Loading...
Menu

CyberCrime

Abstract : …………………………………………………………………………………………………………………. 2

Chapter 1 : 1.Introduction ……………………………………………………………………………………….. 3

Chapter 2 : 2. The phenomena of cybercrime ………………………………………………………….. 6

Chapter 3 : 3. The challenges of fighting cybercrime ………………………………………………. 9

Chapter 4 : 4. Anti-cybercrime strategies ………………………………………………………………. 12

References ……………………………………………………………………………………………………………… 15

2

Abstract :

Computer crime, or cybercrime, is any crime that involves a computer and a network. The computer may have been

used in the commission of a crime, or it may be the target.

Dr. Debarati Halder and Dr. K. Jaishankar (2011) define Cybercrimes as: “Offences that are committed against

individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause

physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such

as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)”.Such crimes may

threaten a nation’s security and financial health.[citation needed] Issues surrounding these types of crimes have

become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child

grooming. There are also problems of privacy when confidential information is intercepted or disclosed, lawfully or

otherwise. Dr.Debarati Halder and Dr.K.Jaishankar(2011) further define cybercrime from the perspective of gender

and defined ‘cybercrime against women’ as ““Crimes targeted against women with a motive to intentionally harm

the victim psychologically and physically, using modern telecommunication networks such as internet and mobile

phones”.

Cyber Crime

3

Chapter 1 : 1.Introduction

1.1 Infrastructure and services

The Internet is one of the fastest-growing areas of technical infrastructure development. Today, information and

communication technologies (ICTs) are omnipresent and the trend towards digitization is growing. The demand for

Internet and computer connectivity has led to the integration of computer technology into products that have

usually functioned without it, such as cars and buildings. Electricity supply, transportation infrastructure, military

services and logistics – virtually all modern services depend on the use of ICTs.

Although the development of new technologies is focused mainly on meeting consumer demands in western

countries, developing countries can also benefit from new technologies. With the availability of long-distance

wireless communication technologies such as WiMAX5 and computer systems that are now available for less than

USD 2006, many more people in developing countries should have easier access to the Internet and related

products and services.

The influence of ICTs on society goes far beyond establishing basic information infrastructure. The availability of

ICTs is a foundation for development in the creation, availability and use of network-based services. E-mails have

displaced traditional letters; online web representation is nowadays more important for businesses than printed

publicity materials; and Internet-based communication and phone services are growing faster than landline

communications.

The availability of ICTs and new network-based services offer a number of advantages for society in general,

especially for developing countries.

ICT applications, such as e-government, e-commerce, e-education, e-health and e- environment, are seen as

enablers for development, as they provide an efficient channel to deliver a wide range of basic services in remote

and rural areas. ICT applications can facilitate the achievement of millennium development targets, reducing

poverty and improving health and environmental conditions in developing countries. Given the right approach,

context and implementation processes, investments in ICT applications and tools can result in productivity and

quality improvements. In turn, ICT applications may release technical and human capacity and enable greater

access to basic services. In this regard, online identity theft and the act of capturing another person’s credentials

and/or personal information via the Internet with the intent to fraudulently reuse it for criminal purposes is now one

of the main threats to further deployment of e-government and e-business services.

The costs of Internet services are often also much lower than comparable services outside the network.E-mail

services are often available free of charge or cost very little compared to traditional postal services.The online

encyclopaedia Wikipedia can be used free of charge, as can hundreds of online hosting services. Lower costs are

important, as they enable services to be used by many more users, including people

with only limited income. Given the limited financial resources of many people in developing countries, the Internet

enables them to use services they may not otherwise have access to outside the network.

1.2 Advantages and risks

The introduction of ICTs into many aspects of everyday life has led to the development of the modern concept of the

information society. This development of the information society offers great opportunities. Unhindered access to

information can support democracy, as the flow of information is taken out of the control of state authorities (as has

happened, for example, in Eastern Europe and North Africa). Technical developments have improved daily life – for

example, online banking and shopping, the use of mobile data services and voice over Internet protocol (VoIP)

telephony are just some examples of how far the integration of ICTs into our daily lives has advanced.

