Serbia & Cyber-terrorism prevention
Introduction
Cyber terrorism prevention is real issue in this fast development or better say exploding of informatics and communicating technologies in 21st century that gives us right to call modern societies an informatics one. Although they are not on the same level of progress, these societies are showing dependent on informatics technologies. Such as internet or internal computer network. Every day more and more crucial infrastructural systems run on high tech wonders of modern world. As sophisticated as they may look at first. Development of internet as global network that provides free access to numberless information converted it into a global cyberspace dominion.
Preventing CT
Obviously, this global dominion has some negative side effects, because it opens the door to cybercrime, as well as for of course cyber terrorism. Preventing cyber terrorism is not an easy job. CTs possess most sophisticated hacking software and high IT skills, the question is could national security agencies and other prevention organizations be up to them. The answer is yes. Therefore, if one nation is capable to wage cyber war, by putting enormous amount of money and human recourses and high tech equipment etc. in it, so basically, by all means then it can deal with some organized terrorist groups or individual, but it is more likely to be a group if they are to fulfill same damageable full-scale cyber-attack or information stilling or data corruption.
We need global reaction. Because one nation cannot fight any type of terrorism alone. As we out to fight global war on regular terrorists in real time. As well as in cyber-space.
Serbia
While it may seem that Serbia is not a terrorist target—either in real terms or in cyberspace—this does not mean we cannot become interested in terrorism prevention. Furthermore, joining the efforts to prevent cyber terrorism could prove even more beneficial for our country. Not only could we expect technological and material assistance from our Western partners, but we might also enhance our own security measures in the process. Additionally, the U.S. has made promises to provide free equipment and material help if Serbia joins the international war against terrorism. Consequently, this involvement could lead to Serbia attracting even more resources and funding from abroad. Moreover, by engaging in these initiatives, we would strengthen our overall defense strategy and demonstrate our commitment to global security.
That should be course we should take combined with a little political wisdom and diplomatic skills all together.
Cyber terrorism prevention in Serbia
And now, let as se how can we prevent cyber terrorism in Serbia, or at least how to minimize risks of cyber terrorism and how to conduct counter strike. Prevention:
· Legislation,
· Police and security agencies,
· Judicial system,
· High technological measures,
· Most importantly –international cooperation.
Legislation
Fighting against cyber terrorism and it`s prevention and eradication demands joint effort on international level. International character of this type of cybercrime makes domestic legislative efforts, both material and procedural law insufficient. Danger of cyber terrorism is not an issue for only one country. Therefore requires wider legislative approach trough harmonization of domestic legislative systems and constitution of efficient cooperation on global scale.
Convention on Cybercrime
Research papers and drafts from the UN, OESC, and the EU Council provide a strong foundation for counter-cyberterrorism efforts. Additionally, the adoption of the Convention on Cybercrime, signed by Canada, Japan, the United States, and South Africa on 23 November 2001 in Budapest, also serves as a solid basis for these initiatives.
EU regulation
EU has a regulation of its own. The European Commission and the High Representative of the Union for Foreign Affairs and Security Policy presented a new EU Cybersecurity Strategy at the end of 2020. The Strategy covers the security of essential services such as hospitals, energy grids and railways. It also covers the security of the ever-increasing number of connected objects in our homes, offices and factories. Furthermore strategy focuses on building collective capabilities to respond to major cyberattacks and working with partners around the world to ensure international security and stability in cyberspace. As well as Strategy outlines how a Joint Cyber Unit can ensure the most effective response to cyber threats using the collective resources and expertise available to the EU and Member States.
NIS2 Directive
The most important EU regulation on cyber-crime prevention is the Directive on Measures for a High Common Level of Cybersecurity Across the Union (NIS2 Directive). Notably, cybersecurity threats are almost always cross-border; thus, a cyberattack on the critical facilities of one country can affect the EU as a whole. Consequently, EU countries need to establish strong government bodies that supervise cybersecurity within their own borders. Furthermore, these bodies must collaborate with their counterparts in other Member States by sharing information. This cooperation is particularly important for sectors that are critical to our societies.
