A REPORT ON

CYBERCRIME
A REAL THREAT
SUBMITTED TO
MISS PRITI TIWARI
SUBMITTED BY
NAME SWARUP GANGULY
STREAM COMPUTER
SCIENCE & ENGG.
ROLL NO. 59
DATE 18.03.2008
I I
Preface
The growing danger from crimes committed against computers, or
against information on computers, is beginning to claim attention in
national capitals. In most countries around the world, however,
existing laws are likely to be unenforceable against such crimes. This
lack of legal protection means that businesses and governments must
rely solely on technical measures to protect themselves from those who
would steal, deny access to, or destroy valuable information. Self-
protection, while essential, is not sufficient to make cyberspace a safe
place to conduct business. The rule of law must also be enforced.
Countries where legal protections are inadequate will become
increasingly less able to compete in the new economy. As cyber crime
increasingly breaches national borders, nations perceived as havens
run the risk of having their electronic messages blocked by the
network. National governments should examine their current statutes
to determine whether they are sufficient to combat the kinds of crimes.
Where gaps exist, governments should draw on best practices from
other countries and work closely with industry to enact enforceable
legal protections against these new crimes. This report analyzes the
state of the law in 52 countries. It finds that only ten of these nations
have amended their laws to cover more than half of the kinds of crimes
that need to be addressed. While many of the others have initiatives
underway, it is clear that a great deal of additional work is needed
before organizations and individuals can be confident that cyber
criminals will think twice before attacking valued systems and
information.
I I I
Letter of Transmittal
Techno India
EM - 4/1 Sector - V
Salt Lake City,
Kolkata - 700091
Dept. of Humanities
Dear Mam,
I am very much thankful to you for giving me the
opportunity me to write a technical report on CYBERCRIME A
REAL THREAT`. During this period of time I was engaged to collect
facts and figures from various resources as it is a major threat to
intellectual world. I hope you will become interested as much as I was
while writing.
Through the course of time I was given the opportunity to
learn much about various criminal offences in cyberspace and legal
proposals as well as enforcement policies to curb these evil practices.
I would like to thank my friends and teachers who were
always willing to help.
Thanking you,
_______________
(signature)
I V
Acknowledgements
I wish to express my sincere thanks to all those who agreed to share
their opinions, values, and knowledge in the area of technicalities and
investigations. Without their involvement, this report would have been
of lesser quality.
V
Table of Contents
1. Abstract.......................VI
2. Introduction..VII
3. MethodologyIX
4. Discussion
4.1 Defining Cybercrime....X
4.2 Organized Crime & CybercrimeXIX
4.3 Countering Cyberterrorism
- Its everybodys dutyXXII
5. Conclusion....XXV
6. RecommendationsXXVI
7. Appendices.XXIX
8. Bibliography.XXXI
V I
Abstract
Cyber crime has increased in severity and frequency in the
recent years and because of this, it has become a major concern for
companies, universities and organizations. The anonymity offered by
the Internet has made the task of tracing criminal identity difficult.
One study field that has contributed in tracing criminals is authorship
analysis on e-mails, messages and programs. The aim of the research
efforts in this area is to identify the author of a particular piece of code
by examining its programming style characteristics. Borrowing
extensively from the existing fields of linguistics and software metrics,
this field attempts to investigate various aspects of computer program
authorship. Source code authorship analysis could be implemented in
cases of cyber attacks, plagiarism and computer fraud. The growing
dependence of modern society on telecommunication and information
networks has become inevitable. The increase in the number of
interconnected networks to the Internet has led to an increase in
security threats and cybercrimes such as Distributed Denial of Service
(DDoS) attacks. Any Internet based attack typically is prefaced by a
reconnaissance probe process, which might take just a few minutes,
hours, days, or even months before the attack takes place. In order to
detect distributed network attacks as early as possible, an under
research and development probabilistic approach, which is known by
Bayesian networks has been proposed.
V I I
Introduction
1. The revolution in information technologies has changed society
fundamentally and will probably continue to do so in the foreseeable
future. Many tasks have become easier to handle. Where originally
only some specific sectors of society had rationalized their working
procedures with the help of information technology, now hardly any
sector of society has remained unaffected. Information technology has
in one way or the other pervaded almost every aspect of human
activities.
