The Cybercrime Subdivision is capable and responsible for the effective investigation of cybercrime. Both offices are situated at the Cyprus Police Headquarters..
The Office for Combating Cybercrime (O.C.C.)
The specialised body for cybercrime investigation is the Office for Combating Cybercrime of Cyprus Police. The Office was established in September 2007 based on Police Order No. 3/45 in order to implement the Law on the Convention on Cybercrime (Ratifying Law) L.22(III)/2004. This legislation covers hacking, child pornography, racism and fraud committed via electronic communication and the Internet. According to Police Order No. 3/45, the Office is responsible for the investigation of crimes committed via the Internet or via computers and at the same time it is responsible for the investigation of all offences that violate the rules laid down in Law 22(III)/2004.
The main duty of the O.C.C. is the investigation of child pornography and hacking cases as well as the following:
· monitoring of the cases that might be under investigation by other departments and are connected with Internet-related crimes;
· co-operation with investigators from other departments;
· co-operation with officers from other organizations;
· organisation of training sessions;
· preparation of statistical reports;
· participation in events and lectures;
· keeping up-to-date with the latest technology in the area.
According to the statistics maintained by the O.C.C., the main trends related to cybercrime in Cyprus are the following:
· Child Pornography- possession and invitation of children to take part in child pornography
· Police Ransomware (cryptolocker)
· DDos attacks
· Man in the Middle- emails scams
· Phishing sites.
Its work is supported by the Digital Evidence Forensic Laboratory (DEFL), Cyprus Police, which is responsible for the effective examination of electronic evidence. DEFL is staffed with specialised officers for the collection and forensic analysis of electronic devices.
The Digital Evidence Forensic Laboratory (DEFL)
The DEFL was established in 2009 and is responsible for the effective examination of electronic evidence. DEFL is staffed with specialised officers for the collection and forensic analysis of electronic devices. Their mission is the collection and forensic analysis of digital devices as well as the presentation of expert scientific evidence to the courts.
Cyprus cooperates with EU and third countries on the basis of bilateral and multilateral agreements in this field and other channels for exchange of information. The O.C.C cooperates closely with the following organisations:
· Europol/EC3/AWF/ EMPACTS
· EUCTF (European Union Cybercrime Taskforce)
· CIRCAMP (COSPOL Internet Related Child Abusive Material Project)
· ENISA (European Network and Information Security Agency)
· ECTEG (European Cybercrime Training and Education Group)
· CEPOL (European Police College)
· EUROJUST (European Union’s Judicial Cooperation Unit)
· CERT-EU (Computer Emergency Response Team)
· INTERPOL (International Criminal Police Organization)
· European Commission
· EEAS (European External Action Service)
· USA FBI
· VCACITF (Violence Crime Against Children International Task Force) USA FBI.
· Council of Europe (T-CY Assessment)
The main laws in the field of cybercrime in Cyprus are:
1. The Law ratifying the Convention on Cybercrime (Budapest Convention), L.22(III)/2004. This legislation covers hacking, child pornography and fraud committed via electronic communication and the Internet.
2. The Law that revises the legal framework on the prevention and combating the sexual abuse and sexual exploitation of children and child pornography, L 91(I)/2014. This legislation ratifies the EU Directive 2011/93/ΕΕ and covers child pornography, grooming and notice and takedown.
3. The Law ratifying the Additional Protocol to the Convention on Cybercrime, concerning the Criminalization of Racist and Xenophobic acts, L.26(III)/2004. This legislation covers racism and xenophobia via computer systems and the Internet.
4. The Law on the Processing of Personal Data, L.138(I)/2001.
5. The Law on the Retention of Telecommunication data for the investigation of serious offences, L. 183(I)/2007. This legislation transposed Directive 2006/24/JHA. Although the Directive was invalidated by the Court of Justice of the EU, the national law is still valid. The national law is founded on a constitutional provision and it includes specific safeguards for the protection of privacy; for example, communication data are released only following a court order. A case was recently filed with the Supreme Court on the impact of the annulment of the EU Directive on Law 183(I)/2007 and the Supreme Court found that it complied with the European Convention of Human Rights.
6. Law 112(I)/2004 Regulating Electronic Communication and Postal Services.
7. Law implementing Directive 2013/40/EU on attacks against information system, 147(i)/2015.
The National Cybersecurity Strategy was adopted by the Ministerial Council. The Office of the Commissioner of Electronic Communications and Postal Regulations is responsible for its monitoring and implementation. The National Cybersecurity Strategy is the instrument for steering the efforts made by Cyprus to prevent and combat cybercrime. It has provided the structures for the cooperation between all competent authorities, including public, private and non- governmental agencies especially in the field of awareness-raising, to which Cyprus devotes much effort in order to combat this form of crime.
Specific emphasis is placed on prevention and awareness-raising. Cyprus has invested a great deal of effort and enthusiasm in teaching and prevention programmes, which may be considered as examples of best practice. This effort is based on the close collaboration of the public sector (Ministry of Education and Culture through the Cyprus Pedagogical Institute) and the private sector, through the Industry (e.g. ISPs), non profit organisations (e.g. Cybersafety, Hope for Children, CNTI), organised groups (School for Parents) which are contributing with enthusiasm in awareness and prevention programmes.
The Ministry of Justice and Public Order, together with the Cyprus Police, are the authorities responsible for the prevention and combating of cybercrime.
The O.C.C. cooperates closely with other governmental departments, NGOs and the private sector as regards the prevention of cybercrime. The O.C.C. is responsible for raising awareness in the field of cybercrime. Furthermore, a member of the O.C.C. participates on the Advisory Board of “Cybersafety” a co-funded project, which is coordinated by Cyprus Pedagogical Institute. Moreover, the O.C.C. implemented in January 2014 the Cybercrime Reporting Platform https://cybercrime.police.gov.cy/police/CyberCrime.nsf/subscribe_en/subscribe_en?OpenForm and the Cyprus Police Mobile Application http://mobile.cypruspolicenews.com/landing/Desktop#.VbclTfmm2jw that allows the public to report cybercrime online.
Moreover, in cooperation with the Cyprus Police Press Office, the O.C.C. prepared a short video related to cyber bullying which is accessible via the Internet and is frequently presented on TV.
Within the framework of “Prevention of and Fight against Crime Programme” of the European Union (ISEC), Cyprus was granted funding for the establishment of the Cyprus Cybercrime Centre of Excellence (3CE).
Furthermore, the O.C.C. takes part in Action 14 of the Cybersecurity Strategy of the Republic of Cyprus which deals with cybersecurity awareness, including cybercrime.
The Republic of Cyprus is a party to the Council of Europe Convention on Cybercrime (Budapest Convention). The relevant ratification law is L.22(III)/2004.
Office for Combating Cyber Crime tel. +35722808200