Introduction: Cybercrime

Definition - What does Cybercrime mean?

Cybercrime is defined as a crime in which a computer is the object of the crime
(hacking, phishing, spamming) or is used as a tool to commit an offense (child
pornography, hate crimes). Cybercriminals may use computer technology to access
personal information, business trade secrets, or use the internet for exploitive or
malicious purposes. Criminals can also use computers for communication and
document or data storage. Criminals who perform these illegal activities are often
referred to as hackers.
Cybercrime may also be referred to as computer crime, the use of a computer as an
instrument to further illegal ends, such as committing fraud, trafficking in child
pornography and intellectualproperty, stealing identities, or violating privacy.
Cybercrime, especially through the Internet, has grown in importance as the computer
has become central to commerce, entertainment, and government.
Because of the early and widespread adoption of computers and the Internet in the
United States, most of the earliest victims and villains of cybercrime were Americans.
By the 21st century, though, hardly a hamlet remained anywhere in the world that had
not been touched by cybercrime of one sort or another.

Defining cybercrime
New technologies create new criminal opportunities but few new types of crime. What
distinguishes cybercrime from traditional criminal activity? Obviously, one difference is
the use of the digital computer, but technology alone is insufficient for any distinction
that might exist between different realms of criminal activity. Criminals do not need a
computer to commit fraud, traffic in child pornography and intellectual property, steal an
identity, or violate someones privacy. All those activities existed before the cyber
prefix became ubiquitous. Cybercrime, especially involving the Internet, represents an
extension of existing criminal behaviour alongside some novel illegal activities.
Most cybercrime is an attack on information about individuals, corporations, or
governments. Although the attacks do not take place on a physical body, they do take
place on the personal or corporate virtual body, which is the set of informational
attributes that define people and institutions on the Internet. In other words, in the digital
age our virtual identities are essential elements of everyday life: we are a bundle of
numbers and identifiers in multiple computer databases owned by governments and
corporations. Cybercrime highlights the centrality of networked computers in our lives,
as well as the fragility of such seemingly solid facts as individual identity.
An important aspect of cybercrime is its nonlocal character: actions can occur in
jurisdictions separated by vast distances. This poses severe problems for law
enforcement since previously local or even national crimes now require international
cooperation. For example, if a person accesses child pornography located on a
computer in a country that does not ban child pornography, is that individual committing
a crime in a nation where such materials are illegal? Where exactly does cybercrime
take place? Cyberspace is simply a richer version of the space where a telephone
conversation takes place, somewhere between the two people having the conversation.
As a planet-spanning network, the Internet offers criminals multiple hiding places in the
real world as well as in the network itself. However, just as individuals walking on the
ground leave marks that a skilled tracker can follow, cybercriminals leave clues as to
their identity and location, despite their best efforts to cover their tracks. In order to
follow such clues across national boundaries, though, international cybercrime treaties
must be ratified.
In 1996 the Council of Europe, together with government representatives from the
United States, Canada, and Japan, drafted a preliminary international treaty covering
computer crime. Around the world, civil libertarian groups immediately protested
provisions in the treaty requiring Internet service providers (ISPs) to store information on
their customers transactions and to turn this information over on demand. Work on the
treaty proceeded nevertheless, and on November 23, 2001, the Council of Europe
Convention on Cybercrime was signed by 30 states. The convention came into effect in
2004. Additional protocols, covering terrorist activities and racist and xenophobic
cybercrimes, were proposed in 2002 and came into effect in 2006. In addition, various
national laws, such as the USA PATRIOT Act of 2001, have expanded law
enforcements power to monitor and protect computer networks.

Types of cybercrime

Cybercrime ranges across a spectrum of activities. At one end are crimes that involve
fundamental breaches of personal or corporate privacy, such as assaults on
the integrity of information held in digital depositories and the use of illegally obtained
digital information to blackmail a firm or individual. Also at this end of the spectrum is
the growing crime of identity theft. Midway along the spectrum lie transaction-based
crimes such as fraud, trafficking in child pornography, digital piracy, money laundering,
and counterfeiting. These are specific crimes with specific victims, but the criminal hides
in the relative anonymity provided by the Internet. Another part of this type of crime
involves individuals within corporations or government bureaucracies deliberately
altering data for either profit or political objectives. At the other end of the spectrum are
those crimes that involve attempts to disrupt the actual workings of the Internet. These
range from spam, hacking, and denial of service attacks against specific sites to acts of
cyberterrorismthat is, the use of the Internet to cause public disturbances and even
death. Cyberterrorism focuses upon the use of the Internet by nonstate actors to affect
a nations economic and technological infrastructure. Since the September 11 attacks of
2001, public awareness of the threat of cyberterrorism has grown dramatically.
Identity theft and invasion of privacy
Cybercrime affects both a virtual and a real body, but the effects upon each are
different. This phenomenon is clearest in the case of identity theft. In the United States,
for example, individuals do not have an official identity card but a Social Security
number that has long served as a de facto identification number. Taxes are collected on
the basis of each citizens Social Security number, and many private institutions use the
number to keep track of their employees, students, and patients. Access to an
individuals Social Security number affords the opportunity to gather all the documents
related to that persons citizenshipi.e., to steal his identity. Even stolen credit
card information can be used to reconstruct an individuals identity. When criminals
steal a firms credit card records, they produce two distinct effects. First, they make off
with digital information about individuals that is useful in many ways. For example, they
might use the credit card information to run up huge bills, forcing the credit card firms to
suffer large losses, or they might sell the information to others who can use it in a
similar fashion. Second, they might use individual credit card names and numbers to
create new identities for other criminals. For example, a criminal might contact the
issuing bank of a stolen credit card and change the mailing address on the account.
Next, the criminal may get a passport or drivers license with his own picture but with the
victims name. With a drivers license, the criminal can easily acquire a new Social
Security card; it is then possible to open bank accounts and receive loansall with the
victims credit record and background. The original cardholder might remain unaware of
this until the debt is so great that the bank contacts the account holder. Only then does
the identity theft become visible. Although identity theft takes places in many countries,
researchers and law-enforcement officials are plagued by a lack of information and
statistics about the crime worldwide. Cybercrime is clearly, however, an international
problem.
In 2015 the U.S. Bureau of JusticeStatistics (BJS) released a report on identity theft; in
the previous year almost 1.1 million Americans had their identities fraudulently used to
open bank, credit card, or utility accounts. The report also stated that another 16.4
million Americans were victimized by account theft, such as use of stolen credit cards
and automatic teller machine (ATM) cards. The BJS report showed that while the total
number of identity theft victims in the United States had grown by about 1 million since
2012, the total loss incurred by individuals had declined since 2012 by about $10 billion
to $15.4 billion. Most of that decline was from a sharp drop in the number of people
losing more than $2,000. Most identity theft involved small sums, with losses less than
$300 accounting for 54 percent of the total.

