Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Aspects of Cyber Crime theory | Criminal or a Noncriminal offense


Published on

Aspects of Cyber Crime theory and whether a cyber crime constitutes a criminal or a noncriminal offense.

Published in: Technology
  • Login to see the comments

Aspects of Cyber Crime theory | Criminal or a Noncriminal offense

  2. 2. CONTENTS CYBER CRIME THEORY Title Page Internet as Medium of Crime 3 Definitions of Cybercrime 4 Classification of Cyber Crime 5 Cyber Criminals 6 Cyber Crime Challenges 7 Traditional Crime and its Cyber Equivalents 8 Defining Cyber Crime Offenses 9 Criminal vs Non Criminal Act 10 International Cyber Crime Laws 11 Criminal and Non Criminal Cyber Crime Offenses 13 Criminal and Non Criminal Cyber Crime Offenses 14 Criminal and Non Criminal Cyber Crime Offenses 15 Criminal and Non Criminal Cyber Crime Offenses 16
  3. 3. Internet as a medium for Crime Internet offers unparalleled opportunities to criminals and coupled with the ease of access and anonymity, it serves as a useful tool to amass huge wealth with minimum efforts. Transnational Organized Crime syndicates are now resorting to Cyber Crime and thus threatening the security of global financial industry and other sovereign Nation States. According to Norton’s annual Cybercrime Report, ‘the estimated annual cost over global cybercrime is 110 billion’. 1 ‘Globally, each victim accounted for an average of $197 in financial loss. In the US this increased to $290’. 2 The burgeoning of internet and introduction of new digital technologies ‘provide a platform for committing crimes such as fraud and identity theft on an industrial scale’. 3 Easy access to Internet has created new opportunities for criminals and also equipped and motivated a new set of people to carry these crimes in the cyberspace, effectively creating new business models. These days basic malware software packages are being offered which give people an opportunity to have a go at hacking and a chance to steal online passwords. Some of these packages are very readily available and even offer ‘money-back guarantee that makes it easier than ever to create and spread malware’. 4 CYBER CRIME THEORY
  4. 4. Crime is defined as ‘an action or omission which constitutes an offence and is punishable by law.’ 5 While the definition of Crime is widely accepted, there is an absence of an agreed definition for Cybercrime. Given the fast changing pace of developments in this industry, the definition of Cybercrime is still evolving. Though widely used in day today conversations and in media, this term means different things to different people. Directed at computers ‘Crimes directed at computers or other information communications technologies (ICTs) such as hacking and denial of service attacks. Crimes where computers or ICTs are an integral part of an offence (such as online fraud, identity theft and the distribution of child exploitation material) ‘. 6 Crime using Electronic Networks ‘Cybercrimes are crimes which are mediated by networked technology and not just computer.’ 9 Any crime conducted using networked computers and can include criminal activities. Computer-focused crimes ‘Computer-focused crimes on the other hand include crimes that emerged in tandem with the establishment of the Internet and could not exist apart from it, such as virus, malware or botnet infection, and hacking.’ 8 Computer Crime ‘The term “computer crime” has often been used to cover a multitude of offences ranging from virus dissemination, hacking and organized crime to terrorist rings that use the computer and computer networks in the commission of the offence.’ 10 Definitions of Cybercrime Computer-mediated activities Cybercrime is computer-mediated activities which are either illegal or considered illicit by certain parties and which can be conducted through global electronic networks. 11 Directed again CIA ‘Cyber Crime is an action directed against the confidentiality, integrity and availability (CIA) of computer systems, networks and computer data as well as misuse of such systems, networks and data.’ 7
  5. 5. Classification of Cyber CrimeMany academicians, agencies and companies have tried to classify the cyber crimes and group them into different sub classifications. This is important to identify the level of offence and which category the offence falls into. Type I and Type II Cyber Crime ‘Type I is generally a singular, or discrete, event from the perspective of the victim. It often is facilitated by the introduction of crime ware programs such as keystroke loggers, viruses, rootkits or Trojan horses into the user’s computer system. Type II cybercrime, at the other end of the spectrum, includes, but is not limited to activities such as cyber stalking and harassment, child predation, extortion, blackmail, stock market manipulation, complex.’ 14 True Cyber Crime and E-enabled Cyber Crime ‘We should seek to distinguish between “true” cyber crime (i.e. dishonest or malicious acts which would not exist outside of an online environment, or at least not in the same kind of form or with anything like the same impact), and crime which is simply “e-enabled” (i.e. a criminal act known to the world before the advent of the worldwide web, but which is now increasingly perpetrated over the Internet).’ 13 Intentional Cyber Crime vs Unintentional Cyber Crime Take an example of an email got from a spammer, which the receiver forward to another friend without checking the contents. The sender may be committing a cyber crime offense by distributing a malicious Trojan or self replicating virus unintentionally. The penalties for unintentional cyber crime are lenient as compared to people committing intentional acts of cyber crime with the sole aim of causing financial and reputation loss A recent addition to cyber crime is corporate espionage, and planning or carrying out terrorist activities online. CYBER CRIME THEORY
