Definition of Cybercrime
In accordance with the work A Dictionary of Law, this is a description of Cybercrime :
Crime committed over the Internet. No specific laws exist to cover the Internet, but such crimes might include hacking, defamation over the Internet, copyright infringement, and fraud.
Cybercrime is one of the fastest-growing criminal activities on the planet. Cybercrime is defined as the use of any computer network for crime and the high-tech criminals of the digital age have not been slow to spot the opportunities. The scope of the definition becomes even larger with the frequent companion or substitute term “computer-related crime.” Some writers are also of the opinion that “computer crime” refers to computer-related activities which are either criminal in the legal sense of the word or just antisocial behaviour where there is no breach of the law.
Given the extent to which computers have become a part of modern life, it was inevitable that some people would see the wired world as an opportunity to make money or cause mischief. Cybercriminals can range from teenagers who vandalise websites to terrorists who target a nation.
Cybercrime covers a huge range of illegal activity including financial scams, computer hacking, downloading pornographic images from the internet, virus attacks, stalking by e-mail and creating websites that promote racial hatred.
The term hacking was originally used to describe an audacious practical joke, but has become better known as a term for the activities of computer enthusiasts who pit their skills against the IT systems of governments and big corporations. Hackers sometime crack into systems to brag about their abilities to penetrate into systems, but others do it for illegal gain or other malicious purposes. The handiwork of some hackers, or “crackers” as they are known in the computer industry, has had disastrous results. The “love-bug” virus crippled at least 45 million computers worldwide and caused billions of dollars worth of damage. See the entry about hackers in this legal Encyclopedia.
Fraud and extortion
Then there is fraud and extortion. Some hackers have broken into the computer systems of banks and other businesses, with the intention of stealing money – or information like credit card numbers, which are just as valuable to the criminal.
- 90% of US companies which responded to a Computer Security Institute survey said they had detected computer security breaches in the previous year
- 74% acknowledged financial losses as a result of the breaches of security
- 79% detected employee abuse of the internet, for example downloading pornography or pirated software
- 85% detected computer viruses
Gangsters can use computers for extortion. Burglary rings track break-ins and then inventory their winnings from each job. Gangsters who want to murder a person in hospital can crack the hospital’s computers to alter the dosage of medication.
Scams by cyber-criminals include setting up bogus companies on the Net. Unsuspecting buyers are offered products at tempting prices, and then supply their credit card details – only to find that the site suddenly disappears. No phone number, no address and no redress. The dot com becomes a dot con.
Another 21st century crime is identity theft. This usually does not involve hacking at all. Criminals can trawl the web or other public databases for information about someone’s date of birth, social security number and address and then use that to apply for credit cards and run up huge bills. It is easy to do and as a result is one of the fastest growing crimes in the US.
The goal of a cyberstalker is control. Stalking and harassment over cyberspace is more easily practiced than in real life. There are many cases where cyberstalking crosses over to physical stalking. Some examples of computer harassment are:
- Live chat obscenities and harassment;
- Unsolicited and threatening e-mail;
- Hostile postings about someone;
- Spreading vicious rumours about someone;
- Leaving abusive messages on a website’s guest books.
Malicious codes like worms, viruses and Trojan horses cause damage on a greater scale. These exploit security vulnerabilities of a system and they tend to alter or destroy data. The damage they cause is worth millions of Ringgit to companies as well as government agencies. Worms are different from viruses because they are able to spread themselves with no user interaction. A virus can attack systems in many ways: by erasing files, corrupting databases and destroying hard disk drives.
This is where corporations spy on other companies and with network systems, this can be an easy task. Companies can retrieve sensitive information rarely leaving behind any evidence. Cyberespionage can also be applied to nations that spy on other countries’ sensitive information.
With so many cybercrimes on the rise the need for a cyberlaw is obvious, but the difficulties are baffling.
The internet is a global system. We can now be attacked by criminals who do not need to come to this territory. Lots of policing arrangements have their roots in the fact that victim and offender are geographically co-located. So the problem for all law-enforcement agencies is the way that cybercrime, like the internet itself, is not limited by national boundaries. An investigation that begins in one country may quickly lead elsewhere, but without the co-operation of other nations, it may be impossible to track down the perpetrators and secure convictions.
Then there’s a question of liberty. When the Council of Europe produced a draft treaty on cybercrime, it was deluged by e-mails from internet users concerned about possible infringements of their privacy and liberty. One complaint said that the proposals could have “a chilling effect on the free flow of information and ideas.”
European officials say they have tried to address these concerns, and stress that their intention is simply to consolidate laws against activities such as hacking, spreading viruses, and computer fraud so that in future there is a standard way of securing the digital evidence needed for prosecutions.