Internet fraud
Schemes to defraud consumers abound on the Internet. Among the most famous is
the Nigerian, or 419, scam; the number is a reference to the section of Nigerian law
that the scam violates. Although this con has been used with both fax and traditional
mail, it has been given new life by the Internet. In the scheme, an individual receives
an e-mail asserting that the sender requires help in transferring a large sum of money
out of Nigeria or another distant country. Usually, this money is in the form of an asset
that is going to be sold, such as oil, or a large amount of cash that requires laundering
to conceal its source; the variations are endless, and new specifics are constantly being
developed. The message asks the recipient to cover some cost of moving the funds out
of the country in return for receiving a much larger sum of money in the near future.
Should the recipient respond with a check or money order, he is told that complications
have developed; more money is required. Over time, victims can lose thousands of
dollars that are utterly unrecoverable.

In 2002 the newly formed U.S. Internet Crime Complaint Center (IC3) reported that
more than $54 million dollars had been lost through a variety of fraud schemes; this
represented a threefold increase over estimated losses of $17 million in 2001. The
annual losses grew in subsequent years, reaching $125 million in 2003, about $200
million in 2006, close to $250 million in 2008, and over $1 billion in 2015. In the United
States the largest source of fraud is what IC3 calls non-payment/non-delivery, in which
goods and services either are delivered but not paid for or are paid for but not delivered.
Unlike identity theft, where the theft occurs without the victims knowledge, these more
traditional forms of fraud occur in plain sight. The victim willingly provides private
information that enables the crime; hence, these are transactional crimes. Few people
would believe someone who walked up to them on the street and promised them easy
riches; however, receiving an unsolicited e-mail or visiting a random Web page is
sufficiently different that many people easily open their wallets. Despite a vast amount
of consumer education, Internet fraud remains a growth industry for criminals and
prosecutors. Europe and the United States are far from the only sites of
cybercrime. South Korea is among the most wired countries in the world, and its
cybercrime fraud statistics are growing at an alarming rate. Japan has also experienced
a rapid growth in similar crimes.

ATM fraud
Computers also make more mundanetypes of fraud possible. Take the automated teller
machine (ATM) through which many people now get cash. In order to access an
account, a user supplies a card and personal identification number (PIN). Criminals
have developed means to intercept both the data on the cards magnetic strip as well as
the users PIN. In turn, the information is used to create fake cards that are then used to
withdraw funds from the unsuspecting individuals account. For example, in 2002
the New York Times reported that more than 21,000 American bank accounts had been
skimmed by a single group engaged in acquiring ATM information illegally. A particularly
effective form of fraud has involved the use of ATMs in shopping centres and
convenience stores. These machines are free-standing and not physically part of a
bank. Criminals can easily set up a machine that looks like a legitimate machine;
instead of dispensing money, however, the machine gathers information on users and
only tells them that the machine is out of order after they have typed in their PINs. Given
that ATMs are the preferred method for dispensing currency all over the world, ATM
fraud has become an international problem.

Wire fraud
The international nature of cybercrime is particularly evident with wire fraud. One of the
largest and best-organized wire fraud schemes was orchestrated by Vladimir Levin, a
Russian programmer with a computer software firm in St. Petersburg. In 1994, with the
aid of dozens of confederates, Levin began transferring some $10 million from
subsidiaries of Citibank, N.A., in Argentina and Indonesia to bank accounts in San
Francisco, Tel Aviv, Amsterdam, Germany, and Finland. According to Citibank, all but
$400,000 was eventually recovered as Levins accomplices attempted to withdraw the
funds. Levin himself was arrested in 1995 while in transit through Londons Heathrow
Airport (at the time, Russia had no extradition treaty for cybercrime). In 1998 Levin was

finally extradited to the United States, where he was sentenced to three years in jail
and ordered to reimburse Citibank $240,015. Exactly how Levin obtained the necessary
account names and passwords has never been disclosed, but no Citibank employee
has ever been charged in connection with the case. Because a sense of security and
privacy are paramount to financial institutions, the exact extent of wire fraud is difficult
to ascertain. In the early 21st century, wire fraud remained a worldwide problem.