However, the growth of the information society is accompanied by new and serious threats. Essential services such

as water and electricity supply now rely on ICTs. Cars, traffic control, elevators, air conditioning and telephones

also depend on the smooth functioning of ICTs. Attacks against information infrastructure and Internet services now

have the potential to harm society in new and critical ways.

Attacks against information infrastructure and Internet services have already taken place. Online fraud and hacking

attacks are just some examples of computer-related crimes that are committed on a large scale every day. The

financial damage caused by cybercrime is reported to be enormous. In 2003 alone, malicious software caused

damages of up to USD 17 billion. By some estimates, revenues from cybercrime exceeded USD 100 billion in 2007,

outstripping the illegal trade in drugs for the first time. Nearly 60 per cent of businesses in the United States

believe that cybercrime is more costly to them than physical crime. These estimates clearly demonstrate the

importance of protecting information infrastructures.

Cyber Crime

4

Most of the above-mentioned attacks against computer infrastructure are not necessarily targeting critical

infrastructure. However, the malicious software “Stuxnet” that was discovered in 2010 underlines the threat of

attacks focusing on critical infrastructure.The software, with more than 4 000 functions, focused on computer

systems running software that is typically used to control critical infrastructure.

1.3 Cybersecurity and cybercrime

Cybercrime and cybersecurity are issues that can hardly be separated in an interconnected environment. The fact

that the 2010 UN General Assembly resolution on cybersecurity addresses cybercrime as one major challenge

underlines this. Cybersecurity plays an important role in the ongoing development of information technology, as

well as Internet services. Enhancing cybersecurity and protecting critical information infrastructures are essential

to each nation’s security and economic well-being. Making the Internet safer (and protecting Internet users) has

become integral to the development of new services as well as government policy. Deterring cybercrime is an

integral component of a national cybersecurity and critical information infrastructure protection strategy. In

particular, this includes the adoption of appropriate legislation against the misuse of ICTs for criminal or other

purposes and activities intended to affect the integrity of national critical infrastructures. At the national level, this

is a shared responsibility requiring coordinated action related to prevention, preparation, response and recovery

from incidents on the part of government authorities, the private sector and citizens. At the regional and

international level, this entails cooperation and coordination with relevant partners. The formulation and

implementation of a national framework and strategy for cybersecurity thus requires a comprehensive

approach.Cybersecurity strategies – for example, the development of technical protection systems or the education

of users to prevent them from becoming victims of cybercrime – can help to reduce the risk of cybercrime. The

development and support of cybersecurity strategies are a vital element in the fight against cybercrime.

The legal, technical and institutional challenges posed by the issue of cybersecurity are global and far- reaching,

and can only be addressed through a coherent strategy taking into account the role of different stakeholders and

existing initiatives, within a framework of international cooperation. In this regard, the World Summit on the

Information Society (WSIS) recognized the real and significant risks posed by inadequate cybersecurity and the

proliferation of cybercrime. The provisions of §§ 108-110 of the WSIS Tunis Agenda for the Information Society,

including the Annex, set out a plan for multistakeholder implementation at the international level of the WSIS

Geneva Plan of Action, describing the multistakeholder implementation process according to eleven action lines and

allocating responsibilities for facilitating implementation of the different action lines. At WSIS, world leaders and

governments designated ITU to facilitate the implementation of WSIS Action Line C5, dedicated to building

confidence and security in the use of ICTs.

1.4 International dimensions of cybercrime

Cybercrime often has an international dimension. E-mails with illegal content often pass through a number of

countries during the transfer from sender to recipient, or illegal content is stored outside the country. Within

cybercrime investigations, close cooperation between the countries involved is very important. The existing mutual

legal assistance agreements are based on formal, complex and often time-consuming procedures, and in addition

often do not cover computer-specific investigations. Setting up procedures for quick response to incidents, as well

as requests for international cooperation, is therefore vital.

A number of countries base their mutual legal assistance regime on the principle of “dual criminality”.Investigations

on a global level are generally limited to those crimes that are criminalized in all participating countries. Although

there are a number of offences – such as the distribution of child pornography – that can be prosecuted in most

jurisdictions, regional differences play an important role. One example is other types of illegal content, such as hate

speech. The criminalization of illegal content differs in various countries. Material that can lawfully be distributed in

one country can easily be illegal in another country.