2. A conspicuous feature of information technology is the impact it
has had and will have on the evolution of telecommunications
technology. Classical telephony, involving the transmission of human
voice, has been overtaken by the exchange of vast amounts of data,
comprising voice, text, music and static and moving pictures. This
exchange no longer occurs only between human beings, but also
between human beings and computers, and between computers
themselves. Circuit-switched connections have been replaced by
packet-switched networks. It is no longer relevant whether a direct
connection can be established, it suffices that data is entered into a
network with a destinations address or made available for anyone who
wants to access it.
3. The pervasive use of electronic mail and the accessing through
the Internet of numerous web sites are examples of these
developments. They have changed our society profoundly.
4. The ease of accessibility and search ability of information
contained in computer systems, combined with the practically
unlimited possibilities for its exchange and dissemination, regardless of
geographical distances, has lead to an explosive growth in the amount
V I I I
of information available and the knowledge that can be drawn there
from.
5. These developments have given rise to an unprecedented
economic and social changes, but they also have a dark side: the
emergence of new types of crime as well as the commission of
traditional crimes by means of new technologies. Moreover, the
consequences of criminal behavior can be more far-reaching than
before because they are not restricted by geographical limitations or
national boundaries. The recent spread of detrimental computer
viruses all over the world has provided proof of this reality. Technical
measures to protect computer systems need to be implemented
concomitantly with legal measures to prevent and deter criminal
behavior.
6. The new technologies challenge existing legal concepts.
Information and communications flow more easily around the world.
Borders are no longer boundaries to this flow. Criminals are
increasingly located in places other than where their acts produce their
effects. However, domestic laws are generally confined to a specific
territory. Thus solutions to the problems posed must be addressed by
international law, necessitating the adoption of adequate international
legal instruments. The present Convention aims to meet this challenge,
with due respect to human rights in the new Information Society.
I X
Methodology
Primary Resources: -
1) Personal experience of my brother who is working in an MNC
is particularly involving on doing projects on these topics.
Secondary Resources: -
1) Daily Newspapers:-
i) Times of India (Education Times)
ii) Telegraph
2) Tech Magazines:-
i) PC-WORLD
ii) CHIP
ii) PC-QUEST
3) Websites:-
i) http://www.acrobatfiles.com
ii) http://www.irongeek.com
iii) http://www.btebook.com
iv) http://arstechnica.com/index.ars
X
Discussion
Defining Cybercrime
Although the term cybercrime` is now in everyday use, the first
problem encountered in measuring cybercrime is that there is no
commonly-agreed definition of the term.
Definitions of cybercrime include: - the use of any computer network
for crime
(British police)
Any criminal offence committed against or with the help of a computer
network (Council of Europe). These broad definitions offer little
insight into the nature of the conduct that falls within the umbrella
term. The issue is further complicated by the fact that cybercrime is a
social label and not an established term within the criminal law. It
seems that a situation has arisen in which everyone knows what
cybercrime means but nobody can pinpoint exactly what conduct the
term encompasses. The difficulty in actually defining cybercrime
X I
makes measurement of cybercrime problematic. What is it that is
actually being counted? However, this report will focus on the
following categories of cybercrime, which predominantly affect
individuals:
- Identity theft and identity fraud
- Financial fraud
- Offences against the person
- Computer misuse
- Sexual offences.
The following sections of the report will define
and explore each of these categories of cybercrime
in more detail.
Computer networking technology has also blurred the boundaries
between cyber warfare, cybercrime, and cyberterrorism. Officials in
government and industry now say that cybercrime and cyberattack
services available for hire from criminal organizations are a growing
threat to national security as well as to the U.S.economy. New and
sophisticated cybercrime tools could operate to allow a nation state or
terrorist group to remain unidentified while they direct cyberattacks
through the Internet. Many experts point out that past incidents of
conventional terrorism have already been linked with cybercrime, and
that computer vulnerabilities may make government and civilian
critical infrastructure systems seem attractive as targets for
cyberattack.
X I I
Identity Theft & identity Fraud:-
- Identity theft and identity fraud are not criminal offences in their
own right.
- In essence, identity theft is the assumption of the identity of another
person, living or dead, irrespective of the motivation underlying this
course of action. For example, taking on the identity of a dead person
and living life as them, having abandoned one`s own identity.