File sharing and piracy

Through the 1990s, sales of compact discs (CDs) were the major source of revenue for
recording companies. Although piracythat is, the illegal duplication
of copyrighted materialshad always been a problem, especially in the Far East, the
proliferation on college campuses of inexpensive personal computers capable of
capturing music off CDs and sharing them over high-speed (broadband) Internet
connections became the recording industrys greatest nightmare. In the United States,
the recording industry, represented by the Recording Industry Association of
America (RIAA), attacked a single file-sharing service, Napster, which from 1999 to
2001 allowed users across the Internet access to music files, stored in the data-
compression format known as MP3, on other users computers by way of Napsters
central computer. According to the RIAA, Napster users regularly violated the copyright
of recording artists, and the service had to stop. For users, the issues were not so clear-
cut. At the core of the Napster case was the issue of fair use. Individuals who had
purchased a CD were clearly allowed to listen to the music, whether in their home
stereo, automobile sound system, or personal computer. What they did not have the
right to do, argued the RIAA, was to make the CD available to thousands of others who
could make a perfect digital copy of the music and create their own CDs. Users rejoined
that sharing their files was a fair use of copyrighted material for which they had paid a
fair price. In the end, the RIAA argued that a whole new class of cybercriminal had been
bornthe digital piratethat included just about anyone who had ever shared or
downloaded an MP3 file. Although the RIAA successfully shuttered Napster, a new type
of file-sharing service, known as peer-to-peer (P2P) networks, sprang up. These
decentralized systems do not rely on a central facilitating computer; instead, they
consist of millions of users who voluntarily open their own computers to others for file
sharing.
The RIAA continued to battle these file-sharing networks, demanding that ISPs turn
over records of their customers who move large quantities of data over their networks,
but the effects were minimal. The RIAAs other tactic has been to push for the
development of technologies to enforce the digital rights of copyright holders. So-
called digital rights management (DRM) technology is an attempt to forestall piracy
through technologies that will not allow consumers to share files or possess too many
copies of a copyrighted work.
At the start of the 21st century, copyright owners began accommodating themselves
with the idea of commercial digital distribution. Examples include the online sales by the
iTunes Store (run by Apple Inc.) and Amazon.com of music, television shows, and
movies in downloadable formats, with and without DRM restrictions. In addition, several
cable and satellite television providers, many electronic game systems (Sony
Corporations PlayStation 3 and Microsoft Corporations Xbox 360), and streaming
and Microsoft Corporations Xbox 360), and streaming services like Netflix developed
video-on-demand services that allow customers to download movies and shows for
immediate (streaming) or later playback.
File sharing brought about a fundamental reconstruction of the relationship between
producers, distributors, and consumers of artistic material. In America, CD sales
dropped from a high of nearly 800 million albums in 2000 to less than 150 million
albums in 2014. Although the music industry sold more albums digitally than it had CDs
at its peak, revenue declined by more than half since 2000. As broadband Internet
connections proliferate, the motion-picture industry faces a similar problem, although
the digital videodisc (DVD) came to market with encryption and various built-in attempts
to avoid the problems of a video Napster. However, sites such as The Pirate
Bay emerged that specialized in sharing such large files as those of movies
and electronic games.

Counterfeiting and forgery

File sharing of intellectual property is only one aspect of the problem with copies.
Another more mundane aspect lies in the ability of digital devices to render nearly
perfect copies of material artifacts. Take the traditional crime of counterfeiting. Until
recently, creating passable currency required a significant amount of skill and access to
technologies that individuals usually do not own, such as printing presses, engraving
plates, and special inks. The advent of inexpensive, high-quality colour copiers and
printers has brought counterfeiting to the masses. Ink-jet printers now account for a
growing percentage of the counterfeit currency confiscated by the U.S. Secret Service.
In 1995 ink-jet currency accounted for 0.5 percent of counterfeit U.S. currency; in 1997
ink-jet printers produced 19 percent of the illegal cash. By 2014 almost 60 percent of the
counterfeit money recovered in the U.S. came from ink-jet printers. The widespread
development and use of computer technology prompted the U.S. Treasury to redesign
U.S. paper currency to include a variety of anticounterfeiting technologies.
The European Union currency, or euro, had security designed into it from the start.
Special features, such as embossed foil holograms and special ribbons and paper, were
designed to make counterfeiting difficult. Indeed, the switch to the euro presented an
unprecedented opportunity for counterfeiters of preexisting national currencies. The
great fear was that counterfeit currency would be laundered into legal euros.
Fortunately, it was not the problem that some believed it would be.
Nor is currency the only document being copied. Immigration documents are among the
most valuable, and they are much easier to duplicate than currency. In the wake of
the September 11 attacks, this problem came under increasing scrutiny in the United
States. In particular, the U.S. General Accounting Office (GAO) issued several reports
during the late 1990s and early 2000s concerning the extent of document fraud that had
been missed by the Immigration and Naturalization Service (INS). Finally, a 2002 report
by the GAO reported that more than 90 percent of certain types of benefit claims were
fraudulent and further stated that immigration fraud was out of control. Partially in
response to these revelations, the INS was disbanded and its functions assumed by the
newly constituted U.S. Department of Homeland Security in 2003.

Child pornography
With the advent of almost every new media technology, pornography has been its killer
app, or the application that drove early deployment of technical innovations in search of
profit. The Internet was no exception, but there is a criminal element to this business
bonanzachild pornography, which is unrelated to the lucrative business of legal adult-
oriented pornography. The possession of child pornography, defined here as images of
children under age 18 engaged in sexual behaviour, is illegal in the United States, the
European Union, and many other countries, but it remains a problem that has no easy
solution. The problem is compounded by the ability of kiddie porn Web sites
to disseminatetheir material from locations, such as states of the former Soviet Union as
well as Southeast Asia, that lack cybercrime laws. Some law-enforcement organizations
believe that child pornography represents a $3-billion-a-year industry and that more
than 10,000 Internet locations provide access to these materials.
The Internet also provides pedophiles with an unprecedented opportunity to commit
criminal acts through the use of chat rooms to identify and lure victims. Here the virtual
and the material worlds intersect in a particularly dangerous fashion. In many countries,
state authorities now pose as children in chat rooms; despite the widespread knowledge
of this practice, pedophiles continue to make contact with these children in order to
meet them off-line. That such a meeting invites a high risk of immediate arrest does
not seem to deter pedophiles. Interestingly enough, it is because the Internet allows
individual privacy to be breached that the authorities are able to capture pedophiles.

