CHAPTER 18 Cyber Crime Clay Wilson CYBER CRIME is becoming ...
Cyber Crime
14
CyberCrime Page 1 of 14 PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All Rights Reserved. Under the terms of the licence agreement, an individual user may print out a PDF of a single chapter of a title in Oxford Handbooks Online for personal use (for details see Privacy Policy ). Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015 Print Publication Date: Oct 2014 Subject: Criminology and Criminal Justice, Organized Crime Online Publication Date: Aug 2013 DOI: 10.1093/oxfordhb/9780199730445.013.003 CyberCrime Kim-Kwang Raymond Choo and Peter Grabosky The Oxford Handbook of Organized Crime Edited by Letizia Paoli Oxford Handbooks Online Abstract and Keywords This essay considers how information and communications technologies (ICT) are used by organized crime groups. Three categories of groups are identified: traditional organized criminal groups, which make use of ICT to enhance their terrestrial criminal activities; organized cybercriminal groups, which operate exclusively online; and organized groups of ideologically and politically motivated individuals (including state and state-sponsored actors), who make use of ICT to facilitate their criminal conduct. We feel that it is important to draw a distinction between these types of organized criminal groups, particularly when formulating cybersecurity policy, because cybercriminality is not a monolithic threat. The article will note the transnational nature of much organized criminal activity and will discuss mechanisms for the control of organized crime in the digital age. Keywords: Cybercrime, cybersecurity, organized cybercriminal groups, organized criminal groups, public/private cooperation, state organized cybercrime I. Introduction Computers and network-based systems lie at the heart of critical infrastructures around the world, particularly in the technologically advanced countries (National Infrastructure Advisory Council 2004). This is hardly surprising as the proliferation of information and communications technologies (ICT) and connectivity of the Internet in today’s digital age open the door to increased productivity, faster communication capabilities, and immeasurable convenience. This creates not only benefits for the community, but also risks of criminal exploitation. Digital technology has empowered ordinary individuals as never before. A person acting alone can communicate with millions of people, instantly and at negligible cost. Sole individuals are now able to penetrate and disrupt major governmental systems and prominent retailing sites. Organizations too have been greatly empowered by digital technology, for better and for worse. This essay looks at the exploitation of digital technology in furtherance of organized crime. It first addresses the concept of criminal organization and suggests the desirability of a more expansive construction to accommodate the evolution and diversification of organizational forms in the modern era. It then looks at three types of organized crime groups: (1) traditional organized crime groups, which make use of ICT to enhance their terrestrial criminal activities; (2) organized cybercrime groups, which operate exclusively online; and (3) organized groups of ideologically and politically motivated individuals, who make use of ICT to facilitate their criminal conduct. The essay notes emerging trends in organized cybercrime and concludes with a few suggestions for the prevention and control of organized crime in the digital age. Although it would be pleasing to be able to cite comprehensive statistics on patterns and trends in organized cybercrime, this remains an elusive goal. Much cybercrime is (p. 483) unreported. Some is even undetected. Of
-
Upload
diego-alonso-collantes -
Category
Documents
-
view
3 -
download
0
description
Crimen informático y Derecho Penal
Transcript of Cyber Crime
-
CyberCrime
Page 1 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
PrintPublicationDate: Oct2014 Subject: CriminologyandCriminalJustice,OrganizedCrimeOnlinePublicationDate: Aug2013
DOI: 10.1093/oxfordhb/9780199730445.013.003
CyberCrime Kim-KwangRaymondChooandPeterGraboskyTheOxfordHandbookofOrganizedCrimeEditedbyLetiziaPaoli
OxfordHandbooksOnline
AbstractandKeywords
Thisessayconsidershowinformationandcommunicationstechnologies(ICT)areusedbyorganizedcrimegroups.Threecategoriesofgroupsareidentified:traditionalorganizedcriminalgroups,whichmakeuseofICTtoenhancetheirterrestrialcriminalactivities;organizedcybercriminalgroups,whichoperateexclusivelyonline;andorganizedgroupsofideologicallyandpoliticallymotivatedindividuals(includingstateandstate-sponsoredactors),whomakeuseofICTtofacilitatetheircriminalconduct.Wefeelthatitisimportanttodrawadistinctionbetweenthesetypesoforganizedcriminalgroups,particularlywhenformulatingcybersecuritypolicy,becausecybercriminalityisnotamonolithicthreat.Thearticlewillnotethetransnationalnatureofmuchorganizedcriminalactivityandwilldiscussmechanismsforthecontroloforganizedcrimeinthedigitalage.Keywords:Cybercrime,cybersecurity,organizedcybercriminalgroups,organizedcriminalgroups,public/privatecooperation,stateorganizedcybercrime
I.IntroductionComputersandnetwork-basedsystemslieattheheartofcriticalinfrastructuresaroundtheworld,particularlyinthetechnologicallyadvancedcountries(NationalInfrastructureAdvisoryCouncil2004).Thisishardlysurprisingastheproliferationofinformationandcommunicationstechnologies(ICT)andconnectivityoftheInternetintodaysdigitalageopenthedoortoincreasedproductivity,fastercommunicationcapabilities,andimmeasurableconvenience.Thiscreatesnotonlybenefitsforthecommunity,butalsorisksofcriminalexploitation.
Digitaltechnologyhasempoweredordinaryindividualsasneverbefore.Apersonactingalonecancommunicatewithmillionsofpeople,instantlyandatnegligiblecost.Soleindividualsarenowabletopenetrateanddisruptmajorgovernmentalsystemsandprominentretailingsites.Organizationstoohavebeengreatlyempoweredbydigitaltechnology,forbetterandforworse.
Thisessaylooksattheexploitationofdigitaltechnologyinfurtheranceoforganizedcrime.Itfirstaddressestheconceptofcriminalorganizationandsuggeststhedesirabilityofamoreexpansiveconstructiontoaccommodatetheevolutionanddiversificationoforganizationalformsinthemodernera.Itthenlooksatthreetypesoforganizedcrimegroups:(1)traditionalorganizedcrimegroups,whichmakeuseofICTtoenhancetheirterrestrialcriminalactivities;(2)organizedcybercrimegroups,whichoperateexclusivelyonline;and(3)organizedgroupsofideologicallyandpoliticallymotivatedindividuals,whomakeuseofICTtofacilitatetheircriminalconduct.Theessaynotesemergingtrendsinorganizedcybercrimeandconcludeswithafewsuggestionsforthepreventionandcontroloforganizedcrimeinthedigitalage.
Althoughitwouldbepleasingtobeabletocitecomprehensivestatisticsonpatternsandtrendsinorganizedcybercrime,thisremainsanelusivegoal.Muchcybercrimeis(p.483) unreported.Someisevenundetected.Of
-
CyberCrime
Page 2 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
thoseoffensesthatdocometotheattentionofauthorities,theorganizationalcircumstancesoftheperpetrator(orperpetrators)isoftenunknown.Thoseofficialstatisticsthatdoexistoftenrelatetothesubstantiveoffenseratherthanthetechnologiesbywhichitwascommitted.Onemaysaywithconfidencethattheincreasingpervasivenessofdigitaltechnologiesmeansthattheywillcontinuetobeexploitedforcriminalpurposesbyorganizationsbothterrestrialandvirtual.
II.Organizations
A.MorphologyLegitimateorganizationslookverydifferenttodayfromthewaytheyappearedacenturyago(ifindeedtheyexistedthatlonginthepastandhavesurvived).Whatwereonceverticallyintegratedorganizationshaveshedfunctions,preferringtocontractoutspecifictaskstospecialistserviceprovidersratherthandelivereverythingusingin-houseresources.Inrecentyears,thetermvirtualorganizationhasbeencoinedtorefertonetworkedentities,ingeneral,ortothoseorganizationsthatoutsourceasignificantamountofactivity(TapscottandWilliams2006).
