In global fight against cybercrime, Spain becomes a front line
| Madrid
As cybercrime increases worldwide, high-profile arrests of hackers are becoming routine in Spain, both as a target and an origin of attacks.
Two of the most sophisticated cybercrime operations disrupted in the world this year have used Spain as a headquarters. Internet watchdog reports show malicious online activity is on the rise in the country. And while Spanish online policing is regarded as among the most proficient in the fight against cybercrime, the effort is stretched thin.
Experts say that Spain's situation stems from a combination of factors, including the country's economic crisis, its widespread Internet infrastructure and online expertise, and a long culture in defense of privacy and accompanying laws.
鈥淪pain is in diapers in terms of cybersecurity. We are facing a problem of great magnitude, and perhaps it has already overwhelmed us,鈥 says Antonio Ramos, IT professor in the Universidad Complutense de Madrid and other universities, an expert in hacking, and owner of cyber-security firm StackOverflow.
鈥淭he problem is that we don鈥檛 use the available resources adequately," he says. "And if we don鈥檛 improve, this war is lost.鈥
A hacking boom
Just a few weeks ago, Dutch hacker Sven Olaf Kamphuis was arrested by Spanish authorities on a warrant from the Netherlands. Mr. Kamphuis reportedly used a van packed with technology to break into networks and attack websites anywhere in the world, and is believed to have launched one of the largest cyberattacks ever in March, taking down the page of the anti-spam watchdog Spamhaus.org.
Kamphuis is said to be the owner of the Internet service provider Cyberbunker, which authorities believe is active in several forms of cybercrime. He was extradited to the Netherlands earlier this month.
And in a separate international operation in February, police in Spain arrested 11 people who authorities believe ran one of the biggest and most lucrative cybercriminal gangs ever, allegedly extorting around 鈧1 million in Spain alone. The group is accused of hacking computers to lock up and then display a message purportedly from police, accusing users of some violation and demanding payment of a 鈧100 fine to release it.
The gang 鈥 mostly Russian, with some Ukrainians and Georgians 鈥 used Spain as their headquarters. They are accused of infecting computers in over 30 countries with malware, netting millions. Despite the arrests, though, the malware remains active and victims are still accumulating.
The two incidents are just the highest-profile ones this year. Malicious activity increased in 2012 from the year before in Spain, which moved from 18th to 12th in a rank of overall malicious activity per capita by source country, according to the bellwether Symantec 2013 .
The United S迟补迟别蝉听补苍诲 China top the list. Spain is consistently ranked in the top positions in Europe. Most of the increased activity in Spain came from infected spam zombie computers.
And in 2011 and 2012, Spain announced several arrests of people connected to the Anonymous movement, including some of the group鈥檚 leaders. The loose collective has claimed responsibility for hacking attacks on government sites in Spain and Latin America, as well as on companies including Sony, several banks, and energy firms.
Why Spain?
Several economic, infrastructural, legal, and even cultural factors are combining to fuel Spain's cybercrime and overwhelm authorities, experts say.
The economic crisis 鈥 which has hit Spanish youth particularly hard 鈥 is likely increasing the allure of criminal activity. Unemployment among Spain鈥檚 youth is nearing 60 percent. 鈥淭o crack a digital lock, people can earn twice their salary, and that is tempting,鈥 Mr. Ramos says.
And the crisis is also luring middlemen to launder illegal money in the country. 鈥淚t鈥檚 easier now to recruit intermediaries who hide crimes, and many come from abroad to manage them,鈥 says Juan Carlos Ruiloba, a university professor and former head of the Spanish police cybercrime unit.
But it is not simply a matter of resources, Mr. Ruiloba adds. There are not enough resources, he says, "but the problem is more about how these are managed.鈥
鈥淐ybercrime police groups are overwhelmed. Every time there is just a little technology involved" in a crime, Ruiloba says, regular police pass it on to the cybercrime specialists "and it鈥檚 too much. Other police groups should be able to investigate at a minimum level.鈥
There are also legal and enforcement issues that protect the online community from state interference 鈥 and as a result, help shield cybercriminals from scrutiny. Spanish legislation is some of the most zealous in terms of protection of privacy, allowing cybercriminals to more easily hide from police and courts, which, for example, by law must authorize the police every time they want to read a hard drive. 鈥淭hese privacy issues help criminals,鈥 Ruiloba says.
鈥淪panish legislators have not done their job of closing these loopholes,鈥 says Jos茅 Luis Gonz谩lez, a law professor in Valencia University who has written on cybersecurity legislation. 鈥淪pain has not regulated many things that should be spelled out in terms of鈥 information technology, he says.
It鈥檚 also a cultural problem. Spain is an online nation 鈥 two-thirds of the population in 2012, according to Spain's National Statistics Institute. And Spaniards have an ingrained belief that the Internet should be free of regulation: a mind-set that also makes it hard to fight illegal piracy of copyrighted content.
鈥淧eople believe there should be no rules. We are making freedom of the Internet an absolute right here, which trumps all other interests,鈥 says Dr. Gonz谩lez.
But the government is not showing signs of responding to such criticism, because of strong public opposition to reducing legal protection of online privacy. Victor Dom铆nguez, president of Spain鈥檚 Internet user association Asociaci贸n de Internautas, says that decreasing privacy is not the solution. Rather, he says, the government needs to better understand the online world and how to confront cybercrime.
鈥淚 think the government is afraid of the Internet," he says. "Because it surprises them, they don鈥檛 want to take the bull by his horns. It鈥檚 easier for them to criminalize the Internet.鈥