Hacking
While breaching privacy to detect cybercrime works well when the crimes involve the
theft and misuse of information, ranging from credit card numbers and personal data to
file sharing of various commoditiesmusic, video, or child pornographywhat of
crimes that attempt to wreak havoc on the very workings of the machines that make up
the network? The story of hacking actually goes back to the 1950s, when a group of
phreaks (short for phone freaks) began to hijack portions of the worlds telephone
networks, making unauthorized long-distance calls and setting up special party lines
for fellow phreaks. With the proliferation of computer bulletin board systems (BBSs) in
the late 1970s, the informal phreakingculture began to coalesce into quasi-organized
groups of individuals who graduated from the telephone network to hacking corporate
and government computer network systems.
Although the term hacker predates computers and was used as early as the mid-1950s
in connection with electronic hobbyists, the first recorded instance of its use in
connection with computer programmers who were adept at writing, or hacking,
computer code seems to have been in a 1963 article in a student newspaper at
the Massachusetts Institute of Technology (MIT). After the first computer systems were
linked to multiple users through telephone lines in the early 1960s, hacker came to refer
to individuals who gained unauthorized access to computer networks, whether from
another computer network or, as personal computers became available, from their own
computer systems. Although it is outside the scope of this article to discuss hacker
culture, most hackers have not been criminals in the sense of being vandals or of
seeking illicit financial rewards. Instead, most have been young people driven by
intellectual curiosity; many of these people have gone on to become computer
security architects. However, as some hackers sought notoriety among their peers, their
exploits led to clear-cut crimes. In particular, hackers began breaking into computer
systems and then bragging to one another about their exploits, sharing pilfered
documents as trophies to prove their boasts. These exploits grew as hackers not only
broke into but sometimes took control of government and corporate computer networks.
One such criminal was Kevin Mitnick, the first hacker to make the most wanted list of
the U.S. Federal Bureau of Investigation (FBI). He allegedly broke into the North
American Aerospace Defense Command (NORAD) computer in 1981, when he was 17
years old, a feat that brought to the fore the gravity of the threat posed by such security
breaches. Concern with hacking contributed first to an overhaul of federal sentencing in
the United States, with the 1984 Comprehensive Crime Control Act and then with the
Computer Fraud and Abuse Act of 1986.

The scale of hacking crimes is among the most difficult to assess because the victims
often prefer not to report the crimessometimes out of embarrassment or fear of further
security breaches. Officials estimate, however, that hacking costs the world economy
billions of dollars annually. Hacking is not always an outside joba related criminal
endeavour involves individuals within corporations or government bureaucracies
deliberately altering database records for either profit or political objectives. The
greatest losses stem from the theft of proprietaryinformation, sometimes followed up by
the extortion of money from the original owner for the datas return. In this sense,
hacking is old-fashioned industrial espionage by other means.

One of the largest known case of computer hacking was discovered in late March 2009.
It involved government and private computers in at least 103 countries. The worldwide
spy network known as GhostNet was discovered by researchers at the University of
Toronto, who had been asked by representatives of the Dalai Lama to investigate the
exiled Tibetan leaders computers for possible malware. In addition to finding out that
the Dalai Lamas computers were compromised, the researchers discovered that
GhostNet had infiltrated more than a thousand computers around the world. The highest
concentration of compromised systems were within embassies and foreign affairs
bureaus of or located in South Asian and Southeast Asian countries. Reportedly, the
computers were infected by users who opened e-mail attachments or clicked on Web
page links. Once infected with the GhostNet malware, the computers began phishing
for files throughout the local networkeven turning on cameras and video-recording
devices for remote monitoring. Three control servers that ran the malware were located
in Hainan, Guangdong, and Sichuan provinces in China, and a fourth server was
located in California.

Computer viruses
The deliberate release of damaging computer viruses is yet another type of cybercrime.
In fact, this was the crime of choice of the first person to be convicted in the United
States under the Computer Fraud and Abuse Act of 1986. On November 2, 1988,
a computer science student at Cornell University named Robert Morris released a
software worm onto the Internet from MIT (as a guest on the campus, he hoped to
remain anonymous). The worm was an experimental self-propagating and
replicating computer program that took advantage of flaws in certain e-mail protocols.
Due to a mistake in its programming, rather than just sending copies of itself to other
computers, this software kept replicating itself on each infected system, filling all the
available computer memory. Before a fix was found, the worm had brought some 6,000
computers (one-tenth of the Internet) to a halt. Although Morriss worm cost time and
millions of dollars to fix, the event had few commercial consequences, for the Internet
had not yet become a fixture of economic affairs. That Morriss father was the head of
computer security for the U.S. National Security Agency led the press to treat the event
more as a high-tech Oedipal drama than as a foreshadowing of things to come. Since
then, ever more harmful viruses have been cooked up by anarchists and misfits from
locations as diverse as the United States, Bulgaria, Pakistan, and the Philippines.

Denial of service attacks

Compare the Morris worm with the events of the week of February 7, 2000, when
mafiaboy, a 15-year-old Canadian hacker, orchestrated a series of denial of service
attacks (DoS) against several e-commerce sites, including Amazon.com and eBay.com.
These attacks used computers at multiple locations to overwhelm the vendors
computers and shut down their World Wide Web (WWW) sites to legitimate commercial
traffic. The attacks crippled Internet commerce, with the FBI estimating that the affected
sites suffered $1.7 billion in damages. In 1988 the Internet played a role only in the lives
of researchers and academics; by 2000 it had become essential to the workings of the
U.S. government and economy. Cybercrime had moved from being an issue of
individual wrongdoing to being a matter of national security.

Distributed DoS attacks are a special kind of hacking. A criminal salts an array of
computers with computer programs that can be triggered by an external computer user.
These programs are known as Trojan horses since they enter the unknowing users
computers as something benign, such as a photo or document attached to an e-mail. At
a predesignated time, this Trojan horse program begins to send messages to a
predetermined site. If enough computers have been compromised, it is likely that the
selected site can be tied up so effectively that little if any legitimate traffic can reach it.
One important insight offered by these events has been that much software is insecure,
making it easy for even an unskilled hacker to compromise a vast number of machines.
Although software companies regularly offer patches to fix software vulnerabilities, not
all users implementthe updates, and their computers remain vulnerable to criminals
wanting to launch DoS attacks. In 2003 the Internet service provider PSINet Europe
connected an unprotected server to the Internet. Within 24 hours the server had been
attacked 467 times, and after three weeks more than 600 attacks had been recorded.
Only vigorous security regimes can protect against such an environment. Despite the
claims about the pacific nature of the Internet, it is best to think of it as a modern
example of the Wild West of American lorewith the sheriff far away.