Whenscholarsandlawenforcementofficialsthinkoforganizedcrime,theyinstinctivelythinkaboutstereotypicalorganizationscommittingcertaintypesofcrime.Theclassicmonolithic,pyramidalorganization,suchastheYakuza,triads,ortheItalianmafia,engagedinextortionorinthedeliveryofillicitservicescomeimmediatelytomind.Whileafewcriminalorganizationsstillfittheclassicmonolithic,hierarchical,formalmodel,analystsbeganwelloveradecadeagotoobserveemergingvariations(Halstead1998).Muchorganizedcriminalactivitybegantoberecognizedasthecollectiveworkofloosecoalitionsofgroups,collaboratingwitheachotherfromtimetotimetoachievecertainobjectives.Acasediscussedbelowillustratesthefranchise-likeoperationsofanorganizedcrimefamilyintheUnitedStates,whereperipheralassociatesmanageteamsofordinarycriminalsandpassapercentageoftheirtaketoformal(made)familymembers.Indeed,todaythetermnetworkhasbecomemorefamiliarthanfamilytodescribeorganizedcrime(Williams2001).Suchnetworksareinvolvedinactivitiesastraditionalasextortionanddrugtraffickingandascontemporaryassoftwarepiracy,creditcardfraud,andonlinechildexploitation(Choo,Smith,andMcCusker2007;Choo2009).
Thereremainaspectsoforganizationallifeincyberspacethatresembletheterrestrialworld.Insomecases,smallgroupsofyouthengageinonlineactivitymuchastheywouldonthestreet;hangingoutandshowingofftoeachother.Whilemuchadolescentbehaviorineithersettingisaninnocentmanifestationofyouthfulexuberance,someisnotsoinnocent.Youthcongregateincyberspace,astheydoonthestreet,for(p.484) illicitfunandforillegalprofit.Theirorganizationalstructureresemblesmorethatofkidsmessingaroundinphysicalspacethanthatofanorganizedcrimegroup.
Otheraspectsaredifferent.Organizationsincyberspacemayinvolverepeatedandintenseinteractionsamongpeoplewhohavenevermeteachotherinperson.Moreover,theymaybesituatedalmostanywhereonthesurfaceoftheearth.Drugnewsgroupsattractpeopleinterestedinthemanufactureofsyntheticillicitdrugs(Schneider2003).Totheextentthattheserelationshipsbecomeinstitutionalized,neworganizationalformsarecreated.ContactmadeinIRCchatroomsbetweenpeoplewhohavenevermeteachother(andmaynevermeeteachother)inphysicalspacecanevolveintohackergroups,piracyorwarezgroups,orchildpornographyrings(Holt2007).
B.LongevityThelifecycleoforganizationshasalsobecomemorevaried.Someorganizationsarestableandenduring,suchastheVaticanorOxfordUniversity.Otherstransformthemselves,adaptingtodramaticallychangingcircumstances.TheSingaporePoliceForceoftodayissubstantiallydifferentfromtheSingaporePoliceForceof1819.Someorganizationshavecomeintoexistenceonlyrecentlytoexploitanewopportunity.Google,Inc.wasfirstincorporatedasrecentlyas1998.Otherorganizationsareshort-lived,comingintoexistenceforaparticularpurposeandthendisbanding.ConsidertheBeijingOrganizingCommitteefortheOlympicGames(BOCOG)thatwasestablishedtooverseethe2008OlympicGamesinBeijing.Itexistsnolonger.Someorganizationsareextremelyshort-lived.Oneofthemorerecentmanifestationsoftheevanescentorganizationisswarming,i.e.,the
-
CyberCrime
Page 3 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
unexpectedgatheringoflargenumbersofpeopleinparticularpubliclocales(White2006).Thecommunicationsprocessesthatunderliesuchgatheringsneednotinvolvehightechnology;rather,wordofmouthcansuffice.ButonecaneasilyappreciatehowswarmingcanbefacilitatedbytheInternetorbydigitaltelephony.InAustralia,recentyearshaveseentheuseoftextmessagestomakeplansforgroupsexualassaultsandraceriots(Morton2004;Perry2005).IraniandissidentsusedsocialnetworkingtechnologiestoorganizeprotestsagainstPresidentMahmoudAhmadinejadin2009(LaFraniereandAnsfield2010).
Morerecently,socialmediaplayedasignificantroleinorganizingtheuprisingsinEgyptandTunisiathatledtotheoverthrowoftheirauthoritarianregimes.SocialnetworkingsitessuchasFacebookenabledstrategiccommunicationsregardingthetimingandlocationofprotestactivity.MediasuchasYouTubewereusedtotransmitapictureofbrutalpolicerepression,locallyandthroughouttheworld,inavoidingstatecensorship(Preston2011).SocialmediawerealsousedincoordinatingtheriotsthattookplaceacrosstheUnitedKingdominAugust2011.TheBlackBerrymessagingservicewasusedtoencouragelootingandtoarrangethetimeandlocationofgatherings.ThispromptedtheBritishgovernmenttoexplorethedevelopmentandimpositionofcontrolsoverthetechnology(Pfanner2011).
(p.485) III.OrganizedCrimeGroupsThedefinitionoforganizedcriminalgroupfromArticle2oftheUNConventiononTransnationalOrganizedCrimeisadoptedinthisessay:
agrouphavingatleastthreemembers,takingsomeactioninconcert(i.e.togetherorinsomeco-ordinatedmanner)forthepurposeofcommittingaseriouscrimeandforthepurposeofobtainingafinancialorotherbenefit.Thegroupmusthavesomeinternalorganizationorstructure,andexistforsomeperiodoftimebeforeoraftertheactualcommissionoftheoffence(s)involved.
Whetherthechangesinorganizationallifenotedabovewillresultinmoreephemeralcollectivitiestobedeemedcriminalorganizationsremainstobeseen.Ithasevenbeensuggestedthatasingleindividualwhosucceedsinbuildinganetworkofcompromisedcomputers(arobotnetworkorbotnet) iscreatinganewformofcriminalorganization(Chang2012).
A.TraditionalOrganizedCriminalGroupsOrganizedcrimeisnotanewphenomenon.Itpreceded,andthenaccompanied,theriseofthemodernstate.Pursuitoffinancialgainhasalwaysbeenthedrivingforcebehindtraditionalorganizedcrime,althoughthedesireforpower,respect,comradeship,andadventurealsofigureprominentlyinthemotivationalmix.
However,thenatureoforganizationallifeischangingforcriminalorganizationsnolessthanforlegitimateones.Monolithic,hierarchical,formalorganizationsstillexist,butorganizationalformisbecomingincreasinglydiverse.Sotooaretheactivitiesinwhichcriminalorganizationsengage.Toasignificantextent,thesetrendsaretheproductsofrapiddevelopmentsininformationandcommunicationstechnology(ICT),astraditionalorganizedcriminalgroupshaverecognizedthevalueofleveragingICTtofacilitateorenhancethecommissionofcrimes.Examplesinclude:usingICTtofacilitatedrugtrafficking;totrafficincorporatesecretsandidentityinformation;tocommitextortion,frauds,andscamsonline;tolaundermoneyusingonlinepaymentsystems;andtodistributeillegalmaterialsovertheInternet.Ofcourse,criminalorganizations,liketheirlegitimatecounterparts,alsousedigitaltechnologyforroutineincidentalpurposes,suchasrecordkeepingandcommunication.
ExamplesoftraditionalorganizedcriminalgroupsinvolvedincybercrimeincludethehighlystructuredandglobalcriminalsyndicatessuchastheAsiantriadsandJapaneseYakuza,whosecriminalactivitieshavebeenknowntoincludecomputersoftwarepiracyandcreditcardforgeryandfraud(OrganisationforEconomicCo-operationandDevelopment2007).Commentatorshavealsosuggestedthattraditionalorganizedcrimegroups(e.g.,outlawmotorcyclegangs)useonlineresources,suchassocialnetworkingsites,toperformbackgroundcheckson(p.486) potentialandnewmembers(Douglis2010)andtopromotethemselvestoimpressionableyoungpeople.