The computer technology currently in use is basically the same around the world.Apart from language issues and

power adapters, there is very little difference between the computer systems and cell phones sold in Asia and those

sold in Europe. An analogous situation arises in relation to the Internet. Due to standardization, the network

protocols used in countries on the African continent are the same as those used in the United States.

Standardization enables users around the world to access the same services over the Internet.

The question is what effect the harmonization of global technical standards has on the development of the national

criminal law. In terms of illegal content, Internet users can access information from around the world, enabling

them to access information available legally abroad that could be illegal in their own country.

Cyber Crime

5

Theoretically, developments arising from technical standardization go far beyond the globalization of technology

and services and could lead to the harmonization of national laws. However, as shown by the negotiations over the

First Protocol to the Council of Europe Convention on Cybercrime (the “Convention on Cybercrime”),the principles

of national law change much more slowly than technical developments. Although the Internet may not recognize

border controls, there are means to restrict access to certain information.The access provider can generally block

certain websites and the service provider that stores a website can prevent access to information for those users on

the basis of IP-addresses linked to a certain country (“IP-targeting”). Both measures can be circumvented, but are

nevertheless instruments that can be used to retain territorial differences in a global network. The OpenNet

Initiative reports that this kind of censorship is practised by about two dozen countries.

Cyber Crime

6

Chapter 2 : 2. The phenomena of cybercrime

2.1 Definitions

Most reports, guides or publications on cybercrime begin by defining the terms “computer crime” and

“cybercrime”.In this context, various approaches have been adopted in recent decades to develop a precise

definition for both terms. Before providing an overview of the debate and evaluating the approaches, it is useful to

determine the relationship between “cybercrime” and “computer-related crimes”.Without going into detail at this

stage, the term “cybercrime” is narrower than computer- related crimes as it has to involve a computer network.

Computer-related crimes cover even those offences that bear no relation to a network, but only affect stand-alone

computer systems.

During the 10th United Nations Congress on the Prevention of Crime and the Treatment of Offenders, two

definitions were developed within a related workshop:Cybercrime in a narrow sense (computer crime) covers any

illegal behaviour directed by means of electronic operations that target the security of computer systems and the

data processed by them. Cybercrime in a broader sense (computer- related crimes) covers any illegal behaviour

committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession

and offering or distributing information by means of a computer system or network.

One common definition describes cybercrime as any activity in which computers or networks are a tool, a target or a

place of criminal activity. There are several difficulties with this broad definition. It would, for example, cover

traditional crimes such as murder, if perchance the offender used a keyboard to hit and kill the victim. Another

broader definition is provided in Article 1.1 of the Stanford Draft International Convention to Enhance Protection

from Cyber Crime and Terrorism (the “Stanford Draft”), which points out that cybercrime refers to acts in respect to

cybersystems.

2.2 Typology of cybercrime

The term “cybercrime” is used to cover a wide variety of criminal conduct. As recognized crimes include a broad

range of different offences, it is difficult to develop a typology or classification system for cybercrime. One approach

can be found in the Convention on Cybercrime, which distinguishes between four different types of offences:

1. offences against the confidentiality ,integrityandavailabilityofcomputerdataand systems;

2. computer-related offences; 3. content-related offences; and 4. copyright-related offences.

This typology is not wholly consistent, as it is not based on a sole criterion to differentiate between categories.

Three categories focus on the object of legal protection: “offences against the confidentiality, integrity and

availability of computer data and systems”; content-related offences; and copyright- related offences. The fourth

category of “computer-related offences”does not focus on the object of legal protection, but on the method used to

commit the crime. This inconsistency leads to some overlap between categories.

In addition, some terms that are used to describe criminal acts (such as “cyberterrorism” or “phishing”) cover acts

that fall within several categories. Nonetheless, the four categories can serve as a useful basis for discussing the

phenomena of cybercrime.

