month’s topic focus on Malware.

Don’t forget to book your place at the next webinar. On August 16th 2016 Stephen Mason will be

speaking about “A proposed Convention on Electronic Evidence - why now and how we shape it”. I

look forward to talking to you there.

Sarah Lennard-Brown GPEN communications team

If you have any information or articles for the newsletter or website please send it to

Sarah@gpen.info or post on the GPEN forum – I look forward to talking to you there.

Join the GPEN community www.iap-association.org/Membership

WWW.IAP-ASSOCIATION.ORG/GPEN 2

News Facebook has a difficult month in Brazil and Israel

Facebook's bank account in Brazil, containing approximately $6

million has been frozen after a court order was issued relating to

access to encrypted data on the Facebook owned WhatsApp site.

The dispute, which started in January 2016 relates to an

international drugs investigation. The Brazillian federal police are

requesting access to encrypted WhatsApp files but both WhatsApp

and its parent company Facebook are claiming they do not have

access to the metadata or the message contained in the files. This is the latest court order which

started with a 48 hour block on the WhatsApp service last December followed by the arrest of

Facebook's Vice President in Latin America in March and another 72 hour block in May.

Law enforcement agencies in many jurisdictions across the world have been protesting against the

use of end-to-end encryption of data arguing it is unacceptable to use end-to-end encryption as it

cannot be accessed by states. However WhatsApp CEO and co-founder Jan Koum has previously said

the company has no intention of “compromising the security of our billion users around the world”

by weakening its security systems in order to be able to comply with police authority requests for

data. What he is effectively saying is that by weakening the security to allow access to law

enforcement would weaken the system and potentially allow access to hackers.

Israel has also taken Facebook to task last month. Israel's Public Minister for Security Gilad Erdan,

claimed that Facebook was “sabotaging” the work of the Israeli police force. He also accused

Facebook founder Mark Zuckerberg of not doing enough to prevent incitement against Israel on his

platform, according to News Agency Reuters.

Israel has been suffering a number of fatal attacks on its Citizens the perpetrators of which have

been identified as Palestinan teenagers. As a result of this Israel has increased its surveilance of social

media and is drafting legislation that will enable it to issue takedown notices to social media

platforms concerning content that it feels incites hate or terrorism.

Facebook indirectly responded with a statement:

“We have a set of community standards designed to help people understand what’s allowed on

Facebook, and we call on people to use our report if they find content they believe violates these

rules, so that we can examine each case and take quick action.”

Find out more about Brazil’s problems with Facebook on the Tech Crunch website

Find out more about Israel’s complaints against Facebook on the Digital Trends website

What do you think? Are you having problems with Facebook’s encryption? Start a debate on the

GPEN Forum

WWW.IAP-ASSOCIATION.ORG/GPEN 3

USA Celebrity Phishing Campaign Man Pleads Guilty

Edward Majerczyk, of Chicago, United States of

America, has pleaded guilty to running a phishing

campaign which stole private pictures and videos

from USA television and film stars in 2014.

Majerczyk sent fraudulent emails that looked like

security warnings from Internet Service Providers

which prompted targeted individuals to visit a

fraudulent website. The spoof website then stole

log in details and enabled Majerczyk to access 300

Apple, iCloud and Gmail accounts between 2013

and 2014. Around 30 of the accounts hacked

belonged to USA celebrities and data, including

private sensitive images of Rihanna and Jennifer Lawrence were later leaked to the Internet. The

Department of Justice said that they found no evidence linking Majerczyk to the leaking of these

images but that he was responsible for hacking the email accounts. Majerczyk faces a statutory

sentence of 5 years in jail.

Read more about the Celebrity Phishing case on the BBC website

Find out more about prosecuting crimes involving Phishing on the GPEN website

Guyana Police receive additional cybercrime training

Guyana is making progress in capacity building to deal

with cybercrime. Stakeholder consultation on the draft

Cybercrime Legislation took place in March this year. The

completed draft, which addresses identity theft, online

child abuse and cyber bullying, will be laid before

parliament later this year.

As part of Guyana's program to increase its ability to

prosecute cybercrime several police officers will attend

an Interpol sponsored training event in the Dominican

Republic in July.

Find out more about the Guyana cybercrime training on the Guyana Government website

You can find extensive cybercrime training material on the GPEN website

WWW.IAP-ASSOCIATION.ORG/GPEN 4

Tanzania Man charged for WhatsApp insult to president

A Tanzanian citizen is facing charges for

allegedly sharing comments calling President

John Magufuli an imbecile on the social media

site WhatsApp. The new cybercrime law was

enacted last year despite heavy criticism that

it would stop freedom of speech. Mulokozi

Kyaruzi is the second person to be charged

under the new law for insulting the president.