Spam, steganography, and e-mail hacking

E-mail has spawned one of the most significant forms of cybercrimespam, or
unsolicited advertisements for products and services, which experts estimate
against all users of the Internet since it wastes both the storage and network capacities
of ISPs, as well as often simply being offensive. Yet, despite various attempts to
legislate it out of existence, it remains unclear how spam can be eliminated without
violating the freedom of speech in a liberal democratic polity. Unlike junk mail, which
has a postage cost associated with it, spam is nearly free for perpetratorsit typically
costs the same to send 10 messages as it does to send 10 million.
One of the most significant problems in shutting down spammers involves their use of
other individuals personal computers. Typically, numerous machines connected to the
Internet are first infected with a virus or Trojan horse that gives the spammer secret
control. Such machines are known as zombie computers, and networks of them, often
involving thousands of infected computers, can be activated to flood the Internet with
spam or to institute DoS attacks. While the former may be almost benign, including
solicitations to purchase legitimate goods, DoS attacks have been deployed in efforts to
blackmail Web sites by threatening to shut them down. Cyberexperts estimate that the
United States accounts for about one-fourth of the 48 million zombie computers in the
world and is the origin of nearly one-third of all spam.
E-mail also serves as an instrument for both traditional criminals and terrorists. While
libertarians laud the use of cryptography to ensure privacy in communications, criminals
and terrorists may also use cryptographic means to conceal their plans. Law-
enforcement officials report that some terrorist groups embed instructions and
information in images via a process known as steganography, a sophisticated method
of hiding information in plain sight. Even recognizing that something is concealed in this
fashion often requires considerable amounts of computing power; actually decoding the
information is nearly impossible if one does not have the key to separate the hidden
data.

In a type of scam called business e-mail compromise (BEC), an e-mail sent to a

business appears to be from an executive at another company with which the business
is working. In the e-mail, the executive asks for money to be transferred into a certain
account. The FBI has estimated that BEC scams have cost American businesses about
$750 million.
Sometimes e-mail that an organization would wish to keep secret is obtained and
released. In 2014 hackers calling themselves Guardians of Peace released e-mail
from executives at the motion picture company Sony Pictures Entertainment, as well as
other confidential company information. The hackers demanded that Sony Pictures not
release The Interview, a comedy about a CIA plot to assassinate North Korean
leader Kim Jong-Eun, and threatened to attack theatres that showed the movie. After
American movie theatre chains canceled screenings, Sony released the movie online
and in limited theatrical release. E-mail hacking has even affected politics. In 2016, e-
mail at the Democratic National Committee (DNC) was obtained by hackers believed to
be in Russia. Just before the Democratic National Convention, the media organization
WikiLeaks released the e-mail, which showed a marked preference of DNC officials for
the presidential campaign of Hillary Clinton over that of her challenger Bernie Sanders.
DNC chairperson Debbie Wasserman Schultz resigned, and some American
commentators speculated that the release of the e-mail showed the preference of the
Russian government for Republican nominee Donald Trump.

Sabotage

Another type of hacking involves the hijacking of a government or corporation Web site.
Sometimes these crimes have been committed in protest over the incarceration of other
hackers; in 1996 the Web site of the U.S. Central Intelligence Agency (CIA) was altered
by Swedish hackers to gain international support for their protest of the Swedish
governments prosecution of local hackers, and in 1998 the New York Timess Web site
was hacked by supporters of the incarcerated hacker Kevin Mitnick. Still other hackers
have used their skills to engage in political protests: in 1998 a group calling itself the
Legion of the Underground declared cyberwar on China and Iraq in protest
of alleged human rights abuses and a program to build weapons of mass destruction,
respectively. In 2007, Estonian government Web sites, as well as those for banks and
the media, were attacked. Russian hackers were suspected because Estonia was then
in a dispute with Russia over the removal of a Soviet war memorial in Tallinn.
Sometimes a users or organizations computer system is attacked and encrypted until a
ransom is paid. The software used in such attacks has been dubbed ransomware. The
ransom usually demanded is payment in a form of virtual currency, such as Bitcoin.
When data are of vital importance to an organization, sometimes the ransom is paid. In
2016 several American hospitals were hit with ransomware attacks, and one hospital
paid over $17,000 for its systems to be released.

Defacing Web sites is a minor matter, though, when compared with the specter of
cyberterrorists using the Internet to attack the infrastructure of a nation, by rerouting
airline traffic, contaminating the water supply, or disabling nuclear plant safeguards.
One consequence of the September 11 attacks on New York City was the destruction of
a major telephone and Internet switching centre. Lower Manhattan was effectively cut
off from the rest of the world, save for radios and cellular telephones. Since that day,
there has been no other attempt to destroy the infrastructure that produces what has
been called that consensual hallucination, cyberspace. Large-scale cyberwar (or
information warfare) has yet to take place, whether initiated by rogue states or terrorist
organizations, although both writers and policy makers have imagined it in all too great
detail.
In late March 2007 the Idaho National Laboratory released a video demonstrating what
catastrophic damage could result from utility systems being compromised by hackers.
Several utilities responded by giving the U.S. government permission to run an audit on
their systems. In March 2009 the results began to leak out with a report in The Wall
Street Journal. In particular, the report indicated that hackers had installed software in
some computers that would have enabled them to disrupt electrical services. Homeland
Security spokeswoman Amy Kudwa affirmed that no disruptions had occurred, though
further audits of electric, water, sewage, and other utilities would continue.
Michael Aaron Dennis

Categories of cyber crimes and criminals.

9 TYPES OF CYBER CRIME

1. THEFT OF TELECOMMUNICATIONS SERVICES

The "phone phreakers" of three decades ago set a precedent for what has become a
major criminal industry. By gaining access to an organisation's telephone switchboard
(PBX) individuals or criminal organisations can obtain access to dial-in/dial-out circuits
and then make their own calls or sell call time to third parties (Gold 1999). Offenders
may gain access to the switchboard by impersonating a technician, by fraudulently
obtaining an employee's access code, or by using software available on the internet.
Some sophisticated offenders loop between PBX systems to evade detection.
Additional forms of service theft include capturing "calling card" details and on-selling
calls charged to the calling card account, and counterfeiting or illicit reprogramming of
stored value telephone cards.

