Dealing with the problem of cybercrime

Lack of a universally accepted and comprehensive taxonomy of cybercrime seriously impedes international efforts to accurately identify, report and monitor cybercrime trends. There is, not surprisingly, a corresponding disconnect internationally on the cybercrime legislation front, a much more serious problem and one which the International Telecommunication Union (ITU) says requires „the urgent attention of all nations‟. Yet, and despite the existence of the Council of Europe Convention on Cybercrime, a proposal for a global cybercrime treaty was rejected by the United Nations (UN) as recently as April 2010. This paper presents a refined and comprehensive taxonomy of cybercrime and demonstrates its utility for widespread use. It analyses how the USA, the UK, Australia and the UAE align with the CoE Convention and finds that more needs to be done to achieve conformance. We conclude with an analysis of the approaches used in Australia, in Queensland, and in the UAE, in Abu Dhabi, to fight cybercrime and identify a number of shared problems.

Cybercrime attribution : an Eastern European case study

Phishing and related cybercrime is responsible for billions of dollars in losses annually. Gartner reported more than 5 million U.S. consumers lost money to phishing attacks in the 12 months ending in September 2008 (Gartner 2009). This paper asks whether the majority of organised phishing and related cybercrime originates in Eastern Europe rather than elsewhere such as China or the USA. The Russian “Mafiya” in particular has been popularised by the media and entertainment industries to the point where it can be hard to separate fact from fiction but we have endeavoured to look critically at the information available on this area to produce a survey. We take a particular focus on cybercrime from an Australian perspective, as Australia was one of the first places where Phishing attacks against Internet banks were seen. It is suspected these attacks came from Ukrainian spammers. The survey is built from case studies both where individuals from Eastern Europe have been charged with related crimes or unsolved cases where there is some nexus to Eastern Europe. It also uses some earlier work done looking at those early Phishing attacks, archival analysis of Phishing attacks in July 2006 and new work looking at correlation between the Corruption Perception Index, Internet penetration and tertiary education in Russia and the Ukraine. The value of this work is to inform and educate those charged with responding to cybercrime where a large part of the problem originates and try to understand why.

How to tackle cybercrime before people even know they're a victim

An estimated A$75,000 is lost by Australians everyday to online fraud, according to the Australian Competition and Consumer Commission (ACCC). Given that this is based on reported crime, the real figure is likely to be much higher. It is well known that fraud, particularly online fraud, has a very low reporting rate. This also doesn’t even begin to encompass non-financial costs to victims. The real cost is likely to be much, much higher. There are many challenges to policing this type of crime, and victims who send money to overseas jurisdictions make it even harder, as does the likelihood of offenders creating false identities or simply stealing legitimate ones. But despite these challenges police have started to do something to prevent the impact and losses of online fraud. By accessing financial intelligence, police are able to identify individuals who are sending money to known high-risk countries for fraud. They then notify these people with their suspicions that they may be involved in fraud. In many cases the people don’t even know they may be victims or involved in online fraud.

Combating computer crime : an international perspective

Given the serious nature of computer crime, and its global nature and implications, it is clear that there is a crucial need for a common understanding of such criminal activity internationally in order to deal with it effectively. Research into the extent to which legislation, international initiatives, and policy and procedures to combat and investigate computer crime are consistent globally is therefore of enormous importance. The challenge is to study, analyse, and compare the policies and practices of combating computer crime under different jurisdictions in order to identify the extent to which they are consistent with each other and with international guidelines; and the extent of their successes and limitations. The purpose ultimately is to identify areas where improvements are needed and what those improvements should be. This thesis examines approaches used for combating computer crime, including money laundering, in Australia, the UAE, the UK and the USA, four countries which represent a spectrum of economic development and culture. It does so in the context of the guidelines of international organizations such as the Council of Europe (CoE) and the Financial Action Task Force (FATF). In the case of the UAE, we examine also the cultural influences which differentiate it from the other three countries and which has necessarily been a factor in shaping its approaches for countering money laundering in particular. The thesis concludes that because of the transnational nature of computer crime there is a need internationally for further harmonisation of approaches for combating computer crime. The specific contributions of the thesis are as follows: „h Developing a new unified comprehensive taxonomy of computer crime based upon the dual characteristics of the role of the computer and the contextual nature of the crime „h Revealing differences in computer crime legislation in Australia, the UAE, the UK and the USA, and how they correspond to the CoE Convention on Cybercrime and identifying a new framework to develop harmonised computer crime or cybercrime legislation globally „h Identifying some important issues that continue to create problems for law enforcement agencies such as insufficient resources, coping internationally with computer crime legislation that differs between countries, having comprehensive documented procedures and guidelines for combating computer crime, and reporting and recording of computer crime offences as distinct from other forms of crime „h Completing the most comprehensive study currently available regarding the extent of money laundered in four such developed or fast developing countries „h Identifying that the UK and the USA are the most advanced with regard to anti-money laundering and combating the financing of terrorism (AML/CFT) systems among the four countries based on compliance with the FATF recommendations. In addition, the thesis has identified that local factors have affected how the UAE has implemented its financial and AML/CFT systems and reveals that such local and cultural factors should be taken into account when implementing or evaluating any country¡¦s AML/CFT system.