Find out more about the Tanzanian

Man who insulted the President on

the africa.tvcnews website

Tell us your experience of dealing with

legislation relating to social media on

the GPEN Forum

Intellectual Property Crime Unit launched in India

The Telangana Intellectual Property Crime Unit

was launched in Hyderabad, India this month.

The Unit is the first in the country to focus on

Intellectual Property Crime. The film industry in

India has been particularly badly affected by

the illegal copying of VHS tapes, DVD's and

online streaming. The Telangana Intellectual

Property Crime Unit (TIPCU) will operate under

the auspices of the cybercrime wing of the CID

to deal with complaints about online piracy.

Find out more about the new

Intellectual Property Crime Unit in

India from the New Indian Express

website

Join the debate about Intellectual Property on the GPEN Forum

WWW.IAP-ASSOCIATION.ORG/GPEN 5

GPEN Webinars

GPEN Webinars are supported by the UK Foreign and Commonwealth Office and the International

Association of Prosecutors.

Book your place for the next GPEN Webinar

To book a webinar place email: Sarah@gpen.info - the webinars are free and certificates are issued

to everyone who attends.

August 16th - 'A proposed Convention on Electronic Evidence - why now and how we shape it'

Date and Time: 16th August 2016 11:00 British Summer Time (Greenwich Mean Time +1)

Presenter: Stephen Mason

September 22nd - Prosecuting digital crimes against children (title to be confirmed)

Date and Time: 22nd September 2016 15:00 British Summer Time (Greenwich Mean Time +1)

Presenter: Allison Dellandrea – Crown Prosecutor from Toronto, Canada who specialises in

prosecuting digital crimes against children.

October 26th Implementing the NOCAP (National Online Child Abuse Protection) process

Date and Time: 26th October 2016 time to be confirmed

Presenter: Stewart Gailey and the Cybercrime Scotland Team

Catch up with the GPEN Webinars

If you missed our webinars do not worry. You can listen to the webinar and access the associated

documents in the GPEN library. The webinars are available for members of the IAP (you need your

IAP username and password to access the website). www.iap-association.org/GPEN/GPEN-Learning-

Centre/Webinar

The European Cybercrime Network

Despite diverging national legislations every Cybercrime Prosecutor encounters similar challenges:

storage of evidence on servers located in unknown places or whose locations are unknown; the use

of special investigative powers on the Darknet; the lack of response from Internet Service Providers

WWW.IAP-ASSOCIATION.ORG/GPEN 6

(ISPs); the need to decrypt devices or communicate across borders; etc. Only by sharing information

will we be able to deal with these challenges more effectively.

On 9th June 2016, European Union (EU) Justice Ministers adopted two sets of conclusions setting out

practical measures to improve cooperation across the EU related to criminal justice in cyberspace.

One of these sets of conclusions formalised the long awaited European Judicial Cybercrime Network

(JCN), supported by Eurojust.

The JCN will provide a centre of expertise, supporting prosecutors and (investigative) judges dealing

with cybercrime. It will thereto facilitate and enhance cooperation between the competent judicial

authorities dealing with cybercrime, in particular by exchanging expertise, best practices and other

relevant knowledge and experience on the investigation and prosecution of cybercrime, including the

practical application of current legal frameworks and relevant case law and effective cross-border

judicial cooperation.

The JCN will also foster dialogue between the different agents and stakeholders in the field, such as

The European Cybercrime Centre (EC3), Eurojust, The European Agency for Network and Information

Security (ENISA), The European Agency for Law Enforcement Training (CEPOL), Interpol, The Council

of Europe (CoE) and the private sector, in particular ISP’s.

In order to enable this exchange of expertise, the JCN will provide access to, and disseminate

information via a special (secure) website. It will provide a forum for discussions of practical and legal

problems encountered by legal practitioners in the field of cybercrime, including the obstacles to

effectively obtaining and securing e-

evidence. In summary therefore, the

JCN will exchange information on

domestic legislation, relevant case law

and jurisprudence, international

cooperation and best practices

between Member States, and provide

tools for practitioners.

