As the Council of Europe’s Cybercrime Programme Office (C-PROC) in Bucharest commemorates 12 years since its inception, the landscape of cyber threats continues to evolve significantly. A recent high-level meeting in Bucharest highlighted the complexities facing Romania and the broader European Union, as cybercriminal activities become more frequent and sophisticated. This anniversary marks a pivotal time, with increased focus on strengthening global criminal justice and maintaining the rule of law in European cyberspace.
Romania, like other EU member states, is currently grappling with a surge in distributed denial-of-service (DDoS) attacks targeting public institutions and corporations. Dan Cîmpean, Director of the Romanian National Cybersecurity Directorate (DNSC), noted that the frequency of these attacks has risen amid global geopolitical tensions, with pro-Kremlin groups like Noname057(16) actively participating in cyber warfare. Recent incidents, such as the attacks on Romanian Foreign Ministry sites, underscore the intent to disrupt public access and undermine trust in state systems.
The threat landscape extends beyond traditional cyberattacks. The European Commission itself fell victim to two substantial hacks earlier this year, resulting in significant data breaches. These incidents are part of an ongoing EU-wide cyber crisis, prompting the EU Council to impose sanctions on entities and individuals linked to these cyber threats. The involvement of China-based and Iran-linked groups illustrates the international dimension of the threat.
Additionally, the rise of AI-driven crime represents a new frontier for legal and cybersecurity professionals. AI technology is not only facilitating traditional crimes like fraud and identity theft but also enabling advanced forms of cyber interference, such as deepfakes and AI-generated phishing. Romanian law already includes provisions to address such threats, yet the complexity increases exponentially due to AI’s capacity to automate and scale these activities.
AI-generated deepfakes and synthetic media pose unique challenges, especially in the realm of child sexual abuse materials (CSAM) and reputational harm. The Romanian Criminal Code encompasses provisions for handling these offenses, but the prosecutorial landscape is complicated by the need to address the social and moral implications, even in cases without direct victims.
Moreover, AI-assisted swatting and the potential introduction of AI-generated evidence into legal proceedings present additional hurdles for law enforcement. The European Convention on Human Rights outlines necessary safeguards, emphasizing the importance of maintaining a balance between utilizing technology for prosecution and protecting individual rights. Recent legal precedents, such as the Glukhin v. Russia case, serve as reminders that investigative measures must be legally sound and proportionate.
The EU’s Artificial Intelligence Act introduces a regulatory framework that aids in governing the use of AI in cybercrime, and while it offers a foundation, it does not resolve all prosecutorial challenges. Romania, like other EU nations, must navigate these complexities by leveraging existing laws and enhancing operational capabilities. This includes fostering international cooperation, technical expertise, and the swift preservation of digital evidence.
The cybercrime landscape is evolving rapidly, and professionals must adapt strategies to incorporate technological advancements while respecting human rights frameworks. The increasing sophistication of AI in facilitating cybercrime challenges prosecutors to remain vigilant, legally astute, and technologically equipped to combat these emerging threats effectively.