TraditionalorganizedcriminalgroupsfromeasternEuropehavealsobeenknowntocarryoutextortionfromonlinegamblingandpornographywebsitesbythreateningtocarryoutdenial-of-serviceattacksusingbotnets(Choo
1
-
CyberCrime
Page 4 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
2007).Inrecentyears,organizedcriminalgroupshavebeenreportedtorecruitanewgenerationofhigh-flyingcybercriminalsusingtacticswhichechothoseemployedbytheKGBtorecruitoperativesattheheightofthecoldwar(McAfee2006,p.2).Thisshouldcomeasnosurprisetolong-timepoliticalobservers.IncountriessuchasRussia,thelackofeconomicandemploymentopportunitieshaveforcedmanyhighlyeducatedindividualswithadvancedcomputerandprogrammingskillstoworkinthecyberunderground.
Inits2008threatassessment,theSeriousOrganisedCrimeAgencyintheUnitedKingdomwarnedthattraditionalorganizedcriminalgroupsarealsoincreasinglyusingfalseandstolenidentitiestocommitnon-fiscalfrauds(SeriousOrganisedCrimeAgency2008,p.9).ForexampleinMay2009,11defendants,allegedtobemembersofacrewworkinginFloridaforanassociateoftheNewYorkbasedBonnanocrimefamily,werechargedwithvariousoffenses,includingtheillegalmanufactureoffraudulentchecksandfraudinconnectionwithaccessdevices.Thegroupincludedoneindividualwithabackgroundincomputingwhoaccesseddatabaseswithaviewtowardidentifyingpotentialextortionvictims.Healsousedhiscomputingskillsintheproductionofcounterfeitchecks. InJapan,conventionalcriminalgroupsalsoprovideventurecapitalfortechniciansspecializinginhackingandfraud(TokyoReporter2009).AnothercaseinvolvedalargeanddiverseconspiracyamongmembersoftheGambinocrimefamilyallegedtohaveengagedinfabricationoffalsebarcodelabelsandcreditcards.Onememberoftheconspiracy,whoworkedforachainofhomeimprovementstores,hadaccesstotherequisitetechnology(USDepartmentofJustice2010).AthirdexampleinvolvedotherassociatesoftheBonnanofamilywhowereactiveinthetelecommunicationsindustryandwhowereimplicatedinaschemeoffraudulentbillingoftelephoneaccounts.
InOctober2011,111individualsfromfivedifferentcriminalgroupswereindictedbylocalauthoritiesinNewYorkCityforarangeofoffensesrelatedtoidentitytheft,creditcardforgery,andfraud.Anumberoftheaccusedwerealsoallegedlyinvolvedinarangeofterrestrialoffenses,includingburglaryandrobbery.Itwasallegedthatthegroupsobtainedcreditcarddetailsfromskimming(forexample,bycomplicitrestaurantemployees)orfromInternetsuppliersthroughillegalwebsites.Counterfeitcreditcardswerethenmanufactured,andteamsofshoppersdeployedtopurchasehigh-endmerchandise,someofwhichwassoldonlinebyfences(QueensCountyDistrictAttorney2011).
Traditionalorganizedcrimegroups(andorganizedcybercrimegroupsdescribedinthenextsection)havealsobeenknowntohiremoneymulesinthemoneylaunderingprocess.Moneymulesareindividualshiredbyorganizedcriminalstoperforminternationalwirefraudortopurchaseprepaidcards,andthentomailorshipprepaidcardsoutofthecountrywithoutregulatorsbeingaware(Choo2008,footnote14).AsChoo,(p.487) Kim-KwangRaymond,RussellGSmith,andRobMcCusker(2009,p.xxi)pointout,[o]rganisedoperationsthatmakeuseofconventionaltechnology-enabledcrimemethodologies,suchasfinancialscamsorpiracy,willalsoincreaseastheuseofnetworkedcomputersforcriminalpurposesdevelops.
Inrarecases,criminalorganizationsmayengagetheservicesofformerlawenforcementofficerswithadegreeoftechnologicalexpertise.OneformerFBIagentaccessedthebureausdatabaseandalertedtwosuspectsthattheyweretargetsofaninvestigation(USDepartmentofJustice2005).
B.OrganizedCybercriminalGroupsAnothercategoryoforganizedcriminalgroupconsistsoflike-mindedindividualswhousuallyknoweachotheronlyonline,butwhoareinvolvedinanorganizationalstructureworkingcollectivelytowardacommongoalbecausetheInternetmakesitfareasiertomeetandplanactivities.Althoughtheobjectiveisusuallypursuitoffinancialgain,itcanincludeothercriminalgoalssuchasproducinganddisseminatingchildpornographyandrelatedmaterials.Forexample,in2007morethan700suspectsassociatedwiththeUK-basedInternetchatroom,Kids,theLightofOurLives,werearrestedworldwide(ChildExploitationandOnlineProtection2007).
Anotherexamplerelatestosoftwarepiracy.DrinkorDiewasagroupofinformationtechnologyspecialistswhoobtainedcopiesofsoftwareandotherdigitalproducts,strippedthemoftheircopyrightprotection,andpostedthemtohundredsofInternetsitesaroundtheworld.Priortotheircollaborationinfurtheranceofpiracy,nonehadsignificantcriminalbackgrounds.Memberswerelocatedinanumberofcountries,includingtheUnitedStates,theUnitedKingdom,andAustralia;mostoftheirinteractionsoccurredincyberspaceratherthanontheground.InDecember2001,thesimultaneousexecutionof58searchwarrantsbroughtanendtotheconspiracy.Oneofthe
2
3
-
CyberCrime
Page 5 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
members,anAustralian,hadneversetfootintheUnitedStates,althoughhewaseventuallyextradited,convicted,andimprisonedthere(Urbas2006).
C.IdeologicallyandPoliticallyMotivatedCybercrimeGroupsPriortoSeptember11,2001,terrorismandorganizedcrimewereusuallyconsideredseparateentitiesbecausetheydidnotsharethesamemotivatingfactor.Theprimaryobjectiveoforganizedcrimeismoney.Bycontrast,terroristorganizationshavepoliticalgoals.Inrecentyears,however,aconvergencebetweenterrorismandorganizedcrimehasbeennoted.Thevarietyofwaysinwhichdigitaltechnologymaybeusedinfurtheranceofterrorismincludecommunications,intelligence,propagandaandpsychologicalwarfare,recruitment,andtraining(Thomas2003).Conventionalcriminalorganizationshaveagreatdealofexpertisetoofferterroristgroups.Crimescommonlyassociatedwithorganizedcriminalgroups(e.g.,scamandfraudschemes,identityand(p.488)immigrationcrimes,andthecounterfeitofgoods)arealsoprecursorcrimesusedbyterroristgroupstoraisefunds(Sanderson2004).
Someterroristsengageincybercrimetoacquireresourceswithwhichtofinancetheiroperations,especiallysinceformalfundstransfershavecomeunderincreasingscrutinyfromantimoneylaunderingauthorities.ImamSamudra,convictedarchitectofthe2002Balibombings,reportedlycalleduponhisfollowerstocommitcreditcardfraud(Sipress2004).TheTamilTigersareallegedtohaveengagedincreditcardfraudtosupporttheiroperations(HutchinsonandOMalley2007).
Othersseektoharassorthreatenanadversary.Originally,thistooktheformofmailbombinginwhichthousandsofemailsweredirectedatatargetinanefforttodegradethesystem.InMay1999,theWhiteHousewebsitewasoverloadedwithvisitsfollowingthebombingoftheChineseembassyinBelgrade(NationalInfrastructureProtectionCenter2001).Today,botnetsareusedforsuchapurpose,aswasthecaseinthe2007denialofserviceattacksagainstEstonianservers(LandlerandMarkoff2007).
