EU Needs Larger Budget, Int'l Cooperation to Tackle Cybercrime - Analysts

MOSCOW (Sputnik) — The German Federal Office for the Protection of the Constitution (BfV) released a statement on Sunday in which it stated that members of the Chinese intelligence services had contacted a large number of German and European officials, as well as other citizens, through fake profiles on the social media platform LinkedIn.

The investigation, which took place over the span of nine months, had unearthed that at least 10,000 Germans had been targeted. BfV noted that the Chinese intelligence services seemed to only target those who dealt with China or issues that were important to the country such as foreign policy, the G7 and G20 summits, and territorial conflicts in the South China Sea, to name a few.

EU Could Do More to Tackle Cybercrime

The BfV has yet to propose steps for dealing with this cyberattack, beyond publishing the names of the fake profiles and exposing other details pertaining to these fake identities. However the European Commission already has a pan-European Agency proposed, which will aid EU governments in handling any cybersecurity attacks.

Matthias C. Kettemann, an Internet law researcher at Goethe-University Frankfurt, stated however that it will have a noticeable impact on how individual attacks are addressed.

"The proposed EU Cybersecurity Agency is a useful step towards more coordination and cooperation, and its certification framework (harmonizing existing certification schemes) will lead to more user trust, especially in the Internet of Things. It will not, however, dramatically impact the likelihood and success of individual attacks, just as new international police cooperation does not stop international criminal networks," Kettemann said.

On September 13, during his annual State of the Union Address, the European Commission President, Jean-Claude Juncker stated that the Commission would create a new European Cybersecurity Agency to help the European Union defend against cyberattacks. According to the European Commission, this agency will build on the existing European Agency for Network and Information Security (ENISA), and will assist Member States in preventing and responding to cyberattacks.

READ MORE: 'This Is Very Serious': You May Be Sharing the Same IP Address as a Terrorist

Dr. Kevin Curran, a Professor of Cybersecurity at the Faculty of Computing, Engineering & Built Environment at Ulster University, stated that the European Commission as a whole could be devoting more resources into tackling cybercrime, as more cases arise across the European Union.

"The European Commission can only do so much to prevent sophisticated cyberattacks. They could of course increase budgets for cyber security research and police forces. We are witnessing an increasing number of clever attacks taking place… Cybercrime will continue to grow into a highly lucrative and well organized enterprise, seeking competitive advantage with the aid of sophisticated cyber operations," Curran said.

Ketteman added that the answer could lie in wider international cooperation on cybercrime between the EU and other partners.

"Countries need to cooperate closely in all cybersecurity matters and exchange best practices. This is best done on an international level, and not only on an EU level, as questions of cybersecurity are definitely cannot find a satisfying answer regionally. Regional organizations, such as the Council of Europe, the OSCE, and the Shanghai Cooperation Council should cooperate more meaningfully within and amongst each other, including by setting standards," Ketteman said.

Also on September 13, the European Commission and the European External Action Service released a joint communication in which they outlined measures for increased international cybersecurity cooperation. Apart from the general upkeep of bilateral cooperation on cybersecurity matters, the European Union proposed strengthening its cooperation with NATO.

LinkedIn Should Do More to Protect Users

However, experts think that the European Union is not solely responsible for the cybercrimes uncovered by the Bvf.

Although LinkedIn has yet to reply to the report produced by German intelligence, experts are convinced that the Microsoft-owned platform could be doing more to prevent such cyberattacks, especially when it has around 250 million active users per month, as calculated by Apptopia.

Curran suggested that LinkedIn may have to alter its policy on who gets to use their service, to prevent the proliferation of fake profiles.

"Social network platforms such as LinkedIn may have to raise the barrier to entry (which is none at present) so that perhaps each profile is verified against a legitimate national ID. This is common with high secure sites such as Bitcoin exchanges. Such a move would eradicate large herds of bot accounts," Curran said.

He added that a barrier to entry would eliminate the creators of fake profiles’ ability to use disposable email addresses when signing up for their accounts on the platform.

David S. Wall, Professor of Criminology at the Centre for Criminal Justice Studies in the School of Law at Leeds University said that the problem may not be with LinkedIn altogether, as these cyberattacks could occur through more unnoticeable methods.

"Their stance to involvement has always been rather stand-offish, but I think that they could identify particularly vulnerable recipients and inform them where there is an apparent attempt. The trouble, however, is that some of the attempts to contact individuals through linked in and other social media are quite subtle," Wall said.

As of the middle of this year, LinkedIn has claimed 500 million users from more than 200 countries currently use their platform. They list more than 10 million active job posts and have data on more than nine million companies.

READ MORE: Dmitry Medvedev Speaks to TV Journalists on Majir Russia's Internal Issues

China Intelligence Services Not Sole Perpetrator

The BfV has warned that there could still be a large number of target individuals and fake profiles that have yet to be identified.

Wall is convinced that Chinese intelligence has not only targeted Germans on LinkedIn, as exposed by the BfV, but they have also targeted other EU countries.

"I think [they have targeted other EU countries], and not just Chinese intelligence, many, many others are also probably doing similar. Their business is intelligence, so they all want information about other countries and the demand will just grow," Wall said.

Chinese Foreign Ministry spokesperson Lu Kang, has denied any accusations that the country used fake LinkedIn profiles to gather sensitive information from German politicians and pointed to the fact that this accusation by the BfV was not beneficial to bilateral relations.

Curran concurred that it may not be too long before not only China, but other nations’ intelligence services are also revealed to be using this type of tactic to perpetrate cyberattacks.

"It is quite possible we see Chinese intelligence services target other countries. It must be said in the interest of fairness that we expect many other nation states to already be adopting similar tactics. Time and time again, when we discover new attack vectors such as this, we find out later that other countries had also mirrored the same tactic," Curran said.

READ MORE: Google Might Re-Conquer China With Artificial Intelligence

In February, the BfV warned of the increasing level of Chinese espionage all the way up to the German chancellery. The recent report from the agency showed that Chinese hackers use not only LinkedIn, but also other social media platforms, such as Facebook and business networking website Xing, to recruit informants. China has also been believed to be behind the Office of Personnel Management hack in 2015. The BfV has further stated that foreign influence amounts to billions of dollars in costs to the German economy each year.