2. CONTENTS
CYBER CRIME THEORY
Title Page
Internet as Medium of Crime 3
Definitions of Cybercrime 4
Classification of Cyber Crime 5
Cyber Criminals 6
Cyber Crime Challenges 7
Traditional Crime and its Cyber Equivalents 8
Defining Cyber Crime Offenses 9
Criminal vs Non Criminal Act 10
International Cyber Crime Laws 11
Criminal and Non Criminal Cyber Crime Offenses 13
Criminal and Non Criminal Cyber Crime Offenses 14
Criminal and Non Criminal Cyber Crime Offenses 15
Criminal and Non Criminal Cyber Crime Offenses 16
3. Internet as a medium for
Crime
Internet offers unparalleled opportunities to criminals and coupled with the ease of access and anonymity, it serves as a
useful tool to amass huge wealth with minimum efforts. Transnational Organized Crime syndicates are now resorting to
Cyber Crime and thus threatening the security of global financial industry and other sovereign Nation States.
According to Norton’s annual Cybercrime Report, ‘the estimated annual cost over global cybercrime is 110 billion’. 1
‘Globally, each victim accounted for an average of $197 in financial loss. In the US this increased to $290’. 2
The burgeoning of internet and introduction of new digital technologies ‘provide a platform for committing crimes such
as fraud and identity theft on an industrial scale’. 3 Easy access to Internet has created new opportunities for criminals
and also equipped and motivated a new set of people to carry these crimes in the cyberspace, effectively creating new
business models.
These days basic malware software packages are being offered which give people an opportunity to have a go at
hacking and a chance to steal online passwords. Some of these packages are very readily available and even offer
‘money-back guarantee that makes it easier than ever to create and spread malware’. 4
CYBER CRIME THEORY
4. Crime is defined as ‘an action or omission which constitutes an offence and is punishable by law.’ 5
While the definition of Crime is widely accepted, there is an absence of an agreed definition for Cybercrime. Given the fast changing pace of developments in this
industry, the definition of Cybercrime is still evolving. Though widely used in day today conversations and in media, this term means different things to different people.
Directed at computers
‘Crimes directed at computers or other information communications technologies
(ICTs) such as hacking and denial of service attacks.
Crimes where computers or ICTs are an integral part of an offence (such as online
fraud, identity theft and the distribution of child exploitation material) ‘. 6
Crime using Electronic Networks
‘Cybercrimes are crimes which are mediated by networked technology and not just
computer.’ 9
Any crime conducted using networked computers and can include criminal activities.
Computer-focused crimes
‘Computer-focused crimes on the other hand include crimes that emerged in tandem
with the establishment of the Internet and could not exist apart from it, such as virus,
malware or botnet infection, and hacking.’ 8
Computer Crime
‘The term “computer crime” has often been used to cover a multitude of offences
ranging from virus dissemination, hacking and organized crime to terrorist rings that
use the computer and computer networks in the commission of the offence.’ 10
Definitions of Cybercrime
Computer-mediated activities
Cybercrime is computer-mediated activities which are either illegal or considered
illicit by certain parties and which can be conducted through global electronic
networks. 11
Directed again CIA
‘Cyber Crime is an action directed against the confidentiality, integrity and
availability (CIA) of computer systems, networks and computer data as well as
misuse of such systems, networks and data.’ 7
5. Classification of Cyber
CrimeMany academicians, agencies and companies have tried to classify the cyber
crimes and group them into different sub classifications. This is important to
identify the level of offence and which category the offence falls into.
Type I and Type II Cyber Crime
‘Type I is generally a singular, or discrete, event from the perspective of the
victim. It often is facilitated by the introduction of crime ware programs such
as keystroke loggers, viruses, rootkits or Trojan horses into the user’s
computer system.
Type II cybercrime, at the other end of the spectrum, includes, but is not
limited to activities such as cyber stalking and harassment, child predation,
extortion, blackmail, stock market manipulation, complex.’ 14
True Cyber Crime and E-enabled Cyber Crime
‘We should seek to distinguish between “true” cyber crime (i.e. dishonest or
malicious acts which would not exist outside of an online environment, or at
least not in the same kind of form or with anything like the same impact), and
crime which is simply “e-enabled” (i.e. a criminal act known to the world
before the advent of the worldwide web, but which is now increasingly
perpetrated over the Internet).’ 13
Intentional Cyber Crime vs Unintentional Cyber Crime
Take an example of an email got from a spammer, which the receiver forward to another friend without checking the contents. The sender may be committing a cyber crime
offense by distributing a malicious Trojan or self replicating virus unintentionally. The penalties for unintentional cyber crime are lenient as compared to people committing
intentional acts of cyber crime with the sole aim of causing financial and reputation loss
A recent addition to cyber crime is corporate espionage, and planning or carrying out terrorist activities online.
