Cybercriminology

Table of contents

1. Introduction

On the one hand, cybercriminology widens the scientific horizon, but on the other hand it also poses constant challenges- especially for the jurisprudence, the legal system and the legal world in general. Computers, Internet and Cyberspace- together known as "Information Technology" presents challenges for the law.
The term "cyber crime" is actually a misnomer as the concept of cyber crime is not radically different from the concept of conventional crime: Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state. Crime in general can be described as "a legal wrong that can be followed by criminal proceedings which may result into punishment" whereas an appropriate definition of cybercrime may be "unlawful acts wherein the computer is either a tool or target or both". The computer may be used as a tool in the following kinds of activity- financial crimes, pornography, online gambling, intellectual property crime. The computer may however be target for unlawful acts in the following cases- unauthorized access to computer, e-mail bombing, theft of information contained in the electronic form.
There is obviously no proper distinction between cyber and conventional crime, but just a fine line of demarcation between the conventional and cybercrime which lies in the involvement of the medium in cases of cybercrime.

2. Historical development


Cybercriminality is a recent form of criminality. But it increases very quickly. It could be explained by the issues at stake. Indeed, in few years, the computer virus change faces. Before, some people made virus in order to infect a computer and to show their personal abilities. It was called the “proof-of-concept”. This is a key concept in the computer virus field. The goal is to prove that a certain risk is real and not a rumor. Now, the goals of computer scientists who create virus are different. The Internet Security Threat Report of Symantec, published in 2006, emphases on this idea that computer virus became very sophisticated and precise . In many cases, computer virus are made to steal money in a direct or indirect way, as for example in stealing confidential informations and sell it to another person or blackmail the company to not disclose the information. Moreover, the new object of this criminality are very often companies and by ricochet individuals. Even if the first organization touched are governments. Companies are a subject of threat because they possess search out data, as customers files with personal data, confidential projects or prototypes and a strong dependence to the new technologies. Their financial lost are very important. Thus, these computer virus must be controlled.

3. Specific types of cyber crimes



Due to the fast technical development, there are an increasing number of crimes being committed in the cyberspace. A wide range of potentially illegal activities can establish one’s responsibility for committing a cyber crime. Basically, traditional offences, such as theft, fraud, defamation, blackmailing as well as offences which are specific in their nature, such as hacking, cyber stalking or web jacking, when committed in the cyberspace can be regarded as cyber crimes. This article provides some basic characteristics of different categories of cyber crimes.
3.1 Financial Crimes
Nowadays, a growing number of cyber crimes are being committed with profit motivation. According to Rohas Nagpal, the founder President of Asian School of Cyber Laws, the most important reason for this alleged development is „the tremendous increase in the use of the internet and mobile banking, online share trading, [and] dematerialization of shares and securities“[1] In particular, cyber cheating, credit card frauds, money laundering, accounting scams, computer manipulation, etc. can be included among financial crimes.
3.2 Cyber Pornography
Pornography per se is not considered to be illegal; however, child pornography is strictly prohibited in most countries all around the world. Uploading obscene pictures[2], sending sexually motivated emails[3] or porn distributing[4] are possible activities which may give rise to the criminal conviction. In this field, protection of morals and human dignity plays significant role in combating the criminality.
3.3 Intellectual Property Crimes
In cyberspace, infringement of intellectual property rights has found a fertile ground for its development and progression. The very frequently committed offence, software piracy, has already caused severe financial harm to many IP rights holders and according to its nature is hardly punishable. Infringement of copyright creates another huge category of cyber crimes. Illegal downloading and uploading of music, contents of books, articles, videos or movies deprives the copyright holders from enjoyment of their rights to the full extent including grave financial losses. Additionally, trademark violations or patent infringement establishes a great risk to the society. All intellectual property crimes are closely related to the financial harm caused to the particular right holder.
3.4 Cyberterrorism
Computers and cyberspaces could be the target of terrorist attacks. This eventuality is growing up since 2000 and the millenium bug and even more since the 11th sepetember 2001 and the attack of World Trade Center. In effect, for several authors, the goal of cyberterrorist is to cause physical, real-world harm or severe disruption of infrastructure via the use of cyberspace and thus, internet. Some examples of cyberterrorism could be the Estonian cyberwar ( see 4.2 ) or the attack of a research station in Antartica by romanian terrorists which has been the source of hasard for scientists who were into the station. Other famous examples are also the attack in 1999 of NATO computers by hackers who were protesting against bombing in Kosovo or even the attack of Viktor Yushchenko's, Ukrainian president, website. Some books which are describing some possibilities of attacks have been big success even if they are strongly criticized notably because, for several authors, those attacks are not faisable, not realistic.

In effect, the concept of cyberterrorism is really controversed. Critics come with the fact that for several authors, it's totally impossible to cause significant physical harm or death in population by the use of cyberspace in consideration of electronic means. So, for those authors, the creation of fear (or terror) which is necessary to put the label of terrorism comes under the large exploitation by medias about cyberterrorism like for example movies like Die Hard IV where United States are attacking by cyberterrorists or books like Digital Fortress by Dan Brown and thus, for them, cyberterrorism is at the moment, pure fiction.



