CHAPTER 18 Cyber Crime Clay Wilson CYBER CRIME is becoming ...
Cyber Crime
-
Upload
diego-alonso-collantes -
Category
Documents
-
view
3 -
download
0
description
Transcript of Cyber Crime
-
CyberCrime
Page 1 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
PrintPublicationDate: Oct2014 Subject: CriminologyandCriminalJustice,OrganizedCrimeOnlinePublicationDate: Aug2013
DOI: 10.1093/oxfordhb/9780199730445.013.003
CyberCrime Kim-KwangRaymondChooandPeterGraboskyTheOxfordHandbookofOrganizedCrimeEditedbyLetiziaPaoli
OxfordHandbooksOnline
AbstractandKeywords
Thisessayconsidershowinformationandcommunicationstechnologies(ICT)areusedbyorganizedcrimegroups.Threecategoriesofgroupsareidentified:traditionalorganizedcriminalgroups,whichmakeuseofICTtoenhancetheirterrestrialcriminalactivities;organizedcybercriminalgroups,whichoperateexclusivelyonline;andorganizedgroupsofideologicallyandpoliticallymotivatedindividuals(includingstateandstate-sponsoredactors),whomakeuseofICTtofacilitatetheircriminalconduct.Wefeelthatitisimportanttodrawadistinctionbetweenthesetypesoforganizedcriminalgroups,particularlywhenformulatingcybersecuritypolicy,becausecybercriminalityisnotamonolithicthreat.Thearticlewillnotethetransnationalnatureofmuchorganizedcriminalactivityandwilldiscussmechanismsforthecontroloforganizedcrimeinthedigitalage.Keywords:Cybercrime,cybersecurity,organizedcybercriminalgroups,organizedcriminalgroups,public/privatecooperation,stateorganizedcybercrime
I.IntroductionComputersandnetwork-basedsystemslieattheheartofcriticalinfrastructuresaroundtheworld,particularlyinthetechnologicallyadvancedcountries(NationalInfrastructureAdvisoryCouncil2004).Thisishardlysurprisingastheproliferationofinformationandcommunicationstechnologies(ICT)andconnectivityoftheInternetintodaysdigitalageopenthedoortoincreasedproductivity,fastercommunicationcapabilities,andimmeasurableconvenience.Thiscreatesnotonlybenefitsforthecommunity,butalsorisksofcriminalexploitation.
Digitaltechnologyhasempoweredordinaryindividualsasneverbefore.Apersonactingalonecancommunicatewithmillionsofpeople,instantlyandatnegligiblecost.Soleindividualsarenowabletopenetrateanddisruptmajorgovernmentalsystemsandprominentretailingsites.Organizationstoohavebeengreatlyempoweredbydigitaltechnology,forbetterandforworse.
Thisessaylooksattheexploitationofdigitaltechnologyinfurtheranceoforganizedcrime.Itfirstaddressestheconceptofcriminalorganizationandsuggeststhedesirabilityofamoreexpansiveconstructiontoaccommodatetheevolutionanddiversificationoforganizationalformsinthemodernera.Itthenlooksatthreetypesoforganizedcrimegroups:(1)traditionalorganizedcrimegroups,whichmakeuseofICTtoenhancetheirterrestrialcriminalactivities;(2)organizedcybercrimegroups,whichoperateexclusivelyonline;and(3)organizedgroupsofideologicallyandpoliticallymotivatedindividuals,whomakeuseofICTtofacilitatetheircriminalconduct.Theessaynotesemergingtrendsinorganizedcybercrimeandconcludeswithafewsuggestionsforthepreventionandcontroloforganizedcrimeinthedigitalage.
Althoughitwouldbepleasingtobeabletocitecomprehensivestatisticsonpatternsandtrendsinorganizedcybercrime,thisremainsanelusivegoal.Muchcybercrimeis(p.483) unreported.Someisevenundetected.Of
-
CyberCrime
Page 2 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
thoseoffensesthatdocometotheattentionofauthorities,theorganizationalcircumstancesoftheperpetrator(orperpetrators)isoftenunknown.Thoseofficialstatisticsthatdoexistoftenrelatetothesubstantiveoffenseratherthanthetechnologiesbywhichitwascommitted.Onemaysaywithconfidencethattheincreasingpervasivenessofdigitaltechnologiesmeansthattheywillcontinuetobeexploitedforcriminalpurposesbyorganizationsbothterrestrialandvirtual.
II.Organizations
A.MorphologyLegitimateorganizationslookverydifferenttodayfromthewaytheyappearedacenturyago(ifindeedtheyexistedthatlonginthepastandhavesurvived).Whatwereonceverticallyintegratedorganizationshaveshedfunctions,preferringtocontractoutspecifictaskstospecialistserviceprovidersratherthandelivereverythingusingin-houseresources.Inrecentyears,thetermvirtualorganizationhasbeencoinedtorefertonetworkedentities,ingeneral,ortothoseorganizationsthatoutsourceasignificantamountofactivity(TapscottandWilliams2006).
Whenscholarsandlawenforcementofficialsthinkoforganizedcrime,theyinstinctivelythinkaboutstereotypicalorganizationscommittingcertaintypesofcrime.Theclassicmonolithic,pyramidalorganization,suchastheYakuza,triads,ortheItalianmafia,engagedinextortionorinthedeliveryofillicitservicescomeimmediatelytomind.Whileafewcriminalorganizationsstillfittheclassicmonolithic,hierarchical,formalmodel,analystsbeganwelloveradecadeagotoobserveemergingvariations(Halstead1998).Muchorganizedcriminalactivitybegantoberecognizedasthecollectiveworkofloosecoalitionsofgroups,collaboratingwitheachotherfromtimetotimetoachievecertainobjectives.Acasediscussedbelowillustratesthefranchise-likeoperationsofanorganizedcrimefamilyintheUnitedStates,whereperipheralassociatesmanageteamsofordinarycriminalsandpassapercentageoftheirtaketoformal(made)familymembers.Indeed,todaythetermnetworkhasbecomemorefamiliarthanfamilytodescribeorganizedcrime(Williams2001).Suchnetworksareinvolvedinactivitiesastraditionalasextortionanddrugtraffickingandascontemporaryassoftwarepiracy,creditcardfraud,andonlinechildexploitation(Choo,Smith,andMcCusker2007;Choo2009).
Thereremainaspectsoforganizationallifeincyberspacethatresembletheterrestrialworld.Insomecases,smallgroupsofyouthengageinonlineactivitymuchastheywouldonthestreet;hangingoutandshowingofftoeachother.Whilemuchadolescentbehaviorineithersettingisaninnocentmanifestationofyouthfulexuberance,someisnotsoinnocent.Youthcongregateincyberspace,astheydoonthestreet,for(p.484) illicitfunandforillegalprofit.Theirorganizationalstructureresemblesmorethatofkidsmessingaroundinphysicalspacethanthatofanorganizedcrimegroup.
Otheraspectsaredifferent.Organizationsincyberspacemayinvolverepeatedandintenseinteractionsamongpeoplewhohavenevermeteachotherinperson.Moreover,theymaybesituatedalmostanywhereonthesurfaceoftheearth.Drugnewsgroupsattractpeopleinterestedinthemanufactureofsyntheticillicitdrugs(Schneider2003).Totheextentthattheserelationshipsbecomeinstitutionalized,neworganizationalformsarecreated.ContactmadeinIRCchatroomsbetweenpeoplewhohavenevermeteachother(andmaynevermeeteachother)inphysicalspacecanevolveintohackergroups,piracyorwarezgroups,orchildpornographyrings(Holt2007).