CYBER CRIME THEORY
6. Cyber Criminals
‘The computer underground lexicon generally divides computer criminals into three separate types:
script-kiddies, hackers, and crackers.
Script-kiddies employ tools downloaded from the Internet to exploit common security weaknesses. They are
involved in nuisance crimes like defacing websites and the amount of damage they cause is limited.
Hackers are able to use the standard tools with a much higher degree of sophistication and some are adept
enough to design intrusion programs. There is also a voyeuristic component
Crackers include those who attack computer systems for personal profit, such as people carrying out economic
espionage, or for malicious purposes, like virus writers. Cyber terrorists are grouped with crackers because they
share similarly malevolent purposes’ 15
CYBER CRIME THEORY
7. One of the distinct characteristics of Cyber Crime is that it could occur within multiple jurisdictions and is more cross border in nature. A cyber crime could be
conducted on servers in Australia by a person or a group of persons in China or India. Thus a criminal law is fraught with jurisdiction issues as different countries
may have different cyber laws and may not treat the offence with the same penalty.
A cyber criminal may be a juvenile and may thus be treated differently that an adult offender. Cyber Criminals could also escape in some countries using legal
loopholes or lack of substantive legal provisions for this illegal conduct. Such offences may be overlooked. Also there could be lack of cooperation between
different countries.
Offshore and Cross Border Players
In a traditional crime, the players involved may be from the same country where the crime
occurred whereas in Cyber crime the players could be offshore and they could be
ideologically motivated to form groups to threaten the infrastructure of the target country
apart from targeting individuals and businesses in these countries.
Cybercrime
Traditional criminals or robbers in the past would have to physically enter the bank premises
and gain entry to collect cash and monies. Whereas cyber criminals can gain access to bank’s
computer system and steal money and cause massive disruptions to the operations of the
bank and also cause irreparable damage to the bank’s reputation.
Localisation of Cyber Criminals
In some countries the laws may either not been developed yet or they may be tolerant and
lenient towards certain cyber crime activities, which would in the long run cause these
criminals to localise their activities in certain countries. Like the Nigerian email spam and the
Russian and Chinese malware activists.
Lack of Awareness of Cyber Threats
There is still a lack of awareness relating to cyber threats and cyber crime. While it is
being talked about a lot, many countries and companies have yet to address the risks
associated with this. Any countries with weak cyber regulation thus becomes safe
havens for such groups and puts other countries at risk.
Cyber Crime Challenges
Ease of Location
Cyber crime is easier to conduct that a traditional crime as an operator can operate
from any location, and in the absence of a formal crime scene, cyber crime needs
specialised people and data forensics to track the digital evidence. All the
collaborators can operate in a virtual world and once they taste success, they boast
and build a false aura around their digital personalities, which is also encouraging a
lot of hackers.
CYBER CRIME THEORY
8. It would be fair to say that traditional crime is now migrating into the realm of Internet as Cyber Crime.
Traditional crime Cybercrime equivalent
Fraud Online fraud/mass marketed fraud (including auction fraud, advance fee fraud, phishing)
Burglary/malicious damage Online hacking, denial of service attacks, viruses
Child sex offences Online child grooming, child pornography websites
Money laundering Through online payment systems, e-cash
Theft Identity theft, bank website ‘phishing’ and movie, music and software piracy
Stalking Cyber stalking, cyber bullying
Traditional Crime and its Cyber Equivalents 16
While there are tough penalties for traditional crime, the regulation has been behind when it comes to deterring cyber criminals. Probability of being
caught is minimal and the penalties do not adequately fit the crime. ‘For this reason, in spite of the increasingly stringent regulations and compliance
mandates, we can expect to see criminals continue to target the payment card industry and will see continued data breaches.’ 17
One of the main differences in Cyber and Traditional Crime is that in a traditional crime, the victim and the offender operate in close proximity to each
other whereas in the realm of cyber crime, the victim and the assaulter could be in different geographical areas and maybe in different time zones as well.