It has been suggested that as long ago as 1990, security failures at one major
telecommunications carrier cost approximately 290 million, and that more recently, up
to 5% of total industry turnover has been lost to fraud (Schieck 1995: 2-5; Newman
1998). Costs to individual subscribers can also be significant In one case, computer
hackers in the United States illegally obtained access to Scotland Yard's telephone
network and made 620,000 worth of international calls for which Scotland Yard was
responsible (Tendler and Nuttall 1996).

2. COMMUNICATIONS IN FURTHERANCE OF CRIMINAL CONSPIRACIES

Just as legitimate organisations in the private and public sectors rely upon information
systems for communications and record keeping, so too are the activities of criminal
organisations enhanced by technology.

There is evidence of telecommunications equipment being used to facilitate organised

drug trafficking, gambling, prostitution, money laundering, child pornography and trade
in weapons (in those jurisdictions where such activities are illegal). The use of
encryption technology may place criminal communications beyond the reach of law
enforcement.

The use of computer networks to produce and distribute child pornography has become
the subject of increasing attention. Today, these materials can be imported across
national borders at the speed of light (Grant, David and Grabosky 1997). The more
overt manifestations of internet child pornography entail a modest degree of
organisation, as required by the infrastructure of IRC and WWW, but the activity
appears largely confined to individuals.

By contrast, some of the less publicly visible traffic in child pornography activity appears
to entail a greater degree of organisation. Although knowledge is confined to that
conduct which has been the target of successful police investigation, there appear to
have been a number of networks which extend cross-nationally, use sophisticated
technologies of concealment, and entail a significant degree of coordination.

Illustrative of such activity was the Wonderland Club, an international network with
members in at least 14 nations ranging from Europe, to North America, to Australia.
Access to the group was password protected, and content was encrypted. Police
investigation of the activity, codenamed "Operation Cathedral" resulted in approximately
100 arrests around the world, and the seizure of over 100,000 images in September,
1998.

3. TELECOMMUNICATIONS PIRACY

Digital technology permits perfect reproduction and easy dissemination of print,

graphics, sound, and multimedia combinations. The temptation to reproduce
copyrighted material for personal use, for sale at a lower price, or indeed, for free
distribution, has proven irresistable to many.

This has caused considerable concern to owners of copyrighted material. Each year, it
has been estimated that losses of between US$15 and US$17 billion are sustained by
industry by reason of copyright infringement (United States, Information Infrastructure
Task Force 1995, 131).

The Software Publishers Association has estimated that $7.4 billion worth of software
was lost to piracy in 1993 with $2 billion of that being stolen from the Internet (Meyer
and Underwood 1994).

Ryan (1998) puts the cost of foreign piracy to American industry at more than $10 billion
in 1996, including $1.8 billion in the film industry, $1.2 billion in music, $3.8 billion in
business application software, and $690 million in book publishing.

According to the Straits Times (8/11/99) A copy of the most recent James Bond Film
The World is Not Enough, was available free on the internet before its official release.
When creators of a work, in whatever medium, are unable to profit from their creations,
there can be a chilling effect on creative effort generally, in addition to financial loss.

4. DISSEMINATION OF OFFENSIVE MATERIALS

Content considered by some to be objectionable exists in abundance in cyberspace.

This includes, among much else, sexually explicit materials, racist propaganda, and
instructions for the fabrication of incendiary and explosive devices. Telecommunications
systems can also be used for harassing, threatening or intrusive communications, from
the traditional obscene telephone call to its contemporary manifestation in "cyber-
stalking", in which persistent messages are sent to an unwilling recipient.

One man allegedly stole nude photographs of his former girlfriend and her new
boyfriend and posted them on the Internet, along with her name, address and telephone
number. The unfortunate couple, residents of Kenosha, Wisconsin, received phone calls
and e-mails from strangers as far away as Denmark who said they had seen the photos
on the Internet. Investigations also revealed that the suspect was maintaining records
about the woman's movements and compiling information about her family (Spice and
Sink 1999).

In another case a rejected suitor posted invitations on the Internet under the name of a
28-year-old woman, the would-be object of his affections, that said that she had
fantasies of rape and gang rape. He then communicated via email with men who replied
to the solicitations and gave out personal information about the woman, including her
address, phone number, details of her physical appearance and how to bypass her
home security system. Strange men turned up at her home on six different occasions
and she received many obscene phone calls. While the woman was not physically
assaulted, she would not answer the phone, was afraid to leave her home, and lost her
job (Miller 1999; Miller and Maharaj 1999).

One former university student in California used email to harass 5 female students in
1998. He bought information on the Internet about the women using a professor's credit
card and then sent 100 messages including death threats, graphic sexual descriptions
and references to their daily activities. He apparently made the threats in response to
perceived teasing about his appearance (Associated Press 1999a).

Computer networks may also be used in furtherance of extortion. The Sunday Times
(London) reported in 1996 that over 40 financial institutions in Britain and the United
States had been attacked electronically over the previous three years. In England,
financial institutions were reported to have paid significant amounts to sophisticated
computer criminals who threatened to wipe out computer systems. (The Sunday Times,
June 2, 1996). The article cited four incidents between 1993 and 1995 in which a total of
42.5 million Pounds Sterling were paid by senior executives of the organisations
concerned, who were convinced of the extortionists' capacity to crash their computer
systems (Denning 1999 233-4).
5. ELECTRONIC MONEY LAUNDERING AND TAX EVASION

For some time now, electronic funds transfers have assisted in concealing and in
moving the proceeds of crime. Emerging technologies will greatly assist in concealing
the origin of ill-gotten gains. Legitimately derived income may also be more easily
concealed from taxation authorities. Large financial institutions will no longer be the only
ones with the ability to achieve electronic funds transfers transiting numerous
jurisdictions at the speed of light. The development of informal banking institutions and
parallel banking systems may permit central bank supervision to be bypassed, but can
also facilitate the evasion of cash transaction reporting requirements in those nations
which have them. Traditional underground banks, which have flourished in Asian
countries for centuries, will enjoy even greater capacity through the use of
telecommunications.