- By contrast, identity fraud is the transient or partial assumption of
another` s identity. This involves the fraudster retaining his own
identity for most purposes but (mis)using the identity of another for
some particular purpose. For example, using another`s identity to
register a car so that any driving offences are attributed to the victim
rather than to the fraudster.
- Identity theft is categorized as a cybercrime within this report
(despite not being an offence in itself) on the basis that it is inevitably
the first step that is taken towards the commission of a deception
X I I I
(fraudulent use of identity) offence and technology plays such a
significant role in the process of locating and acquiring the identity of
another.
Financial Fraud:-
- Financial fraud is defined as the use of deception for direct or
indirect financial or material gain. Direct financial gain commonly
involves the impersonation of the victim (hence the acquisition of his
identity - identity theft or identity fraud) in order to obtain money.
Indirect financial gain might involve the assumption of identity
information that secures the offender access to more lucrative
employment opportunities.
- This deception often (but not always) involves a misrepresentation
of the identity of the person concerned. For this reason, financial
fraud is often viewed as synonymous with identity theft/fraud.
However, this is a misperception as identity theft/fraud involves the
X I V
assumption of the identity of another for whatever purpose - this
may be financial fraud but need not necessarily be so. For example,
a person who assumes the identity of another in order to commit
driving offences would fall within the meaning of identity fraud
but not financial fraud whereas a person who assumes the identity
of another in order to obtain credit in the victim`s name would fall
within the meaning of both identity fraud and financial fraud.
- This category of conduct was covered by deception offences within
the Theft Act 1968 in Europe but these were repealed by the Fraud
Act 2006 in favour of a new raft of fraud offences. These offences
are categorized as cybercrime if they were committed online or
involved the use of online resources to facilitate fraud in the physical
world.
Offences against the person:-
- This category of cybercrime involves the use of a computer to
cause an individual some form of personal harm such as anxiety,
distress or psychological harm.
- It includes abusive or threatening e-mails and the posting of
derogatory information online.
- It also includes situations where the offender poses as the victim to
engage in offensive behavior behind the veil of anonymity offered by
the Internet.
- It also includes hate crimes`: the intimidation of a person or
group on the basis of their actual or perceived membership of the
targeted group; typically defined in terms of religion, political
belief, gender, race or sexual orientation. Hate crimes include abuse
directed at victims as well as unfair, untrue, unfavorable or
otherwise derogatory information disseminated about those viewed
as members of the target group.
X V
Computer Misuse:-
This category of cybercrime is reserved for conduct that falls within
the Computer Misuse Act 19904 (in Europe) as follows:
- Unauthorized access to a computer system
(basic hacking).
- Unauthorized access to a computer system with
intent to commit or facilitate the commission
of further offences (aggravated hacking).
- Unauthorized modification of computer material
(such as that caused by viruses).
Sexual Offences:-
- This category of cybercrime covers a range of conduct that has an
objectively ascertainable sexual element including pedophilic
activity such as grooming a child for sexual activity which was
criminalized by the Sexual Offences Act 2003. The ease of transfer
of information offered by the Internet and its largely unregulated
nature makes it a useful device for those engaged in this sort
of offences.
X V I
Malicious Code Hosted on Websites:-
Malicious codes, such as viruses or Trojan Horses, are
used to infect a computer to make it available for takeover and
remote control. Malicious code can infect a computer if the user
opens an email attachment or clicks an innocent-looking link on a
website. For example, users who visited the popular MySpace and
You Tube websites in 2005, and who lacked important software
security patches, reportedly may have had their PCs infected if they
clicked on a banner advertisement which silently installed malicious
code on their computers to log keystrokes or capture sensitive data.
During the first half of 2006, the Microsoft Security Team reported
that it had removed 10 million pieces of malicious software from
nearly 4 million computers and web servers.
Recently, analysts at Google tested several million web
pages for the presence of malicious software, and determined that
4.5 million of the web pages examined were suspicious in nature.
