RCMP working with Moroccan police to lay charges in U of M cyberattack

More than three months since a vicious online attack on a female University of Moncton student that authorities have described as "cyberterrorism," the RCMP is reporting progress in its investigation.

Starting in late February, a series of 10 emails were sent to students and staff, many containing a video or photo of the student that were sexually graphic in nature.

The emails also included offensive messages, and links to the student's Facebook page, in an apparent attempt by the sender to shame her.

• 'Hateful' and sexual mass emails targeting Moncton student originated outside country

• U of M receives 10th malicious email Saturday night

Sgt. Mario Fortin of the Codiac RCMP confirmed to CBC the man behind the attacks lives in Morocco, and that the RCMP is working with Moroccan police, as well as Crown prosecutors, to try to lay charges against the individual.

In one of his emails, the attacker had threatened police by saying, "I'm living in Morocco. So just catch me if you can," but authorities had previously disclosed little information on his whereabouts, and would only reveal the emails originated from a server outside the country.

Fortin is also confirming the victim and the author of the emails knew each other, but would not disclose the nature of their relationship, or reveal his name.

He said the RCMP is looking at a number of possibilities, including having Moroccan police lay charges, or issuing an arrest warrant here in Canada against the attacker.

Meanwhile the University of Moncton confirms there have been no new emails since the tenth one on March 4, but would not provide details on strategies used to intercept the messages or whether the attacker had simply given up.

"We are continuing to work on our IT systems in order to ensure the maximum level of security while at the same time maintaining operational requirements," said Ghislaine Arsenault, a spokesperson for the university.

Case could pave the way

David Shipley, a cybersecurity expert and CEO of Beauceron Security, said most cybercrimesremain unresolved forever, and considers the RCMP to be far along in its investigation.

"That is encouraging that they are actually working with authorities in Morocco," said Shipley. "That is not the norm."

Shipley said most cases of online sexual exploitation never get investigated. In fact he estimates only one in 15 cybercrimes get reported to police in Canada.

Police only identify a suspect inabout 6 per cent of all cases, he said.

"Hopefully this case paves the way for further action. Particularly when these crimes involve borders," said Shipley.

Need for global treaty

Shipley called Canada's laws against these types of activities "groundbreaking" but said Morocco may not be as far along.

Since 2015, a new charge was added to the Canadian Criminal Code, allowing police to arrest someone for distributing intimate images of a person without their consent.

"Not all jurisdictions have criminalized this kind of behaviour as reprehensible as it is," he said.

Shipley said the University of Moncton incident highlights the need for a global treaty to legislate cybercrimes, that would either allow for individuals to be extradited to the country where they committed the crime to face justice, or tried in their home country for a crime committed somewhere else.

"Most cybercrimes actually cross borders quite frequently," he said.