2.3 Development of computer crime and cybercrime

The criminal abuse of information technology and the necessary legal response are issues that have been discussed

ever since the technology was introduced. Over the last 50 years, various solutions have been implemented at the

national and regional levels. One of the reasons why the topic remains challenging is the constant technical

development, as well as the changing methods and ways in which the offences are committed.

- 2.3.1 The 1960s

In the 1960s, the introduction of transistor-based computer systems, which were smaller and less expensive than

vacuum-tube based machines, led to an increase in the use of computer technology. At this early stage, offences

focused on physical damage to computer systems and stored data. Such incidents were reported, for example, in

Canada, where in 1969 a student riot caused a fire that destroyed computer data hosted at the university. In the mid

1960s, the United States started a debate on the creation of a central data-storage authority for all ministries.

Within this context, possible criminal abuse of databases and the related risks to privacy were discussed.

Cyber Crime

7

- 2.3.2 The 1970s

In the 1970s, the use of computer systems and computer data increased further.At the end of the decade, an

estimated number of 100 000 mainframe computers were operating in the United States.With falling prices,

computer technology was more widely used within administration and business, and by the public. The 1970s were

characterized by a shift from the traditional property crimes against computer systems that had dominated the

1960s, to new forms of crime. While physical damage continued to be a relevant form of criminal abuse against

computer systems, new forms of computer crime were recognized. They included the illegal use of computer

systems and the manipulation of electronic data. The shift from manual to computer- operated transactions led to

another new form of crime – computer-related fraud.Already at this time, multimillion dollar losses were caused by

computer-related fraud.Computer-related fraud, in particular, was a real challenge, and law- enforcement agencies

were investigating more and more cases. As the application of existing legislation in computer-crime cases led to

difficulties, a debate about legal solutions started in different parts of the world. The United States discussed a draft

bill designed specifically to address cybercrime.Interpol discussed the phenomena and possibilities for legal

response.

- 2.3.3 The 1980s

In the 1980s, personal computers became more and more popular. With this development, the number of computer

systems and hence the number of potential targets for criminals again increased. For the first time, the targets

included a broad range of critical infrastructure. One of the side effects of the spread of computer systems was an

increasing interest in software, resulting in the emergence of the first forms of software piracy and crimes related to

patents.The interconnection of computer systems brought about new types of offence. Networks enabled offenders

to enter a computer system without being present at the crime scene. In addition, the possibility of distributing

software through networks enabled offenders to spread malicious software, and more and more computer viruses

were discovered. Countries started the process of updating their legislation so as to meet the requirements of a

changing criminal environment. International organizations also got involved in the process. OECD and the Council

of Europe set up study groups to analyse the phenomena and evaluate possibilities for legal response.

- 2.3.4 The 1990s

The introduction of the graphical interface (“WWW”) in the 1990s that was followed by a rapid growth in the

number of Internet users led to new challenges. Information legally made available in one country was available

globally – even in countries where the publication of such information was criminalized. Another concern associated

with online services that turned out to be especially challenging in the investigation of transnational crime was the

speed of information exchange. Finally, the distribution of child pornography moved from physical exchange of

books and tapes to online distribution through websites and Internet services. While computer crimes were in

general local crimes, the Internet turned electronic crimes into transnational crime.

As a result, the international community tackled the issue more intensively. UN General Assembly Resolution 45/121

adopted in 1990 and the manual for the prevention and control of computer-related crimes issued in 1994 are just

two examples.

- 2.3.5 The 21st Century

As in each preceding decade, new trends in computer crime and cybercrime continued to be discovered in the 21st

century. The first decade of the new millennium was dominated by new, highly sophisticated methods of committing

crimes, such as “phishing”, and “botnet attacks”, and the emerging use of technology that is more difficult for law

enforcement to handle and investigate, such as “voice-over-IP (VoIP) communication” and “cloud computing”. It is

not only the methods that changed, but also the impact. As offenders became able to automate attacks, the number

of offences increased. Countries and regional and international organizations have responded to the growing

challenges and given response to cybercrime high priority.