After further testing of the 4.5 million web pages, over 1 million
were found to launch downloads of malicious software, and more
than two thirds of those programs were ~bot software that, among
X V I I
other things, collected data on banking transactions and then
emailed the information to a temporary email account. Researchers
at the San Jose, Calif.-based security firm, Finjan Inc., after
reviewing security data from the first quarter of 2007, found that
more malware is hosted on servers in countries such as the U.S. and
U.K., than in other countries with
less developed e-crime law enforcement policies. Findings from the
Finjan 2007 Web Security Trends Report are based on an analysis
of more than 10 million unique websites from Internet traffic
recorded in the UK, and include the following:
! Attacks that involve the use of code obfuscation through diverse
randomization techniques are growing more numerous and
complex, making them virtually invisible to pattern-
matching/signature-based methods in use by traditional antivirus
products.
! Criminals are displaying an increasing level of sophistication when
embedding malicious code within legitimate content with less
dependence on outlaw servers in unregulated countries. Finjan
found that 90% of the websites examined containing malware
resided on servers located in the U.S. or U.K. ~The results of this
study shatter the myth that malicious code is primarily being hosted
in countries where e-crime laws are less developed, Finjan CTO
Yuval Ben-Itzhak reportedly stated.
SCADA Vulnerabilities:-
Supervisory Control And Data Acquisition (SCADA) systems
are the computers that monitor and regulate the operations of most
critical infrastructure industries (such as the companies that
manage the power grid). These SCADA computers automatically
monitor and adjust switching, manufacturing, and other process
control activities, based on digitized feedback data gathered by
sensors. These control systems are often placed in remote locations,
are frequently unmanned, and are accessed only periodically by
engineers or technical staff via telecommunications links. However,
X V I I I
for more efficiency, these communication links are increasingly
connected to corporate administrative local area networks, or
directly to the Internet. Some experts believe that the importance of
SCADA systems for controlling the critical infrastructure may make
them an attractive target for terrorists. Many SCADA systems also
now operate using Commercial-Off-The-Shelf (COTS) software,
which some observers believe are inadequately protected against a
cyber attack. These SCADA systems are thought to remain
persistently vulnerable to cyber attack because many organizations
that operate them have not paid proper attention to these systems`
unique computer security needs. The following example may serve
to illustrate the possible vulnerability of control systems and
highlight cyber security issues that could arise for infrastructure
computers when SCADA controls are interconnected with office
networks. In August 2003, the ~SlammerInternet computer worm
was able to corrupt for five hours the computer control systems at
the Davis-Besse nuclear power plant located in Ohio (fortunately,
the power plant was closed and off-line when the cyberattack
occurred). The computer worm was able to successfully penetrate
systems in the Davis-Besse power plant control room largely because
the business network for its corporate offices was found to have
multiple connections to the Internet that bypassed the control room
firewall. Other observers, however, suggest that SCADA systems
and the critical infrastructure are more robust and resilient than
early theorists of cyberterror have stated, and that the
infrastructure would likely recover rapidly from a cyberterrorism
attack. They cite, for example, that water system failures, power
outages, air traffic disruptions, and other scenarios resembling
possible cyberterrorism often occur as routine events, and rarely
affect national security, even marginally. System failures due to
storms routinely occur at the regional level, where service may often
be denied to customers for hours or days. Technical experts who
understand the systems would work to restore functions as quickly
as possible. Cyberterrorists would need to attack multiple targets
simultaneously for long periods of time to gradually create terror,
X I X
achieve strategic goals, or to have any noticeable effects on national
security.
u For more information about SCADA systems, see CRS Report
RL31534,
Critical Infrastructure: Control Systems and the Terrorist
Threat, by Dana A. Shea.
Organized Crime & Cybercrime
The criminal environment is rapidly changing in every moment. The
Internet has boundless growth potential, but its potential for legal
use is matched by an equivalent potential for illegal use.
Given that fighting organized crime is one of the priorities of the
federal and provincial governments, two
major issues intersect:
Generating intelligence and information to develop effective
strategies
Understanding and recognizing the technological tools used by the
community, the criminal world, and the police.
The question is therefore how to conduct an investigation when
information technology is involved in the crime? This question is
especially relevant in terms of the investigation practices used in the
field given the significant changes occurring to organized crime in
Canada
Investigate/Criminal Analysis, Practices & Procedure:-
In the field of investigations, as elsewhere, work habits and learned
approaches die hard. After basic training, continuous development,
and on-the-job training, ~giving up old habits is not easy. In a
changing and evolving environment, police officers and investigators
use the technological tools at their disposal non-systematically.