Koen Hermans, Member of the IAP

and Vice Chair of the Eurojust

Taskforce on Cybercrime

WWW.IAP-ASSOCIATION.ORG/GPEN 7

Topic focus - Malware

Malware is a piece of software which is introduced into a computer system to cause harm. Common

forms of malware include Trojans, viruses, ransomware, spyware, adware, scareware and worms. In

law malware is sometimes called ‘malicious software’ or ‘a computer contaminant’.

What are the different types of malware?

Trojans: A Trojan is a non-self-replicating malicious malware program that enters a system and sends

data from the host system to a third party. It may also

cause harm to the system.

Viruses: A Computer Virus is a type of malware which

replicates and spreads by attaching itself to a file and

inserting copies of itself into other computer programs

or systems as it travels around a system.

Ransomware: Ransomware is covertly installed malware

that encrypts computer files and then demands

payment of a ransom in return for the decryption key

needed to recover the files. This is sometimes called a

‘Crypto-virology’ attack.

Spyware: Spyware is software designed to gather information about a user’s computer use without

their knowledge. Sometimes spyware is simply used to track a user’s Internet surfing habits for

advertising purposes in an effort to match your interests with relevant ads. However, spyware can

also scan computer files and keystrokes, create pop-up ads, change your homepage and/or direct

you to pre-chosen websites. One common use is to generate a pop-up ad informing you that your

system has been infected with a virus or some other form of malware and then force you to a pre-

selected page that has the solution to fix the problem. Most often, spyware is bundled with free

software like screen savers, emoticons and social networking programs.

Adware: Adware is software designed to force pre-chosen ads to display on your system. Some

adware is designed to be malicious and will pop up ads with such speed and frequency that they

seem to be taking over everything, slowing down your system.

Scareware: Scareware is a form of malware that uses social engineering to causes shock or the

perception of threat and make victims download and pay for fake antivirus software to remove it.

Worms: A worm is a type of computer virus that can spread around networks on its own. Worms are

often able to replicate themselves thousands of times within a particular system and then email

WWW.IAP-ASSOCIATION.ORG/GPEN 8

themselves out to other computers. Worms can be used by outside agents to gain access to

computer systems.

What are the resources in the GPEN library?

The GPEN library has a small but select collection of documents relating to the prosecution of crimes

involving malware. These include:

International Instruments

Budapest Convention on Cyber Crime Guidance Note 7 Malware (June 2013)

Demonstrates how the Articles of the Convention on Cyber Crime apply to new forms of malware.

Attacks against Information Systems

Council of Europe Directive 2013/40/EU of 12 August 2013 on attacks against information systems

replacing Framework decision 2005/222/JHA of 24 February 2005

Guides and Manuals

Best Practice to Address Online and Mobile Threats (2012)

A good introduction to the subject of Online and Mobile threats including a section on best legal

practice.

London Action Plan and The Messaging, Malware and Mobile Anti-Abuse Working Group

The Cyber Espionage Blueprint: Understanding Commonalities In Targeted Malware Campaigns

(2013)

This report focuses on the totality of cyber espionage attacks rather than on any specific campaign or

attacker. The resulting "blueprint" that has been derived reflects the common methodologies,

specifically related to malware most often used in Cyber Espionage campaigns.

Author: Alex Cox, Principal Research Analyst,

Databases

Computer Misuse Act Casework Database - United Kingdom

Database detailing cases prosecuted in the United Kingdom under the Computer Misuse Act 1990

Cases(1993-2013) compiled and maintained by Michael J L Turner

Articles

In the Dark - Crucial Industries Confront Cyber-attacks (2010)

McAfee second annual critical infrastructure protection report. Written with the Centre for Strategic

and International Studies (CSIS) including a report about the impact of Stuxnet

Author: Stewart Baker, Natalia Filipiak, Katrina Timlin

WWW.IAP-ASSOCIATION.ORG/GPEN 9

Reports

European Union Agency for Network and Information Security (ENISA) Evolving Threat

Environment Report

A regularly published report detailing the latest cyber threats. Updated regularly

Webinars

Online Business Models Infringing Intellectual Property Rights through Phishing, Malware

Dissemination and Other Fraudulent Means

Erling Vestegaard, 14th July 2016

Please share your own cyber prosecution materials relating to malware (any language) on the GPEN

forum or send your resources to Sarah@GPEN.info . Please note: you need to be logged into the IAP

website using your IAP username and password to access the forum.