Cyber Crime

8

Cyber Crime

9

Chapter 3 : 3. The challenges of fighting cybercrime

3.1 Opportunities

Law-enforcement agencies can now use the increasing power of computer systems and complex forensic software to

speed up investigations and automate search procedures. It can prove difficult to automate investigation processes.

While a keyword-based search for illegal content can be carried out easily, the identification of illegal pictures is

more problematic. Hash-value based approaches are only successful if pictures have been rated previously, the hash

value is stored in a database and the picture that was analysed has not been modified.

Forensic software is able to search automatically for child-pornography images by comparing the files on the hard

disk of suspects with information about known images. For example, in late 2007, authorities found a number of

pictures of the sexual abuse of children. In order to prevent identification the offender had digitally modified the

part of the pictures showing his face before publishing the pictures over the Internet. Computer forensic experts

were able to unpick the modifications and reconstruct the suspect’s face. Although the successful investigation

clearly demonstrates the potential of computer forensics, this case is no proof of a breakthrough in childpornography

investigation. If the offender had simply covered his face with a white spot, identification would have

been impossible.

3.2 General challenges

3.2.1 Reliance on ICTs

Many everyday communications depend on ICTs and Internet-based services, including VoIP calls or e- mail

communications.ICTs are now responsible for the control and management functions in buildings, cars and aviation

services. The supply of energy, water and communication services depend on ICTs. The further integration of ICTs

into everyday life is likely to continue. Growing reliance on ICTs makes systems and services more vulnerable to

attacks against critical infrastructures. Even short interruptions to services could cause huge financial damages to

e-commerce businesses. It is not only civil communications that could be interrupted by attacks; the dependence on

ICTs is a major risk for military communications.

Existing technical infrastructure has a number of weaknesses, such as the monoculture or homogeneity of operating

systems. Many private users and SMEs use Microsoft’s operating system, so offenders can design effective attacks

by concentrating on this single target.

The dependence of society on ICTs is not limited to the western countries. Developing countries also face challenges

in preventing attacks against their infrastructure and users. The development of cheaper infrastructure

technologies such as WiMAX has enabled developing countries to offer Internet services to more people. Developing

countries can avoid the mistakes of some western countries, which have concentrated mainly on maximizing

accessibility, without investing significantly in protection. US experts have explained that successful attacks against

the official website of governmental organizations in Estonia could only take place due to inadequate protection

measures. Developing countries have a unique opportunity to integrate security measures early on. This may

require greater upfront investments, but the integration of security measures at a later point may prove more

expensive in the long run.

Strategies must be formulated to prevent such attacks and develop countermeasures, including the development

and promotion of technical means of protection, as well as adequate and sufficient laws enabling law-enforcement

agencies to fight cybercrime effectively.

3.2.2 Number of users

The popularity of the Internet and its services is growing fast, with over 2 billion Internet users worldwide by 2010.

Computer companies and ISPs are focusing on developing countries with the greatest potential for further growth.

In 2005, the number of Internet users in developing countries surpassed the number in industrial nations, while the

development of cheap hardware and wireless access will enable even more people to access the Internet.

With the growing number of people connected to the Internet, the number of targets and offenders increases. It is

difficult to estimate how many people use the Internet for illegal activities. Even if only 0.1 per cent of users

committed crimes, the total number of offenders would be more than one million. Although Internet usage rates are

lower in developing countries, promoting cybersecurity is not easier, as offenders can commit offences from around

the world.

The increasing number of Internet users causes difficulties for the law-enforcement agencies because it is relatively

Cyber Crime

10

difficult to automate investigation processes. While a keyword-based search for illegal content can be carried out

rather easily, the identification of illegal pictures is more problematic. Hash-value based approaches are for

example only successful if the pictures were rated previously, the hash value was stored in a data base, and the

picture that was analysed has not been modified.

3.3 Legal challenges

3.3.1 Challenges in drafting national criminal laws

Proper legislation is the foundation for the investigation and prosecution of cybercrime. However, law- makers must

continuously respond to Internet developments and monitor the effectiveness of existing provisions, especially given

the speed of developments in network technology.