(Other cathegories of cyber crimes – online gambling, cyber stalking, cyber defamation, etc. should be added)

[1] Nagpal, Rohas, Evolution of Cyber Crime, Asian School of Cyber Laws, 2008, pg. 3, http://www.scribd.com/doc/5476206/e-bookEvolution-of-Cyber-Crime
[2] see Nagpal, Rohas, Evolution of Cyber Crime, Asian School of Cyber Laws, 2008, pg. 5 (illustration 1), http://www.scribd.com/doc/5476206/e-bookEvolution-of-Cyber-Crime
[3] see Nagpal, Rohas, Evolution of Cyber Crime, Asian School of Cyber Laws, 2008, pg. 5 (illustration 3), http://www.scribd.com/doc/5476206/e-bookEvolution-of-Cyber-Crime
[4] see Nagpal, Rohas, Evolution of Cyber Crime, Asian School of Cyber Laws, 2008, pg. 5 (illustration 2), http://www.scribd.com/doc/5476206/e-bookEvolution-of-Cyber-Crime

4. Cases


Over the past 30 years there were quite a lot of cyber attacks, and most of perpetrators were seized and punished. For example, on the webpage of United States Department of Justice one can easily find the summary chart of recently prosecuted cyber crime cases. Nevertheless, not all of them played significant role in terms of development of legislation of cyber crimes. Below are several cases, which had the most fundamental consequences.

4.1 Kevin Mitnick case
One of the first high-profile hacker attacks was committed in 1983 by an American student Kevin Mitnick. Using one of the university computers, he entered into a global network ARPANet, and managed to hack Pentagon computers to get an access to all files of U.S. Department of Defense.
Later the federal prosecution of Kevin Mitnick became the first case to focus the attention of the world on computer security issues.

4.2 Estonian Cyberwar
In April 2007, most of the official Estonian websites exposed a massive DDoS-attack from foreign servers (particularly, according to the Estonian representatives, most of them had direct relation to the citizens of the Russian Federation). These attacks led to the blocking of the entire virtual infrastructure of Estonia. As a result, various banking and social services became inaccessible, part of the internet sources were simply switched off and some were available only in text mode.
The event that triggered the cyberwar was the dismantlement of the monument to the Bronze Soldier in Tallinn, which used to be the historical legacy in honor of the merits of Soviet soldiers in the World War II.
In May, the Estonian authorities started a criminal investigation for computer sabotage and interference with the work of a computer network under the Estonian Penal Code. The investigation revealed that some subjects of the crime fall under the jurisdiction of the Russian Federation. Hence the Estonian state prosecutor's office requested the assistance of the Russian Federation, which was refused by the Russian Supreme Procurature. Nevertheless, during the investigation several citizens of Republic of Moldova were found liable, as well as a citizen of Estonia, Dmitri Galushkevich, who was fined for a large sum.
It turns out, that this is the first case when one country was attacked by another in the virtual space.

4.3 Cyber Dissident
A Cyber Dissident can be described as a professional journalist who posts news, information, articles or other commentary on the internet that implies criticism of a regime or government.
Recently, there are many cases invoked because of distinguishing what is a freedom of expression and what is a cyber crime. Especially, in regions where the media are tightly controlled, for instance, in Russia, Vietnam, Egypt or People Republic of China, there is a big amount of cases which found that they committed a cyber crime.
For example, internet journalist Guo Qizhen was sentenced to four years in prison in October 2006 for his critical articles on the Internet and his participation in activities connected to the introduction of democracy in China.
Guo Qizhen was arrested after he took part in a hunger strike against breaches of human rights in China. The freedom of expression organization PEN immediately protested against the sentence. They believe it was a breach of freedom of expression. Qizhen is now ill, but refuses any medical treatment in prison. Both Amnesty International and PEN are concerned about the journalist’s health. They believe Gue Qizhen´s imprisonment is a breach of human rights and ha ve asked China for his release.

5. Research and prevention of cyber crimes


5.1. Some issues in research and prevention of cybercrime compared to conventional crime

In many ways cybercrime is not fundamentally different to conventional crime. There are however some issues that need to be addressed especially when researching or working to prevent cybercrime. It is sometimes complicated to define jurisdiction in the case of cybercrime. Crime is often defined as an illegal act. It is not always clear which would be the correct legal framework to use when the act happens in cyberspace. An act defined illegal by a certain sovereign power may not be illegal for another. Also actions in cyberspace may not be located to a certain geographical or political area. The issue of judistiction is addressed further in chapter 6.

Another issue is how to define and find the criminal actors. Cybercrime is often for the most part consisted of computed automatic processes. The human actors may be involved in the processes on very different levels: planning the process, starting it, monitoring it, managing it or just benefiting from the outcome of the processes. The criminal act may involve a very large group of people and they can be located anywhere in the world. The human actors may be anonymous and use complicated processes to hide their identity in cyberspace. Sometimes the criminal actors are even unaware of the criminal nature of their actions, especially when their computer skills are on a very low level. This is often the case in intellectual property crimes such as illegal use of copyrighted material.