In his book “Cyberthreats and International Law” (Eleven International Publishing, 2012), Georg Kerschischnig wrote:
“Criminal-minded members of society were quick to realize online opportunities, embrace
technology, and abuse ICT to gain profit. First online computer crimes were reported in
a 1987 survey, with 5% of victimized companies and organizations (Dunnigan James F., The Next War Zone). With millions of new users coming online in the 1990s, the growing e-commerce, and the transaction of sensitive data via the Internet, online crime skyrocketed. Cybercriminals started to undertake mani-fold activities, from the sending of fraudulent messages, to the spying on credit card information and online banking access codes to the conduct of online identity theft (an issue particularly momentous in the USA), only to mention a few. As mentioned above, hackers prefer to distinguish themselves from cybercriminals, arguing that hackers only try to gain access to other systems out of technical interest and without interfering with data, while cybercriminals are nothing but groups of criminalsthat use hackertechniques,
concerned with nothing but profit (Dunnigan James F., The Next War Zone).
While the lion’s share of cybercrime losses are still the result of low-tech frauds via
spam or misleading web pages,45 organized crime has embraced cyberspace as well,raising
the level of sophistication. Conversely, there are also hacker groups that have embraced
the structure of organized crime to establish a thriving business offering extortion, fraud,
money laundering, identity theft, corporate espionage, phishing, bot-herding, malware,
etc. A worrying example is the infamous “Russian Business Network” (RBN), which engages in the full spectrum of cyberintrusions and cybercrime operations. It even controls several ICT providers which it uses for “bullet-proof hosting” (see following paragraph). Apart from that, the group is alleged to be politically connected, which protects its members from prosecution.
In order to stay operational, cybercriminals rely on an infrastructure framework provided
by the private sectorsuch as money transfer agencies(e.g. Western Union or Liberty
Reserve) or ICT providers that offer “bulletproof hosting” .The latter guarantees undisrupted
service despite dubious activitiesthatwould otherwise constitute terms ofservice violations.
This is one of the few areas where law enforcement could have some leverage (Dunnigan James F., The Next War Zone).
However, sometimes political ties of cybercriminal organizationsimpede cooperation. The relationship between governments and cybercriminal organizations can be mutually benefitting.
These organizations are thriving businesses that might benefit the economy, and their
favors might be called in as a weapon of choice in low-intensity conflicts, when deniability
is an advantage. Additionally, political ties can factually consolidate a mutual tacit non-aggression pact (See also Barkham Jason, Information Warfare and International Law on the Use of Force, in: New York University Journal of International Law and Politics, Vol. 34, 2001, No. 1, 108). In this context the magazine The Diplomat reports:
“Verisign [an important U.S. network operator and certificate authority] […]suggests that the Chinese government is outsourcing elements of its cyber warfare strategy to criminal organisations. In exchange, hackers and their criminal backers are given immunity from domestic prosecution, protection from international authorities and healthy pay packets.” (Macpherson Sholto, World Wide War 3.0).
In 1997 and early 1998, the G-8 Justice and Interior Ministers adopted and endorsed 10 Principles and a 10-point Action Plan to fight cyber crime. The G-8 agreed to endorse the following principles to combat high-tech crime :
- There must be no safe havens for those who abuse information technologies.
- Investigation and prosecution of international high-tech crimes must be coordinated among all concerned States, regardless of where harm has occurred.
- Law enforcement personnel must be trained and equipped to address high-tech crimes.
- Legal systems must protect the confidentiality, integrity, and availability of data and systems from unauthorized impairment and ensure that serious abuse is penalized.
- Legal systems should permit the preservation of and quick access to electronic data, which are often critical to the successful investigation of crime.
- Mutual assistance regimes must ensure the timely gathering and exchange of evidence in cases involving international high-tech crime.
- Transborder electronic access by law enforcement to publicly available (open source) information does not require authorization from the State where the data resides.
- Forensic standards for retrieving and authenticating electronic data for use in criminal investigations and prosecutions must be developed and employed.
- To the extent practicable, information and telecommunications systems should be designed to help prevent and detect network abuse, and should also facilitate the tracing of criminals and the collection of evidence.
- Work in this area should be coordinated with the work of other relevant international fora to ensure against duplication of efforts.
In addition, each participating country agreed to direct its officials to do the following :
- Use our established network of knowledgeable personnel to ensure a timely, effective response to transnational high-tech cases and designate a point-of-contact who is available on a twenty-four hour basis.
- Take appropriate steps to ensure that a sufficient number of trained and equipped law enforcement personnel are allocated to the task of combating high-tech crime and assisting law enforcement agencies of other States.
- Review our legal systems to ensure that they appropriately criminalize abuses of telecommunications and computer systems and promote the investigation of high-tech crimes.
- Consider issues raised by high-tech crimes, where relevant, when negotiating mutual assistance agreements or arrangements.
- Continue to examine and develop workable solutions regarding : the preservation of evidence prior to the execution of a request for mutual assistance; transborder searches; and computer searches of data where the location of that data is unknown.
- Develop expedited procedures for obtaining traffic data from all communications carriers in the chain of a communication and to study ways to expedite the passing of this data internationally.
- Work jointly with industry to ensure that new technologies facilitate our effort to combat high-tech crime by preserving and collecting critical evidence.
- Ensure that we can, in urgent and appropriate cases, accept and respond to mutual assistance requests relating to high-tech crime by expedited but reliable means of communications, including voice, fax, or e-mail, with written confirmation to follow where required.