Cyber Crime

11

Historically, the introduction of computer-related services or Internet-related technologies has given rise to new

forms of crime, soon after the technology was introduced. One example is the development of computer networks in

the 1970s – the first unauthorized access to computer networks occurred shortly afterwards. Similarly, the first

software offences appeared soon after the introduction of personal computers in the 1980s, when these systems

were used to copy software products.

It takes time to update national criminal law to prosecute new forms of online cybercrime. Indeed, some countries

have not yet finished with this adjustment process. Offences that have been criminalized under national criminal law

need to be reviewed and updated. For example, digital information must have equivalent status as traditional

signatures and printouts.

Without the integration of cybercrime-related offences, violations cannot be prosecuted.

The main challenge for national criminal legal systems is the delay between the recognition of potential abuses of

new technologies and necessary amendments to the national criminal law. This challenge remains as relevant and

topical as ever as the speed of network innovation accelerates. Many countries are working hard to catch up with

legislative adjustments. In general, the adjustment process has three steps: adjustment to national law,

identification of gaps in the penal code, and drafting of new legislation.

Adjustments to national law must start with the recognition of an abuse of new technology

Specific departments are needed within national law-enforcement agencies, which are qualified to investigate

potential cybercrimes. The development of computer emergency response teams (CERTs), computer incident

response teams (CIRTs), computer security incident response teams (CSIRTs) and other research facilities have

improved the situation.

Cyber Crime

12

Chapter 4 : 4. Anti-cybercrime strategies

4.1 Cybercrime legislation as an integral part of a cybersecurity strategy

As pointed out previously, cybersecurity plays an important role in the ongoing development of information

technology, as well as Internet services. Making the Internet safer (and protecting Internet users) has become

integral to the development of new services as well as governmental policy.Cybersecurity strategies – for example,

the development of technical protection systems or the education of users to prevent them from becoming victims of

cybercrime – can help to reduce the risk of cybercrime. An anti-cybercrime strategy should be an integral element of

a cybersecurity strategy. The ITU Global Cybersecurity Agenda, as a global framework for dialogue and

international cooperation to coordinate the international response to the growing challenges to cybersecurity and to

enhance confidence and security in the information society, builds on existing work, initiatives and partnerships

with the objective of proposing global strategies to address these related challenges. All the required measures

highlighted in the five pillars of Global Cybersecurity Agenda are relevant to any cybersecurity strategy.

Furthermore, the ability to effectively fight against cybercrime requires measures to be undertaken within all of the

five pillars.

4.1.1 Implementation of existing strategies

One possibility is that anti-cybercrime strategies developed in industrialized countries could be introduced in

developing countries, offering advantages of reduced cost and time for development. The implementation of existing

strategies could enable developing countries to benefit from existing insights and experience.

Nevertheless, the implementation of an existing anti-cybercrime strategy poses a number of difficulties. Although

similar challenges confront both developing and developed countries, the optimal solutions that might be adopted

depend on the resources and capabilities of each country. Industrialized countries may be able to promote

cybersecurity in different and more flexible ways, e.g. by focusing on more cost- intensive technical protection

issues.

There are several other issues that need to be taken into account by developing countries adopting existing anticybercrime

strategies. They include compatibility of respective legal systems, the status of supporting initiatives

(e.g. education of the society), the extent of self-protection measures in place as well as the extent of private sector

support (e.g. through public-private partnerships).

4.1.2 Regional differences

Given the international nature of cybercrime, the harmonization of national laws and techniques is vital in the fight

against cybercrime. However, harmonization must take into account regional demand and capacity. The importance

of regional aspects in the implementation of anti-cybercrime strategies is underlined by the fact that many legal and

technical standards were agreed among industrialized countries and do not include various aspects important for

developing countries. Therefore, regional factors and differences need to be included within their implementation

elsewhere.

4.1.3 Relevance of cybercrime issues within the pillars of cybersecurity

The Global Cybersecurity Agenda has seven main strategic goals, built on five work areas: 1) Legal measures;

2)Technical and procedural measures; 3)Organizational structures; 4)Capacity building; and 5) International

cooperation. As pointed out above, issues related to cybercrime play an important role in all five pillars of the Global

Cybersecurity Agenda. Among these work areas, the “Legal measures” work areas focuses on how to address the

legislative challenges posed by criminal activities committed over ICT networks in an internationally compatible

manner.