B.LongevityThelifecycleoforganizationshasalsobecomemorevaried.Someorganizationsarestableandenduring,suchastheVaticanorOxfordUniversity.Otherstransformthemselves,adaptingtodramaticallychangingcircumstances.TheSingaporePoliceForceoftodayissubstantiallydifferentfromtheSingaporePoliceForceof1819.Someorganizationshavecomeintoexistenceonlyrecentlytoexploitanewopportunity.Google,Inc.wasfirstincorporatedasrecentlyas1998.Otherorganizationsareshort-lived,comingintoexistenceforaparticularpurposeandthendisbanding.ConsidertheBeijingOrganizingCommitteefortheOlympicGames(BOCOG)thatwasestablishedtooverseethe2008OlympicGamesinBeijing.Itexistsnolonger.Someorganizationsareextremelyshort-lived.Oneofthemorerecentmanifestationsoftheevanescentorganizationisswarming,i.e.,the
-
CyberCrime
Page 3 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
unexpectedgatheringoflargenumbersofpeopleinparticularpubliclocales(White2006).Thecommunicationsprocessesthatunderliesuchgatheringsneednotinvolvehightechnology;rather,wordofmouthcansuffice.ButonecaneasilyappreciatehowswarmingcanbefacilitatedbytheInternetorbydigitaltelephony.InAustralia,recentyearshaveseentheuseoftextmessagestomakeplansforgroupsexualassaultsandraceriots(Morton2004;Perry2005).IraniandissidentsusedsocialnetworkingtechnologiestoorganizeprotestsagainstPresidentMahmoudAhmadinejadin2009(LaFraniereandAnsfield2010).
Morerecently,socialmediaplayedasignificantroleinorganizingtheuprisingsinEgyptandTunisiathatledtotheoverthrowoftheirauthoritarianregimes.SocialnetworkingsitessuchasFacebookenabledstrategiccommunicationsregardingthetimingandlocationofprotestactivity.MediasuchasYouTubewereusedtotransmitapictureofbrutalpolicerepression,locallyandthroughouttheworld,inavoidingstatecensorship(Preston2011).SocialmediawerealsousedincoordinatingtheriotsthattookplaceacrosstheUnitedKingdominAugust2011.TheBlackBerrymessagingservicewasusedtoencouragelootingandtoarrangethetimeandlocationofgatherings.ThispromptedtheBritishgovernmenttoexplorethedevelopmentandimpositionofcontrolsoverthetechnology(Pfanner2011).
(p.485) III.OrganizedCrimeGroupsThedefinitionoforganizedcriminalgroupfromArticle2oftheUNConventiononTransnationalOrganizedCrimeisadoptedinthisessay:
agrouphavingatleastthreemembers,takingsomeactioninconcert(i.e.togetherorinsomeco-ordinatedmanner)forthepurposeofcommittingaseriouscrimeandforthepurposeofobtainingafinancialorotherbenefit.Thegroupmusthavesomeinternalorganizationorstructure,andexistforsomeperiodoftimebeforeoraftertheactualcommissionoftheoffence(s)involved.
Whetherthechangesinorganizationallifenotedabovewillresultinmoreephemeralcollectivitiestobedeemedcriminalorganizationsremainstobeseen.Ithasevenbeensuggestedthatasingleindividualwhosucceedsinbuildinganetworkofcompromisedcomputers(arobotnetworkorbotnet) iscreatinganewformofcriminalorganization(Chang2012).
A.TraditionalOrganizedCriminalGroupsOrganizedcrimeisnotanewphenomenon.Itpreceded,andthenaccompanied,theriseofthemodernstate.Pursuitoffinancialgainhasalwaysbeenthedrivingforcebehindtraditionalorganizedcrime,althoughthedesireforpower,respect,comradeship,andadventurealsofigureprominentlyinthemotivationalmix.
However,thenatureoforganizationallifeischangingforcriminalorganizationsnolessthanforlegitimateones.Monolithic,hierarchical,formalorganizationsstillexist,butorganizationalformisbecomingincreasinglydiverse.Sotooaretheactivitiesinwhichcriminalorganizationsengage.Toasignificantextent,thesetrendsaretheproductsofrapiddevelopmentsininformationandcommunicationstechnology(ICT),astraditionalorganizedcriminalgroupshaverecognizedthevalueofleveragingICTtofacilitateorenhancethecommissionofcrimes.Examplesinclude:usingICTtofacilitatedrugtrafficking;totrafficincorporatesecretsandidentityinformation;tocommitextortion,frauds,andscamsonline;tolaundermoneyusingonlinepaymentsystems;andtodistributeillegalmaterialsovertheInternet.Ofcourse,criminalorganizations,liketheirlegitimatecounterparts,alsousedigitaltechnologyforroutineincidentalpurposes,suchasrecordkeepingandcommunication.
ExamplesoftraditionalorganizedcriminalgroupsinvolvedincybercrimeincludethehighlystructuredandglobalcriminalsyndicatessuchastheAsiantriadsandJapaneseYakuza,whosecriminalactivitieshavebeenknowntoincludecomputersoftwarepiracyandcreditcardforgeryandfraud(OrganisationforEconomicCo-operationandDevelopment2007).Commentatorshavealsosuggestedthattraditionalorganizedcrimegroups(e.g.,outlawmotorcyclegangs)useonlineresources,suchassocialnetworkingsites,toperformbackgroundcheckson(p.486) potentialandnewmembers(Douglis2010)andtopromotethemselvestoimpressionableyoungpeople.
TraditionalorganizedcriminalgroupsfromeasternEuropehavealsobeenknowntocarryoutextortionfromonlinegamblingandpornographywebsitesbythreateningtocarryoutdenial-of-serviceattacksusingbotnets(Choo
1
-
CyberCrime
Page 4 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
2007).Inrecentyears,organizedcriminalgroupshavebeenreportedtorecruitanewgenerationofhigh-flyingcybercriminalsusingtacticswhichechothoseemployedbytheKGBtorecruitoperativesattheheightofthecoldwar(McAfee2006,p.2).Thisshouldcomeasnosurprisetolong-timepoliticalobservers.IncountriessuchasRussia,thelackofeconomicandemploymentopportunitieshaveforcedmanyhighlyeducatedindividualswithadvancedcomputerandprogrammingskillstoworkinthecyberunderground.
Inits2008threatassessment,theSeriousOrganisedCrimeAgencyintheUnitedKingdomwarnedthattraditionalorganizedcriminalgroupsarealsoincreasinglyusingfalseandstolenidentitiestocommitnon-fiscalfrauds(SeriousOrganisedCrimeAgency2008,p.9).ForexampleinMay2009,11defendants,allegedtobemembersofacrewworkinginFloridaforanassociateoftheNewYorkbasedBonnanocrimefamily,werechargedwithvariousoffenses,includingtheillegalmanufactureoffraudulentchecksandfraudinconnectionwithaccessdevices.Thegroupincludedoneindividualwithabackgroundincomputingwhoaccesseddatabaseswithaviewtowardidentifyingpotentialextortionvictims.Healsousedhiscomputingskillsintheproductionofcounterfeitchecks. InJapan,conventionalcriminalgroupsalsoprovideventurecapitalfortechniciansspecializinginhackingandfraud(TokyoReporter2009).AnothercaseinvolvedalargeanddiverseconspiracyamongmembersoftheGambinocrimefamilyallegedtohaveengagedinfabricationoffalsebarcodelabelsandcreditcards.Onememberoftheconspiracy,whoworkedforachainofhomeimprovementstores,hadaccesstotherequisitetechnology(USDepartmentofJustice2010).AthirdexampleinvolvedotherassociatesoftheBonnanofamilywhowereactiveinthetelecommunicationsindustryandwhowereimplicatedinaschemeoffraudulentbillingoftelephoneaccounts.