X X
Criminal Investigation Practices:-
For investigation and analysis purposes, information
technology is still perceived as new and threatening. This perception
has many consequences at various levels. The first major
consequence is that the police environment should have been
prepared to deal with these technological advances before police
officers, investigators, and analysts were asked how they used the
available technology. A second consequence is directly related to the
recommended and actual uses of technology. With technology
readily available, the use of computers and computerized databanks
tends to become systematic depending on the unit involved.
Personnel and skill development aimed at specific groups,
including investigators, is now part of the evolution of the police.
Skill development is all the more critical since police officers are not
ready to investigate technological crimes because they are
unfamiliar with such technology as the Internet or are unable to
measure its impact.
Developing advanced technology skills leads in turn to major
problems for the police. The promotion process is such that even
X X I
highly trained individuals must leave their field of expertise to get a
promotion. These individuals lose some of their know-how while
away from their specialty. One unexpected consequence of
technology has to do with workload. Collecting information and
loading it into databanks is viewed as extra work. It would be
incorrect to say that the use of technology is related to age or
seniority. It has to do above all with the development of the right
attitudes. Furthermore, it is only normal that individual learning,
program training, and assistance to co-workers would go through
an adjustment period. Finally, increasingly sophisticated specialized
services help police officers carry out tasks such as capturing data
from hard disks.
Investigation practices are affected by an easy access to
technological tools such as computers and by underused potential
devices such as CD-ROMs. We need both arouse the curiosity of
individuals and to develop their skills.
Investigation Methods:-
We looked at the traditional separation of investigation tasks
as reflected in the creation of various units. These separate units,
i.e., economic crime, homicide unit, drugs, etc., impede contacts
between police officers either for traditional or cultural reasons.
There is a real and necessary separation between investigation units.
This isolation is due to the development of cutting-edge expertise to
meet investigation challenges specific to each unit.
This produces obvious turf battles between units-some with a
major public impact. Separation also encourages the development of
cutting-edge expertise in some areas.
Crime analysts are one category of investigation experts.
Investigators need analysts. Their job mainly involves managing
complex information, providing direction for specific investigations,
and making sense of various elements connected to the investigation.
X X I I
A formal hierarchy exists among investigation units. This hierarchy
has consequences in terms of publicity, major budget allocations,
and availability of technological tools such as cell phones,
computers, pagers, etc. for individual unit members.
Intelligence and Its Uses:-
The information contained in computerized databanks and police
files is used as a work tool for specific investigations. It helps
identify the best targets for effective police actions.
Countering Cyberterrorism: Its Everyones Duty
Rates of cyber crime have been increasing at an alarming speed. In
part, cyber crime continues to spread due to a growing use of
X X I I I
information communication technology (ICT), which plays an ever-
important role in our daily lives. Individuals and organizations,
however, which tend to typically be the victims of such illicit
activity, are also playing a part in the effective spread of cyber
crime. For many people, forming an understanding of what cyber
crime really is has proven elusive. This lack of familiarity with the
topic has led many to do nothing to counter the threat, under a
misguided belief of not being responsible, thereby unwittingly
abetting criminals. Considering the barriers to forming a working
understanding of cyber crime, this report provides simple measures
and ideas which even the non-technical reader can implement to
counter the threat.
The Problem: Avoiding Responsibility -
As quickly as ICT products have flooded the market and entered
our lives, cyber crime rates have risen - perhaps at an even faster
rate. Criminals have found a prime environment for
conducting illicit activity in a digital world, while law abiding
segments of society continue to grapple with developing an
understanding of what cyber crime really is. The inability to
comprehend the problem has left many with a sense of not being
responsible for actively countering the threat.
This avoidance of responsibility plagues individuals, industry,
corporations and governments alike. Stemming from a lack of
understanding brought on by a broadness of definition, decision
makers are paralyzed when faced with the task of developing
practical measures to counter cyber crime. Instead of actually
taking steps to counter cyber crime, many opt to shift
the responsibility, and ultimately blame, onto someone or something
else. Such irresponsibility can manifest itself in individuals who
store user passwords on notepads beside desktop computers to
companies marketing products as completely secure when that is not
the case to politicians who ignore the topic due to a lack of
understanding.
