Eurocommissaris Malmstrom bezorgd om cyberaanvallen op WikiLeaks (en)
EUOBSERVER i / BRUSSELS - The latest cyber-attacks on WikiLeaks make the case for the EU to criminalise the software tools enabling such crimes and for setting up a 24-hour alert system where citizens and companies can flag up attacks, EU home affairs commissioner Cecilia Malmstrom i has said.
Commenting in a press conference on Thursday (2 December) about a post she wrote on her personal blog, Ms Malmstrom explained that she gave the WikiLeaks example as an argument for the cyber-crime legislation which is being currently worked on in the European Commission.
"I note that the commission has proposed to criminalise botnets, the viruses and malignous software which were apparently used to attack WikiLeaks," the EU commissioner said.
On her blog , Ms Malmstrom wrote that "we have seen how countries like Estonia and Lithuania have been subjected to such attacks. This time it was WikiLeaks. Next time, the target may be the Swedish stock exchange, a nuclear plant or a sensitive patient record at a hospital."
Pressed on the question of state-led attacks, after Republican commentators suggested that the US government ordered the "denial-of-service attacks" in a bid to block the publication of the roughly 250,000 secret US diplomatic cables, Ms Malmstrom said she "can't judge who attacked WikiLeaks" and admitted "it would be very difficult to prove if a state committed an attack."
"The European Commission has no means to protect people from that, but we propose a centre for cybercrime to bolster expertise sharing among member states," she added.
Brussels would also like to see an alert system set up in each member state, that citizens and companies can call 24 hours a day, in case of an attack against banks for instance.
"This sort of criminality is growing at a scary speed, we have to develop tools and cooperate much better to address this," she added.
WikiLeaks reported a mass attack on Sunday, targeting its main server in Sweden, as it was preparing to release the first cables. On Monday, the site was back on, as it switched to Amazon's cloud computing platform, a service that allows users to rent as many virtual servers as they want.
But on Tuesday, the US-based Amazon stopped serving WikiLeaks, prompting acid comments on its Twitter page. "WikiLeaks servers at Amazon ousted. Free speech [in] the land of the free-fine. Our $ are now spent to employ people in Europe," one tweet read.
According to The Seattle Times, Amazon was contacted by a Homeland Security and Government Affairs Committee official who pressured the company to dump the site.
The whistleblowing website continued to function on Wednesday from its Swedish servers and published more cables, reaching 612 out of the 250,000 to be released.
Meanwhile, in a discussion paper prepared by the EU's anti-terrorism co-ordinator Gilles de Kerckhove, for an EU interior ministers' meeting this week, "state-driven or state-sponsored attacks" are identified as the number one risk to cyber security.
"The EU institutions have been victim to cyber attacks and must be better protected. This is also a challenge for the newly created EEAS i [EU's new diplomatic service]: Well protected networks are the precondition for sharing sensitive information, including personal data," the document, seen by EUobserver, reads.
The brainstorming paper also explores the idea of having "a code of conduct for the Internet," for example to protect hospitals against cyber attacks from states.
"At the same time we need to be careful about a worldwide legally binding treaty regulating the use of cyberspace. This raises the risk of attempts by a number of states to legitimise controls over content."