InOctober2011,111individualsfromfivedifferentcriminalgroupswereindictedbylocalauthoritiesinNewYorkCityforarangeofoffensesrelatedtoidentitytheft,creditcardforgery,andfraud.Anumberoftheaccusedwerealsoallegedlyinvolvedinarangeofterrestrialoffenses,includingburglaryandrobbery.Itwasallegedthatthegroupsobtainedcreditcarddetailsfromskimming(forexample,bycomplicitrestaurantemployees)orfromInternetsuppliersthroughillegalwebsites.Counterfeitcreditcardswerethenmanufactured,andteamsofshoppersdeployedtopurchasehigh-endmerchandise,someofwhichwassoldonlinebyfences(QueensCountyDistrictAttorney2011).
Traditionalorganizedcrimegroups(andorganizedcybercrimegroupsdescribedinthenextsection)havealsobeenknowntohiremoneymulesinthemoneylaunderingprocess.Moneymulesareindividualshiredbyorganizedcriminalstoperforminternationalwirefraudortopurchaseprepaidcards,andthentomailorshipprepaidcardsoutofthecountrywithoutregulatorsbeingaware(Choo2008,footnote14).AsChoo,(p.487) Kim-KwangRaymond,RussellGSmith,andRobMcCusker(2009,p.xxi)pointout,[o]rganisedoperationsthatmakeuseofconventionaltechnology-enabledcrimemethodologies,suchasfinancialscamsorpiracy,willalsoincreaseastheuseofnetworkedcomputersforcriminalpurposesdevelops.
Inrarecases,criminalorganizationsmayengagetheservicesofformerlawenforcementofficerswithadegreeoftechnologicalexpertise.OneformerFBIagentaccessedthebureausdatabaseandalertedtwosuspectsthattheyweretargetsofaninvestigation(USDepartmentofJustice2005).
B.OrganizedCybercriminalGroupsAnothercategoryoforganizedcriminalgroupconsistsoflike-mindedindividualswhousuallyknoweachotheronlyonline,butwhoareinvolvedinanorganizationalstructureworkingcollectivelytowardacommongoalbecausetheInternetmakesitfareasiertomeetandplanactivities.Althoughtheobjectiveisusuallypursuitoffinancialgain,itcanincludeothercriminalgoalssuchasproducinganddisseminatingchildpornographyandrelatedmaterials.Forexample,in2007morethan700suspectsassociatedwiththeUK-basedInternetchatroom,Kids,theLightofOurLives,werearrestedworldwide(ChildExploitationandOnlineProtection2007).
Anotherexamplerelatestosoftwarepiracy.DrinkorDiewasagroupofinformationtechnologyspecialistswhoobtainedcopiesofsoftwareandotherdigitalproducts,strippedthemoftheircopyrightprotection,andpostedthemtohundredsofInternetsitesaroundtheworld.Priortotheircollaborationinfurtheranceofpiracy,nonehadsignificantcriminalbackgrounds.Memberswerelocatedinanumberofcountries,includingtheUnitedStates,theUnitedKingdom,andAustralia;mostoftheirinteractionsoccurredincyberspaceratherthanontheground.InDecember2001,thesimultaneousexecutionof58searchwarrantsbroughtanendtotheconspiracy.Oneofthe
2
3
-
CyberCrime
Page 5 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
members,anAustralian,hadneversetfootintheUnitedStates,althoughhewaseventuallyextradited,convicted,andimprisonedthere(Urbas2006).
C.IdeologicallyandPoliticallyMotivatedCybercrimeGroupsPriortoSeptember11,2001,terrorismandorganizedcrimewereusuallyconsideredseparateentitiesbecausetheydidnotsharethesamemotivatingfactor.Theprimaryobjectiveoforganizedcrimeismoney.Bycontrast,terroristorganizationshavepoliticalgoals.Inrecentyears,however,aconvergencebetweenterrorismandorganizedcrimehasbeennoted.Thevarietyofwaysinwhichdigitaltechnologymaybeusedinfurtheranceofterrorismincludecommunications,intelligence,propagandaandpsychologicalwarfare,recruitment,andtraining(Thomas2003).Conventionalcriminalorganizationshaveagreatdealofexpertisetoofferterroristgroups.Crimescommonlyassociatedwithorganizedcriminalgroups(e.g.,scamandfraudschemes,identityand(p.488)immigrationcrimes,andthecounterfeitofgoods)arealsoprecursorcrimesusedbyterroristgroupstoraisefunds(Sanderson2004).
Someterroristsengageincybercrimetoacquireresourceswithwhichtofinancetheiroperations,especiallysinceformalfundstransfershavecomeunderincreasingscrutinyfromantimoneylaunderingauthorities.ImamSamudra,convictedarchitectofthe2002Balibombings,reportedlycalleduponhisfollowerstocommitcreditcardfraud(Sipress2004).TheTamilTigersareallegedtohaveengagedincreditcardfraudtosupporttheiroperations(HutchinsonandOMalley2007).
Othersseektoharassorthreatenanadversary.Originally,thistooktheformofmailbombinginwhichthousandsofemailsweredirectedatatargetinanefforttodegradethesystem.InMay1999,theWhiteHousewebsitewasoverloadedwithvisitsfollowingthebombingoftheChineseembassyinBelgrade(NationalInfrastructureProtectionCenter2001).Today,botnetsareusedforsuchapurpose,aswasthecaseinthe2007denialofserviceattacksagainstEstonianservers(LandlerandMarkoff2007).
A2006report(IDSS2006)highlightedtheproliferationofjihad-orientedsitesinSoutheastAsia,whichfacilitateradicalizationamongtheMuslimcommunityintheregion.Eightthousandwebsitesespousingradicalideologies,suchashostinghateandterrorismcontents,arereportedlyidentifiedinamorerecentreportbytheWiesenthalCentersDigitalTerrorandHate2.0(SimonWiesenthalCenter2008).SuchsitestargetthedigitalgenerationtheyoungandtheInternet-awareparticularlywithintheMuslimcommunity.Thelatter,withashallowunderstandingofIslam,maybevulnerabletotheseductivepropagandapostedonsuchsitesandforums.
In2007,SingaporesInternalSecurityDepartmentinvestigatedInternet-drivenradicalizationcasesinvolvingSingaporeansattractedtoterroristandradicalideasontheInternet(Kor2007).Morerecently,inApril2010,afull-timenationalservicemaninthearmywasarrestedinSingaporeunderthatnationsInternalSecurityAct.AccordingtothemediareleasefromtheMinistryofHomeAffairs,itwasallegedthattheaccusedbegansearchingforjihadistpropagandaonlinewhilehewasastudentinoneofSingaporeslocaleducationalinstitutions.Overtime,theaccusedbecamedeeplyradicalizedbythematerialshefoundonlineandconvincedthatitwashisreligiousdutytoundertaketerroristactivities.Theaccusedallegedlywentonlineinsearchofinformationonbomb-making,andheproducedandpostedavideoglorifyingsuicidebombingbeforebeingarrested(MinistryofHomeAffairs,Singapore2010).ThiscaseandothersaroundtheworldillustratesomeofthewaysinwhichterroristscanexploittheInternetandnewmediachannels(e.g.,socialnetworkingsites)forcriminalpurposes.