Crime: local and global

Crime: Local and Global covers the way local events (such as prostitution) have wider aspects than previously thought. Links with people traffickers, international organised crime and violence cannot be ignored any longer. Each crime or area of activity selected within this text has a global reach, and is made ever more possible due to the way globalisation has opened up markets, both legitimate and illegitimate. The book's approach and scope emphasises that we can no longer view 'crime' as something which occurs within certain jurisdictions, at certain times and in particular places. For example, the chapter on cybercrime highlights the 'illegal' acts that can be perpetrated by second lifers, anywhere in the world, but are they a crime?

Crime : Local and Global

Crime: Local and Global covers the way local events (such as prostitution) have wider aspects than previously thought. Links with people traffickers, international organised crime and violence cannot be ignored any longer. Each crime or area of activity selected within this text has a global reach, and is made ever more possible due to the way globalisation has opened up markets, both legitimate and illegitimate. The book's approach and scope emphasises that we can no longer view 'crime' as something which occurs within certain jurisdictions, at certain times and in particular places. For example, the chapter on cybercrime highlights the 'illegal' acts that can be perpetrated by second lifers, anywhere in the world, but are they a crime?

Human rights, the law, cyber-security and democracy : after the European Convention

Many commentators have treated the internet as a site of democratic freedom and as a new kind of public sphere. While there are good reasons for optimism, like any social space digital space also has its dark side. Citizens and governments alike have expressed anxiety about cybercrime and cyber-security. In August 2011, the Australian government introduced legislation to give effect to Australia becoming a signatory to the European Convention on Cybercrime (2001). At the time of writing, that legislation is still before the Parliament. In this article, attention is given to how the legal and policy-making process enabling Australia to be compliant with the European Convention on Cybercrime came about. Among the motivations that informed both the development of the Convention in Europe and then the Australian exercise of legislating for compliance with it was a range of legitimate concerns about the impact that cybercrime can have on individuals and communities. This article makes the case that equal attention also needs to be given to ensuring that legislators and policy makers differentiate between legitimate security imperatives and any over-reach evident in the implementation of this legislation that affects rule of law principles, our capacity to engage in democratic practices, and our civic and human rights.

Cyber crime and its implications to the Pacific

Introduction Cybercrime consists of any criminal action or behaviour that is committed through the use of Information Technology. Common examples of such activities include cyber hacking, identity theft, cracking, spamming, social engineering, data tampering, online fraud, programming attacks, etc. The pervasive use of the internet clearly indicates that the impacts of cybercrime is far reaching and any one, may it be a person or an entity can be a victim of cybercriminal activities. Recently in the US, eight members of a global cybercrime ring were charged in one of the biggest ever bank heists. The cybercrime gang allegedly stole US$45 million by hacking into credit card processing firms and withdrawing money from ATMs in 27 countries (Jessica et al. 2013). An extreme example, the above case highlights how IT is changing the way crimes are being committed. No longer do criminals use masks, guns and get-a-way cars, criminals are able to commit crimes in the comfort of their homes, millions of miles from the scene of the crime and can access significant sums of money that can financially cripple organisations. The world is taking notice of this growing threat and organisations in the Pacific must also be proactive in tackling this emerging issue.

Winning the phishing war : a strategy for Australia

Phishing, a form of on-line identity theft, is a major problem worldwide, accounting for more than $7.5 Billion in losses in the US alone between 2005 and 2008. Australia was the first country to be targeted by Internet bank phishing in 2003 and continues to have a significant problem in this area. The major cyber crime groups responsible for phishing are based in Eastern Europe. They operate with a large degree of freedom due to the inherent difficulties in cross border law enforcement and the current situation in Eastern Europe, particularly in Russia and the Ukraine. They employ highly sophisticated and efficient technical tools to compromise victims and subvert bank authentication systems. However because it is difficult for them to repatriate the fraudulently obtained funds directly they employ Internet money mules in Australia to transfer the money via Western Union or Money gram. It is proposed a strategy, which firstly places more focus by Australian law enforcement upon transactions via Western Union and Money gram to detect this money laundering, would significantly impact the success of the Phishing attack model. This combined with a technical monitoring of Trojan technology and education of potential Internet money mules to avoid being duped would provide a winning strategy for the war on phishing for Australia.

