Lumea Justitiei (The World of Justice) – Luju.ro – inaugurates its series of English-language interviews with Ciprian Baban (photo), a Romanian lawyer specialized in cybercrime.

The attorney – a member of the Friends of ERA Association – spoke about the secrets and challenges of fighting against the new generation of law breakers, emphasizing the fact that nowadays everyone is a potential target of cybercriminals, simply by being connected to the Internet. It happened not only to ordinary people, but also to celebrities: Bill Gates, Donald Trump Jr., Barack Obama, Jeff Bezos, Joe Biden, Elon Musk etc.

Thus, lawyer Ciprian Baban offered advice on how to protect ourselves online: strong passwords, two-factor-authentication, privacy, not clicking untrusted links, log history checks etc. Institutions, however, need to take more complex measures, as you will read below.

In the same interview, the attorney spoke about his most important legal battles – both in criminal law and international arbitration – and also about his activity as a member of the Friends of ERA Association, ERA being the Academy of European Law.

Last but not least, Ciprian Baban gave advice to youngsters who wish to pursue a law career.

Here is the full interview with attorney Ciprian Baban (see video):

To begin with, please explain to our viewers what cybercrime is and why it is so dangerous.

Cybercrime refers to criminal activities conducted through the use of computers and the Internet. It's particularly dangerous because it knows no borders and the perpetrators can operate anonymously. The impact ranges from financial fraud and identity theft to more sophisticated attacks, like ransomware and cyber espionage. In today's interconnected world, the potential harm to individuals, businesses, and even nations is significant.

Nowadays, basically everyone, everywhere is connected to the Internet in one form or another: on a mobile device such as a mobile phone or a tablet, at work on a computer or on a personal computer at home. That makes everyone a possible target of cybercrime and the peril is upon our data, our funds, assets, or even our identity.

What made you choose this field of interest?

My interest in cybercrime stems from recognizing the evolving nature of criminal activities. Having spent a decade at Raiffeisen Bank, I witnessed first-hand the increasing threats to the banking sector. This prompted me to specialize in the intersection of criminal and banking law, understanding the critical role cybersecurity plays in protecting financial institutions and their clients.

As banks developed and perfected anti-fraud measures, the fraudulent schemes became more and more sophisticated.

Apart from the IT sector, lawyers need to specialize in the tech field and understand the intricacies of both criminal behaviour and the measures to counteract. Anticipation is key and in order to be able to anticipate, one must be possess the proper knowledge – both legal and technical.

How can an ordinary person protect himself or herself from cybercriminals?

Individuals can take several proactive steps. First of all, they should maintain strong, unique passwords and enable two-factor authentication. Be cautious with online activities, avoid suspicious links, and keep software updated. Regularly monitor financial accounts and consider cybersecurity insurance. Awareness is key; educating oneself about common cyber threats goes a long way in staying protected.

Approximately five billion individuals possess at least one social media account, signifying that over half of the global population faces the potential threat of having their social media accounts compromised. With an abundance of social media accounts available, cybercriminals exploit this situation, manipulating and leveraging them to their benefit.

Here’s some data for you, just to see how easy it is to compromise a social media account:

- In 2018, over 30 million Facebook accounts were compromised;

- An average of 1.4 billion social media accounts fall victim to hacking each month;

- Between 2021 and 2022, there was a staggering 1,000% increase in the hijacking of social media accounts;

- According to a Google report, 20% of social media accounts are susceptible to compromise at some stage. That’s 1 out of 5!

- Most attacked platforms are Facebook (68.000 attacks each month), followed by Instagram (36.000 per month), followed closely by Snapchat and X (previously known as Twitter). These figures only relate to the Google reporting on how many users have searched a way to remedy compromised accounts. The reality is surely much worse. In fact, according to Facebook, 300.000 accounts are hacked every day.

Another fun fact is that 65% of people use the same password for all accounts. Do you do that?

To my mistake, yes, but fortunately my password is a complex one, containing capital letters, digits and special characters. So it's quite hard to break.

That is good, but you should consider multiple passwords for each account.