CYBER CRIME THEORY
9. Defining Cyber Crime Offenses
Crimes in which the computer is the target of the criminal activity 18
This includes spamming, malware infection, botnets, denial of service, misuse of devices, intrusion attempts, malicious code,
infections worms and malware. This could include simple or malicious hacking
Crimes in which the computer is a tool used to commit the
crime 19
Computers used to carry out online fraud, stalking, cracking,
creation of illegal pornography, cyber bullying to tarnish
personal reputation, cyber harassments, unsolicited
electronic communication, online theft and gaining
access and modifying Commonwealth data.
Crimes in which the use of the computer is an incidental aspect
of the commission of the crime. 20
Computers are used to carry out traditional crime acts like theft,
stalking , sedition, scam, theft, forgery, intrusion.
CYBER CRIME THEORY
10. Criminal vs Non Criminal Act
An offense carried out by an individual can have criminal or non criminal retribution.
Certain offenses can be charged as either ordinance or criminal offenses - for example, retail theft (shoplifting) or
disorderly conduct. And some offenses are noncriminal for first time offenders but criminal for second time violators.
A non criminal offense may result in a monetary penalty like a parking fine whereas a criminal offense may lead to a jail
term and a possible penalty. 21
As a general principle if it’s a crime offline, then it is also a crime online and can have an equivalent severe punishment for
the act. 22
CYBER CRIME THEORY
Research has shown that people who are involved in cyber crimes know their victims more often.
Digital threat offenders threaten their ex-partner more often (28.9%) than in the case of traditional threats (15.5%). Digital fraud
occurs more often between business partners (47.3% vs. 24% for digital and traditional fraud, respectively) and occurs less often
among acquaintances (1.8% vs. 7% for digital and traditional fraud, respectively). 23
11. International Cyber Crime
Laws
The Council of Europe Convention on Cybercrime Convention requires Parties (i.e., ratifying states)
to ‘adopt such legislative and other measures as may be necessary to establish as criminal offences
under its domestic law, when committed intentionally’ 24
Australia has adopted Cybercrime Legislation Amendment Act 2012 which will allow Australia to
collaborate and access and share information with international agencies. Australia has also joined
the Council of Europe Convention on Cybercrime which gives Australian government agencies more
powers to fight cyber crimes.
CYBER CRIME THEORY
12. Criminal and Non Criminal
Cyber Crime Offenses
This is a criminal offense which falls under the category of
Economic Crimes – Unauthorized access to computer systems without right,
Content Related Offense – Identity theft and data theft, Misuse of information
Privacy Offense – Illegal collection of unauthorized data
If we apply the Europe Convention of Cybercrime to this incident, to which Australia is now a party, the offenses could be
Article 184: Illegal Access to a Computer System without right
Article 185: Illegal Interception of Computer Data
Article 187: Interference with a Computer System without right
Article 188.1: Misuse of Devices for the purpose of committing a criminal offense
CYBER CRIME THEORY
Take the example of a recent cyber crime ‘where half of South Korea’s population had their personal information
stolen. The breach involved 27 million people and 220 million records. 16 hackers were arrested for targeting the
personal details of these people on gaming and gambling websites.’ 25
13. Criminal and Non Criminal Cyber Crime Offenses
–-
CYBER CRIME THEORY
Offense Type of Offense
Hacking Hacking in principle violates the Confidentiality, Integrity, Availability of Computer Systems and malicious hacking is
an offense in Australia under Cybercrime Legislation Amendment Act 2012. However there is also a big push to
allow ethical hacking or hacking for fun and to bring the onus of protecting computer systems and networks to
their respective organizations.
Defacing of Websites/Cyber
Vandalism
This offense is non criminal in nature and is primarily aimed to hurt company reputations and also to propagate a
message usually done by either fanatics or cross border non state actors.
Dissemination of viruses The effect of this could be minimal or major. The act could be classified as Criminal or Non Criminal based on the
classification of data this virus destroys and if this leads to Denial of critical Service.