A2006report(IDSS2006)highlightedtheproliferationofjihad-orientedsitesinSoutheastAsia,whichfacilitateradicalizationamongtheMuslimcommunityintheregion.Eightthousandwebsitesespousingradicalideologies,suchashostinghateandterrorismcontents,arereportedlyidentifiedinamorerecentreportbytheWiesenthalCentersDigitalTerrorandHate2.0(SimonWiesenthalCenter2008).SuchsitestargetthedigitalgenerationtheyoungandtheInternet-awareparticularlywithintheMuslimcommunity.Thelatter,withashallowunderstandingofIslam,maybevulnerabletotheseductivepropagandapostedonsuchsitesandforums.
In2007,SingaporesInternalSecurityDepartmentinvestigatedInternet-drivenradicalizationcasesinvolvingSingaporeansattractedtoterroristandradicalideasontheInternet(Kor2007).Morerecently,inApril2010,afull-timenationalservicemaninthearmywasarrestedinSingaporeunderthatnationsInternalSecurityAct.AccordingtothemediareleasefromtheMinistryofHomeAffairs,itwasallegedthattheaccusedbegansearchingforjihadistpropagandaonlinewhilehewasastudentinoneofSingaporeslocaleducationalinstitutions.Overtime,theaccusedbecamedeeplyradicalizedbythematerialshefoundonlineandconvincedthatitwashisreligiousdutytoundertaketerroristactivities.Theaccusedallegedlywentonlineinsearchofinformationonbomb-making,andheproducedandpostedavideoglorifyingsuicidebombingbeforebeingarrested(MinistryofHomeAffairs,Singapore2010).ThiscaseandothersaroundtheworldillustratesomeofthewaysinwhichterroristscanexploittheInternetandnewmediachannels(e.g.,socialnetworkingsites)forcriminalpurposes.
D.State-OrganizedCybercrimeWhenagovernmentorlargecommercialnetworkcomesundercyberattack,itisnotimmediatelyapparentwhetherthesourceoftheattackisaskillfulteenager,anorganizedcrimegroup,oranation-state.Infact,itmayinvolvetwoormoreofthese.Governmentsdonotalwaysusecivilservantstoperformtheirdirtywork.Theymayturnablindeye(p.489) toillegalitythatisseenasservingstateinterests.Theymayoffertacit,orevenactive,encouragementtocybercriminals.
Anumberofprominentattacks,theoriginsofwhichremainobscure,haveoccurredinrecentyears.ThecyberattacksagainstgovernmentserversinEstoniainApril2007apparentlysoughttointimidatetheEstoniangovernmentanditspeopleforhavingrelocatedaSoviet-eramemorialtofallenRussiansoldiers.Ithasbeen
-
CyberCrime
Page 6 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
suggestedthatcriminalorganizationsplayedasignificantroleintheattacks;thedegreetowhichtheRussiangovernmentwascomplicitremainsunclear(LandlerandMarkoff2007).
InMarch2009,itwasrevealedthatanumberofcomputersystemsservingtheDalaiLamasTibetanexilecentersaroundtheworldhadbeenpenetratedbyasophisticatedsurveillancesystem.Thescaleofthesurveillanceactivity,whichwastracedtothreesitesinChinaaswellastoawebhostingserviceinSouthernCalifornia,seemedtoindicategovernmentactivity.Itwassuggestedtheworkmayhaveinvolvedpatriotichackerswhowereassociatedwith,butindependentof,thestate. TheChinesegovernmentdismissedthesuggestionthatitwasinvolvedinthesurveillance(Markoff2009;MunkCentre2009).Cybercriminalscanmakeuseofvarioustechnologies,includinglaunchingacyberattackfromproxyserversinthirdcountriestoconcealtheiridentity.Definitiveattributionofthesource(s)ofanycyberattackisnoeasytaskandcanbeverytimeconsuming.Itlargelydependsonthetechnicalexpertiseofperpetratorsandseveralotherfactors,includingthejurisdictionfromwhichtheyoperate.State-sponsoredcyberattacksarenolongerfiction,butthequestionremains:Howdoesonedeterminewhetheranattackiscriminaloranactofcyberwar?
InJanuary2010,Googleannouncedthatithadbecomethetargetofasophisticatedandcoordinatedattack,apparentlyoriginatinginChina,thatresultedintheaccessingofGmailaccounts,includingthoseofChinesehumanrightsactivists.TheChinesegovernmentdeniedresponsibility.Morebroadly,theUSgovernment,assistedbythetelecommunicationsindustry,engagedinwidespreadillegalinterceptionoftelecommunicationstrafficduringtheGeorgeW.Bushadministration(Bamford2008).
In2010,itbecameapparentthatawormmalwarereferredtoasStuxnethaddisruptedcentrifugesessentialtouraniumenrichmentprocessesinIran.AnalysisofStuxnetsuggestedthatthemalwarewasdesignedtoreprogramtheICSbymodifyingcodeonprogrammablelogiccontrollers(PLCs)tomakethemworkinamannertheattackerintendedandtohidethosechangesfromtheoperatoroftheequipmentandthemalwareconsistedof[several]zero-dayexploits,aWindowsrootkit,thefirsteverPLCrootkit,antivirusevasiontechniques,complexprocessinjectionandhookingcode,networkinfectionroutines,peer-to-peerupdates,andacommandandcontrolinterface(Falliere,Murchu,andChien2010,pp.12).Thedegreeofsophisticationofthecode,theknowledgeofSiemenscontrolsystemsnecessaryforitsdevelopment,theneedfortestingandrefinementoftheworm,andthechallengeofitsultimateinsertioninrelevantIraniancomputersystemssuggestthatitwastheworkofstateactors,subsequentlyreportedtobetheUnitedStatesandIsrael(Markoff2010,2011;Sanger2012).
In2011,SouthKoreanauthoritiesaccusedChina-basedNorthKoreanhackersofinfiltratingonlinegamingsites.Afterestablishingrobotaccountsandusingautomated(p.490) software,theplayersallegedlyaccumulatedgamingpointsandexchangedthemforcash.ApercentageoftheproceedswasreportedlyretainedbytheplayersandtheremaindertransferredtoNorthKorea(Choe2011).
Cybercrime,ingeneral,andorganizedcybercrime,inparticular,arefollowingtwobasictrends:sophisticationandcommercialization.
E.SophisticationTechnologydoesnotstandstill,andthosewhoseektomakebestuseofit,forpurposeslegitimateorotherwise,mustkeepabreastofthelatestdevelopments.Thetrajectoryisalongonefromusingcommercialoff-the-shelf(COTS)technologytoscanandduplicate$50notestotheindustrial-sizedoperationsforthemanufactureofpiratedDVDs.
Virusesandwormsoncetookdaystospreadaroundtheglobe.Theynowtakeminutestodoso.Maliciouscodecanbedesignedtolookforopeningsand,onceitinvadesatargetcomputer,tocoveritsowntracks(Thompson2004;MarkoffandVance2010);itcanalsobedesignedtoallowremotecontrolofacomputer,enablingtheintrudertoactivateaudioandvideorecordingfeaturesandtocapturetheinformationcontainedtherein(Markoff2009).ThescopeandcomplexityoftheattackagainsttheDaliLamassystemsappearstobewithoutprecedent,asdoesthedomesticelectronicsurveillancepracticedbytheUSgovernment.TheStuxnetwormthatinfectedIraniannuclearfacilitiesin2010waspreciselycalibratedandapparentlytheworkofaskilledteamofprogrammers(BroadandSanger2010).Onamoremodestlevel,participantsinaninternationalstockfraudconspiracy(discussedbelow)usedspecialsoftwaretoconcealtheoriginoftheirSpamemailsandtocircumventtheir
4
-
CyberCrime
Page 7 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
recipientsSpamfilters.(USDepartmentofJustice2009a).