D.State-OrganizedCybercrimeWhenagovernmentorlargecommercialnetworkcomesundercyberattack,itisnotimmediatelyapparentwhetherthesourceoftheattackisaskillfulteenager,anorganizedcrimegroup,oranation-state.Infact,itmayinvolvetwoormoreofthese.Governmentsdonotalwaysusecivilservantstoperformtheirdirtywork.Theymayturnablindeye(p.489) toillegalitythatisseenasservingstateinterests.Theymayoffertacit,orevenactive,encouragementtocybercriminals.
Anumberofprominentattacks,theoriginsofwhichremainobscure,haveoccurredinrecentyears.ThecyberattacksagainstgovernmentserversinEstoniainApril2007apparentlysoughttointimidatetheEstoniangovernmentanditspeopleforhavingrelocatedaSoviet-eramemorialtofallenRussiansoldiers.Ithasbeen
-
CyberCrime
Page 6 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
suggestedthatcriminalorganizationsplayedasignificantroleintheattacks;thedegreetowhichtheRussiangovernmentwascomplicitremainsunclear(LandlerandMarkoff2007).
InMarch2009,itwasrevealedthatanumberofcomputersystemsservingtheDalaiLamasTibetanexilecentersaroundtheworldhadbeenpenetratedbyasophisticatedsurveillancesystem.Thescaleofthesurveillanceactivity,whichwastracedtothreesitesinChinaaswellastoawebhostingserviceinSouthernCalifornia,seemedtoindicategovernmentactivity.Itwassuggestedtheworkmayhaveinvolvedpatriotichackerswhowereassociatedwith,butindependentof,thestate. TheChinesegovernmentdismissedthesuggestionthatitwasinvolvedinthesurveillance(Markoff2009;MunkCentre2009).Cybercriminalscanmakeuseofvarioustechnologies,includinglaunchingacyberattackfromproxyserversinthirdcountriestoconcealtheiridentity.Definitiveattributionofthesource(s)ofanycyberattackisnoeasytaskandcanbeverytimeconsuming.Itlargelydependsonthetechnicalexpertiseofperpetratorsandseveralotherfactors,includingthejurisdictionfromwhichtheyoperate.State-sponsoredcyberattacksarenolongerfiction,butthequestionremains:Howdoesonedeterminewhetheranattackiscriminaloranactofcyberwar?
InJanuary2010,Googleannouncedthatithadbecomethetargetofasophisticatedandcoordinatedattack,apparentlyoriginatinginChina,thatresultedintheaccessingofGmailaccounts,includingthoseofChinesehumanrightsactivists.TheChinesegovernmentdeniedresponsibility.Morebroadly,theUSgovernment,assistedbythetelecommunicationsindustry,engagedinwidespreadillegalinterceptionoftelecommunicationstrafficduringtheGeorgeW.Bushadministration(Bamford2008).
In2010,itbecameapparentthatawormmalwarereferredtoasStuxnethaddisruptedcentrifugesessentialtouraniumenrichmentprocessesinIran.AnalysisofStuxnetsuggestedthatthemalwarewasdesignedtoreprogramtheICSbymodifyingcodeonprogrammablelogiccontrollers(PLCs)tomakethemworkinamannertheattackerintendedandtohidethosechangesfromtheoperatoroftheequipmentandthemalwareconsistedof[several]zero-dayexploits,aWindowsrootkit,thefirsteverPLCrootkit,antivirusevasiontechniques,complexprocessinjectionandhookingcode,networkinfectionroutines,peer-to-peerupdates,andacommandandcontrolinterface(Falliere,Murchu,andChien2010,pp.12).Thedegreeofsophisticationofthecode,theknowledgeofSiemenscontrolsystemsnecessaryforitsdevelopment,theneedfortestingandrefinementoftheworm,andthechallengeofitsultimateinsertioninrelevantIraniancomputersystemssuggestthatitwastheworkofstateactors,subsequentlyreportedtobetheUnitedStatesandIsrael(Markoff2010,2011;Sanger2012).
In2011,SouthKoreanauthoritiesaccusedChina-basedNorthKoreanhackersofinfiltratingonlinegamingsites.Afterestablishingrobotaccountsandusingautomated(p.490) software,theplayersallegedlyaccumulatedgamingpointsandexchangedthemforcash.ApercentageoftheproceedswasreportedlyretainedbytheplayersandtheremaindertransferredtoNorthKorea(Choe2011).
Cybercrime,ingeneral,andorganizedcybercrime,inparticular,arefollowingtwobasictrends:sophisticationandcommercialization.
E.SophisticationTechnologydoesnotstandstill,andthosewhoseektomakebestuseofit,forpurposeslegitimateorotherwise,mustkeepabreastofthelatestdevelopments.Thetrajectoryisalongonefromusingcommercialoff-the-shelf(COTS)technologytoscanandduplicate$50notestotheindustrial-sizedoperationsforthemanufactureofpiratedDVDs.
Virusesandwormsoncetookdaystospreadaroundtheglobe.Theynowtakeminutestodoso.Maliciouscodecanbedesignedtolookforopeningsand,onceitinvadesatargetcomputer,tocoveritsowntracks(Thompson2004;MarkoffandVance2010);itcanalsobedesignedtoallowremotecontrolofacomputer,enablingtheintrudertoactivateaudioandvideorecordingfeaturesandtocapturetheinformationcontainedtherein(Markoff2009).ThescopeandcomplexityoftheattackagainsttheDaliLamassystemsappearstobewithoutprecedent,asdoesthedomesticelectronicsurveillancepracticedbytheUSgovernment.TheStuxnetwormthatinfectedIraniannuclearfacilitiesin2010waspreciselycalibratedandapparentlytheworkofaskilledteamofprogrammers(BroadandSanger2010).Onamoremodestlevel,participantsinaninternationalstockfraudconspiracy(discussedbelow)usedspecialsoftwaretoconcealtheoriginoftheirSpamemailsandtocircumventtheir
4
-
CyberCrime
Page 7 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
recipientsSpamfilters.(USDepartmentofJustice2009a).