4.2 A cybercrime policy as starting point

Developing legislation to criminalize certain conduct or introduce investigation instruments is a rather unusual

process for most countries. The regular procedure is first of all to introduce a policy. A policy is comparable to a

strategy that defines the different instruments used to address the issue. Unlike a more general cybercrime strategy

that may address various stakeholders, the role of policy is to define the government’s public response to a certain

issue. This response is not necessarily limited to legislation as governments have various instruments that can be

used to achieve policy goals. And even if the decision is made that there is a need to implement legislation, it does

not necessarily need to focus on criminal law but could also include legislation more focussed on crime prevention.

In this regard, developing a policy enables a government to comprehensively define the government response to a

problem. As the fight against cybercrime can never solely be limited to introducing legislation, but contains various

Cyber Crime

13

strategies with different measures, the policy can ensure that those different measures don’t cause conflicts.

Within different approaches to harmonize cybercrime legislation too little priority has been given to not only

integrating the legislation in the national legal framework but also including it into an existing policy, or developing

such policy for the first time. As a consequence some countries that merely introduced cybercrime legislation

without having developed an anti-cybercrime strategy as well as policies on the government level faced severe

difficulties. They were mainly a result of a lack of crime prevention measures as well as an overlapping between

different measures.

4.3 The role of regulators in fighting cybercrime

In decades gone by, the focus of solutions discussed to address cybercrime was on legislation. As already pointed

out in the chapter dealing with an anti-cybercrime strategy, however, the necessary components of a comprehensive

approach to address cybercrime are more complex. Recently, the spotlight has fallen on the role of regulators in the

fight of cybercrime.

4.3.1 From telecommunication regulation to ICT regulation

The role of regulators in the context of telecommunications is widely recognized. As Internet has eroded the old

models of the division of responsibilities between government and private sector, a transformation of the traditional

role of ICT regulators and a change in the focus of ICT regulation can be observed. Already today ICT regulatory

authorities find themselves involved in a range of activities linked to addressing cybercrime. This is especially

relevant for areas like content regulation, network safety and consumer protection, as users have become

vulnerable. The involvement of regulators is therefore the result of the fact that cybercrime undermines the

development of the ICT industry and related products and services.

The new duties and responsibilities of the ICT regulator in combating cybercrime can be seen as part of the wider

trend towards the conversion of centralized models of cybercrime regulation into flexible structures. In some

countries, ICT regulators have already explored the possibility of transferring the scope of regulatory duties from

competition and authorization issues within the telecom industry to broader consumer protection, industry

development,cybersafety, participation in cybercrime policy- making and implementation, which includes the wider

use of ICTs and as a consequence cybercrime- related issues. While some new regulatory authorities have been

created with mandates and responsibilities that include cybercrime, older established ICT regulators have extended

their existing tasks to include various activities aimed at tackling cyber-related threats. However, the extent and

limitations of such involvement are still under discussion.

4.3.2 Models for extension of regulator responsibility

There are two different models for establishing the mandate of regulators in combating cybercrime, namely:

extensively interpreting the existing mandate, or creating new mandates.

Two traditional areas of involvement of regulators are consumer protection and network safety. With the shift from

telecommunication services to Internet-related services, the focus of consumer protection has changed. In addition

to the traditional threats, the impact of Spam, malicious software and botnets need to be taken into consideration.

One example of extending a mandate comes from the Dutch Independent Post and Telecommunication Authority

(OPTA). The mandate of the regulator includes Spam

prohibition and preventing the dissemination of malware. During the debate on the mandate of OPTA, the

organization expressed the view that a bridge should be built between cybersecurity as a traditional field of activity

and cybercrime in order to effectively address both issues. If cybercrime is seen as a failure of cybersecurity, the

mandate of regulators is consequently automatically expanded.

