Despite the fact that the amount of cases being handled by the Police Force’s Cybercrimes Unit has surged by over 1,000 per cent in just over a decade, an EU evaluation report has indicated that the Maltese cybercrime unit is using old as well as obsolete equipment.

The evaluation (evaluation report on the practical implementation and operation of European policies on prevention and combating cybercrime) covers three specific areas – cyber attacks, child sexual abuse/pornography online, and online card fraud. Data which was available to those who drew up the report shows that back in 2003, there were only 51 cases which involved the Cybercrimes Unit.  That number, however, shot up to 584 in 2014 – a rise of over 1,000 per cent.

According to the EU evaluation, “The Police Cyber Crime Unit is making use of computer systems and equipment which are several years old and some equipment which is now obsolete. However, in the opinion of the evaluators, the Police Cyber Crime Unit suffers not only from limited human resources but also from insufficient technical equipment, such as hardware and software, to fulfil its statutory tasks. Therefore, investments in hardware, software and human resources could increase the resilience of the Maltese cybersecurity system”.

“During the on-site visit, the Maltese authorities did their utmost to provide the evaluation team with complete information and clarifications on legal and operational aspects of preventing and combating cybercrime, cross-border cooperation and cooperation with EU-agencies, and cyber strategy.” The evaluation team met the National Police, the Malta Communications Authority, Critical Infrastructure Protection, the Attorney General, the Commissioner for Children, the Malta Gaming Authority and the Bank Association.

The report, released earlier this month, revealed that Malta has not yet set up a National Cyber Security Strategy. “However, the authorities in Malta seem to be fully aware of the need to take measures against cybercrime, including the development of a National Cyber Security Strategy, setting national priorities, fostering coordination to protect national critical digital infrastructure and ensuring a clear delineation and communication of roles and responsibilities, as well as the consolidation of an online mechanism to report cybercrime.

“The Police Cyber Crime Unit, which is the designated government entity responsible for the prevention, investigation and prosecution of cybercrime offences, consists currently of seven people: one inspector, four police sergeants and two police constables. In general, the limited capacity and obstacles to successful investigations and prosecution are the result of an insufficient budget, a lack of modern equipment and limited human resources. However, by 2020, the number of police officers should increase based on the findings of the gap analysis which was carried out by the Police Force.”

The report explained that through the setting up of a coherent policy at strategic level and introducing adequate measures against cybercrime, Malta would be able to strengthen its resilience against cybercrime. “Those steps need to be followed by: implementation of an online reporting system, ongoing alignment of cybercrime legislation with international standards, provision of law enforcement and judicial training on cybercrime and electronic evidence, interagency cooperation, public-private cooperation, measures to protect children online, and others.”

The report highlights that the Police Cyber Crime Unit has registered a year-on-year increase in the number of cases investigated. “Crime trends are changing at a very fast pace and perpetrators are using advances in technology to their advantage. An analysis of the statistics on cases involving the Police Cyber Crime Unit indicates that the three crime classifications most commonly dealt with are: Computer Misuse; Fraud; Insults, Threats and Private Violence (including Defamation)”.

The report noted that at national level, procedures used by the Cyber Crime Unit are accepted as standard by the courts. “At international level, Malta has participated in several international operations in the fight against cross-border crime, particularly in the fight against online child abuse.” It also noted that, considering the size of the country and thus the limited resources available, the good level of cooperation and coordination between different institutions should be highlighted.

 

General impression is that the Maltese system performs well

“Taking into account the efforts made by the Maltese authorities to build up cybersecurity, and their awareness of both their strengths and weaknesses when it comes to successfully investigating cybercrime, the general impression of the evaluation team is that the Maltese system functions well and produces good results in countering cybercrime.”

Regarding the area of online child sexual exploitation, Malta places great emphasis on the fight against such crime not only through legislation and capacity building, but also through awareness raising, for example through the 'BeSmartOnline!' project, the report explained. “The Police Cyber Crime Unit also regularly partakes in crime prevention activities intended to raise awareness among the population on safe internet use. These initiatives, which have been well received, will be continued.”

When dealing with cooperation and coordination at a national level in case of a cyber attack, there is no coordinated multidisciplinary mechanism currently in place to respond to such an attack, the report continued. “However, Malta is currently conducting its first National Risk Assessment (NRA) exercise. The NRA exercise will consider the potential risk of serious cyber attacks and the required treatment mechanisms.”

Some of the weaknesses of the Cyber Crimes Unit identified include that the Unit have a very limited search and seizure capability. “It does not have the capacity to carry out on-site extraction of data from large-scale computers.” In addition, the report noted that the Unit does not have the capacity to carry out proper computer network investigations, and that the identification of illegal material and categorisation of images and videos is still being carried out manually. The Cyber Crimes Unit also does not have the capacity to carry out forensic analyses of mobile phones and other hand-held devices, and it also does not have access to the Interpol Child Sexual Exploitation Database.

“Malta is one of the few countries left to connect to the Interpol Child Sexual Exploitation (ICSE) Database. Since it is a powerful intelligence and investigative tool which allows specialised investigators to share data with colleagues around the world, in the opinion of the evaluators, Malta's lack of the access to the ICSE Database hinders its capacity to investigate child sexual exploitation and to cooperate with external partners who could benefit from Malta's experience”.

Among the strengths of the Unit mentioned, the report highlights good relationships with industry, academia and other stakeholders, participation in networks, being effective and efficient in response to high-profile cases, and that Malta is one of the few countries to successfully implement a filter to stop local internet users from accessing websites containing child abuse material.

The report also mentions that cybercrime training is provided to practitioners dealing with cybercrime cases. “In the first place, it is given to the cadets and police officers. Special cybercrime-related courses/programmes are still being developed by the University of Malta”.