F.CommercializationAtthedawnofthedigitalage,muchcomputercrimetookplaceforfunratherthanforprofit.Thedistributionofillicitimagesofchildrenoccurredinthecontextofabartereconomy.Othercomputercriminalsweremotivatedbytheintellectualchallenge,byadventure,orbyrebelliousspiritratherthanbymercenaryconsiderations.Practitionersofdigitalpiracygaveproductsawayratherthansellingthem.Viruswritersregardedtheiractivityasanartformratherthanasawaytomakealiving.Today,theservicesofaccomplishedhackersareavailableforhire;acriminalgroupcanrentrobotnetworksforuseinspamming,denialofserviceattacks,orextortion,anddigitalpiracyhasbecomebigbusiness.Additionalcategoriesoffinanciallymotivatedcybercrimesinclude:
Computerornetworkintrusionssuchashackingandunauthorizedaccesstoobtainsensitiveinformation.Forexample,in1994,ARussiannamedVladimirLevinobtainedaccesstotheserversofCitibankintheUnitedStates.Hewasable(p.491) toimpersonatelegitimateCitibankaccountholdersandbegantotransferfundsfromtheiraccountstonewaccountsopenedbyhisaccomplicesaroundtheworld.Thefraudwasdetected,andtheaccompliceswerearrestedwhentheyattemptedtowithdrawthemoney(Smith,Grabosky,andUrbas2004,p.51).InAugust2008,11individuals(includingthreeUScitizens,onefromEstonia,threefromUkraine,twofromthePeoplesRepublicofChina,onefromBelarus,andonewithunknownplaceoforigin)werechargedwithnumerouscrimes,includingconspiracy,computerintrusion,fraud,andidentitytheft.ItwasallegedthatthegroupmemberswereinvolvedinthehackingofninemajorUSretailersandthetheftandsaleofmorethan40millioncreditanddebitcardnumbers.ThesenumberswereusedtowithdrawtensofthousandsofdollarsfromATMs(USDepartmentofJustice2008).Phishing:Internetscamsfrequentlyuseunsolicitedmessagespurportingtooriginatefromalegitimatesourcetodeceiveindividualsororganizationsintodisclosingtheirfinancialand/orpersonalidentityinformation.Thisinformationcanthenbeusedtocommitorfacilitatecrimessuchasfraud,identitytheft,andstealingofsensitiveinformation(e.g.,bankingcredentialsortradesecrets).Severalresearchersandsecuritypractitionershavealsonotedtheinvolvementoforganizedcrimegroupsinphishingscams.Alargeconspiracyinvolving38individualsinRomaniaandtheUnitedStatesobtainedcreditcarddetailsthroughphishing.Theythenusedthesedetailsinthecounterfeitingofcreditcards(USFederalBureauofInvestigation2008a,2008b).Spamisunsolicitedcommercialemailintendedtopersuaderecipientstobuyproducts,legitimateorotherwise.Spammayalsobeusedtospreadfalserumorsaboutstockstradedonstockexchangesaroundtheworld.InNovember2009,fourmenweresentencedintheUnitedStatesfortheirparticipationinaninternationalstockfraudscheme.Theypurchasedthinlytradedsharesandthenusedmassemailstospreadfalserumorsabouttheshareslikelyincreaseinprice.Whenthepriceofthesharesincreased,theconspiratorssoldtheirholdingsforaprofit(USDepartmentofJustice2009a).Malwarecreationanddissemination:Malware,alsoknownasmalicioussoftware,isdesignedtoinstallitselfonacomputerwithoutthecomputerownersinformedconsent,particularlyifitdoessoinawaythatmaycompromisethesecurityofthecomputer.MalwareincludesTrojans,viruses,andworms.The2008UKThreatAssessmentreportnotedthatmostnewmalwareisdesignedtostealfinancialdata(suchascreditcarddetails,bankaccountdetails,passwords,PINnumbers)asaprecursortovariousfraudsandotherdeceptions(SOCA2008,p.9).In2009,AlbertGonzalez,aresidentofMiami,Florida,pleadedguiltytocontrollinganumberofserversandgrantingaccesstootherhackerswiththeknowledgethattheywouldusetheiraccesstostoremalwareandthenattackcorporatevictims.Theirultimateobjectiveappearstohavebeentheftofcreditcarddetails.Gonzalezusedmultipleantivirusprogramstotestthequalityofhismalware(USDepartmentofJustice2009b).(p.492) Internetfraudsandscamsarelimitedonlybytheimaginationofprospectivecriminals.OffensesofthistypeincludeNigerianadvancefeefrauds(alsoknownas419scams),onlineauctionfrauds,andidentityandcreditcardfrauds.Fraudulentinvestmentsolicitationsaregreatlyfacilitatedbydigitaltechnology.In2004,fourmenpleadedguiltytofraudconcerninganInternet-basedPonzischemeinvolving15,000investorsandUSD$60millionininvestments(USDepartmentofJustice2004).
G.CountriesInvolvedinContemporaryCybercrime
-
CyberCrime
Page 8 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
Organizedcybercrimeisaglobalphenomenon.Thosecountriesthatstrictlyregulateonlineaccess(suchasBurma)hostfeweroffendersandhavefewervictims.Countrieswithmanypersonsskilledininformationtechnology,butwhichofferfeweropportunitiesforlegitimateenrichment(suchasRussia),havemanyoffenders.Affluentnationswithhighindividualandcorporateconnectivity,andwithavibrante-commercesector(suchastheUnitedStates,theUnitedKingdom,andthecountriesofcontinentalwesternEurope),willhavemorevictims.Theworldstwomostpopulousnations,ChinaandIndia,areexperiencingincreasingaffluenceanddigitalconnectivity;theirprominenceincybercrimeislikelytoincreasecommensurately.
IV.RespondingtoOrganizedCybercriminalActivitiesAstheInternetandotherformsofinformationandcommunicationstechnologiescontinuetoadvance,theopportunitiesforcybercriminalactivitieswillincrease.Atthesametime,theresourcesandskillsofmostlawenforcementagencieswillremainlimited.Thisgapwillrequireanadroitcombinationofwarnings,reassurance,andstrategictargetingofthemostseriouscyberthreats.Sovereignstateshavetheirownpriorities.AuthoritiesintheUnitedStatesareparticularlyattentivetoonlinechildpornography,theftof(US-owned)intellectualproperty,andattemptstocompromiseUSgovernmentandcommercialsystems.Bycontrast,lawenforcementinthePeoplesRepublicofChinaismoreconcernedaboutcommentscriticalofgovernmentpolicy,includingstatementsadvocatingTibetanandTaiwaneseindependence.
Wehavenotedthatcybercrimecanbecommittedbyindividualsorgroupsalikeaseasilyfromacrosstheglobeasfromacrosstown.Andsomeorganizationsthemselvestranscendnationalborders.Asisthecasewithterrestrialtransnationalorganizedcrime,theeffectivecontroloftransnationalcybercrimerequiresadegreeofcooperationbetweencountries.Thefoundationforthiscooperationrequiresadegreeoflegislativeuniformity,commonpriorities,andadequateinvestigativecapacity.
(p.493) A.Self-DefenseRegardlessofwhetherornottheperpetratorisorganized,thefirstlineofdefenseagainstcybercrimeisself-defense.Justasisthecaseintheterrestrialworld,peoplewithassetstoprotectshouldsafeguardthem.Atthemostbasiclevel,parentsshouldexerciseadegreeofsupervisionovertheirchildrensuseofdigitaltechnologytoreducethelikelihoodoftheirbecomingvictimsoroffenders.Ordinaryusersshouldinvestinanappropriatelevelofsecuritysoftware,safeguardtheirPINnumbers,andavoidunsolicitedoverturesfromsuspectsources.Largeorganizationsthatmaybevulnerabletoattackshouldhaveasecuritysysteminplacecommensuratewiththeassetsthattheyneedtoprotect.Fortunately,enormousincentivesareinplaceforcommercialactorstocontributetocyberspacesecurity.Untoldrichesawaitthosewhocandesignsystemsthatareeasytousebutdifficulttoexploitforcriminalpurposes.