NIS Directive
The Directive on security of network and information systems (NIS Directive), which all countries have now implemented, ensures the creation and cooperation of such government bodies. At the end of 2020, officials reviewed this Directive. As a result of the review process, the Commission subsequently presented the proposal for a Directive on Measures for a High Common Level of Cybersecurity Across the Union (NIS2 Directive) on 16 December 2020. The Directive appeared in the Official Journal of the European Union in December 2022 and took effect on 16 January 2023.
Member states will have 21 months from the entry into force of the directive in which to incorporate the provisions into their national law (actual date: 18 October 2024).
Articles in the Budapest Convention on Cybercrime that can help combat cyberterrorism include those related to unauthorized access, unauthorized interception, data interference, and system jamming.
material criminal law
Further on we have situation in which Convention gives instruction considering some other institutes of material criminal law. In Article 11, the text states that every Convention member must adopt necessary legislative and other measures to ensure that assisting and encouraging offenders in cybercrime becomes punishable under domestic law. Additionally, Article 12 holds companies responsible for cybercrime. Finally, Article 13 requires all members to endorse sanctions and measures applied to convicts, ensuring that these are effective, proportional, and that domestic legislation includes the possibility of imprisonment.
procedural nature
Assignations of Convection that have procedural nature are: fast conservation, protection of stored data and partial revealing of transmitted data (Article 17), issuing an order for computer data surrender (Article 18), Searching and seizing stored computer data (Article 19), Gathering information on data traffic (article 20), data interception (article 21), and jurisdiction issue for prosecuting cyber criminals (article 22).
Budapest Convention
The Budapest Convention defines international cooperation based on general principles that will guide the development of bilateral or multilateral agreements in alignment with domestic legislation.
The purpose of agreements will be investigating, and proceeding of cybercrimes, such as attacking entire computer systems (which cyber terrorism is) or gathering evidence in cyberspace.
The principles establish the foundation for the extradition of criminal offenders, as well as for mutual assistance and enforcement (Article 24). Ultimately, Article 35 introduces the rule of a 24/7 network. In the future, each party will designate a location accessible 24 hours a day, 7 days a week, to provide instant assistance in investigating and procedural matters related to computer systems, computer data, and evidence gathering in cyberspace
This type of help should provide giving technical, legal or any other advises. Serbia hasn’t designated 24/7 place yet.
International tribunal
International tribunal for cybercrime and international police for cybercrime could seem as utopia now, but they are unnecessary instruments of cyber-crime prevention and by that – cyber terrorism. Tribunal and police should represent the final harmonization of allied countries.
The Tribunal could establish its headquarters in Switzerland (Geneva) and open offices in every region and country, while organizing international cybercrime police similar to INTERPOL.
Interested parties will negotiate to resolve issues of legislative jurisdiction and funding.
But clearly it is not something that some Convention (that should be in power in let’s say 5-10 years, as a from draft to international argument process) couldn’t do.
Domestic legislation
law on organization and jurisdiction of government authorities in suppression of high technological crime
In year 2005 Serbia adopted law on organization and jurisdiction of government authorities in suppression of high technological crime (Official Gazette of the Republic Serbia« No. 61/05, 04/2009 10/2023 i 10/2023 – et alia) which provided constitution of special prosecution, special court and special police unite for cyber-crime. These were only the first steps; Serbian government became aware of importance of cyber-crime prevention.
Serbian Criminal Code
Specified authorities established their territorial jurisdiction over the entire territory of the Republic of Serbia. Article 3 of the quoted law defines the subject-matter jurisdiction, which applies to crimes against the security of computer data as outlined in Chapter XXVII of the Serbian Criminal Code (Official Gazette of the Republic of Serbia No. 85/2005, 88/2005 – correction, 107/2005 – correction, 72/2009, 111/2009, 121/2012, 104/2013, 108/2014, 94/2016, and 35/2019).
