The United Nations will be releasing the first draft of its Cybercrime Treaty on June 28, following years of debate and worry regarding the contents of the document after Russia demanded changes to the Budapest Convention, according to The Record, a news site by cybersecurity firm Recorded Future.
"Our objective in that process is a focus on criminal justice, which is aimed at improving the investigation and prosecution of cybercrime. We want that treaty to be firmly grounded in human rights, fundamental freedoms and rule of law," said U.S. Department of Justice Senior Counsel for Computer Crime and Intellectual Property Jane Lee at the RSA 2023 Conference.
Among the major concerns surrounding the UN Cybercrime Treaty was the need to ensure that it would not overlap or oppose the Budapest Convention, which has advanced international cybercrime cooperation since 2001, added Lee.
Meanwhile, the potential use of the UN Cybercrime Treaty to target human rights activists, government critics, and cybercrime researchers studying vulnerabilities has been raised by Microsoft Senior Government Affairs Manager John Hering during the conference.
"One of the biggest challenges is conflict of law. With these different legal instruments, every request we get, we need to evaluate that it's a lawful request that respects human rights and things like that," said Hering.
Lee said that further discussions on the treaty will be held after the release of the initial draft before a final draft is presented next January, with the final vote to be held in August 2024.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.
While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management Agency assistance providers to create fake claims that enabled relief fund and personal data theft.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.