B.CapacityBuildingJurisdictionsneedthelegislativeandenforcementcapacitytorespondtocybercrimeasitcontinuestoevolve.Becausecyberattackscanoriginatefromalmostanywhereandcanberoutedthroughnumerousjurisdictionsenroutetotheirtarget,itisintheinterestofallnationsthatthoseonthedisadvantagedsideofthedigitaldividehavetheresourcestoallowcooperationwiththeirbetterendowedcounterparts.Unfortunately,thisiseasiersaidthandone.Thepoorestnationscannotaffordtopaytheirpolicemuchlessestablishhigh-techcrimesquads.
Essentialtosuccessfulinterdictionofcross-nationalorganizedcybercrimearethreefactors,namely(1)legislativeharmony,(2)aframeworkoflawenforcementcooperation,and(3)thecapacitytoinvestigateand,ifnecessary,toprosecute.ThefirststepsinthisdirectionweretakenbytheG-8andbytheCouncilofEurope,whosecybercrimeconventionhasservedasalegislativeandpolicymodelforanumberofnon-Europeannations,includingAustraliaandJapan.TheUNConventionagainstTransnationalCrimeprovidesafurtherframework.
NotalloftheworldsnationsareequallyenthusiasticabouttheCouncilofEuropeCybercrimeConvention,however.Thosewhowerenotinvolvedinthelaboriousworkofdraftingtheconventionmayfeelalackofownership.Others,recallingthehistoryofEuropeanimperialism,mayharborsuspicionsofpoliciesemanatingfromEurope.Alternativeprotocolshavethusbeenproposedwithaviewtowardobtainingtheimprimaturofthe
-
CyberCrime
Page 9 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
UnitedNations(SchjolbergandGhernaouti-Helie2009).
C.Public/PrivateCooperationInyearspast,policeinmanycountrieswouldportraythemselvesasomniscient,omnicompetent,andomnipresent.Thispostureofinvincibilitywascentraltotheirstrategy(p.494) ofpublicreassurance.Morerecently,policehaveconcededthatthevolumeofcybercrimeexceedstheircapacitytocontrolitontheirown.Thus,theyhavesoughttoformpartnershipswithavarietyofnonstateactors.
Thisisentirelyappropriateasagreatdealofknowledgeaboutcybercrimeanditscontrolresidesoutsideofthepublicsector.Theinformationsecurityindustry,forexample,commandsvastexpertise.Softwareandentertainmentindustriesareoftenveryknowledgeableabouttheriskstheyfaceandaboutwheretheserisksoriginate.LargecorporationssuchasMicrosoftprovidetrainingprogramsforlawenforcementagenciesaroundtheworld,andtheyoffermonetaryrewardsforinformationleadingtotheidentificationofviruswriters.
D.InternationalCooperationOrganizedcybercrimehasproventobeadauntingchallengeforlawenforcementbutnotaninsurmountableone.Onecouldciteanumberofsuccessfulinvestigations,notonlywithinagivenjurisdiction,butalsoinvestigationsofcross-nationalcriminalactivityinvolvinglawenforcementagenciesfrommanycountries.Anumberofcross-nationalinvestigationsoforganizedcybercrimegroupshavebeensuccessful.Amongmanyothers,theseincludethecaseinvolvingthearrestoftwoRomaniancitizensonanInterpolwarrant.BothdefendantswereextraditedtotheUnitedStatesandwerechargedeachwithonecountofconspiracytocommitfraudinconnectionwithaccessdevices,onecountofconspiracytocommitbankfraud,andonecountofaggravatedidentitytheft.ItwasallegedthatbothdefendantsandfiveotherRomaniancitizensparticipatedinanInternetphishingschemethatvictimizedindividuals,financialinstitutions,andcompanies(USFederalBureauofInvestigation2009).
E.CyberSecurityResearchAlthoughnetworksandsoftwarebreachesoftenattractmostofthemediasattentionwhenitcomestocybersecurity,hardwareissimilarlyvulnerable.Ahardwarebreachcanbemoredifficulttodetectand,hence,defendagainstthananetworkorsoftwareintrusion.Thechallengeforthepublicandprivatesectorsistodesigntechnologiesthatarerobustinthesensethattheirlegitimateuseisminimallyconstrainedbuttheirillegitimateuseispreventedordiscouraged(Grabosky2007).Aneedexists,arguably,formoreresearchtobefundedtofindwaystomitigateexistingandnewcybersecurityrisks.
Governmentsarewisetoinvestsignificantlyineducation,science,andR&D.Doingsowouldenableinformationsecurityresearcherstoplayamoresignificantroleindesigningstate-of-the-artcryptographicsoftwareandhardwarethatcanbedeployedinanonlineenvironment.Ofcourse,criminalsarealsoabletodevelopandusetechnologiesinfurtheranceoftheirownobjectives.Thefutureoforganizedcybercrimeseemslikelytobecharacterizedbyacontinuingtechnologicalarmsrace.
(p.495) V.ConclusionFewtodaywouldchallengetheassertionthattheeraofglobalizationhasbeenaccompaniedbyanincreaseintransnationalorganizedcrime.Digitaltechnologyhasempoweredtraditionalcriminalorganizations,dramaticallyincreasingtheeasewithwhichtheycancommitoffensessuchasfraudandextortion.Ithasalsoenabledtheemergenceofentirelynewcrimegroupsandentirelynewcrimetypes,suchasonlinepiracyandvandalism.Itislikelythat,asdigitaltechnologybecomesmorepervasive,itsuseasaninstrumentandasatargetoforganizedcrimewillbecomeincreasinglycommon.Everynewtechnology,andeverynewapplication,willbepotentiallyvulnerabletocriminalexploitation.Itisalsolikelythatneworganizationalformswillemergetocombatcybercrime.Theseformscouldentailincreasinglyintegratedinternationalandpublic/privatepartnerships.Indeed,SusanBrennerhassuggestedthat,oneday,theresponsetocybercrimemaybetheresponsibilityofaprivatemultinationalbody(Brenner,2002).Thismaysoundfarfetched,butitisnomorefarfetchedthanwastheideaofcybercrimeitselfagenerationago.
-
CyberCrime
Page 10 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
ReferencesBamford,James.2008.TheShadowFactory:TheUltra-secretNSAfrom9/11totheEavesdroppingonAmerica.NewYork:Doubleday.
Brenner,S.W.2002.OrganizedCybercrime?HowCyberspaceMayAffecttheStructureofCriminalRelationships.NorthCarolinaJournalofLaw&Technology4(1):150.
(p.496) Broad,WilliamJ.,andDavidE.Sanger.2010.WormWasPerfectforSabotagingCentrifuges.NewYorkTimes(November18).http://www.nytimes.com/2010/11/19/world/middleeast/19stuxnet.html?pagewanted=2&emc=eta1
Chang,YaoChung.2012.CybercrimeintheGreaterChinaRegion:RegulatoryResponsesandCrimePreventionAcrosstheTaiwanStrait.Cheltenham:EdwardElgar
ChildExploitationandOnlineProtection.2007.GlobalOnlineChildAbuseNetworkSmashed-CEOPleadinternationaloperationintoUKbasedpaedophilering.CEOP(June18)http://www.ceop.police.uk/Media-Centre/Press-releases/2007/Global-Online-Child-Abuse-Network-Smashed/
Choe,SanhHun.2011.SeoulWarnsofLatestNorthKoreanThreat:AnArmyofOnlineGamingHackers.NewYorkTimes(August4).http://www.nytimes.com/2011/08/05/world/asia/05korea.html?_r=1&scp=1&sq=north%20korea%20hackers&st=cse
Choo,Kim-KwangRaymond.2007.ZombiesandBotnets.TrendsandIssuesinCrimeandCriminalJustice333:16.http://www.aic.gov.au/publications/current%20series/tandi/321-340/tandi333.aspx
Choo,Kim-KwangRaymond.2008.OrganisedCrimeGroupsinCyberspace:ATypology.TrendsinOrganizedCrime11(3):27095.