Law on the organization and jurisdiction of state authorities in combating organized crime, terrorism, and corruption
Serbia also adopted the Law on the organization and jurisdiction of state authorities in combating organized crime, terrorism, and corruption („Official Gazette of the Republic of Serbia“, No. 94/2016, 87/2018 – other law, and 10/2023). Via this regulation we got State authorities competent for proceedings. In cases of criminal offenses of organized crime. And terrorism (Article 4). The competent authorities for proceedings in cases of criminal offenses under Article 3 of this Law.
Key institutions involved in combating organized crime include the Public Prosecutor’s Office for Organized Crime, the Ministry of Internal Affairs—which is the organizational unit responsible for addressing this issue—the Special Department of the Higher Court in Belgrade for Organized Crime, the Special Department of the Appeals Court in Belgrade for Organized Crime, and the Special Detention Unit of the District Prison in Belgrade. Together, these entities play a crucial role in tackling organized crime effectively. In the Criminal Code chapter XXXIV Crimes against humanity and other goods protected by international law consists of numerous Criminal offenses in confection to this subject.
Articles 386 and 391
Article 386 addresses aggressive war. Stating that a cyber-terrorist calling for aggressive war against Serbia could fall under this criminal offense. Article 391 on terrorism specifies in paragraph 1, subparagraph 3 that anyone who intends to seriously intimidate the population or compel Serbia, a foreign state, or an international organization to act or refrain from acting, or to seriously endanger the fundamental structures of these entities by destroying state or public facilities, transportation systems, infrastructure (including information systems), or property in a way that could endanger lives or cause significant economic damage, shall face imprisonment of five to fifteen years. This article serves as the main provision applicable to cyber-terrorism, alongside others such as Articles 391a, 391b, and 393. It deals with financing cyber-terrorism.
Proceedings
Regarding procedural clauses directly related to high-tech crimes, the Criminal Procedure Code of the Republic of Serbia (Official Gazette of the Republic of Serbia No. 72/2011, 101/2011, 121/2012, 32/2013, 45/2013, 55/2014, 35/2019, 27/2021 – decision of the Constitutional Court, and 62/2021 – decision of the Constitutional Court) includes special provisions for cyber-crime and cyber-terrorism.
Article 162
For example, Article 162 specifies that under Article 161 of this code, authorities may determine a special evidentiary action from Article 166 for various offenses. Including unauthorized exploitation of copyrighted works (Article 199 of the Criminal Code). And damage to computer data and programs (Article 298, paragraph 3). As well as computer sabotage (Article 299). Or computer fraud (Article 301, paragraph 3). And unauthorized access to protected computers, networks, and electronic data processing (Article 302).
What is crucial in article 162 of the Criminal Procedure Code it defines the term of special evidentiary actions.
Nullum crimen, nulla poena sine praevia lege poenali
Criminal code provides us with legal ground on which we can further prosecute offender. Our criminal law is based on legal maxim Nullum crimen, nulla poena sine praevia lege poenali (Latin lit. „No crime, no punishment without a previous penal law“ Article 2 of Serbian Criminal Code.)
By combining two offenses from the Criminal Code—the crime of terrorism and the crime of computer sabotage—we can create one sentence for the crime we aim to prevent: cyberterrorism, as outlined in the institution of concurrence of criminal offenses in Article 60 of the Criminal Code.
Let’s see what this active Criminal proceedings code (CPC) has to offer on cyber terrorism prevention.
In the process of solving a crime (by the police), the prosecutor uses the following articles of the Criminal Procedure Code (CPC): Article 158 outlines the proceedings for gathering evidence.
They consist of apartment and other premises search (relevant for securing of evidence).
Article 147 and 148
regulates temporally seizure of objects (for instance PC, but any other equipment that, let’s say cyber terrorist could use for committing a crime as well).
Next article is 166 that predict possibility of controlling offender’s e mails IP address et al.
Article 114 indicates that the evidential proceeding of „interrogation of a special cyber-crime expert“ is also included.