  6. 6. Cyber Criminals ‘The computer underground lexicon generally divides computer criminals into three separate types: script-kiddies, hackers, and crackers. Script-kiddies employ tools downloaded from the Internet to exploit common security weaknesses. They are involved in nuisance crimes like defacing websites and the amount of damage they cause is limited. Hackers are able to use the standard tools with a much higher degree of sophistication and some are adept enough to design intrusion programs. There is also a voyeuristic component Crackers include those who attack computer systems for personal profit, such as people carrying out economic espionage, or for malicious purposes, like virus writers. Cyber terrorists are grouped with crackers because they share similarly malevolent purposes’ 15 CYBER CRIME THEORY
  7. 7. One of the distinct characteristics of Cyber Crime is that it could occur within multiple jurisdictions and is more cross border in nature. A cyber crime could be conducted on servers in Australia by a person or a group of persons in China or India. Thus a criminal law is fraught with jurisdiction issues as different countries may have different cyber laws and may not treat the offence with the same penalty. A cyber criminal may be a juvenile and may thus be treated differently that an adult offender. Cyber Criminals could also escape in some countries using legal loopholes or lack of substantive legal provisions for this illegal conduct. Such offences may be overlooked. Also there could be lack of cooperation between different countries. Offshore and Cross Border Players In a traditional crime, the players involved may be from the same country where the crime occurred whereas in Cyber crime the players could be offshore and they could be ideologically motivated to form groups to threaten the infrastructure of the target country apart from targeting individuals and businesses in these countries. Cybercrime Traditional criminals or robbers in the past would have to physically enter the bank premises and gain entry to collect cash and monies. Whereas cyber criminals can gain access to bank’s computer system and steal money and cause massive disruptions to the operations of the bank and also cause irreparable damage to the bank’s reputation. Localisation of Cyber Criminals In some countries the laws may either not been developed yet or they may be tolerant and lenient towards certain cyber crime activities, which would in the long run cause these criminals to localise their activities in certain countries. Like the Nigerian email spam and the Russian and Chinese malware activists. Lack of Awareness of Cyber Threats There is still a lack of awareness relating to cyber threats and cyber crime. While it is being talked about a lot, many countries and companies have yet to address the risks associated with this. Any countries with weak cyber regulation thus becomes safe havens for such groups and puts other countries at risk. Cyber Crime Challenges Ease of Location Cyber crime is easier to conduct that a traditional crime as an operator can operate from any location, and in the absence of a formal crime scene, cyber crime needs specialised people and data forensics to track the digital evidence. All the collaborators can operate in a virtual world and once they taste success, they boast and build a false aura around their digital personalities, which is also encouraging a lot of hackers. CYBER CRIME THEORY
  8. 8. It would be fair to say that traditional crime is now migrating into the realm of Internet as Cyber Crime. Traditional crime Cybercrime equivalent Fraud Online fraud/mass marketed fraud (including auction fraud, advance fee fraud, phishing) Burglary/malicious damage Online hacking, denial of service attacks, viruses Child sex offences Online child grooming, child pornography websites Money laundering Through online payment systems, e-cash Theft Identity theft, bank website ‘phishing’ and movie, music and software piracy Stalking Cyber stalking, cyber bullying Traditional Crime and its Cyber Equivalents 16 While there are tough penalties for traditional crime, the regulation has been behind when it comes to deterring cyber criminals. Probability of being caught is minimal and the penalties do not adequately fit the crime. ‘For this reason, in spite of the increasingly stringent regulations and compliance mandates, we can expect to see criminals continue to target the payment card industry and will see continued data breaches.’ 17 One of the main differences in Cyber and Traditional Crime is that in a traditional crime, the victim and the offender operate in close proximity to each other whereas in the realm of cyber crime, the victim and the assaulter could be in different geographical areas and maybe in different time zones as well. CYBER CRIME THEORY
  9. 9. Defining Cyber Crime Offenses Crimes in which the computer is the target of the criminal activity 18 This includes spamming, malware infection, botnets, denial of service, misuse of devices, intrusion attempts, malicious code, infections worms and malware. This could include simple or malicious hacking Crimes in which the computer is a tool used to commit the crime 19 Computers used to carry out online fraud, stalking, cracking, creation of illegal pornography, cyber bullying to tarnish personal reputation, cyber harassments, unsolicited electronic communication, online theft and gaining access and modifying Commonwealth data. Crimes in which the use of the computer is an incidental aspect of the commission of the crime. 20 Computers are used to carry out traditional crime acts like theft, stalking , sedition, scam, theft, forgery, intrusion. CYBER CRIME THEORY