Choo,Kim-KwangRaymond.2009.OnlineChildGrooming:ALiteratureReviewontheMisuseofSocialNetworkingSitesforGroomingChildrenforSexualOffences.ResearchandPublicPolicy103.Canberra:AustralianInstituteofCriminology.http://www.aic.gov.au/publications/current%20series/rpp/100-120/rpp103.aspx
Choo,Kim-KwangRaymond,RussellGSmith,andRobMcCusker.2009.FutureDirectionsinTechnology-EnabledCrime:200709.ResearchandPublicPolicy78.Canberra:AustralianInstituteofCriminology.http://www.aic.gov.au/publications/current%20series/rpp/61-80/rpp78.aspx
Douglis,Fred.2010.ClosingtheOpen(Face)Book.IEEEInternetComputing(SeptemberOctober):46.
FalliereN.,L.O.Murchu,andE.Chien.2010.W32.StuxnetDossier:Version1.3(November2010).Cupertino,CA:Symantec.
Grabosky,Peter.2007.TheInternet,Technology,andOrganizedCrime.AsianJournalofCriminology2(2):145161.
Halstead,Boronia.1998.TheUseofModelsintheAnalysisofOrganizedCrimeandDevelopmentofPolicy.TransnationalOrganizedCrime4(1):124.
Holt,ThomasJ.2007.SubculturalEvolution?ExaminingtheInfluenceofOn-andOff-LineExperiencesonDeviantSubcultures.DeviantBehavior28:171198.
Hutchinson,S.,andP.OMalley.2007.ACrime-TerrorNexus?ThinkingonSomeoftheLinksbetweenTerrorismandCriminality.StudiesinConflict&Terrorism,30(12):10951107.
IanelliN.,andA.Hackworth.2005.BotnetsasaVehicleforOnlineCrime.Pittsburgh,PA:CERTCoordinationCenter.
InstituteofDefenceandStrategicStudies(IDSS).2006.ProceedingsoftheInternationalConferenceonTerrorisminSoutheastAsia:TheThreatandResponse.http://www.rsis.edu.sg/publications/conference_reports/NEW%20TerrorismSEAConference05.pdf
-
CyberCrime
Page 11 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
Kor,KorBian.2007.SporesdiyTerror:WhoIsThisMan.TheNewPaper(Singapore)(June10).
LaFraniere,Sharon,andJonathanAnsfield.2010.ChinaAlarmedbyThreattoSecurityfromCyberattacks.NewYorkTimes(February11).http://www.nytimes.com/2010/02/12/world/asia/12cyberchina.html?emc=eta1
(p.497) Landler,Mark,andJohnMarkoff.2007.DigitalFearsEmergeafterDataSiegeinEstonia.NewYorkTimes(May29).http://www.nytimes.com/2007/05/29/technology/29estonia.html
Markoff,John.2009.TrackingCyberspiesthroughtheWebWilderness.NewYorkTimes(May29).http://www.nytimes.com/2009/05/12/science/12cyber.html?scp=106&sq=dalai+lama&st=nyt
Markoff,John.2010.ASilentAttack,butNotaSubtleOne.NewYorkTimes(September26).http://www.nytimes.com/2010/09/27/technology/27virus.html?scp=5&sq=stuxnet&st=cse
Markoff,John.2011.MalwareAimedatIranHitFiveSites,ReportSays.NewYorkTimes(February11).http://www.nytimes.com/2011/02/13/science/13stuxnet.html?scp=3&sq=stuxnet&st=cse
Markoff,John,andAshleeVance.2010.FearingHackersWhoLeaveNoTrace.NewYorkTimes(January19).http://www.nytimes.com/2010/01/20/technology/20code.html?scp=4&sq=markoff&st=nyt
McAfee.2006.VirtualCriminologyReport:OrganisedCrimeandtheInternet.SantaClara,CA:McAfee.
McCusker,Rob.2006.TransnationalOrganisedCyberCrime:DistinguishingThreatfromReality.Crime,LawandSocialChange46(45):257273.
MinistryofHomeAffairs,Singapore(MHA).2010.Detention,ImpositionofRestrictionOrdersandReleaseundertheInternalSecurityAct,July06,2010.Mediarelease(July6).http://www.singaporeunited.sg/cep/index.php/web/Our-News/Detention-Imposition-Of-Restriction-Orders-And-Release-Under-The-Internal-Security-Act
Morton,Tom.2004.MutatingMobiles.BackgroundBriefing,ABCRadioNational(April25).http://www.abc.net.au/radionational/programs/backgroundbriefing/mutating-mobiles/3408828#transcript
MunkCentreforInternationalStudies.2009.TrackingGhostNet:InvestigatingaCyberEspionageNetwork.Toronto:MunkCentre.http://www.nartv.org/mirror/ghostnet.pdf
NationalInfrastructureAdvisoryCouncil(NIAC).2004.PrioritizingCyberVulnerabilities.http://www.dhs.gov/xlibrary/assets/niac/NIAC_CyberVulnerabilitiesPaper_Feb05.pdf
NationalInfrastructureProtectionCenter2001.CyberProtests:TheThreattotheU.S.InformationInfrastructure.NationalInfrastructureProtectionCenter,Washington.http://www.au.af.mil/au/awc/awcgate/nipc/cyberprotests.htm
OrganisationforEconomicCo-operationandDevelopment(OECD).2007.TheEconomicImpactofCounterfeitingandPiracy.Paris:OrganisationforEconomicCo-operationandDevelopment.http://www.oecd.org/dataoecd/11/38/38704571.pdf
Perry,Michael.2005.SydneyViolenceFueledbyRace,IgnoranceandYouth.NewYorkTimes(December15).http://www.redorbit.com/modules/news/tools.php?tool=print&id=330837
Pfanner,Eric.2011.CameronExploringCrackdownonSocialMediaafterRiots.NewYorkTimes(August11).http://www.nytimes.com/2011/08/12/world/europe/12iht-social12.html?scp=1&sq=social+media+london+riots&st=nyt
Preston,Jennifer.2011.MovementBeganwithOutrageandaFacebookPageThatGaveItanOutlet.NewYorkTimes(February5).http://www.nytimes.com/2011/02/06/world/middleeast/06face.html?pagewanted=1&sq=socialmediaegypt&st=cse&scp=2
-
CyberCrime
Page 12 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
QueensCountyDistrictAttorney.2011.111IndividualsChargedinMassiveInternationalIdentityTheftandCounterfeitCreditCardOperationBasedinQueens.Mediarelease(October7).http://www.queensda.org/newpressreleases/2011/october/op%20swiper_credit%20card_id%20fraud_10_07_2011_ind.pdf
(p.498) Sanderson,Thomas.2004.TransnationalTerrorandOrganizedCrime:BlurringtheLines.SAISReview24(1):4961.
Sanger,David.2012.ConfrontandConceal:ObamasSecretWarsandSurprisingUseofAmericanPower.NewYork:Crown.
Schjolberg,Stein,andSolangeGhernaouti-Helie.2009.AGlobalProtocolonCybersecurityandCybercrime.Oslo:Cybercrimedata.
Schneider,JacquelineL.2003.HidinginPlainSight:AnExplorationoftheActivitiesofaDrugsNewsgroup.HowardJournalofCriminalJustice42(4):372389.
SeriousOrganisedCrimeAgency(SOCA).2008.TheUnitedKingdomThreatAssessmentofSeriousOrganisedCrime.London:SeriousOrganisedCrimeAgency.