X X I V
The economic consequences of avoiding responsibility are
considerable. Following a data breach in one of its stores, The TJX
Companies Inc. spent US$12 million in the first quarter of fiscal
2008 alone on investigations into the network intrusions said to have
occurred in 2005 and 2006. These costs are to say nothing of the
prolonged financial losses that might be sustained including pending
and potential law suits as a result of the breach. Breaches of
customer or user data can affect millions of people, often putting
sensitive personal information such as credit card and social
insurance numbers into the hands of criminals - resulting in many
unhappy, at-risk customers, leading to more unhappier investors.
X X V
Conclusion
It seems that source code authorship analysis is an important area of
practice in computer security, computer law, and academia as well
as an exciting area of research. The experiments that have been
performed support the theory that it is possible to find a set of
metrics that can be used to classify programmers correctly. Within a
closed environment, and with a limited number of programmers, it
is possible to identify authorship of a program by examining some
finite set of metrics. As part of this development in the field there is
the necessity for more formally defined methods and metrics
specifically used in this area. Further work will be to enrich the set
of metrics in order to improve classification accuracy. An example
could be introducing object oriented metrics when examining
authorship in C++ or Java. Also by employing other machine
learning techniques or statistical methods such as Bayesian
techniques, we could produce better results.
X X V I
Recommendations
1.) The Need for Adequate Training:-
The need for adequate training was clearly recognized by the people
interviewed and by many others involved in law enforcement. There
is no question that adequate and adapted training helps achieve
quality work. Some will say this training must be specialized so that
police officers can remain current in their area of expertise.
Training becomes in fact one of the crime-fighting tools in the sense
that ~every component is vital to the end result. For this to occur,
training must be provided in a timely fashion, which does not seem
to be the case for a large majority of those interviewed, either
because there is too much staff rotation or because new investigators
are picked directly from the patrol ranks and there is not enough
time to train them adequately. Finally, one of the main problems
with investigator training, although not exclusively related to
training, is personnel rotation. Even if a manager drafts an annual
training plan for members of his or her unit, individuals still have to
change units because of the promotion process. This means that
sometimes incumbents are not trained, or, if they are trained, they
may have to move to another unit. As stated: ~The biggest problem
is police officer rotation. You`re with a unit, you get trained and you
move to another unit. The organization is left in a position where all
it does is train individuals who, although highly dedicated, have no
experience....All this training is a waste because people move all the
time
2.) Recognize the real problem is crime, not hacking:-
Organized crime and cyber-crime are becoming an increasingly
salient component of the business environment. Disruption, denial of
service, and web site defacements will continue to be problems, but
exploitation of access to information systems for profit is likely to
X X V I I
become more pervasive. The trend towards accessing business
systems, highlighting security holes, and offering one`s services for a
significant fee, for example, is a thinly veiled form of extortion. As
such, it is very difficult from traditional hacking that is designed to
highlight security problems and ways of dealing with them as simply
a demonstration of expertise.
3.) Business intelligence needs to include criminal intelligence
analysis:-
Indeed, criminal intelligence analysis needs to be integrated
fully into business intelligence; risk assessment needs to incorporate
criminal threats; and cyber-security needs to be conceptualized as
part of a broader security problem that cannot be understood or
dealt with in strictly technical terms. Defending against such
contingencies requires that high-tech firms develop broad security
programs that incorporate cyber-security into a much broader
program. Cyber-security needs to be one component of a broader
security program that includes personnel, physical assets, the
provision of services, and financial assets. An arrangement in which
the security officer is responsible for cyber-security as part of a
comprehensive mandate is likely to be more effective and
appropriate than one in which cyber-security is seen as a distinct
portfolio separate from other
components of security.
4.) Beware of infiltration:-
If cyber-extortion is likely to be a growing problem, another danger
is that the high-tech industry is vulnerable to infiltration by
organized crime, especially when seeking foreign partners.