The data that needs to be collected to research or prevent cybercrime is usually in digital form. Digital data is only readable with the correct technology and analysing it may require specific technical skills. Digital data is also easily distorted, corrupted or completely erased. Research and prevention of cybercrime often requires more advanced computer and technical skills compared to conventional crime. However, in the modern world digital data also plays a very important role in researching many types of conventional crimes.

6. Legislation


Legislation about cybercrime is a complex matter, involving private and public law, at a national and international level. (need to be completed).

6.1 The struggle about sovereignty in the fight against cybercrime.

If we compare classical crime and cybercrime, we can notice that they are two different phenomenons. Contrary to classical crime, cybercrime involves a virtual environement “cyberspace. Cyberspace gives to an internet user somewhere in the world the opportunity to commit a crime which concern the legislation of a country in an other part of the world which may have a different legislation, or does not see the whole perspective of that kind of crime.
And that's the bone of contention about cybercrime. The crimes committed is not bound by borders and geographical limitations. The legislations differ between the different states and legal entities. Which jurisdiction should be involved in a case of cybercrime? The State where the criminal or the user resides, the State of the webservor where the website is hosted and the action committed, or the State where the crime takes place but then, what to do when it involves several States?
This question touches a very sensitive part of the international legislation which is "sovereignty", meaning the control of a State on the law making and application and his territory. There can be conflicts of national laws or international laws. This question is raised mainly about copyrights and intellectual property, like peer-to-peer sharing.

The problem remains in the necessity to bound the physical and the cyber world in one jurisdictional concept, to ally the two concepts which can be perceived sometimes as antagonists. But because Cyberspace can be treated as a non-physical world, some thinkers and philosophers raised the idea to give a different legal approach about cyberspace and cybercrime, an approach where cyberspace is totally disconnected with geographical matters. That would include self regulation like the philosopher Barlow explained in his “Declaration of the Independence of Cyberspace” where all interventions from the State or the government would be forbidden. Others like in the Declaration of cyber-secesion, they would be self regulation implying no legal regulations from the states and governments. But these conceptions of cyberspace can fail, especially since cyberspace has more and more boundaries in the physical space and the everyday life.

6.2 A Cyberspace sometimes dependent of geographical boundaries and legislations.

But some states or websites try to regulate and impose a legal approach on the internet depending of geographical criterion. Indeed, the internet user should always remember that when he uses internet, he lets behind him some tracks like his IP address, which indicates, his location and his country thanks to some informations like the location of his local hub. And this allows now some actions to force the user to comply with the law of the country where he lives.
For example, the website "Deezer", specialized in free music streaming is a good example. Since the last 17th of February, the hearing of music hosted on the website has changed. It may differ from the country of the user, depending of the copyrights agreement passed between the countries and the commercial companies of distribution. A citizen of Canada can't hear sometimes the files which are available for Russian users. It depends now of the agreements and make this website, often criticized, enter in a more lawful perspective, but of course a lot of users complained about this situation.
An other example is the Freedom of expression with China. Many Human rights watchdogs pointed out the fact that a certain censorship exists about websites hosted or created in China, where the Communist party can block websites it dislikes or estimates as not fulfilling its policy. That's why some administrators chose to apply some self-censorship in order not to have troubles with the authorities.(see this article on http://www.scribd.com/doc/3098990/Battle-for-Freedom-in-Chinese-Cyberspace)

So cyberspace is not that independant from geographical borders, despite the traditional popular belief of geographical immunity about the internet.

7. The Convention on Cybercrime of the Council of Europe, the first international agreement for the struggle against cybercrime

In 2001, the Council of Europe drafted the Convention on Cybercrime. The United States, Japan, South Africa and Canada, which are not members of the Council of Europe, took part in the drafting of this Convention. In addition with these countries, thirty eight states participated to the negotiations which began in 1997. It shows that cybercrime is an international issue that overtakes Europe.
Today, forty five countries have already signed the Convention and twenty three of these countries have ratified it.
The Convention on Cybercrime is the first and the only one international treaty on penal offences committed through the internet. The Convention deals particularly with the offence about infringement of copyrights, the fraud linked to the internet, childish pornography and also the offences linked with the security of networks.
The main goal of the Convention is to pursue a common policy that aims to protect society against cybercrime, in particular through the adoption of an appropriate legislation and the stimulation of the international cooperation. The Convention deals with penal offences committed to net computers and also by means of these net computers. The Convention presents several procedural powers such as the perquisition of net computers. This international treaty also aims to harmonize the national legislations to fight against cybercrime because cybercrime has no boundaries and cybercriminals use the differences in the national legislations to try to escape penal proceedings. That's why it was necessary to create such an international treaty to fight effectively against cybercrime.
The Convention on Cybercrime has not been ratified by all the countries that have signed it but it is in right way.