Shane,Scott,andAndrewW.Lehren.2010.CablesObtainedbyWikiLeaksShineLightintoSecretDiplomaticChannels.NewYorkTimes(November28).http://www.nytimes.com/2010/11/29/world/29cables.html?hp
SimonWiesenthalCenter.2008.iReport:OnlineTerror+Hate:TheFirstDecade.http://www.wiesenthal.com/atf/cf/%7BDFD2AAC1-2ADE-428A-9263-35234229D8D8%7D/IREPORT.PDF
Sipress,A.2004.AnIndonesiansPrisonMemoirTakesHolyWarintoCyberspace:InSignofNewThreat,MilitantOffersTipsonCreditCardFraud.WashingtonPost(December14).http://msl1.mit.edu/furdlog/docs/washpost/2004-12-14_washpost_jihadis_online.pdf
Smith,RussellG.,PeterGrabosky,andGregUrbas.2004.CyberCriminalsonTrial.Cambridge:CambridgeUniversityPress.
Tapscott,Don,andAnthonyD.Williams.2006.Wikinomics:HowMassCollaborationChangesEverything.London:Atlantic.
Thomas,T.L.2003.AlQaedaandtheInternet:TheDangerofCyberplanning.Parameters33(1):112123.http://www.iwar.org.uk/cyberterror/resources/cyberplanning/al-qaeda.htm
Thompson,Clive.2004.TheVirusUnderground.NewYorkTimesMagazine(February8).http://www.nytimes.com/2004/02/08/magazine/the-virus-underground.html
TokyoReporter.2009.OntheTokyoViceBeatwithJakeAdelstein.(October27).http://www.tokyoreporter.com/2009/10/27/on-the-tokyo-vice-beat-with-jake-adelstein/
Urbas,Gregor.2006.Cross-NationalInvestigationandProsecutionofIntellectualPropertyCrimes:TheExampleofOperationBuccaneer.CrimeLawandSocialChange46(45):207221.
USDepartmentofJustice.2004.FourthDefendantinMassiveInternetScamPleadsGuiltytoFraudandMoneyLaunderingChargesCaseInvolves$60MillioninInvestmentsby15,000Investors.Mediarelease(November18).http://www.justice.gov/criminal/cybercrime/press-releases/2004/nordickPlea_triwest.htm
USDepartmentofJustice.2005.FormerFBIAgentPleadsGuiltytoObstructionofJustice.Mediarelease(June23).http://www.justice.gov/usao/nye/pr/2005/2005jun23.html
USDepartmentofJustice.2008a.RetailHackingRingChargedforStealingandDistributingCreditandDebitCardNumbersfromMajorUSRetailers.Mediarelease(August5).http://www.justice.gov/opa/pr/2008/August/08-ag-689.html
-
CyberCrime
Page 13 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
USDepartmentofJustice.2008b.38IndividualsinUSandRomaniaChargedinTwoRelatedCasesofComputerFraudInvolvingInternationalOrganizedCrime:InternationalLawEnforcementCooperationLeadstoDisruptionofOrganizedCrimeRingOperatinginUSandRomania.Mediarelease(May19).http://www.justice.gov/opa/pr/2008/May/08_odag_434.html
(p.499) USDepartmentofJustice.2009a.DetroitSpammerandThreeCo-conspiratorsSentencedforMulti-millionDollarE-mailStockFraudScheme.Mediarelease(November23).http://www.justice.gov/opa/pr/2009/November/09-crm-1275.html
USDepartmentofJustice.2009b.MajorInternationalHackerPleadsGuiltyforMassiveAttackonUSRetailandBankingNetworks.Mediarelease(December29).http://www.justice.gov/opa/pr/2009/December/09-crm-1389.html
USDepartmentofJustice.2010.HighRankingCrimeFamilySoldierPleadsGuiltytoRacketeeringCharge.Mediarelease(January5).http://www.justice.gov/usao/nj/Press/files/pdffiles/2010/mero0105%20rel.pdf
USFederalBureauofInvestigation.2008.GonePhishing:GlobalRingGetsRatherSlick.(May).http://www.fbi.gov/page2/may08/phishing_052008.html
USFederalBureauofInvestigation.2009.TwoRomanianCitizensExtraditedtotheUnitedStatestoFaceChargesRelatedtoAllegedPhishingScheme.Mediarelease.(September29).http://www.fbi.gov/newhaven/press-releases/2009/nh092909.htm
White,Rob.2006.SwarmingandtheSocialDynamicsofGroupViolence.TrendsandIssuesinCrimeandCriminalJustice326:16.
Williams,Phil.2001.TransnationalCriminalNetworks.InNetworksandNetwars,editedbyJohnArquillaandDavidRonfeldt.SantaMonica,CA:RANDCorporation,6197.
Notes:(1).Abotnet(robotnetwork)isanetworkofindividualcomputersinfectedwithbotmalware.Thesecompromisedcomputersarealsoknownaszombiesorzombiecomputers.Thezombies,underthecontrolofthebotnetcontroller,canthenbeusedasremoteattacktoolstofacilitatethesendingofspam,hostingofphishingwebsites,distributionofmalware,andmountingdenialofserviceattacks.Buildingbotnetsrequiresminimallevelsofexpertise(IanelliandHackworth2005).Abrieftwo-stepoverviewonhowtobuildabotnetisoutlinedinChoo(2007).
(2).http://www.justice.gov/usao/fls/PressReleases/Attachments/090521-02.Indictment.pdf.
(3).http://www.justice.gov/usao/nye/vw/PendingCases/CR-03-304_Indictment_S6-_US_v_SALVATORE_LOCASCIO.pdf.
(4).AmongthemanyclassifiedUSgovernmentdocumentspublishedbyWikileaksinNovember2010wereallegationsthattheChinesegovernmentorchestratedasystematiccampaignofcomputerintrusions,includinggovernmentoperatives,privatesecurityexperts,andspeciallyrecruitedinternetoutlaws(ShaneandLehren2010).
Kim-KwangRaymondChooKim-KwangRaymondChooisaSeniorLecturerattheUniversityofSouthAustralia,andhas(co)authoredanumberofpublicationsintheareasofcyberandinformationsecurity,andanti-moneylaunderingincludingabookpublishedinSpringersAdvancesinInformationSecuritybookseriesandsixAICrefereedmonographs.Heistherecipientofvariousawardsandscholarshipsincluding2010AustralianCapitalTerritory(ACT)PearceyAwardfor"TakingariskandmakingadifferenceinthedevelopmentoftheAustralianICTindustry",2010ConsensusITProfessionalAward,2009FulbrightScholarship,2008AustraliaDayAchievementMedallioninrecognitionofmydedicationandcontributiontotheAIC,andthroughittothepublicserviceofthenation,andBritishComputerSociety'sWilkesAwardforthebestpaperpublishedinthe2007volumeofOxfordUniversityPress'sComputerJournal.PeterGraboskyPeterGrabosky,aProfessorintheRegulatoryInstitutionsNetworkattheAustralianNationalUniversity,andaFellowoftheAcademyoftheSocialSciencesinAustralia,holdsaPhDinPoliticalSciencefromNorthwesternUniversity.Hisinterestslieinthe
-
CyberCrime
Page 14 of 14
PRINTED FROM OXFORD HANDBOOKS ONLINE (www.oxfordhandbooks.com). (c) Oxford University Press, 2014. All RightsReserved. Under the terms of the l icence agreement, an individual user may print out a PDF of a single chapter of a title in OxfordHandbooks Online for personal use (for details see Privacy Policy).Subscriber: Pontificia Universidad Catolica del Peru (PUCP); date: 01 May 2015
areasofcybercrime,regulation,policing,andtheroleofnon-stateactorsinpublicpolicy.HisrecentbooksincludeCrimeandTerrorism(2010withM.Stohl);LengtheningtheArmoftheLaw:EnhancingPoliceResourcesinthe21stCentury(2009withAylingandShearing)andElectronicCrime(2007).