Insight

Insight interviews will focus on the work of cybercrime teams and units around the world. The aim of

the series is to examine how different countries around the world approach the organisational issues

around policing and prosecuting cybercrime. We would like to interview cybercrime units from

across the globe and share the successes and challenges of different team structures and working

environments. If you are a member of a cybercrime team and would like to be featured in the

GPEN newsletter, or if you have any feedback please email: Sarah@gpen.info

This month Insight examines

the work of Mauritius

Cybercrime Unit. Pravin

Harrah is Principal State

Counsel from the Office of

the Director of Public

Prosecutions who works with

the Cybercrime Unit. I asked

him….

What is the structure of the unit?

The Office of the Director of

WWW.IAP-ASSOCIATION.ORG/GPEN 10

Public Prosecutions (ODPP) is responsible at a national level to institute and undertake criminal

proceedings before any court of law in terms of Section 72 of the Constitution of Mauritius.

The Cybercrime Unit of the ODPP is a specialised unit dealing with cases involving cybercrime. The

Unit is composed of Principal State Counsel, State Counsels, State Attorneys and Legal Research

Officers who work under the supervision of the Director of Public Prosecutions. The unit works in

close collaboration with the Police IT unit and Police Cybercrime Unit, which are under the command

of the Commissioner of Police.

This collaboration enables each unit of the Law Enforcement Agencies to complement each other in

terms of skills and knowledge with a view to better fight cybercrime.

The Cybercrime Unit of the ODPP, the Police IT Unit and the Police Cybercrime Unit operate

independently and work separately from each other.

What is the role of the different specialists that make up the unit?

(a) The role of the Cybercrime Unit of the ODPP is mainly advisory and prosecutorial.

The Cybercrime Unit consists of 10 Counsels and Attorneys who have undergone the following

trainings:

the Basic and Advance Training of Train the Trainer (TOT) on Cybercrime and Electronic

Evidence organised by the Council of Europe and the Institute of Judicial and Legal Services

of Mauritius, under the Global Action on Cybercrime (GLACY) Project.

At the Ecole Nationale de la Magistrature, (ENM)France

Criminal Investigation Bureau (CBI) India.

The State Counsels provide legal advice during investigation, advise and prosecute the cases before

the Court.

State Attorneys together with State Counsels assist the Investigative Agencies with the procedural

measures with regard to:

preservation order,

disclosure of preserved data,

production order,

search and seizure,

real time collection of traffic data and

deletion order.

The Cybercrime Unit of the ODPP also assist in training and awareness programmes for stakeholders

in the criminal justice system.

WWW.IAP-ASSOCIATION.ORG/GPEN 11

Also, the Cybercrime Unit of the ODPP is part of the GPEN network which is a global network that

improves international cooperation among cybercrime prosecutors and participates actively in the

Webinars as part of capacity building programmes.

(b) The Cybercrime Unit of the Mauritius Police Force (MPF) investigates cybercrime, while the IT

Unit in addition to providing technical support for technical infrastructure also provides all digital

forensic services to the MPF.

Investigators and forensic examiners of the MPF work separately, with separate responsibilities to

ensure independence of the forensic process. All staff in the IT Unit are police officers with diploma,

certification or extensive knowledge in IT.

The 24/7 Network, under Article 35 of the Budapest Convention to which Mauritius is a signatory,

point of contact is the Police IT Unit.

How do you work together on a day to day basis?

We work as a team supporting and

drawing from the specific expertise

and skill of one another.

This cross fertilisation enables the

team to better understand the

subtleties of cybercrime with a view

to ensure that cybercrime is

detected, investigated and

prosecuted in a more efficient way.

Files are forwarded to the Supervising Officer of the Cybercrime Unit of the ODPP who then channels

the files to officers based on the complexities of the case. The Unit meets as and when required (to

discuss complex legal issues where relevant, before advising cases.

In the event that support is needed on technical issues, the Police IT Unit or the Police Cybercrime

Unit is consulted.

What sort of cybercrime do you mainly deal with?

Cases of cybercrime dealt with mainly involve:

(a) Offences against the confidentiality, integrity and availability of computer data and systems -

Such as unauthorised access and unauthorised interception of computer data.

WWW.IAP-ASSOCIATION.ORG/GPEN 12

(b) Computer related offences -Such as unauthorised modification of computer material and

damaging or denying access to computer system and electronic fraud

(c) Content related offences

Cybercrime has grown exponentially over the years starting from the number of cases reported in

2004 from 8 to 400 in 2015 which is quite significant for a small jurisdiction like Mauritius.

What are the pros and cons of this sort of unit structure in the fight against cybercrime?