‘’An expert is a person who possesses the necessary professional knowledge to determine or assess a certain fact in a proceeding’’.
His duty requires him to testify under oath and present his testimony based on the investigation act, which serves as material evidence.
Article 282 mandates that all state authorities must assist the public prosecutor. If the public prosecutor cannot assess the likelihood of the allegations based solely on the criminal report or if the information provided does not offer sufficient grounds to decide whether to initiate an investigation, or if they learn that a criminal offense has been committed, the public prosecutor can request help from the aforementioned institutions.
Now, the most important articles of the CPC should be noted:
Computer Data Search Conditions:
Article 178: If the conditions in Article 161, paragraphs 1 and 2 are met, the court may order a computer data search of already processed personal and other data and their comparison with data related to the suspect and the criminal offense upon a reasoned motion by the public prosecutor.
Order for Computer Data Search Article 179
The judge for preliminary proceedings shall determine the special evidentiary action from Article 178 of this Code by reasoned order.
The order mentioned in paragraph 1 of this Article must include information about the suspect. The legal name of the criminal offense. A description of the data to search and process, the designation of the state authority responsible for conducting the search. The scope and duration of the special evidentiary action. Authorities can conduct the computer data search for a maximum of three months. They may extend it twice. With each extension lasting up to three months if further evidence gathering is necessary. The implementation of the computer data search will end as soon as the reasons for its application no longer exist.
Implementation of Computer Data Search Article 180
The police, Security Information Agency (SIA), Military Security Agency, customs, tax or other services, or other state authorities, or legal entities exercising public authority under the law, shall execute the order from Article 179, paragraph 1 of this Code.
The judge for preliminary proceedings shall forward the report from paragraph 2 of this Article to the public prosecutor.
Covert Communication Surveillance and Secret Monitoring and Recording are also predicted by CPC articles 166 – 177.
And at the end article 145 predicts that the public prosecutor may request the court to order surveillance of suspicious transactions. Considering suspects business and private banking accounts. By tracing founds transmission PD and SIA could find not just one terrorist or cell but entire terrorist organization founding system.
Jurisdiction issues
Looking trough lens of domestic law, we can conclude that in case of cyber terrorism Serbia has its own special judicial institutions. Special prosecutor, Special court, supported by SIA and MIA (little to non-by regular PD).
Jurisdiction – international
International jurisdiction is more questionable. Every country reach for territorial jurisdiction if it can and if it is in its interest. In cease when cyber terrorist starts committing a crime in one country (let’s say hacks wherever he is). Misuse mean in some other country. Puts a malicious program in some system. Corrupts it and then uses that server to gain access to some other servers. Then, consequences of his acts are visible in final country. Convention on cyber terrorism provides some solutions. Let’s say a harmonization of member’s legislation, but clearly it is a long journey. It is more advisable that bilateral agreements are used as a starting ground in this area.
Police authorities and special information agency
The law on the organization and jurisdiction of government authorities in combating high-tech crime led to the creation of a special police force—the Division for Gathering and Processing Digital Data—within the existing Department for Electronic Supervision. In short, it functions as a forensic division. The team conducts analyses for prosecution purposes, making them a part of the ‘proceedings team.
Inspectors analyze seized data and materials using hardware equipment and forensic software. After completing the analysis, the investigator creates two reports. One written by him. Other generated by the forensic software. These two reports serve as evidence in a court of law.
SELEC
Seizing process could be conduct by regular PD officers based on powers given to police by Public prosecutor. On joint regional (Reserved only for Ex-Yugoslavia republics: Slovenia, Croatia, Bosnia and Herzegovina, Serbia, Montenegro and North Macedonia) conference Ministers of internal affairs in Sarajevo (28th Nov. 2008, authorities concluded that regional cooperation among police forces is necessary to prevent organized crime, including high-tech crime. Hopes were high, and a draft of a joint national security strategy for the region soon followed. The next conference was scheduled for 2009, with additional ones planned for 2013 and 2016. However, no multilateral agreement was signed. The Southeast European Law Enforcement Center (SELEC), formed in 2009 in Bucharest, Romania. Based on a multilateral agreement to combat crime. Including cybercrime and terrorism. Involving member states like Romania, Albania, Bulgaria, Serbia, Croatia, and others, had only a modest impact.