The possibility of extending the regulator’s mandate to include cybercrime issues also depends on the institutional

design of the regulator, and whether it is a multisector regulator (like utility commissions), a sector-specific telecom

regulator or a converged regulator. While every model of institutional design has its advantages and disadvantages

from the perspective of ICT industry regulation, the type of institutional design should be taken into account when

assessing how and in what areas the ICT regulator should be involved. Converged regulators, with responsibility for

media and content as well as ICT services, generally face a challenge in terms of complexity of workloads. However,

their comprehensive mandate can constitute an advantage in dealing with content-related issues, such as child

pornography or other illegal or harmful content. In a converged environment where traditional telecommunication

regulators may struggle to resolve certain issues, such as consolidation between media content and

telecommunication service providers, the converged regulator appears to be in a better position to address contentnetwork

issues. Furthermore, the converged regulator can help to avoid inconsistency and uncertainty of regulation

and unequal regulatory intervention in respect of the different content delivered over various platforms.

Nevertheless, the discussion of the advantages of a converged regulator should not undermine the importance of

the activities of single-sector regulators. While, for instance, up to the end of 2009 the European Union had only

Cyber Crime

14

four converged ICT regulators, many more were involved in addressing cybercrime.

When thinking of extending the interpretation of existing mandates, account must be taken of the capacity of the

regulator and the need to avoid overlap with the mandates of other organizations. Such potential conflicts can be

solved more easily if new mandates are clearly defined.

The second approach is the creation of new mandates. In view of the potential for conflicts, countries such as

Malaysia have decided to redefine mandates to avoid confusion and overlap. The Malaysian Communications and

Multimedia Commission (MCMC), as a converged regulator, has established a special department dealing with

information security and network reliability, the integrity of communications and critical communication

infrastructure.A similar approach can be observed in South Korea, where in 2008 the Korea Communications

Commission (KCC) was created by consolidating the former Ministry of Information and Communication and the

Korean Broadcasting Commission. Among other duties, KCC is responsible for the protection of Internet users from

harmful or illegal content.

Cyber Crime

15

References

1) Clarke/Sandberg/Wiley/Hong, Freenet: a distributed anonymous information storage and retrieval system, 2001;

Chothia/Chatzikokolakis, A Survey of Anonymous Peer-to-Peer File-Sharing, available at: www.spinellis.gr/pubs/jrnl/

2004-ACMCS-p2p/html/AS04.pdf; Han/Liu/Xiao/Xiao, A Mutual Anonymous Peer- to-Peer Protocol Design, 2005.

2) Autronic v. Switzerland, Application No. 12726/87, Judgement of 22 May 1990, para. 47. Summary available at:

http://sim.law.uu.nl/sim/caselaw/Hof.nsf/

2422ec00f1ace923c1256681002b47f1/cd1bcbf61104580ec1256640004c1d0 b? OpenDocument.

3) The Internet Systems Consortium identified 490 million Domains (not webpages). See the Internet Domain

Survey, July 2007, available at: www.isc.org/index.pl?/ ops/ds/reports/2007-07/; The Internet monitoring company

Netcraft reported in August 2007 a total of nearly 130 million websites at: http://news.netcraft.com/

archives/2007/08/06/august_2007_web_server_survey.html.

4) Gordon/Ford, On the Definition and Classification of Cybercrime, Journal in Computer Virology, Vol. 2, No. 1,

2006, page 13-20; Chawki, Cybercrime in France: An Overview, 2005, available at: www.crimeresearch.

org/articles/cybercrime-in- france-overview; Gordon/Hosmer/Siedsma/Rebovich,

5) Assessing Technology, Methods, and Information for Committing and Combating Cyber Crime, 2003, available

at: www.ncjrs.gov/pdffiles1/nij/grants/198421.pdf.

6) Kabay, A Brief History of Computer Crime: An Introduction for Students, 2008, page 23, available at:

www.mekabay.com/overviews/history.pdf.

7) CRS Report for Congress on the Economic Impact of Cyber-Attacks, April 2004, page 10, available at:

www.cisco.com/warp/public/779/govtaffairs/images/ CRS_Cyber_Attacks.pdf


CyberCrime

  • Author: RawanShiha
  • Published: 2015-11-16 06:40:07
  • Words: 6180
CyberCrime CyberCrime