Denial of Service Attacks and
Denial of Service Attacks using
Botnets
While this is equivalent to cyber trespassing and could be classified as an Act of Civil Disobedience, (occupy
protests/sit-ins) on the Internet this is classified as high Tech cyber crime in Australia. European Union’s Cyber
Crime Convention and UK legal system also criminalizes this attack.
Creation and distribution of
malicious software
Creation of viruses, worms, trojans is a criminal activity which is done with the sole aim of causing disruptions in
service. However there could be a Non Intentional Act of distribution of such malicious software which may
replicate by sending in an email and if the person does not know about the malicious contents then it is a non
criminal offense.
14. Criminal and Non Criminal Cyber Crime Offenses
CYBER CRIME THEORY
Offense Type of Offense
Online Money laundering This is an criminal act in which funds are stolen and transferred overseas. It is increasingly becoming a cyber crime
as people turn to online channels to transfer these funds.
Cyber terrorism Any activity associated with terrorism is a criminal activity.
Intellectual Property/Copyright
infringements/Piracy
This is a criminal act which could result in a jail term as well as a hefty fines.
Spam It is an offense to send Spam to individuals you don’t deal with. While this may be Non Criminal offense, some of
the outcomes or actions resulting from the Spam could have Criminal consequences.
Cyber obscenity/pornography This could be a criminal offense in some countries but in some countries it is perfectly legal to allow pornography
for people aged 16 years and above. Child Abuse Material generation and distribution is however a criminal
offense.
Bullying/Stalking Cyber Criminals take advantage of vulnerabilities and people’s emotions. These act is Criminal in Nature according
to NSW (Domestic and Personal Violence Act 2007)
15. Criminal and Non Criminal Cyber Crime Offenses
CYBER CRIME THEORY
Offense Type of Offense
Domain name hijacking/Cyber
Squatting
This could lead to loss of revenue for companies attacked. However this act can be classified as Non Criminal in
nature.
Misuse of credit cards This is a criminal act which could have severe consequences for the perpetrators.
Information and Identity
theft/misuse
Such acts including Identity theft is an criminal act.
Blackmail These act is Criminal in Nature according to NSW (Domestic and Personal Violence Act 2007)
Hate sites There has been a lot of debate about Hate Laws in Australia and the amendments being bought in by the
government to allow free speech and to modify Racial Discrimination Act 18c. This is a non criminal offense at this
moment. However if any hate crime gets reported on such sites that is a criminal act.
Corporate Espionage It is a federal crime in many countries including US. In some countries civil laws cover these acts however they are
better addressed by bringing this under the purview of criminal law.
Editor's Notes
This presentation explains the concept of Cyber Crime and classifies Cyber Crime according to Crimimal and Non Criminal Offenses.
The availability of the Internet has create new business models for undertaking cyber crime. This has increased the number of cyber criminals in the market and also made it more attractive to Transnational Organised Crime Syndicates. The availability of mobiles and hand held devices to carry out financial transactions has made people and institutions more vulnerable than ever before.
For people committing crime, Internet is an additional delivery channel to further their criminal activities. There is also new opportunities created by Internet in the cyber space which attracts many people. Mobile computing combined with Social Networking is driving cyber crime to new levels. Cyber Crime is also a crime of convenience for cyber criminals.
REFERENCES
2012 Norton Cybercrime Report, Norton Semantic, 2012, p. 3, http://now-static.norton.com/now/en/pu/images/Promotions/2012/cybercrimeReport/2012_Norton_Cybercrime_Report_Master_FINAL_050912.pdf (accessed 19 August 2014)
Ibid
Australian Crime Commission, Cybercrime, https://www.crimecommission.gov.au/organised-crime/crime-enablers-and-pathways/cybercrime, 2014, (accessed 19 August 2014)
Jim Glen, ‘Cyber crime made easy’, New Scientist, 3/20/2010, Vol. 205 Issue 2752, p20-21
Cyber Crime is very prevalent in modern society and its definition will evolve over a period of time. It is an extension of crime into digital cyberspace and creates new possibilities for both criminals and law makers to conduct and identify criminal activities. With over 2.8 people (almost 40% of world’s population) 12 accessing cyberspace, almost anyone could be a victim, if he or she does not take proper precautions.
Very respected scholar, David Wall, who has written extensively on this topic, has talked about the offenses involved in cyber crime – hacking, fraud, pornography, pedophilia and makes a valid point that these offenses are already part of the existing criminal justice system, thus implying there is not much Cyber about them.