  10. 10. Criminal vs Non Criminal Act An offense carried out by an individual can have criminal or non criminal retribution. Certain offenses can be charged as either ordinance or criminal offenses - for example, retail theft (shoplifting) or disorderly conduct. And some offenses are noncriminal for first time offenders but criminal for second time violators. A non criminal offense may result in a monetary penalty like a parking fine whereas a criminal offense may lead to a jail term and a possible penalty. 21 As a general principle if it’s a crime offline, then it is also a crime online and can have an equivalent severe punishment for the act. 22 CYBER CRIME THEORY Research has shown that people who are involved in cyber crimes know their victims more often. Digital threat offenders threaten their ex-partner more often (28.9%) than in the case of traditional threats (15.5%). Digital fraud occurs more often between business partners (47.3% vs. 24% for digital and traditional fraud, respectively) and occurs less often among acquaintances (1.8% vs. 7% for digital and traditional fraud, respectively). 23
  11. 11. International Cyber Crime Laws The Council of Europe Convention on Cybercrime Convention requires Parties (i.e., ratifying states) to ‘adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally’ 24 Australia has adopted Cybercrime Legislation Amendment Act 2012 which will allow Australia to collaborate and access and share information with international agencies. Australia has also joined the Council of Europe Convention on Cybercrime which gives Australian government agencies more powers to fight cyber crimes. CYBER CRIME THEORY
  12. 12. Criminal and Non Criminal Cyber Crime Offenses This is a criminal offense which falls under the category of Economic Crimes – Unauthorized access to computer systems without right, Content Related Offense – Identity theft and data theft, Misuse of information Privacy Offense – Illegal collection of unauthorized data If we apply the Europe Convention of Cybercrime to this incident, to which Australia is now a party, the offenses could be Article 184: Illegal Access to a Computer System without right Article 185: Illegal Interception of Computer Data Article 187: Interference with a Computer System without right Article 188.1: Misuse of Devices for the purpose of committing a criminal offense CYBER CRIME THEORY Take the example of a recent cyber crime ‘where half of South Korea’s population had their personal information stolen. The breach involved 27 million people and 220 million records. 16 hackers were arrested for targeting the personal details of these people on gaming and gambling websites.’ 25
  13. 13. Criminal and Non Criminal Cyber Crime Offenses –- CYBER CRIME THEORY Offense Type of Offense Hacking Hacking in principle violates the Confidentiality, Integrity, Availability of Computer Systems and malicious hacking is an offense in Australia under Cybercrime Legislation Amendment Act 2012. However there is also a big push to allow ethical hacking or hacking for fun and to bring the onus of protecting computer systems and networks to their respective organizations. Defacing of Websites/Cyber Vandalism This offense is non criminal in nature and is primarily aimed to hurt company reputations and also to propagate a message usually done by either fanatics or cross border non state actors. Dissemination of viruses The effect of this could be minimal or major. The act could be classified as Criminal or Non Criminal based on the classification of data this virus destroys and if this leads to Denial of critical Service. Denial of Service Attacks and Denial of Service Attacks using Botnets While this is equivalent to cyber trespassing and could be classified as an Act of Civil Disobedience, (occupy protests/sit-ins) on the Internet this is classified as high Tech cyber crime in Australia. European Union’s Cyber Crime Convention and UK legal system also criminalizes this attack. Creation and distribution of malicious software Creation of viruses, worms, trojans is a criminal activity which is done with the sole aim of causing disruptions in service. However there could be a Non Intentional Act of distribution of such malicious software which may replicate by sending in an email and if the person does not know about the malicious contents then it is a non criminal offense.
  14. 14. Criminal and Non Criminal Cyber Crime Offenses CYBER CRIME THEORY Offense Type of Offense Online Money laundering This is an criminal act in which funds are stolen and transferred overseas. It is increasingly becoming a cyber crime as people turn to online channels to transfer these funds. Cyber terrorism Any activity associated with terrorism is a criminal activity. Intellectual Property/Copyright infringements/Piracy This is a criminal act which could result in a jail term as well as a hefty fines. Spam It is an offense to send Spam to individuals you don’t deal with. While this may be Non Criminal offense, some of the outcomes or actions resulting from the Spam could have Criminal consequences. Cyber obscenity/pornography This could be a criminal offense in some countries but in some countries it is perfectly legal to allow pornography for people aged 16 years and above. Child Abuse Material generation and distribution is however a criminal offense. Bullying/Stalking Cyber Criminals take advantage of vulnerabilities and people’s emotions. These act is Criminal in Nature according to NSW (Domestic and Personal Violence Act 2007)
  15. 15. Criminal and Non Criminal Cyber Crime Offenses CYBER CRIME THEORY Offense Type of Offense Domain name hijacking/Cyber Squatting This could lead to loss of revenue for companies attacked. However this act can be classified as Non Criminal in nature. Misuse of credit cards This is a criminal act which could have severe consequences for the perpetrators. Information and Identity theft/misuse Such acts including Identity theft is an criminal act. Blackmail These act is Criminal in Nature according to NSW (Domestic and Personal Violence Act 2007) Hate sites There has been a lot of debate about Hate Laws in Australia and the amendments being bought in by the government to allow free speech and to modify Racial Discrimination Act 18c. This is a non criminal offense at this moment. However if any hate crime gets reported on such sites that is a criminal act. Corporate Espionage It is a federal crime in many countries including US. In some countries civil laws cover these acts however they are better addressed by bringing this under the purview of criminal law.