F.CommercializationAtthedawnofthedigitalage,muchcomputercrimetookplaceforfunratherthanforprofit.Thedistributionofillicitimagesofchildrenoccurredinthecontextofabartereconomy.Othercomputercriminalsweremotivatedbytheintellectualchallenge,byadventure,orbyrebelliousspiritratherthanbymercenaryconsiderations.Practitionersofdigitalpiracygaveproductsawayratherthansellingthem.Viruswritersregardedtheiractivityasanartformratherthanasawaytomakealiving.Today,theservicesofaccomplishedhackersareavailableforhire;acriminalgroupcanrentrobotnetworksforuseinspamming,denialofserviceattacks,orextortion,anddigitalpiracyhasbecomebigbusiness.Additionalcategoriesoffinanciallymotivatedcybercrimesinclude:
Computerornetworkintrusionssuchashackingandunauthorizedaccesstoobtainsensitiveinformation.Forexample,in1994,ARussiannamedVladimirLevinobtainedaccesstotheserversofCitibankintheUnitedStates.Hewasable(p.491) toimpersonatelegitimateCitibankaccountholdersandbegantotransferfundsfromtheiraccountstonewaccountsopenedbyhisaccomplicesaroundtheworld.Thefraudwasdetected,andtheaccompliceswerearrestedwhentheyattemptedtowithdrawthemoney(Smith,Grabosky,andUrbas2004,p.51).InAugust2008,11individuals(includingthreeUScitizens,onefromEstonia,threefromUkraine,twofromthePeoplesRepublicofChina,onefromBelarus,andonewithunknownplaceoforigin)werechargedwithnumerouscrimes,includingconspiracy,computerintrusion,fraud,andidentitytheft.ItwasallegedthatthegroupmemberswereinvolvedinthehackingofninemajorUSretailersandthetheftandsaleofmorethan40millioncreditanddebitcardnumbers.ThesenumberswereusedtowithdrawtensofthousandsofdollarsfromATMs(USDepartmentofJustice2008).Phishing:Internetscamsfrequentlyuseunsolicitedmessagespurportingtooriginatefromalegitimatesourcetodeceiveindividualsororganizationsintodisclosingtheirfinancialand/orpersonalidentityinformation.Thisinformationcanthenbeusedtocommitorfacilitatecrimessuchasfraud,identitytheft,andstealingofsensitiveinformation(e.g.,bankingcredentialsortradesecrets).Severalresearchersandsecuritypractitionershavealsonotedtheinvolvementoforganizedcrimegroupsinphishingscams.Alargeconspiracyinvolving38individualsinRomaniaandtheUnitedStatesobtainedcreditcarddetailsthroughphishing.Theythenusedthesedetailsinthecounterfeitingofcreditcards(USFederalBureauofInvestigation2008a,2008b).Spamisunsolicitedcommercialemailintendedtopersuaderecipientstobuyproducts,legitimateorotherwise.Spammayalsobeusedtospreadfalserumorsaboutstockstradedonstockexchangesaroundtheworld.InNovember2009,fourmenweresentencedintheUnitedStatesfortheirparticipationinaninternationalstockfraudscheme.Theypurchasedthinlytradedsharesandthenusedmassemailstospreadfalserumorsabouttheshareslikelyincreaseinprice.Whenthepriceofthesharesincreased,theconspiratorssoldtheirholdingsforaprofit(USDepartmentofJustice2009a).Malwarecreationanddissemination:Malware,alsoknownasmalicioussoftware,isdesignedtoinstallitselfonacomputerwithoutthecomputerownersinformedconsent,particularlyifitdoessoinawaythatmaycompromisethesecurityofthecomputer.MalwareincludesTrojans,viruses,andworms.The2008UKThreatAssessmentreportnotedthatmostnewmalwareisdesignedtostealfinancialdata(suchascreditcarddetails,bankaccountdetails,passwords,PINnumbers)asaprecursortovariousfraudsandotherdeceptions(SOCA2008,p.9).In2009,AlbertGonzalez,aresidentofMiami,Florida,pleadedguiltytocontrollinganumberofserversandgrantingaccesstootherhackerswiththeknowledgethattheywouldusetheiraccesstostoremalwareandthenattackcorporatevictims.Theirultimateobjectiveappearstohavebeentheftofcreditcarddetails.Gonzalezusedmultipleantivirusprogramstotestthequalityofhismalware(USDepartmentofJustice2009b).(p.492) Internetfraudsandscamsarelimitedonlybytheimaginationofprospectivecriminals.OffensesofthistypeincludeNigerianadvancefeefrauds(alsoknownas419scams),onlineauctionfrauds,andidentityandcreditcardfrauds.Fraudulentinvestmentsolicitationsaregreatlyfacilitatedbydigitaltechnology.In2004,fourmenpleadedguiltytofraudconcerninganInternet-basedPonzischemeinvolving15,000investorsandUSD$60millionininvestments(USDepartmentofJustice2004).
G.CountriesInvolvedinContemporaryCybercrime
-
CyberCrime
Page 8 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
Organizedcybercrimeisaglobalphenomenon.Thosecountriesthatstrictlyregulateonlineaccess(suchasBurma)hostfeweroffendersandhavefewervictims.Countrieswithmanypersonsskilledininformationtechnology,butwhichofferfeweropportunitiesforlegitimateenrichment(suchasRussia),havemanyoffenders.Affluentnationswithhighindividualandcorporateconnectivity,andwithavibrante-commercesector(suchastheUnitedStates,theUnitedKingdom,andthecountriesofcontinentalwesternEurope),willhavemorevictims.Theworldstwomostpopulousnations,ChinaandIndia,areexperiencingincreasingaffluenceanddigitalconnectivity;theirprominenceincybercrimeislikelytoincreasecommensurately.
IV.RespondingtoOrganizedCybercriminalActivitiesAstheInternetandotherformsofinformationandcommunicationstechnologiescontinuetoadvance,theopportunitiesforcybercriminalactivitieswillincrease.Atthesametime,theresourcesandskillsofmostlawenforcementagencieswillremainlimited.Thisgapwillrequireanadroitcombinationofwarnings,reassurance,andstrategictargetingofthemostseriouscyberthreats.Sovereignstateshavetheirownpriorities.AuthoritiesintheUnitedStatesareparticularlyattentivetoonlinechildpornography,theftof(US-owned)intellectualproperty,andattemptstocompromiseUSgovernmentandcommercialsystems.Bycontrast,lawenforcementinthePeoplesRepublicofChinaismoreconcernedaboutcommentscriticalofgovernmentpolicy,includingstatementsadvocatingTibetanandTaiwaneseindependence.
Wehavenotedthatcybercrimecanbecommittedbyindividualsorgroupsalikeaseasilyfromacrosstheglobeasfromacrosstown.Andsomeorganizationsthemselvestranscendnationalborders.Asisthecasewithterrestrialtransnationalorganizedcrime,theeffectivecontroloftransnationalcybercrimerequiresadegreeofcooperationbetweencountries.Thefoundationforthiscooperationrequiresadegreeoflegislativeuniformity,commonpriorities,andadequateinvestigativecapacity.
(p.493) A.Self-DefenseRegardlessofwhetherornottheperpetratorisorganized,thefirstlineofdefenseagainstcybercrimeisself-defense.Justasisthecaseintheterrestrialworld,peoplewithassetstoprotectshouldsafeguardthem.Atthemostbasiclevel,parentsshouldexerciseadegreeofsupervisionovertheirchildrensuseofdigitaltechnologytoreducethelikelihoodoftheirbecomingvictimsoroffenders.Ordinaryusersshouldinvestinanappropriatelevelofsecuritysoftware,safeguardtheirPINnumbers,andavoidunsolicitedoverturesfromsuspectsources.Largeorganizationsthatmaybevulnerabletoattackshouldhaveasecuritysysteminplacecommensuratewiththeassetsthattheyneedtoprotect.Fortunately,enormousincentivesareinplaceforcommercialactorstocontributetocyberspacesecurity.Untoldrichesawaitthosewhocandesignsystemsthatareeasytousebutdifficulttoexploitforcriminalpurposes.
B.CapacityBuildingJurisdictionsneedthelegislativeandenforcementcapacitytorespondtocybercrimeasitcontinuestoevolve.Becausecyberattackscanoriginatefromalmostanywhereandcanberoutedthroughnumerousjurisdictionsenroutetotheirtarget,itisintheinterestofallnationsthatthoseonthedisadvantagedsideofthedigitaldividehavetheresourcestoallowcooperationwiththeirbetterendowedcounterparts.Unfortunately,thisiseasiersaidthandone.Thepoorestnationscannotaffordtopaytheirpolicemuchlessestablishhigh-techcrimesquads.