With the emergence and proliferation of various technologies of electronic commerce,

one can easily envisage how traditional countermeasures against money laundering
and tax evasion may soon be of limited value. I may soon be able to sell you a quantity
of heroin, in return for an untraceable transfer of stored value to my "smart-card", which
I then download anonymously to my account in a financial institution situated in an
overseas jurisdiction which protects the privacy of banking clients. I can discreetly draw
upon these funds as and when I may require, downloading them back to my stored
value card (Wahlert 1996).

6. ELECTRONIC VANDALISM, TERRORISM AND EXTORTION

As never before, western industrial society is dependent upon complex data processing
and telecommunications systems. Damage to, or interference with, any of these
systems can lead to catastrophic consequences. Whether motivated by curiosity or
vindictiveness electronic intruders cause inconvenience at best, and have the potential
for inflicting massive harm (Hundley and Anderson 1995, Schwartau 1994).

While this potential has yet to be realised, a number of individuals and protest groups
have hacked the official web pages of various governmental and commercial
organisations (Rathmell 1997). http://www.2600.com/hacked_pages/ (visited 4 January
2000). This may also operate in reverse: early in 1999 an organised hacking incident
was apparently directed at a server which hosted the Internet domain for East Timor,
which at the time was seeking its independence from Indonesia (Creed 1999).

Defence planners around the world are investing substantially in information warfare--
means of disrupting the information technology infrastructure of defence systems (Stix
1995). Attempts were made to disrupt the computer systems of the Sri Lankan
Government (Associated Press 1998), and of the North Atlantic Treaty Organization
during the 1999 bombing of Belgrade (BBC 1999). One case, which illustrates the
transnational reach of extortionists, involved a number of German hackers who
compromised the system of an Internet service provider in South Florida, disabling eight
of the ISPs ten servers. The offenders obtained personal information and credit card
details of 10,000 subscribers, and, communicating via electronic mail through one of the
compromised accounts, demanded that US$30,000 be delivered to a mail drop in
Germany. Co-operation between US and German authorities resulted in the arrest of
the extortionists (Bauer 1998).

More recently, an extortionist in Eastern Europe obtained the credit card details of
customers of a North American based on-line music retailer, and published some on the
Internet when the retailer refused to comply with his demands (Markoff 2000).

7. SALES AND INVESTMENT FRAUD

As electronic commerce becomes more prevalent, the application of digital technology

to fraudulent endeavours will be that much greater. The use of the telephone for
fraudulent sales pitches, deceptive charitable solicitations, or bogus investment
overtures is increasingly common. Cyberspace now abounds with a wide variety of
investment opportunities, from traditional securities such as stocks and bonds, to more
exotic opportunities such as coconut farming, the sale and leaseback of automatic teller
machines, and worldwide telephone lotteries (Cella and Stark 1997 837-844). Indeed,
the digital age has been accompanied by unprecedented opportunities for
misinformation. Fraudsters now enjoy direct access to millions of prospective victims
around the world, instantaneously and at minimal cost.

Classic pyramid schemes and "Exciting, Low-Risk Investment Opportunities" are not
uncommon. The technology of the World Wide Web is ideally suited to investment
solicitations. In the words of two SEC staff "At very little cost, and from the privacy of a
basement office or living room, the fraudster can produce a home page that looks better
and more sophisticated than that of a Fortune 500 company" (Cella and Stark 1997,
822).

8. ILLEGAL INTERCEPTION OF TELECOMMUNICATIONS

Developments in telecommunications provide new opportunities for electronic

eavesdropping. From activities as time-honoured as surveillance of an unfaithful
spouse, to the newest forms of political and industrial espionage, telecommunications
interception has increasing applications. Here again, technological developments create
new vulnerabilities. The electromagnetic signals emitted by a computer may themselves
be intercepted. Cables may act as broadcast antennas. Existing law does not prevent
the remote monitoring of computer radiation.

It has been reported that the notorious American hacker Kevin Poulsen was able to gain
access to law enforcement and national security wiretap data prior to his arrest in 1991
(Littman 1997). In 1995, hackers employed by a criminal organisation attacked the
communications system of the Amsterdam Police. The hackers succeeded in gaining
police operational intelligence, and in disrupting police communications (Rathmell
1997).

9. ELECTRONIC FUNDS TRANSFER FRAUD

Electronic funds transfer systems have begun to proliferate, and so has the risk that
such transactions may be intercepted and diverted. Valid credit card numbers can be
intercepted electronically, as well as physically; the digital information stored on a card
can be counterfeited.

Of course, we don't need Willie Sutton to remind us that banks are where they keep the
money. In 1994, a Russian hacker Vladimir Levin, operating from St Petersburg,
accessed the computers of Citibank's central wire transfer department, and transferred
funds from large corporate accounts to other accounts which had been opened by his
accomplices in The United States, the Netherlands, Finland, Germany, and Israel.
Officials from one of the corporate victims, located in Argentina, notified the bank, and
the suspect accounts, located in San Francisco, were frozen. The accomplice was
arrested. Another accomplice was caught attempting to withdraw funds from an account
in Rotterdam. Although Russian law precluded Levin's extradition, he was arrested
during a visit to the United States and subsequently imprisoned. (Denning 1999, 55).

The above forms of computer-related crime are not necessarily mutually exclusive, and
need not occur in isolation. Just as an armed robber might steal an automobile to
facilitate a quick getaway, so too can one steal telecommunications services and use
them for purposes of vandalism, fraud, or in furtherance of a criminal conspiracy.1
Computer-related crime may be compound in nature, combining two or more of the
generic forms outlined above.

The various activities of Kevin Mitnick, as described in Hafner and Markoff (1991) are
illustrative.

Problem areas

Telecommunications

Electronic vandalism, terrorism and extortion

Stealing telecommunications services

Telecommunications piracy

Pornography and other offensive material

Telemarketing fraud

Electronic fund transfer crime

Electronic money laundering

Legal areas

Here are just a few rhetorical questions about the law relating to search and seizure of
electronic evidence. These were formulated in October 1998 at a special expert working
group meeting convened in Tokyo under the auspices of the United Nations and with
the involvement of the Australian Institute of Criminology.