- Encourage internationally-recognized standards-making bodies in the fields of telecommunications and information technologies to continue providing the public and private sectors with standards for reliable and secure telecommunications and data processing technologies.
- Develop and employ compatible forensic standards for retrieving and authenticating electronic data for use in criminal investigations and prosecutions.
Council of Europe
The Council of Europe and the United States?worked in the text of a treaty, with the “[t]o harmonize national legislation in this field, facilitate investigations and allow efficient levels of co-operation between the authorities of different States.”
East of Europe
Russia Ukraine, and Romania are hotbeds for hackers, many of whom get their start pirating Western software; in Russia, where nearly 90 percent of software was bootlegged, in 2002 a Microsoft Windows CD retailed for less than $2. In 2002, since online fees in Russia can hit $1.20 per hour -a steep price in a country where even college professors like Ivanov’s mother earn about $150 a month-kids often steal Internet Service Provider passwords using tips most likely gleaned from the 50,000-circulation Khaker, one of Russia’s most popular hacker magazines. An epidemic of stolen passwords forced America Online and CompuServe to abandon their Russian operations in 1997.
In the West, mischievous teen geeks usually mature into law-abiding adults-today’s password thief is tomorrow’s Java programmer. In Russia, however, where as many as half of the country’s software companies may have collapsed in 1998, upward mobility through legitimate tech work is rare. “There is a very large group of educated individuals in Eastern Europe, people that have degrees in computer science, in mathematics,” says Arif Alikhan of the computer crimes section at the U.S. Attorney’s office in Los Angeles. “And I think the economic circumstances sometimes make it very, very attractive to commit crimes.”
Russian mafiosi recruit hackers to plunder credit card numbers from e-commerce sites, but freelance electronic blackmail is also commonplace. Last March, for example, the Justice Department warned that hacker gangs in Russia and Ukraine had stolen more than 1 million credit card numbers from American servers. In October 2000, a cyber-raid on Microsoft that exposed top-secret source code was traced to St. Petersburg. And in August of the same year, two Kazakh men were arrested in London for trying to extort $200,000 from Michael Bloomberg, the billionaire turned New York City mayor, whose passwords they had filched.
Prosecutors allege that tech.net.ru’s schemes ranged from larceny to blackmail. A government trial brief states that Ivanov and Gorshkov set up a website, PayPai.com, to trick customers of the online payment service PayPal. Thousands of PayPal users got e-mails with links to PayPai.com, where they were prompted to enter their account details, including user names and passwords. The lawyers say the two Russians used the account information to purchase computer parts and other goods, which they had shipped to nearby Kazakhstan.
Source: Brendan I. Koerner is a Markle Fellow at the New America Foundation.
Cybercrime in Electronic Commerce
Cybercrime in the Online Business Law
Overview of Cybercrime in relation to cyber crime: The term ”cybercrime” is sometimes used synonymously with technological crime, high technology crime, high tech crime, economic crime, Internet crime, digital crime, or electronic crime, among other labels used by people to describe crime committed with computers or other IT devices. This can be confusing for students and other people trying to learn about cybercrime and ways to prevent it. This is especially true given that so many types of cybercrime and abuse of information systems, including (McQuade, 2006, p. 132): (1) negligent use of information systems while violating security policies or engaging in unsound information security practices and thereby exposing systems and data to cyber attacks; (2) conventional crimes involving use of computers or other types of electronic IT devices for communications and/or record keeping in support of their illegal activities; (3) online fraud such as phishing, spoofing, spimming, or otherwise deceiving people online for financial gain as in cases of credit card fraud and identity theft; (4) hacking, computer trespassing, and password cracking in order to break into computer account passwords and/or unlawfully enter information systems to commit online and/or offline crimes; (5) malicious writing and distribution of computer code that involves creating, copying, and/or releasing malware (i.e., disruptive or destructive viruses, Trojans, worms, or adware/spyware programs); (6) digital piracy of music, movie, and/or software especially via peer-to-peer networks; (7) cyber harassments, threat, intentional embarrassment, or coercion, including cyber bullying; (8) online stalking and other cyber-sex offending, including sending unwanted pictures or text of a sexual nature, promoting sex tourism, or using the Internet to facilitate human trafficking for sexual or other purposes; (9) academic cheating and scientific misconduct by students, teachers, or professors to plagiarize (i.e., take written credit for the writing or ideas of others), cheat on assignments or exams, or fake research methods or findings; (10) organized crime that involves use of the Internet by ethnic-based gangs to facilitate combinations of illegal and legal activities such as smuggling and selling of people, weapons, and drugs; (11) government and free-lance spying including corporate espionage that involves illicit use of spyware and key logger software to discover data that can be stolen or used to commit additional crimes; and (12) cyberterrorism by people trying to advance ”social, religious or political goals by instilling widespread fear or by damaging or disrupting critical information infrastructure.”
Notes and References
1. By Samuel C. McQuade, III
- Types of Cybercrime
Albanese, J. (1984). Corporate criminology: Explaining deviance of business and political organizations. Journal of Criminal Justice, 12, 11–19.
- E-Commerce Regulations
- Online Business Law
- Online Business Regulations
- Online Defamation (over the Internet)
- Copyright infringement