Essentialtosuccessfulinterdictionofcross-nationalorganizedcybercrimearethreefactors,namely(1)legislativeharmony,(2)aframeworkoflawenforcementcooperation,and(3)thecapacitytoinvestigateand,ifnecessary,toprosecute.ThefirststepsinthisdirectionweretakenbytheG-8andbytheCouncilofEurope,whosecybercrimeconventionhasservedasalegislativeandpolicymodelforanumberofnon-Europeannations,includingAustraliaandJapan.TheUNConventionagainstTransnationalCrimeprovidesafurtherframework.
NotalloftheworldsnationsareequallyenthusiasticabouttheCouncilofEuropeCybercrimeConvention,however.Thosewhowerenotinvolvedinthelaboriousworkofdraftingtheconventionmayfeelalackofownership.Others,recallingthehistoryofEuropeanimperialism,mayharborsuspicionsofpoliciesemanatingfromEurope.Alternativeprotocolshavethusbeenproposedwithaviewtowardobtainingtheimprimaturofthe
-
CyberCrime
Page 9 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
UnitedNations(SchjolbergandGhernaouti-Helie2009).
C.Public/PrivateCooperationInyearspast,policeinmanycountrieswouldportraythemselvesasomniscient,omnicompetent,andomnipresent.Thispostureofinvincibilitywascentraltotheirstrategy(p.494) ofpublicreassurance.Morerecently,policehaveconcededthatthevolumeofcybercrimeexceedstheircapacitytocontrolitontheirown.Thus,theyhavesoughttoformpartnershipswithavarietyofnonstateactors.
Thisisentirelyappropriateasagreatdealofknowledgeaboutcybercrimeanditscontrolresidesoutsideofthepublicsector.Theinformationsecurityindustry,forexample,commandsvastexpertise.Softwareandentertainmentindustriesareoftenveryknowledgeableabouttheriskstheyfaceandaboutwheretheserisksoriginate.LargecorporationssuchasMicrosoftprovidetrainingprogramsforlawenforcementagenciesaroundtheworld,andtheyoffermonetaryrewardsforinformationleadingtotheidentificationofviruswriters.
D.InternationalCooperationOrganizedcybercrimehasproventobeadauntingchallengeforlawenforcementbutnotaninsurmountableone.Onecouldciteanumberofsuccessfulinvestigations,notonlywithinagivenjurisdiction,butalsoinvestigationsofcross-nationalcriminalactivityinvolvinglawenforcementagenciesfrommanycountries.Anumberofcross-nationalinvestigationsoforganizedcybercrimegroupshavebeensuccessful.Amongmanyothers,theseincludethecaseinvolvingthearrestoftwoRomaniancitizensonanInterpolwarrant.BothdefendantswereextraditedtotheUnitedStatesandwerechargedeachwithonecountofconspiracytocommitfraudinconnectionwithaccessdevices,onecountofconspiracytocommitbankfraud,andonecountofaggravatedidentitytheft.ItwasallegedthatbothdefendantsandfiveotherRomaniancitizensparticipatedinanInternetphishingschemethatvictimizedindividuals,financialinstitutions,andcompanies(USFederalBureauofInvestigation2009).
E.CyberSecurityResearchAlthoughnetworksandsoftwarebreachesoftenattractmostofthemediasattentionwhenitcomestocybersecurity,hardwareissimilarlyvulnerable.Ahardwarebreachcanbemoredifficulttodetectand,hence,defendagainstthananetworkorsoftwareintrusion.Thechallengeforthepublicandprivatesectorsistodesigntechnologiesthatarerobustinthesensethattheirlegitimateuseisminimallyconstrainedbuttheirillegitimateuseispreventedordiscouraged(Grabosky2007).Aneedexists,arguably,formoreresearchtobefundedtofindwaystomitigateexistingandnewcybersecurityrisks.
Governmentsarewisetoinvestsignificantlyineducation,science,andR&D.Doingsowouldenableinformationsecurityresearcherstoplayamoresignificantroleindesigningstate-of-the-artcryptographicsoftwareandhardwarethatcanbedeployedinanonlineenvironment.Ofcourse,criminalsarealsoabletodevelopandusetechnologiesinfurtheranceoftheirownobjectives.Thefutureoforganizedcybercrimeseemslikelytobecharacterizedbyacontinuingtechnologicalarmsrace.
(p.495) V.ConclusionFewtodaywouldchallengetheassertionthattheeraofglobalizationhasbeenaccompaniedbyanincreaseintransnationalorganizedcrime.Digitaltechnologyhasempoweredtraditionalcriminalorganizations,dramaticallyincreasingtheeasewithwhichtheycancommitoffensessuchasfraudandextortion.Ithasalsoenabledtheemergenceofentirelynewcrimegroupsandentirelynewcrimetypes,suchasonlinepiracyandvandalism.Itislikelythat,asdigitaltechnologybecomesmorepervasive,itsuseasaninstrumentandasatargetoforganizedcrimewillbecomeincreasinglycommon.Everynewtechnology,andeverynewapplication,willbepotentiallyvulnerabletocriminalexploitation.Itisalsolikelythatneworganizationalformswillemergetocombatcybercrime.Theseformscouldentailincreasinglyintegratedinternationalandpublic/privatepartnerships.Indeed,SusanBrennerhassuggestedthat,oneday,theresponsetocybercrimemaybetheresponsibilityofaprivatemultinationalbody(Brenner,2002).Thismaysoundfarfetched,butitisnomorefarfetchedthanwastheideaofcybercrimeitselfagenerationago.
-
CyberCrime
Page 10 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
ReferencesBamford,James.2008.TheShadowFactory:TheUltra-secretNSAfrom9/11totheEavesdroppingonAmerica.NewYork:Doubleday.
Brenner,S.W.2002.OrganizedCybercrime?HowCyberspaceMayAffecttheStructureofCriminalRelationships.NorthCarolinaJournalofLaw&Technology4(1):150.
(p.496) Broad,WilliamJ.,andDavidE.Sanger.2010.WormWasPerfectforSabotagingCentrifuges.NewYorkTimes(November18).http://www.nytimes.com/2010/11/19/world/middleeast/19stuxnet.html?pagewanted=2&emc=eta1
Chang,YaoChung.2012.CybercrimeintheGreaterChinaRegion:RegulatoryResponsesandCrimePreventionAcrosstheTaiwanStrait.Cheltenham:EdwardElgar
ChildExploitationandOnlineProtection.2007.GlobalOnlineChildAbuseNetworkSmashed-CEOPleadinternationaloperationintoUKbasedpaedophilering.CEOP(June18)http://www.ceop.police.uk/Media-Centre/Press-releases/2007/Global-Online-Child-Abuse-Network-Smashed/
Choe,SanhHun.2011.SeoulWarnsofLatestNorthKoreanThreat:AnArmyofOnlineGamingHackers.NewYorkTimes(August4).http://www.nytimes.com/2011/08/05/world/asia/05korea.html?_r=1&scp=1&sq=north%20korea%20hackers&st=cse
Choo,Kim-KwangRaymond.2007.ZombiesandBotnets.TrendsandIssuesinCrimeandCriminalJustice333:16.http://www.aic.gov.au/publications/current%20series/tandi/321-340/tandi333.aspx
Choo,Kim-KwangRaymond.2008.OrganisedCrimeGroupsinCyberspace:ATypology.TrendsinOrganizedCrime11(3):27095.
