BRUSSELS (Reuters) - EU countries agreed on Friday on tougher sanctions against people conducting cyber attacks such as those registered in recent weeks against the French government, European institutions and Citigroup.
Under the new rules, which have to be agreed by the European Parliament, hackers would face a sentence of at least five years if found guilty of causing serious damage to IT systems.
Tougher penalties would also affect perpetrators of attacks through botnets — networks of infected computers programed to send spam emails — and target identity theft. Illegally intercepting data would become a criminal offence in the EU.
The EU’s 27 member states have also decided to boost their judicial and police cooperation by creating a cybercrime unit which could be attached to Europol, the European police agency.
“We will be able to take steps in the future based on that broad support from member states,” Hungary’s Justice and Public Administration Minister Tibor Navracsics told reporters after meeting his counterparts in Luxembourg.
Governments across the world are rushing to come up with cyber security strategies because of mounting concerns over criminal hacking and state-on-state electronic warfare.
In February, France suffered an attack before a meeting of G20 finance ministers in Paris and EU institutions were targeted on the eve of a summit of European leaders in March.
This week, 200,000 Citigroup card holders’ information was accessed by hackers, after a string of companies such as Google , Sony Corp, Nintendo, Lockheed Martin were also attacked.
Reporting by Christopher Le Coq; Editing by Julien Toyer and Jon Hemming