Now, who performs these attacks? Among the countries of origins of the attacks, you will find – surprisingly – China, followed by the USA, and then Brasil, India and Germany, to complete the top 5. Romania doesn’t touch the top 10, apparently.

So there goes the myth of the Romanian hacker.

Exactly. The reason for such attacks? It's simple: money. Always money! The accounts are sold. Twitter goes for about 6 USD/account, Facebook and Instagram for around 14 dollars, while a LinkedIn account can go up to 45 US dollars.

Do you have a specific example?

A lot of famous people had their social media accounts compromised. Bill Gates, for instance: his Twitter account hack is famous: the billionaire was seen asking people to send money to an account, so that he could return double the amount sent.

Other famous people also got their social media accounts hacked. You have probably heard of the former NBA employee hacking the NBA Facebook account, or Donald Trump Jr. having his Twitter account hacked and announcing that his father, Donald Trump Sr., had passed away and that he would run for president. Then he insulted Biden and threatened North Korea.

In the same manner, Barack Obama, Jeff Bezos, Joe Biden and even Elon Musk had their Twitter accounts (X accounts) hacked. So no one is really safe.

To answer your question, in summary:

- Use a unique password of over 12 characters for each media platform or e-mail account;

- Never reuse passwords;

- Enable two-factor-authentication – I cannot stress how important this is;

- Make your account private – do not share it;

- Reject friend requests from strangers. Be wary even with people you know, as their account could be hacked;

- Be cautious of clicking on links sent from strangers (and even friends);

- Check to see where your account has been logged in from.

As the holidays are here, I would have some advice as to how individuals should protect themselves against cybercrime during vacations:

- If possible, book your vacation through a known airline / hotel or an agent that you trust;

- Prior online research can guarantee the legitimacy of the company;

- Make sure the flight, hotel, transfer are real;

- Check reviews of former costumers. I would add: Make sure these are real;

- Pay by credit card or other safe payment instrument;

- Avoid posting details related to your travel on social media;

- Review confidentiality settings on social media accounts. Disable geolocation;

- Make copies of your data. Cloud and offline – hard copies;

- Make sure devices are password protected, by either PIN or biometric authentication;

- Update devices software. Outdated software is easier to hack;

- Examine the content of the devices, as some countries you travel to may ask access to data. Encrypt your data;

- Avoid free docking station. A charging station can be altered so that it steals the data on your device;

- If you rent a car, avoid connecting your smartphone to the car system – however convenient it may seem. You may leave behind more than you think;

- Avoid using public Wi-Fi – anyone can configure a wireless hotspot;

- Be wary of what you post online and do not publicly share location information;

- When using public computers (it’s preferable that you don’t, but if you must), avoid accessing online banking services, and do not save access data in the browser;

- Beware of curious or suspicious faces when operating the ATM;

- If you notice something off about the ATM, stop using the machine;

- Do not let anyone foto / fotocopy your card. And do not let cards out of your sight;

- Take time to review your banking activity, check any suspicious transactions;

- Delete travel apps you don’t need anymore;

- Change passwords if you suspect one of your devices might be compromised;

- And if you suspect you fell victim to a cyberfraud, report to the nearest police station!

How can institutions take preventive measures and also corrective actions against cybercrime?

Institutions should adopt a comprehensive cybersecurity strategy. This /static regular employee training (I provide that to some of my corporate and banking clients), robust firewalls, and encryption measures. Conducting regular security audits and collaborating with cybersecurity experts is essential. I can recommend security experts I regularly work with from Romania and from abroad.

In the unfortunate event of an attack, having an incident response plan in place ensures a swift and effective response to minimize damage and protect sensitive information.

What are your other fields of interest, besides cybercrime?

While my primary focus lies in cybercrime and banking law, I also have a broader expertise in criminal white-collar cases. This /static areas such as fraud, embezzlement and corruption. My diverse experience allows me to provide comprehensive legal counsel to my clients in the complex landscape of financial and cyber-related crimes.