Choo,Kim-KwangRaymond.2009.OnlineChildGrooming:ALiteratureReviewontheMisuseofSocialNetworkingSitesforGroomingChildrenforSexualOffences.ResearchandPublicPolicy103.Canberra:AustralianInstituteofCriminology.http://www.aic.gov.au/publications/current%20series/rpp/100-120/rpp103.aspx
Choo,Kim-KwangRaymond,RussellGSmith,andRobMcCusker.2009.FutureDirectionsinTechnology-EnabledCrime:200709.ResearchandPublicPolicy78.Canberra:AustralianInstituteofCriminology.http://www.aic.gov.au/publications/current%20series/rpp/61-80/rpp78.aspx
Douglis,Fred.2010.ClosingtheOpen(Face)Book.IEEEInternetComputing(SeptemberOctober):46.
FalliereN.,L.O.Murchu,andE.Chien.2010.W32.StuxnetDossier:Version1.3(November2010).Cupertino,CA:Symantec.
Grabosky,Peter.2007.TheInternet,Technology,andOrganizedCrime.AsianJournalofCriminology2(2):145161.
Halstead,Boronia.1998.TheUseofModelsintheAnalysisofOrganizedCrimeandDevelopmentofPolicy.TransnationalOrganizedCrime4(1):124.
Holt,ThomasJ.2007.SubculturalEvolution?ExaminingtheInfluenceofOn-andOff-LineExperiencesonDeviantSubcultures.DeviantBehavior28:171198.
Hutchinson,S.,andP.OMalley.2007.ACrime-TerrorNexus?ThinkingonSomeoftheLinksbetweenTerrorismandCriminality.StudiesinConflict&Terrorism,30(12):10951107.
IanelliN.,andA.Hackworth.2005.BotnetsasaVehicleforOnlineCrime.Pittsburgh,PA:CERTCoordinationCenter.
InstituteofDefenceandStrategicStudies(IDSS).2006.ProceedingsoftheInternationalConferenceonTerrorisminSoutheastAsia:TheThreatandResponse.http://www.rsis.edu.sg/publications/conference_reports/NEW%20TerrorismSEAConference05.pdf
-
CyberCrime
Page 11 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
Kor,KorBian.2007.SporesdiyTerror:WhoIsThisMan.TheNewPaper(Singapore)(June10).
LaFraniere,Sharon,andJonathanAnsfield.2010.ChinaAlarmedbyThreattoSecurityfromCyberattacks.NewYorkTimes(February11).http://www.nytimes.com/2010/02/12/world/asia/12cyberchina.html?emc=eta1
(p.497) Landler,Mark,andJohnMarkoff.2007.DigitalFearsEmergeafterDataSiegeinEstonia.NewYorkTimes(May29).http://www.nytimes.com/2007/05/29/technology/29estonia.html
Markoff,John.2009.TrackingCyberspiesthroughtheWebWilderness.NewYorkTimes(May29).http://www.nytimes.com/2009/05/12/science/12cyber.html?scp=106&sq=dalai+lama&st=nyt
Markoff,John.2010.ASilentAttack,butNotaSubtleOne.NewYorkTimes(September26).http://www.nytimes.com/2010/09/27/technology/27virus.html?scp=5&sq=stuxnet&st=cse
Markoff,John.2011.MalwareAimedatIranHitFiveSites,ReportSays.NewYorkTimes(February11).http://www.nytimes.com/2011/02/13/science/13stuxnet.html?scp=3&sq=stuxnet&st=cse
Markoff,John,andAshleeVance.2010.FearingHackersWhoLeaveNoTrace.NewYorkTimes(January19).http://www.nytimes.com/2010/01/20/technology/20code.html?scp=4&sq=markoff&st=nyt
McAfee.2006.VirtualCriminologyReport:OrganisedCrimeandtheInternet.SantaClara,CA:McAfee.
McCusker,Rob.2006.TransnationalOrganisedCyberCrime:DistinguishingThreatfromReality.Crime,LawandSocialChange46(45):257273.
MinistryofHomeAffairs,Singapore(MHA).2010.Detention,ImpositionofRestrictionOrdersandReleaseundertheInternalSecurityAct,July06,2010.Mediarelease(July6).http://www.singaporeunited.sg/cep/index.php/web/Our-News/Detention-Imposition-Of-Restriction-Orders-And-Release-Under-The-Internal-Security-Act
Morton,Tom.2004.MutatingMobiles.BackgroundBriefing,ABCRadioNational(April25).http://www.abc.net.au/radionational/programs/backgroundbriefing/mutating-mobiles/3408828#transcript
MunkCentreforInternationalStudies.2009.TrackingGhostNet:InvestigatingaCyberEspionageNetwork.Toronto:MunkCentre.http://www.nartv.org/mirror/ghostnet.pdf
NationalInfrastructureAdvisoryCouncil(NIAC).2004.PrioritizingCyberVulnerabilities.http://www.dhs.gov/xlibrary/assets/niac/NIAC_CyberVulnerabilitiesPaper_Feb05.pdf
NationalInfrastructureProtectionCenter2001.CyberProtests:TheThreattotheU.S.InformationInfrastructure.NationalInfrastructureProtectionCenter,Washington.http://www.au.af.mil/au/awc/awcgate/nipc/cyberprotests.htm
OrganisationforEconomicCo-operationandDevelopment(OECD).2007.TheEconomicImpactofCounterfeitingandPiracy.Paris:OrganisationforEconomicCo-operationandDevelopment.http://www.oecd.org/dataoecd/11/38/38704571.pdf
Perry,Michael.2005.SydneyViolenceFueledbyRace,IgnoranceandYouth.NewYorkTimes(December15).http://www.redorbit.com/modules/news/tools.php?tool=print&id=330837
Pfanner,Eric.2011.CameronExploringCrackdownonSocialMediaafterRiots.NewYorkTimes(August11).http://www.nytimes.com/2011/08/12/world/europe/12iht-social12.html?scp=1&sq=social+media+london+riots&st=nyt
Preston,Jennifer.2011.MovementBeganwithOutrageandaFacebookPageThatGaveItanOutlet.NewYorkTimes(February5).http://www.nytimes.com/2011/02/06/world/middleeast/06face.html?pagewanted=1&sq=socialmediaegypt&st=cse&scp=2
-
CyberCrime
Page 12 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
QueensCountyDistrictAttorney.2011.111IndividualsChargedinMassiveInternationalIdentityTheftandCounterfeitCreditCardOperationBasedinQueens.Mediarelease(October7).http://www.queensda.org/newpressreleases/2011/october/op%20swiper_credit%20card_id%20fraud_10_07_2011_ind.pdf
(p.498) Sanderson,Thomas.2004.TransnationalTerrorandOrganizedCrime:BlurringtheLines.SAISReview24(1):4961.
Sanger,David.2012.ConfrontandConceal:ObamasSecretWarsandSurprisingUseofAmericanPower.NewYork:Crown.
Schjolberg,Stein,andSolangeGhernaouti-Helie.2009.AGlobalProtocolonCybersecurityandCybercrime.Oslo:Cybercrimedata.
Schneider,JacquelineL.2003.HidinginPlainSight:AnExplorationoftheActivitiesofaDrugsNewsgroup.HowardJournalofCriminalJustice42(4):372389.
SeriousOrganisedCrimeAgency(SOCA).2008.TheUnitedKingdomThreatAssessmentofSeriousOrganisedCrime.London:SeriousOrganisedCrimeAgency.