(a) Investigative issues

(i) Does the law distinguish between the search and seizure of stored data in a
computer, and the interception of data that is being communicated from one computer
to another or within a computer system?

(ii) Can a person voluntarily provide law enforcement agents with electronic data that
may afford evidence of a crime? Can a person voluntarily permit law enforcement
agents to undertake a search for such data, rather than provide it to them? Could
continuing cooperation of this nature by a person with law enforcement have a legal
effect on the ability of law enforcement to obtain or use the data?

(iii) In most jurisdictions, the ability of law enforcement to obtain data that may afford
evidence usually requires some form of prior judicial approval. What legal authority is
required for obtaining electronic stored data without the consent of the persons
concerned?

(iv) Electronic data under most jurisdictions is considered as being intangible. The law
of some jurisdictions may only permit seizure of tangible material. In such cases,
intangible data can only be obtained by seizing the physical medium (e.g., data on
diskette or other storage medium) on which the data is stored and found. Do your
nation's laws provide for the seizure of intangible data without seizure of the physical
medium which it is found?

(v) In some cases, the precise location of electronic data within a computer system may
not be apparent. How specific must be the description in the judicial authority (e.g.,
search warrant) of the place to be searched or the data to be seized?

(vi) In most jurisdictions, the scope of a warrant should be as narrow as possible. The
precise location of the electronic data may not be immediately apparent at the time a
warrant is sought, or even when law enforcement agents arrive at the scene. Does the
law provide guidance on whether to seize the entire computer system, or merely one or
more of its components? What practical criteria do law enforcement use to make this
decision? How would this be done in practice?
(vii) Does your law obligate a suspect or a third person to provide access (including
passwords) to a computer system that is the target of a lawful search? If not, what
practical measures or tools can be employed by law enforcement to gain access?

(viii) Seizure of, or during the course of a search the shutting down of, an entire
computer system may be extremely intrusive, and particularly burdensome to an
ongoing business. What practical circumstances would justify seizing or shutting down a
complete system rather than merely taking a copy of the data? Does the law provide for
copying of relevant data as an alternative to seizure, and can the copy be regarded as
admissible evidence? Would the law permit the seizure of the entire data base for the
purpose of subsequently identifying the relevant data? What practical means can be
used to copy large volumes of data?

(ix) In the course of a search, law enforcement authorities may come across
incriminating data related to the crime under investigation, but which was not originally
specified within the scope of the warrant. Can this data be legally seized without
obtaining another warrant?

(x) In the course of a search, law enforcement authorities may come across electronic
data relating to a crime different from that which is under the current investigation. Can
this data be legally seized without obtaining another warrant?

(xi) Does the law permit seizure of data, without a warrant, under exigent
circumstances, such as when there is risk of erasure or destruction of data?
Alternatively, are law enforcement agents able to secure the premises or computer
system, pending the obtaining of a warrant?

(xii) In some cases, the data sought may be located on another computer system that is
networked to the system currently being searched. Does the law permit an extension of
the search into the connected system in order to search and seize relevant data within
the scope of the warrant? Can the warrant include an authorization to extend the search
to the connected system? Alternatively, can law enforcement obtain a second warrant to
extend the search from one system to the other?

(xiii) Are there any circumstances under which the law permits stored data to be
obtained by means of a judicial order to deliver such data to law enforcement
authorities, as opposed to the law enforcement authorities themselves searching and
seizing it?

(b) Stored transaction data

(i) Records of service use, also known as transaction data, may be kept by some
telecommunication carriers and internet service providers. Some carriers or ISPs may,
for business or security purposes, retain such data for a period of time. In some
jurisdictions, the cooperation of Internet service providers (ISPs) in identifying suspects
may be obtained informally. Can this data be voluntarily provided to law enforcement
agents by carriers and service providers? Does the law provide a means by which this
data can be compulsorily obtained by law enforcement authorities?

(ii) Which types of transaction data does law enforcement require? Which types of
transaction data do telecommunications carriers retain? For how long do the carriers or
ISPs retain such data? Are there any laws or regulations which require them to retain
such data, or to dispose of it after a certain period of time?

(c) Electronic communications

(i) Does the law permit law enforcement to collect current or future transaction data
(including the source or destination of communications)? Can this authority for collection
of current and future transaction data be achieved by satisfying legal conditions less
onerous than that required to intercept the content of communications? What practical
or technological means can be used to collect such data? Does law enforcement have
the capability to undertake such techniques?

(ii) Even when one is able to determine the location from which a communication
originates, identifying the human source of the communication may prove to be
challenging. What legal and/or technological tools are available for this purpose?

(iii) How is the ability to collect such current or future transaction data affected if the
communication crosses jurisdictional borders, including international borders?

(iv) Does the law permit interception of communications for the purpose of obtaining
their content? Does the law permit this interception in respect of communications
between computer systems or their components, as well as between persons? Does
law enforcement have the practical capability to undertake such investigative
techniques?

(v) In some cases, search or interception may be more efficiently and more effectively
carried out by representatives of the telecommunications or ISP industry rather than law
enforcement personnel. Does the law provide authority or obligation for private
organizations or individuals to engage or assist in interception or search on behalf of the
state? How does this affect the admissibility of the data as evidence in judicial
proceedings? If there is no such authority or obligation, are there trained law
enforcement personnel to undertake this task, and how would they do so?

(d) Analysis of data

(i) What legal, practical or technical means are available to preserve the data seized or
intercepted in order to ensure its presentation and admissibility in judicial proceedings?
What procedures should be followed?

(ii) If the data seized are encrypted, what legal, practical or technical means are
available to allow law enforcement to decrypt data? Does law enforcement have legal
authority to decrypt seized data using technical means? Can an order be sought from a
judicial authority to compel decryption by the suspect or a third person? Can an order
be sought to compel a suspect or a third person to hand over the encryption key or
algorithm to law enforcement?

(e) Human rights and privacy safeguards

(i) Can a person to whom compulsory measures are applied, as above, challenge the
lawfulness of such measures before a court, either before or after execution?

(ii) What legal protections exist for law enforcement agents who are undertaking a
coercive investigative measure such as a search and seizure, or interception?