In fact some scholars have also talked about finding the penetration of cyber crime in traditional crime and measuring the impact of this.
REFERENCES
Oxford Dictionary
Cyber and Technology Enabled Crime, Australian Crime Commission, 2014, https://www.crimecommission.gov.au/sites/default/files/CYBER%20AND%20TECHNOLOGY%20ENABLED%20CRIME%20JULY%202013.pdf (accessed 19 August 2014)
Convention on Cyber Crime, Council of Europe, 2001, p 392, http://www.usip.org/sites/default/files/MC1/MC1-Part2Section16.pdf ((accessed 19 August 2014)
S Furnell, Cybercrime: Vandalising the information society, Addison-Wesley, 2002, p 21
D Wall, Cybercrime: The transformation of Crime in the Information Age, p 11, Polity 2007
P Barton, V Nissanka, F Waterhouse, Cyber-crime - Criminal offence or civil wrong?, Computer Law & Security Report Vol. 19 no. 5 2003, p 401
Thomas and Loader, 2000a: 3, cited in Majid Yar, The Novelty of Cybercrime. An assessment in Light of Routine Active Theory, European journal of Criminology, 2, 2005 p 408
http://www.internetworldstats.com/stats.htm
Sarah Gordon and Richard Ford have attempted a valid classification of cyber crime and classified them into Type 1 and Type II cyber crimes. Some of the sub divisions of Cyber Crime are even more unclear. Take the case of Cyber warfare and Cyber Terrorism, which are classified under Cyber Crime, but these activities involve interaction between Nation States and Non State Actors.
REFERENCES
HS Gordon, R Ford, On the definition and classification of cybercrime, Journal of Computer Virology,. 2, 2006, p 13
K Burden, C Palmer, B Lyde, Gilbert, Internet crime: Cyber Crime — A new breed of criminal?, Computer Law & Security Review, Volume 19, Issue 3, May 2003, p 222
While there are many types of cyber criminals, almost all of them can be classified into types which covers their activities related to Cyber Crime. Almost all the above categories are also driven by a thrill to achieve their goal of breaking the configuration of external computer systems.
15 R Skibell, Cybercrimes & misdemeanors: A reevaluation of the computer fraud and Abuse Act, Berkeley Technology Law Journal; Summer 2003, Vol. 18 Issue 3, p 10
Cyber Crime is a major cause for concern for most of the Governments around the world and as they look to cooperate, it looks like the cyber criminals are one step ahead of regulation efforts by these governments.
The above slide illustrates how traditional crimes have morphed into the online environment. While the method of execution of the crime may be different, the intent is still the same.
REFERENCES
Australian Crime Commission, Cybercrime,https://www.crimecommission.gov.au/organised-crime/crime-enablers-and-pathways/cybercrime, 2014, (accessed 19 August 2014)
C Mark, Why Regulation Cannot Prevent Cybercrime, http://www.transactionworld.net/articles/2011/july/compliance.asp, 2011 (accessed 19 August 2014)
Susan Brenner has divided Cyber Crime into three categories and asks for cyber crime to be treated as a special class of crime.
REFERENCES
S Brenner, U.S. Cybercrime Law: Defining Offenses, Information Systems Frontiers 6:2, 115–132, 2004, p 117
19 Ibid
20 Ibid
References
21 Arrest Issues FAQ, World Law Direct, http://www.worldlawdirect.com/article/627/arrest-issues-faq.html, 2014, (accessed 19 August 2014)
Cyber Crimes and Criminals, http://www.carnegiecyberacademy.com/facultyPages/cyberCrime.html, 2014, (accessed 19 August 2014)
L Montoya, M Junger, P Hartel, How ‘Digital’ is Traditional Crime?, 2013 European Intelligence and Security Informatics Conference, 2013 p 34
REFERENCES
24 M Vatis, Steptoe & Johnson, The Council of Europe Convention on Cybercrime, Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy, p 210
REFERENCES
25 Data Breach Bulletin: Sixteen Arrested After Allegedly Hacking Half of South Korea, Forbes, Aug 2014, http://www.forbes.com/sites/katevinton/2014/08/26/data-breach-bulletin-sixteen-arrested-after-allegedly-hacking-half-of-south-korea (accessed 19 August 2014)