02.03.2022
Author: Joanna Bogdańska - radca prawny, partner
ICC FraudNet Global Annual Report 2022
"The Ever-Evolving Nature of Fraud and Financial Crime: International Insights and Solutions"
Edited by: Dr Dominic Thomas-James
The entire publication is available here: https://www.icc-ccs.org/index.php/home/fraudnet
Abstract
In this article, Joanna Bogdanska, a Partner at KW Kruk and Partners Law Firm LP, discusses the current state of cybersecurity in Poland, citing statistics and taking into account the changing conditions associated with the ongoing epidemic. It points out the weaknesses of the Polish system as well as the latest ideas to address them.
Setting the Scene: a Horrifying Statistic
According to the statistics of the police, crimes against cyber security shows that in 2020, there were almost 55,000 of them (1). This is an increase in over half the cases from the preceding four years. At the same time, the detection of computer crimes is falling. Frankly, it is dramatically low. For example, in the case of attacks on electronic banking, in 2019 it was less than 10 percent. Statistics also indicate that phishing is still the most common crime, which is also mirrored in our experience in practice. Almost 40% of cases which our law office handles involve phishing.
The sudden increase in crime in this area is obviously related to the circumstances of the Covid-19 pandemic and the transition by many institutions and businesses to remote working, for which they were not prepared. For example, they did not have IT security, and it could be said that employees did not have enough knowledge about the risks and how to mitigate them. The scale of the phenomenon is evidenced by the fact that at the end of 2020, there were over 7,400 domains on the scam warning list of CERT Poland. (2)
The Role and Response of Poland
It must be admitted that a significant portion of phishing offenses that are related to the Polish jurisdiction are usually not inspired nor initiated by Polish citizens. Some Polish citizens or entities usually play the role of an intermediary or, to be more precise, a tool in the hands of criminals.
This is firstly due to the relative ease of incorporating companies and opening bank accounts for companies in Poland. A company in Poland may be established online within 3 working days. Such an applicant only needs to have a Polish PESEL number (i.e. a tax ID). Such a number can also be obtained by foreign persons without any major problems, for example by declaring the possibility of paying taxes in Poland. In Poland there is also a flourishing business of selling ready-made companies and the acquisition of a company, also by foreign persons, is not controlled in any way.
Having a Polish company and having any person with a Polish tax number setting up an account for the company is just a formality. Until recently it was even possible to do it by proxy, without the need to appear in person.
Another issue is the low success rate in detecting such crimes – although we have had some successes. As those reading will appreciate and understand, time is of the essence in such situations. Unfortunately banks are very slow, if at all, to react to suspicious operations on bank accounts, especially if they are accompanied by a description referring to an agreement or an invoice.
Elsewhere, law enforcement authorities, too, cannot boast of high detection rates. Even if they conduct a perfect investigation, their possibilities and options usually end in Poland. Although legal assistance and cooperation within the European Union takes place with relative ease, when it comes to countries outside the European area it is more difficult to obtain information. A curious case from our practice involved a request for legal assistance addressed to an institution in China, for which consideration has been ongoing for about 3 years now. Po lish prosecutors do not have any tools to accelerate the examination of such a request. As such, we are still waiting.
Polish legislators seem to recognize the weakness of our system by creating new institutions and strategy plans, but in practice we do not feel any material changes have been made at present. The latest idea is to create a Central Office for Combating Cybercrime and a Cyber Security Fund within the police structure. The office is to be established on 1 January 2022, and whose personnel will be able to identify threats and support citizens in countering and fighting cybercrimes, including cross-border.
_______________________
The statistics are taken from the explanatory memorandum of the draft law on amending the Law on Police and some other laws in connection with the establishment of the Central Office for Combating Cybercrime, available: https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20210002447.
The CERT Polska team operates within the structures of NASK (Research and Academic Computer Network) - a research institute which conducts scientific studies, operates the national .pl domain registry and provides advanced IT services. See: https://hole.cert.pl/domains/ (Accessed 16 December 2021).