I've also developed a keen interest in International Arbitration, particularly in cases under the International Chamber of Commerce (ICC). The professionally elegant and swift nature of debates in ICC Arbitration cases has captivated me. At a certain level of business, clients often choose compromissory clauses and prefer this method of dispute resolution for its efficiency and effectiveness. It's a testament to the adaptability of legal processes to meet the evolving needs of the business world.

Which are the most important clients that you represented – not only in cybercrime cases?

Maintaining client confidentiality is paramount, but I've had the privilege of representing significant entities in the financial sector. My clientele /static major banks and corporations, where my expertise in criminal white-collar law, particularly in cyber-related matters, has proven invaluable.

As mentioned earlier, I've been invited to collaborate as a specialist alongside other legal teams or clients’ legal departments. However, in recent times, I've opted to work independently, handling cases comprehensively from initiation to resolution. Among the noteworthy clients and cases, I would like to highlight the a few:

- UCO Tesatura (fraud case) – Member of the Vlerick Group (a Belgian family-owned group with industrial and financial activities in existence for over 50 years; Vlerich family is one of the wealthiest and most respected families in Belgium, running several financial business, among which a Business School), UCO Tesatura Giurgiu is one of the mainstream denim manufacturers, with a production capacity of over 7 million meters, having the latest technology to manufacture denim garments.

It's been taken out of business by this fraud case. The case at hand, involving a fraud of over 7 million performed by the former CFO, is an ongoing investigation. Its crucial point is that I have managed to recover the 500,000 Euro embezzled, before the trial ended. I will provide a full discosure of the investigations performed so far, so that Luju and its readers have a full view of one of the most elaborated schemes carried out in Romania. With shell companies (parasite companies, that is), employed relatives and friends, fictitious contracts. We have used the services of a private intelligence detectives to dismantle the group;

- Compania de Apa Oradea – the water supply company in Oradea was facing execution following a bifurcation procedure in an arbitration case. The sum amounted to millions and was jeopardizing the very existence of the company, and thus the city’s water supply. What needed to be done was holding on court procedures (challenges on enforcements with the whole array of legal stratagems) while, at the same time expediting the ICC (International Chamber of Commerce) arbitration procedures.

The case lasted 6 months, during which hearings were set almost weekly in Oradea and Satu Mare courts. But the whole effort was worth it, because the arbitration was won and so the execution ceased, to the great satisfaction of the citizens of Oradea, the client, and, of course, mine;

- Termoficare Oradea – a case of manslaughter and non-compliance with occupational health and safety regulations. Defending the culprit company in such cases is most of the times mission impossible. However, I successfully secured an acquittal, by presenting substantiating evidence demonstrating not only the lack of culpability on the part of the company, but also establishing that the victim acted beyond the scope of its regulatory standing;

- Industrialexport – huge arbitration case against Hidroelectrica, its object being the claim to pay just over 1 million, representing the outstanding balance of the equipment price comprising the segment valves, in accordance with the executed contract between the parties. The arbitration proceedings extended beyond the initially anticipated duration, spanning over a period exceeding 2 years; nevertheless, it concluded favorably, imposing upon the defendant, Hidroelectrica, the obligation to remit the stipulated amount as requested, plus interest and legal fees, of course.

I see on your LinkedIn account that you are a member of the Academy of European Law. Please tell us more about this international association.

Oh, gladly! The Academy of European Law (die Europäische Rechtsakademie or ERA) is a prestigious institution fostering legal excellence across Europe. As a member, I engage in continuous legal education, staying updated on the latest developments in European law. This affiliation enhances my ability to provide cutting-edge legal services, especially in the rapidly evolving field of cybercrime law.

Recently – and I really want to spread the word about this – I have also joined the Friends of ERA Association, which brings together legal professionals who want to join their fellow practitioners from across Europe in promoting the good application of EU law. For over 20 years, their members have been supporting the ERA scholarship programme, which has enabled more than 550 legal practitioners from EU Member States and candidate countries, where national and local funding is not available, to participate in the legal training they provide on European law.

As such, together with the other members of the Friends of ERA, I contribute to this project which enables financially constrained legal practitioners to improve their knowledge of EU law. In parallel to this, I can benefit from access to online conference documentation, invitation to Chapter meetings and, as I have just been let know, I will get to arbitrate one of their stages of moot courts they organize: Young Lawyers Contest – a semifinal is going to be hosted here in Bucharest, and I will be judge on the panel.

