Under new laws the 28 EU member states will be required to set terms of no less than two years in prison for individuals caught illegally accessing information systems, tampering with data, illegally intercepting communications, or creating tools that help commit such offences. This mandated minimum rises to five years if the individuals involved target national systems such as energy plants, public transportation or government servers. The changes also directly address the creation and operation of botnets – groups of hacked computers that are run in tandem to commit offences such as sending out spam and denial of service attacks.