Protecting web 2.0 services from botnet exploitations

Recently, botnet, a network of compromised computers, has been recognized as the biggest threat to the Internet. The bots in a botnet communicate with the botnet owner via a communication channel called Command and Control (C & C) channel. There are three main C & C channels: Internet Relay Chat (IRC), Peer-to-Peer (P2P) and web-based protocols. By exploiting the flexibility of the Web 2.0 technology, the web-based botnet has reached a new level of sophistication. In August 2009, such botnet was found on Twitter, one of the most popular Web 2.0 services. In this paper, we will describe a new type of botnet that uses Web 2.0 service as a C & C channel and a temporary storage for their stolen information. We will then propose a novel approach to thwart this type of attack. Our method applies a unique identifier of the computer, an encryption algorithm with session keys and a CAPTCHA verification.

Characterising and predicting cyber attacks using the Cyber Attacker Model Profile (CAMP)

Purpose Ethnographic studies of cyber attacks typically aim to explain a particular profile of attackers in qualitative terms. The purpose of this paper is to formalise some of the approaches to build a Cyber Attacker Model Profile (CAMP) that can be used to characterise and predict cyber attacks. Design/methodology/approach The paper builds a model using social and economic independent or predictive variables from several eastern European countries and benchmarks indicators of cybercrime within the Australian financial services system. Findings The paper found a very strong link between perceived corruption and GDP in two distinct groups of countries – corruption in Russia was closely linked to the GDP of Belarus, Moldova and Russia, while corruption in Lithuania was linked to GDP in Estonia, Latvia, Lithuania and Ukraine. At the same time corruption in Russia and Ukraine were also closely linked. These results support previous research that indicates a strong link between been legitimate economy and the black economy in many countries of Eastern Europe and the Baltic states. The results of the regression analysis suggest that a highly skilled workforce which is mobile and working in an environment of high perceived corruption in the target countries is related to increases in cybercrime even within Australia. It is important to note that the data used for the dependent and independent variables were gathered over a seven year time period, which included large economic shocks such as the global financial crisis. Originality/value This is the first paper to use a modelling approach to directly show the relationship between various social, economic and demographic factors in the Baltic states and Eastern Europe, and the level of card skimming and card not present fraud in Australia.

Love hurts: The costly reality of online romance fraud

Online dating and romance scams continue to lure in Australians with figures this week showing people have lost more than A$23 million this year alone, with average individual losses at A$21,000 – three times higher than other types of fraud. The Australian Competition and Consumer Commission (ACCC) set up the Scam Disruption Project in August to help target those it believes have been caught in such scams. Over three months it sent 1,500 letters to potential victims in New South Wales and the Australian Capital Territory. The figures released this week show that 50 people have been scammed, losing a total A$1.7 million – that’s an average of A$34,000 per victim. Almost three quarters of the scams were dating and romance related, which saw it evolve into the number one category of fraud victimisation. Romance scams continue to pose a problem – despite the efforts of the police and ACCC – so why is it that people continue to fall for them?

Policing online fraud in Australia: The emergence of a victim‐oriented approach

Online fraud is a global problem. Millions of individuals worldwide are losing money and experiencing the devastation associated with becoming a victim of online fraud. In 2014, Australians reported losses of $82 million as a result of online fraud to the Australian Competition and Consumer Commission (ACCC). Given that the ACCC is one of many agencies that receives victim complaints, and the extent of under‐reporting of online fraud, this figure is likely to represent only a fraction of the actual monetary losses incurred. The successful policing of online fraud is hampered by its transnational nature, the prevalence of false/stolen identities used by offenders, and a lack of resources available to investigate offences. In addition, police are restricted by the geographical boundaries of their own jurisdictions which conflicts with the lack of boundaries afforded to offenders by the virtual world. In response to this, Australia is witnessing the emergence of victim‐oriented policing approaches to counter online fraud victimisation. This incorporates the use of financial intelligence as a tool to proactively notify potential victims of online fraud. Using a variety of Australian examples, this paper documents the history to this new approach and considers the significance that such a shift represents to policing in a broader context. It also details the value that this approach can have to both victims and law enforcement agencies. Overall, it is argued that a victim‐oriented approach to policing online fraud can have substantial benefits to police and victims alike.

Fraudsters change tactics as a crackdown cuts some losses due to online scams

The amount of financial loss from online fraud suffered by people in Western Australia has almost halved, dropping from A$16.8 million in 2014 to A$9.8 million for 2015, according to a statement this January from the state’s Attorney General and Minister for Commerce, Michael Mischin. In addition, the minister noted that losses from relationship and dating fraud have fallen by 55%, to A$4.9 million lost last year. These are both impressive claims, and at face value, there is truth to the statistics. Both assertions are based on data received by WA’s Scamnet, which is the public interface between consumer protection and citizens. While it is good to see a reduction in the number of losses overall, particularly to relationship and dating fraud, it is highly unlikely that the statistics tell the full story.