With over 18 years of experience as an attorney, could you share some insights into your background and highlight key milestones that have shaped your expertise in criminal law and international arbitration?

Certainly. I began my legal career in 2005 and, over the years, I've honed my skills in criminal law, specializing in white-collar crimes and banking law. Additionally, my involvement in International Arbitration has broadened my legal perspective, allowing me to navigate complex legal disputes on an international scale. Each case has been a steppingstone, contributing to my deep understanding of the intricacies of the legal system.

It was not always easy and foreseeable: I started in Oradea, then came to Bucharest for INPPA (National Institute for Training and Perfecting Young Lawyers), which helped me gain one year into becoming a definitive lawyer (one year instead of two my colleagues spent as junior lawyers). Then I decided to start a career in Bucharest, as the legal market was much more offering and challenging.

Having recently passed my Cambridge Proficiency exam, I seemed attractive for law firms working with foreign clients, though mainly on real estate, which was particularly not challenging. Using a euphemism here. Truthfully, it was really boring. After a while, I decided to move into litigation, and by 2009 I was already part of a litigation team of one of the greatest law firms. That is about the time I started moving into the banking sector, my collaboration with Raiffeisen Bank started and in parallel with other banks.

I also resumed my criminal practice started in Oradea, though applied at a corporate level, since most clients came from either the banking or corporate sector.

My first arbitration case was in 2010 at the Chamber of Commerce attached to the Valcea Tribunal. I remember being so impressed with the procedures, the elegance of the discussions and the high level of professionalism, as compared to what I saw every day in regular courts. So I decided I will pursue a career in this sector. Without leaving what I treasured most: criminal law and cybercrime – which gained more and more interest with every year. Crime became more sophisticated, but so did the methods to apprehend it.

It is an odd combination, I agree, but one facet complements the other seamlessly. The convergence of commercial arbitration and criminal law, especially in the realms of cybercrime and white-collar crime, reflects the evolving nature of legal challenges in the modern business landscape

You mentioned being a member of the Academy of European Law (ERA). Could you elaborate on the benefits you've gained from this association, particularly in terms of the seminars and networking opportunities it provides?

ERA has been an invaluable part of my professional journey. The seminars they organize are nothing short of magnificent, offering a platform for in-depth discussions, insights and networking with like-minded professionals. The diversity of topics covered and the chance to interact with legal minds from across Europe contribute significantly to my continuous legal education. ERA's commitment to providing a widespread source of legal education not only enhances my knowledge, but also facilitates meaningful connections with fellow professionals. It's truly a dynamic hub for legal excellence.

Their seminars are held in beautiful backdrops – like Barcelona, Lisbon, Dublin, Krakow – and are excellently organized, from the accommodation they offer to the last detail of the facilities for the venue. Food is excellent and the company, nonetheless. Professionals from Europe (attorneys, prosecutors, judges, EU officials) are all keen to share and gather knowledge.

The organizers (a big chapeau to Laviero Buono!) always demonstrate exceptional effort in assembling flawless panels of speakers and meticulously planning the event down to the finest details, ensuring its perfection. Each event leaves me with great memories and the craving for more.

Last but not least, I would like to conclude with your message for future law professionals. I'm talking about high school pupils and college students who intend to pursue a career as lawyers, prosecutors, judges etc. What do they need to bear in mind?

To future legal professionals, I'd emphasize the importance of adaptability. The legal landscape is dynamic, especially in fields like cyber law. Embrace continuous learning, stay technologically literate, and cultivate a passion for justice.

Building a solid foundation in traditional legal principles while being open to innovation will not only make you effective advocates, but also position you as leaders in the evolving legal sphere.

Not sure who the citation belongs to (being disputed between Confucius and Mark Twain), but the truth in it surpasses the need to ascertain its origin. So, in fewer words: „Do what you love and you will not have to work a single day in your life!”

* Click here to read the Romanian translation of the interview