Consequently, the kind of due diligence exercise that has long been
common in the banking sector needs to be extended to other
industries. For bankers ~know your customer has become
standard practice. For the hi-tech business, it is perhaps even more
important to know your partners, especially when they are from
X X V I I I
another country. Questions need to be asked about their financing,
their clients, and their associates - as well as the extent to which
there are laws against cyber-crimes. Thorough background checks
are essential prior to allowing any joint use of data and
communication systems, or to bringing in their representatives to
work with one`s own employees. When there is overseas expansion,
these background checks need to be extended to new employees and
consultants. Although this might appear to be an exaggerated
concern, it is not. One characteristic of Russian organized crime, in
particular, is the systematic way in which it has infiltrated and, in
some cases, come to dominate particular economic sectors, often
operating through apparently legitimate front companies.
Organized crime has infiltrated large parts of the Russian banking
system, dominates the energy sectors in St. Petersburg, and has
made great inroads into the hotel system. There is no reason that the
high-tech sector should be exempt. Indeed, Mikhail Cherny, a well-
known Russian entrepreneur with a very dubious reputation, was
expelled from Bulgaria in the summer of 2000. He had a controlling
interest in Mobiltel, the largest provider of cellular telephones in the
country, and had been engaged in several fraudulent activities as
well as suspected money laundering. Although the dangers are
greater when companies operate in other countries, even in the
United States there are problems with organized crime. Russian
criminals in the United States, for example, operate through migr
networks, and there is a growing Russian presence in the
information technology sector that could very easily be connected in
some ways to Russian organized crime.
5.) Be sensitive to money laundering opportunities :-
Companies offering financial services on the Internet - and
particularly those offering mechanisms to facilitate financial
transactions - need to take steps to identify opportunities for money
laundering. Once this is done, they need to introduce safeguards to
close loopholes and prevent money laundering.
X X I X
Appendices
I ) Identity Theft:- In essence, identity theft is the assumption of
another`s identity irrespective of the motivation for which this
course of action is undertaken. It is categorized as a cybercrime
despite not being an offence per se on the basis that it is frequently
the first step that is taken towards the commission of an offence.
This first step may be taken because with chosen offence cannot be
committed without impersonation of the victim, i.e. financial fraud
in which the offender passes himself off as the victim, or because the
offender is using the victim`s identity to shield himself from the
consequences of his criminal behavior, i.e. he commits an offence
whilst posing as the victim. Irrespective of which of these
motivations is operative, the initial first step - the assumption of
another`s identity - is integral to the commission of the criminal
offence that is planned hence the inclusion of identity theft/fraud as
a cybercrime is justified as it is a way of facilitating the commission
of an offence.
II ) Financial Fraud:- In 2006, in relation to all crime
- 83% of adults used a plastic card (35.15 million) 4% of card users
had been a victim of card fraud (1.41 million)
- Approximately 1% of the adult population (351,500 adults) had at
least one of their plastic cards used without permission
- There were only 87,860 police recorded incidents of cheque and
credit card fraud28 - therefore only 6.5% of card fraud victims
were recorded by the police.
- The average loss was 740.29. The Fraud Act 2006, introduced in
January 2007, altered the definition, coverage and some counting
rules for fraud offences. From 1 April 2007, following an annual
upgrade to systems, new offences were recorded under the most
appropriate specific classification. In addition, from 1 April 2007,
there was a change in reporting procedures so that an account
X X X
holder who suspects fraud on their account is required to report the
matter to their financial
institution, who will then determine whether to report
the crime to the police.
III ) Sexual Offences:- Although there were 62,080 recorded
sexual offences in 2005/0650 and 57,542 in 2006/07, it is self-evident
that many of these cannot be committed online since they require
physical sexual contact between perpetrator and victim. The most
relevant sexual offence in terms of online behavior is that of
meeting a child following sexual grooming` which is defined as
intentionally meeting a person under 16, having met or
communicated on at least two earlier occasions, with the intention to
commit a relevant offence`. The extents of children being targeted
online for sexual purposes are difficult to evaluate. However, there
have been some surveys of children`s experience online. A draft
report from the Internet Crime Forum reports that 20% of Internet
children using chatrooms have been approached by pedophiles and
other undesirables while online.