The need to balance flexibility to consult each distinct unit involved in the fight against cybercrime

has to be balanced with the fact that at the same time each unit operates separately and

independently so that the quality of evidence and the testimony of investigators and forensic

examiners is not compromised.

Stakeholders of the criminal justice system have undergone training on Standard Operating

Procedures and Guidelines have been elaborated which will enable relevant organisations to

implement quality standards for the provision of services that meet national and international

requirements.

Are there any particular challenges you face?

Given that new trends in cybercrimes are emerging at all time and criminals are exploiting the speed,

convenience and anonymity of the internet to commit criminal activities which knows no borders,

WWW.IAP-ASSOCIATION.ORG/GPEN 13

there is a need to carry out proper investigation and prosecute offenders in this highly technical and

complex area. This can only be done through capacity building and constant updating of the skills and

knowledge of the investigators, prosecutors and judiciary.

Also, it is quite challenging to obtain digital evidence, ‘cloud’ evidence and evidence from

communication service providers in respect of cross border investigation even though the 24/7 point

of contact is being used. International Cooperation is not fully operational.

What is your unit’s approach to the need to educate Juries about difficult concepts?

Cases involving Cybercrime are mostly heard before the Intermediate Court and not before Juries,

while the procedural provisions in respect of the judges’ order are administered by the Judges of the

Supreme.

The procedures for the application and issue of judges’ orders for access to data requires some

improvements so that volatile data are preserved.

Judicial Officers (comprising of Magistrates and Judges) have undergone training and awareness

sessions on cybercrime. There is ongoing training on emerging issues on cybercrime organised by the

IJLS and the Council of Europe for judicial and Law Enforcement officers.

A Glossary of technical terms is being prepared to help stakeholders understand the technical terms.

A Cybercrime Strategy for Mauritius is being developed which aims to:

provide a more effective legal framework for investigating and prosecuting cybercrime

enhance the capacity of the judiciary to deal with cybercrime and digital evidence

work with international counterparts to improve cooperation on cybercrime

Events

Protecting Privacy - Domestic and International Criminal Justice Responses to Crimes against Personal Privacy and the Balance between Individuals Privacy and Collective Security

Date: 24th – 28th July 2016

Place: Halifax World Trade and Convention Centre, Halifax, Nova Scotia, Canada

Conference will be run by the International Society for the Reform of Criminal Law. Visit the Privacy

Conference website.

WWW.IAP-ASSOCIATION.ORG/GPEN 14

Cyber Security Conference

Date: 25th – 28th July 2016

Place: New York, United States of America

The Federal Bureau of Investigation and Fordham University will host the Sixth International

Conference on Cyber Security (ICCS 2016) on July 25-28, 2016, in New York City. ICCS is an

unparalleled opportunity for global leaders in cyber threat analysis, operations, research, and law

enforcement to coordinate their efforts to create a more secure world. Find out more at the

conference website.

4th Interpol -Europol Cybercrime Conference

Date: 28th – 30th September 2016

Place: Singapore

LawTech Europe Congress 2016

Date: 7th – 8th November 2016

Place: Brussels, Belgium

Find out more at http://www.lawtecheuropecongress.com, Register for the conference:

http://www.cvent.com/d/sfqm63/4W . We have a special deal with Law Tech Europe which means

that GPEN members can have a special 30% discount if they use the code: LTEC-3TCR

Octopus Conference 2016

Date: 16th-18th November 2016

Place: Palais de l’Europe, Council of Europe, Strasbourg, France

The conference will provide an opportunity to interface for cybercrime experts from public and

private sectors as well as international and non-governmental organisations from all over the world.

Participation is free of charge but subject to registration. Find out more at

Registration will be open from 15 September to 15 October 2016 at www.coe.int/cybercrime

International Conference on Cyber-law, Cybercrime

Date: 17th and 18th November 2016

Place: New Delhi, India

Call for Papers - Submit Your Entries At: info@cyberlawcybercrime.com

Find out more about this conference at: www.cyberlawcybercrime.com

WWW.IAP-ASSOCIATION.ORG/GPEN 15

If you know of any conferences or events you think would be useful for Cybercrime colleagues

around the world please post them to the news section of the GPEN forum. You can find more

information in the Events section of GPEN. Please note that to view this information you need to be

logged into the website with your International Association of Prosecutors username and password.

Find out how to become a member of the IAP.

This newsletter is published by the Global Prosecutors E-Crime Network (GPEN) part of the

International Association of Prosecutors - Hartogstraat 13, The Hague, The Netherlands