The article was written by Dr. iur. Dr. rer. pol. Fabian Teichmann in collaboration with Léonard Gerber and published in the journal "Sécurité & Droit" in 2021. The text discusses various aspects of spyware, a type of malicious software that makes it possible to monitor a person's activities on an infected computer system and provide this information in readable form to the creators and publishers of the software. Cybercriminals can process the obtained computer data from their victims' activities, especially when it comes to sensitive data such as portrait photos, banking information, a company's trade secrets or research results. In addition, the business model of cybercriminals related to spyware has evolved by not only conducting individual cyberattacks, but also trading in the distribution of malicious software and selling stolen computer data on unofficial platforms. These unofficial activities and the associated risks require appropriate criminal law measures. With regard to measures in Switzerland, the following organizations should be looked at. The National Cyber Security Center (NCSC) is the main point of contact for business, administration, educational institutions and the general public in the event of cyber attacks. Following the entry into force of a regulation on cyber risks, the Reporting and Analysis Center for Information Assurance (MELANI) was attached to the NCSC. MELANI works closely with the SCOCI, prosecutors' offices, and cantonal police corps. MELANI compiles statistics on cyberattacks in Switzerland and analyzes reported attacks. Malware such as spyware often gets onto the IT systems of companies or individuals through phishing attacks. As soon as MELANI is informed about a cyber attack, a copy of the infected system can be handed over for detailed analysis. There are several options for analysis, including virus scanning, analysis of the infected system's log data, and dynamic analysis of the malware's behavior. Based on the information obtained, protective measures can be taken and a program can be created to detect the attack. Victims can decide whether to completely isolate the infected devices or monitor them to analyze the attackers' behavior. Law enforcement agencies have various powers to gather evidence related to cybercrime, including searches, interception of communications, undercover investigations, and technical surveillance. However, the use of these measures must comply with the principles of proportionality. In the case of cyberattacks, companies can file criminal complaints and contact the police as well as the NCSC. One challenge is obtaining ISP connection data to identify the perpetrators of cyberattacks. Cybercriminals often use multiple infected systems in different countries, necessitating international mutual legal assistance procedures. However, this causes the fight against cybercrime to lose response speed. Furthermore, according to MELANI, cybercriminals often act in organized groups by splitting the work, sharing advice or using a centralized platform for data leaks. In this way, cybercriminals can better focus their efforts on developing sophisticated attacks or new extortion methods and evade law enforcement.
The author of the text, Fabian Teichmann, is a lawyer as well as a notary in Switzerland. Furthermore, he practices as a European lawyer in Liechtenstein and works as a lecturer at various universities in Switzerland and abroad.
For more on this topic, see Teichmann, F. & Gerber, L. (2021). Les cyberattaques par spyware - Poursuite et qualification en droit pénal suisse. Sécurité & Droit.