Offences due to revenge :-
- 57% of adults personally use the Internet
(24.13 million)
- 8% of adults using the Internet were victims of
online (e-mail) harassment38 (1.93 million). It is estimated that
around 0.75%40 of adults were victims of racially or religiously
aggravated online harassment (14,475). On this basis, there were an
estimated 1,944,000. cases of online harassment in 2006. ( in USA )
X X X I
Bibliography
APACS (2006) Fraud: The Facts 2006`
APACS (2007) Fraud: The Facts 2007`
APACS (2007) Press release: card fraud losses continue
to fall`
CIFAS (2006) Identity Fraud - What about the victim?`
CIFAS (2007) 2006 Fraud Trends`
CIFAS (2007) Worrying Fraud Trends - the rise continues`
Denning, D (1998) Information Warfare and Security
Reading, Pennsylvania: Addison-Wesley.
Flatley, J (ed.) (2007) Mobile phone theft, plastic card
and identity fraud: Findings from the 2005/06 British
Crime Survey` Home Office Statistical Bulletin 10/07
(Supplementary Volume 2 to Crime in England and
Wales 2005/06)
House of Commons Official Report Written Answers
Computer Misuse Act Prosecutions` 26 March 2002,
c.WA35 and House of Commons Official Report
Written Answers Computer Misuse Act: Prosecutions`
7 January 2003 in Akdeniz, Y CyberCrime` in Stokes,
S and Carolina, R (eds.) (2003) E-Commerce Law
and Regulation Encyclopedia, London: Sweet &
Maxwell, 15-18 (revised April 2005)
House of Lords Science and Technology Committee
(2007) Personal Internet Security`HL 165-I
House of Lords Science and Technology Committee
(2007) Personal Internet Security: Evidence` HL 165-II
Internet Crime Forum (2001) Report on paedophile
activity in Internet chat-rooms.
Lovbakke, J, Taylor, P and Budd, S (2007) Crime in
England and Wales: Quarterly Update to December
2006` Home Office Statistical Bulletin
X X X I I
McAfee (2006) McAfee Virtual Criminology Report:
Organised Crime and the Internet`
National Statistics (2006) Crime in England and
Wales 2005-6: A summary of the main statistics`
Nicholas, S, Kershaw, C and Walker, A (2007) Crime
in England and Wales 2005/06` (2nd edition) Home
Office Statistical Bulletin
Parliamentary Office of Science and Technology (2006)
Postnote: Computer crime`
Price Waterhouse Coopers (2007) DTI Information
Security Breaches Survey 2006: Technical Report`
Registrars General for England and Wales, Northern
Ireland and Scotland (2006) Disclosure of death
registration information: Consultation paper`
Report from the Commission on the implementation
since 2005 of the Council Framework Decision of
13 June 2002 on the European arrest warrant and
the surrender procedures between Member States
COM(2007) 407 (Brussels, 11 July 2007)
Rogers, MK, Siegfried, K and Tidke, K Self-reported
computer criminal behavior: A psychological analysis`
[2006] Digital Investigation 116
Spafford, E (1997) Are hacker break-ins ethical?` in
Ermann, M, Williams, M & Shauf, M. (eds) (1997)
Computers, ethics, and society New York, New York:
Oxford University Press 77
Suler, J The Psychology of Cyberspace
http://www.rider.edu/~suler/psycyber/psycyber.html>
Symantec (2007) Symantec Internet Security Threat
Report: Trends for July-December 06`
Walker, A, Kershaw, C and Nicholas, S (2006) Crime
in England and Wales 2005/06` Home Office
Statistical Bulletin 12/06
Wilson, D, Patterson, A, Powell, G and Hembury, R
(2006) Fraud and technology crimes.
X X X I I I
X X X I V
X X X V
X X X V I
X X X V I I
X X X V I I I
X X X I X
X L
X L I
X L I I
X L I I I
X L I V
X L V
X L V I
X L V I I
X L V I I I
X L I X
L
L I
L I I
L I I I
L I V
L V
L V I
L V I I
L V I I I
L I X
L X
L X I
L X I I
L X I I I
L X I V
L X V
L X V I
L X V I I
L X V I I I
L X I X
L X X
L X X I
L X X I I
L X X I I I
L X X I V
L X X V
L X X V I
L X X V I I
L X X V I I I
L X X I X
L X X X
L X X X I
L X X X I I
L X X X I I I
L X X X I V
L X X X V
L X X X V I
L X X X V I I