If one wants to ketch cyber terrorist he has to trace him first. Employees of police and SIA with special skills who could track CTs. Simply – cyber task forces Members of cyber task forces are in deficit.
Cyber task forces
Serbian PD, SIA, and the Special Public Prosecutor’s Office have cyber task forces whose identities remain secret. In the event of a real terrorist threat or cyber war, authorities could recruit temporary employees. From the best hacker groups in Serbia (a common procedure in many countries). If a future cyber war or war against cyber terrorists occurs, task force members would fall under the authority of the Military Security Agency or SIA.
More important is that all security agencies (MSA, SIA and MIA) act fast and together in case of cyber-terrorist strike.
Recommendations
In case of some cyber terrorist attack, cyber task forces are equipped with high tech knowledge and software/hardware. It will be hard task to trace multiply server corrupting and using 10 or more servers to cover up one single attack to infrastructural object etc. Nevertheless nothing and no one is untouchable. Usage of latest firewalls and two or more levels of encrypted security systems, server isolation etc., is also very powerful weapons in fighting and preventing cyber terrorism. There should be recommendations for strengthening an agency’s ability to combat cybercrime. Including additional training, improved communication and collaboration. Enhanced networks for sharing information, an updated cybercrime model, expanded insurance programs, requests for more funding, and the use of Republic and other programs and technologies.
SIA
Special Information Agency was founded in 2002 as successor to ex National security agency. It is under direct control of government and parliament. But they only respond to government and conduct its planes. They have authority to overtake any PD investigation and conduct investigations of their own considering national security. Because cyber terrorism is one of highest criminal offences against Serbia, SIA jurisdiction is unadoptable. By the law on SIA they have option to use agents. If there are any cyber priests working in SIA by the law they are treated as agents. SIA was on its way to gain the power of undisturbed monitoring and data gathering of any Internet provider costumer. After public dispute and human rights issues that risen from that case the draft was redrawn.
Internal networks
Creating and developing federal internal network for data transfer and communication between republics and between federal authorities in Socialist Federative Republic of Yugoslavia in year 1973, symbols morn of internal networks in this region. When SFRY fall apart, a federal internal network fell apart as well. Until year 2000 Serbia hasn’t developed any important internal network. From then many state authorities and services started using internal net, not just because it is more secure, but more practical and easier to use.
Mainframe computers and Supercomputers
An internal network consists of mainframe computers—primarily used by large organizations for critical applications such as bulk data processing. Such as censuses, industry and consumer statistics, enterprise resource planning, and large-scale transaction processing—and terminals. Additionally, it may include supercomputers, which serve military purposes in the USA, EU, China, and Japan. While these supercomputers can be employed to counter cyberterrorism, they are predominantly presented as complex modeling computers in fields such as quantum mechanics, weather forecasting, climate research, oil and gas exploration, and molecular modeling.
Three levels of internal net
There should be three levels of internal net. Firstly, as an authority’s level and another services level. First would be something of a replica of ex federal internal net. Secondly is already in use, for example three Belgrade courts are already using internal net. Thirdly used for instance by few hospitals in Serbia. It is clear that this authorities and services are not completely safe. Cyber terrorists could enter internal net by making some real time crimes. Using deadly force, breaking an entry, false introducing, by aberration…). If they can gain access to internal net terminals and crash internal host. It will result in making seeable damage to national security, public peace and so on.
Is attack on internal network CT?
Some theorists say that accessing an internal net by quoted real time offences is not cyber terrorism. They think it is “regular” act of terrorism. Lets say braking an entry and non-authorized access to a terminal. Then you need human security. And cyber security. Not computer security etc. Therefore, we need combination of two. The first and the second measure. Government and national security officials should designate booth human and cyber security to internal net facilities. Whether the terrorist faces charges for cyberterrorism. Or just terrorism isn’t particularly important in this case. The penalties for these two criminal offenses would be quite similar.