Shane,Scott,andAndrewW.Lehren.2010.CablesObtainedbyWikiLeaksShineLightintoSecretDiplomaticChannels.NewYorkTimes(November28).http://www.nytimes.com/2010/11/29/world/29cables.html?hp
SimonWiesenthalCenter.2008.iReport:OnlineTerror+Hate:TheFirstDecade.http://www.wiesenthal.com/atf/cf/%7BDFD2AAC1-2ADE-428A-9263-35234229D8D8%7D/IREPORT.PDF
Sipress,A.2004.AnIndonesiansPrisonMemoirTakesHolyWarintoCyberspace:InSignofNewThreat,MilitantOffersTipsonCreditCardFraud.WashingtonPost(December14).http://msl1.mit.edu/furdlog/docs/washpost/2004-12-14_washpost_jihadis_online.pdf
Smith,RussellG.,PeterGrabosky,andGregUrbas.2004.CyberCriminalsonTrial.Cambridge:CambridgeUniversityPress.
Tapscott,Don,andAnthonyD.Williams.2006.Wikinomics:HowMassCollaborationChangesEverything.London:Atlantic.
Thomas,T.L.2003.AlQaedaandtheInternet:TheDangerofCyberplanning.Parameters33(1):112123.http://www.iwar.org.uk/cyberterror/resources/cyberplanning/al-qaeda.htm
Thompson,Clive.2004.TheVirusUnderground.NewYorkTimesMagazine(February8).http://www.nytimes.com/2004/02/08/magazine/the-virus-underground.html
TokyoReporter.2009.OntheTokyoViceBeatwithJakeAdelstein.(October27).http://www.tokyoreporter.com/2009/10/27/on-the-tokyo-vice-beat-with-jake-adelstein/
Urbas,Gregor.2006.Cross-NationalInvestigationandProsecutionofIntellectualPropertyCrimes:TheExampleofOperationBuccaneer.CrimeLawandSocialChange46(45):207221.
USDepartmentofJustice.2004.FourthDefendantinMassiveInternetScamPleadsGuiltytoFraudandMoneyLaunderingChargesCaseInvolves$60MillioninInvestmentsby15,000Investors.Mediarelease(November18).http://www.justice.gov/criminal/cybercrime/press-releases/2004/nordickPlea_triwest.htm
USDepartmentofJustice.2005.FormerFBIAgentPleadsGuiltytoObstructionofJustice.Mediarelease(June23).http://www.justice.gov/usao/nye/pr/2005/2005jun23.html
USDepartmentofJustice.2008a.RetailHackingRingChargedforStealingandDistributingCreditandDebitCardNumbersfromMajorUSRetailers.Mediarelease(August5).http://www.justice.gov/opa/pr/2008/August/08-ag-689.html
-
CyberCrime
Page 13 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
USDepartmentofJustice.2008b.38IndividualsinUSandRomaniaChargedinTwoRelatedCasesofComputerFraudInvolvingInternationalOrganizedCrime:InternationalLawEnforcementCooperationLeadstoDisruptionofOrganizedCrimeRingOperatinginUSandRomania.Mediarelease(May19).http://www.justice.gov/opa/pr/2008/May/08_odag_434.html
(p.499) USDepartmentofJustice.2009a.DetroitSpammerandThreeCo-conspiratorsSentencedforMulti-millionDollarE-mailStockFraudScheme.Mediarelease(November23).http://www.justice.gov/opa/pr/2009/November/09-crm-1275.html
USDepartmentofJustice.2009b.MajorInternationalHackerPleadsGuiltyforMassiveAttackonUSRetailandBankingNetworks.Mediarelease(December29).http://www.justice.gov/opa/pr/2009/December/09-crm-1389.html
USDepartmentofJustice.2010.HighRankingCrimeFamilySoldierPleadsGuiltytoRacketeeringCharge.Mediarelease(January5).http://www.justice.gov/usao/nj/Press/files/pdffiles/2010/mero0105%20rel.pdf
USFederalBureauofInvestigation.2008.GonePhishing:GlobalRingGetsRatherSlick.(May).http://www.fbi.gov/page2/may08/phishing_052008.html
USFederalBureauofInvestigation.2009.TwoRomanianCitizensExtraditedtotheUnitedStatestoFaceChargesRelatedtoAllegedPhishingScheme.Mediarelease.(September29).http://www.fbi.gov/newhaven/press-releases/2009/nh092909.htm
White,Rob.2006.SwarmingandtheSocialDynamicsofGroupViolence.TrendsandIssuesinCrimeandCriminalJustice326:16.
Williams,Phil.2001.TransnationalCriminalNetworks.InNetworksandNetwars,editedbyJohnArquillaandDavidRonfeldt.SantaMonica,CA:RANDCorporation,6197.
Notes:(1).Abotnet(robotnetwork)isanetworkofindividualcomputersinfectedwithbotmalware.Thesecompromisedcomputersarealsoknownaszombiesorzombiecomputers.Thezombies,underthecontrolofthebotnetcontroller,canthenbeusedasremoteattacktoolstofacilitatethesendingofspam,hostingofphishingwebsites,distributionofmalware,andmountingdenialofserviceattacks.Buildingbotnetsrequiresminimallevelsofexpertise(IanelliandHackworth2005).Abrieftwo-stepoverviewonhowtobuildabotnetisoutlinedinChoo(2007).
(2).http://www.justice.gov/usao/fls/PressReleases/Attachments/090521-02.Indictment.pdf.
(3).http://www.justice.gov/usao/nye/vw/PendingCases/CR-03-304_Indictment_S6-_US_v_SALVATORE_LOCASCIO.pdf.
(4).AmongthemanyclassifiedUSgovernmentdocumentspublishedbyWikileaksinNovember2010wereallegationsthattheChinesegovernmentorchestratedasystematiccampaignofcomputerintrusions,includinggovernmentoperatives,privatesecurityexperts,andspeciallyrecruitedinternetoutlaws(ShaneandLehren2010).
Kim-KwangRaymondChooKim-KwangRaymondChooisaSeniorLecturerattheUniversityofSouthAustralia,andhas(co)authoredanumberofpublicationsintheareasofcyberandinformationsecurity,andanti-moneylaunderingincludingabookpublishedinSpringersAdvancesinInformationSecuritybookseriesandsixAICrefereedmonographs.Heistherecipientofvariousawardsandscholarshipsincluding2010AustralianCapitalTerritory(ACT)PearceyAwardfor"TakingariskandmakingadifferenceinthedevelopmentoftheAustralianICTindustry",2010ConsensusITProfessionalAward,2009FulbrightScholarship,2008AustraliaDayAchievementMedallioninrecognitionofmydedicationandcontributiontotheAIC,andthroughittothepublicserviceofthenation,andBritishComputerSociety'sWilkesAwardforthebestpaperpublishedinthe2007volumeofOxfordUniversityPress'sComputerJournal.PeterGraboskyPeterGrabosky,aProfessorintheRegulatoryInstitutionsNetworkattheAustralianNationalUniversity,andaFellowoftheAcademyoftheSocialSciencesinAustralia,holdsaPhDinPoliticalSciencefromNorthwesternUniversity.Hisinterestslieinthe
-
CyberCrime
Page 14 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
areasofcybercrime,regulation,policing,andtheroleofnon-stateactorsinpublicpolicy.HisrecentbooksincludeCrimeandTerrorism(2010withM.Stohl);LengtheningtheArmoftheLaw:EnhancingPoliceResourcesinthe21stCentury(2009withAylingandShearing)andElectronicCrime(2007).