Internal network monitoring
You can monitor the internal network in three different ways. The first is a closed network with no Internet access. The second is an internal network that connects to the Internet. The third is an internal network used for strategic purposes, hosting a server for communication with allied country services. This server, powered by a next-generation computer. They should be connected via satellite and protected by the latest security software, can prevent authorities and services in Serbia from being blind to potential threats.
Importance of internal net is not just for avoiding direct internet attacks of highly important military or infrastructural computer networks. They can be used not just for defense but for offence as well. So, making internal network and putting it off web is passive defense. But putting one powerful Mainframe or Super computer and using it for web monitoring, surveillance of black listed servers, contra espionage, espionage etc. This is offensive action. By quoted activities you can prepare and conduct a preemptive self-defense, cyber war etc. We can argue that crashing a few important servers in countries that support terrorists serves as a “reprisal in time of peace” (not “clearly” approved by the international community and UN). However, in the context of cyber warfare, people may view it as an appropriate measure.
Abstract
Based on our discussions and the experiences of specialized authorities, we can say that existing legislation is strong. It provides a solid foundation for preventing cyberterrorism in the future.
However, some laxities and oversights exist in the regulations, and lawmakers should address them in upcoming reforms of criminal legislation.
Serbia has Special police force and SIA to help special prosecutor office. Problem of international jurisdiction stays opened. We must take the first steps toward strong cooperation as soon as possible.
Using an internal network system can be a useful tool in counter-terrorism prevention. This system can be open to the Internet and protected, or it can be closed.
Most importantly, the International Tribunal and international cybercrime police should show the results of finalizing international cooperation. They must also harmonize legislation as outlined in the Convention on Cybercrime.
Finally, if any cyberterrorist attempts to attack Serbian strategic objects, I believe we are ready to prevent, combat, or respond to the attack.
Especially if all national security agencies act together fast cause in cyber space being fast means being a victor.
Indexes:
- Convention on cyber-crime, European Council, Budapest 2001. https://efaidnbmnnnibpcajpcglclefindmkaj/https://rm.coe.int/1680081561
- Law on the organization and competence of state authorities for combating high-tech crime („Official Gazette of the Republic of Serbia“, No. 61/2005, 104/2009, 10/2023, and 10/2023 – other law)
- Criminal Code (Official Gazette of the Republic Serbia« No. 85/2005, 88/2005 – ispr., 107/2005 – ispr., 72/2009, 111/2009, 121/2012, 104/2013, 108/2014, 94/2016 i 35/2019)
- Criminal Procedure Code of the Republic of Serbia (Official Gazette of the Republic Serbia« 72/2011, 101/2011, 121/2012, 32/2013, 45/2013, 55/2014, 35/2019, 27/2021 – decision of the Constitutional Court and 62/2021 – decision of the Constitutional Court)
- Serbian law on Special Information Agency
- Law on the organization and jurisdiction of state authorities in combating organized crime, terrorism, and corruption („Official Gazette of the Republic of Serbia“, No. 94/2016, 87/2018 – other law, and 10/2023)
- “Domestic legislation and Threats of High technological crime”. Special prosecutor’s office for High tech crime – Written analysis. Belgrade, 2008.
JCSIS Vol. 10 No. 2, February 2012 ISSN 1947-5500 International Journal of Computer Science & Information Security; Paper 31011250: A Dynamic Cyber Terrorism Framework (pp. 149-158) Rabiah Ahmad, Dept of Computer System and Communication, Faculty of Information and Communication Technology, University Teknikal Malaysia Melaka (UTeM), Melaka, Malaysia Zahri Yunos, Cybersecurity Malaysia, Selangor, Malaysia, 2012.
https://www.elgaronline.com/edcollchap/edcoll/9781782547389/9781782547389.00017.xml
https://www.sciencedirect.com/science/article/abs/pii/S0267364913000666