Cyber crime and its implications to the Pacific

Introduction Cybercrime consists of any criminal action or behaviour that is committed through the use of Information Technology. Common examples of such activities include cyber hacking, identity theft, cracking, spamming, social engineering, data tampering, online fraud, programming attacks, etc. The pervasive use of the internet clearly indicates that the impacts of cybercrime is far reaching and any one, may it be a person or an entity can be a victim of cybercriminal activities. Recently in the US, eight members of a global cybercrime ring were charged in one of the biggest ever bank heists. The cybercrime gang allegedly stole US$45 million by hacking into credit card processing firms and withdrawing money from ATMs in 27 countries (Jessica et al. 2013). An extreme example, the above case highlights how IT is changing the way crimes are being committed. No longer do criminals use masks, guns and get-a-way cars, criminals are able to commit crimes in the comfort of their homes, millions of miles from the scene of the crime and can access significant sums of money that can financially cripple organisations. The world is taking notice of this growing threat and organisations in the Pacific must also be proactive in tackling this emerging issue.

Cyber Crime

Talk given by Gary Kibby from SOCA at the Web Science Industry Week in Dec 2012. Readings and task taken from previous years.

EU governance of the internet:analyzing Europol’s role in the development of a EU cyber crime and cyber security policies

In recent years, the European Union has come to view cyber security, and in particular, cyber crime as one of the most relevant challenges to the completion of its Area of Freedom, Security and Justice. Given European societies’ increased reliance on borderless and decentralized information technologies, this sector of activity has been identified as an easy target for actors such as organised criminals, hacktivists or terrorist networks. Such analysis has been accompanied by EU calls to step up the fight against unlawful online activities, namely through increased cooperation among law enforcement authorities (both national and extra- communitarian), the approximation of legislations, and public- private partnerships. Although EU initiatives in this field have, so far, been characterized by a lack of interconnection and an integrated strategy, there has been, since the mid- 2000s, an attempt to develop a more cohesive and coordinated policy. An important part of this policy is connected to the activities of Europol, which have come to assume a central role in the coordination of intelligence gathering and analysis of cyber crime. The European Cybercrime Center (EC3), which will become operational within Europol in January 2013, is regarded, in particular, as a focal point of the EU’s fight against this phenomenon. Bearing this background in mind, the present article wishes to understand the role of Europol in the development of a European policy to counter the illegal use of the internet. The article proposes to reach this objective by analyzing, through the theoretical lenses of experimental governance, the evolution of this agency’s activities in the area of cyber crime and cyber security, its positioning as an expert in the field, and the consequences for the way this policy is currently developing and is expected to develop in the near future.

Domain Modeling to Support Anti-cyber Crime Education

This paper describes an approach to a computer-based learning of educational material. We define a model for the class of subjects of our interest - teaching of investigation and prevention of computer crimes, (those including both theoretical and practical issues). From this model, specific content outlines can be derived as subclasses and then instanced into actual domains. The last step consists in generating interactive documents, which use the instanced domain. Students can explore these documents through a web browser. Thus, an interactive learning scenario is created. This approach allows reusing and adapting the contents to a variety of situations, students and teaching purposes.

Human rights, the law, cyber-security and democracy : after the European Convention

Many commentators have treated the internet as a site of democratic freedom and as a new kind of public sphere. While there are good reasons for optimism, like any social space digital space also has its dark side. Citizens and governments alike have expressed anxiety about cybercrime and cyber-security. In August 2011, the Australian government introduced legislation to give effect to Australia becoming a signatory to the European Convention on Cybercrime (2001). At the time of writing, that legislation is still before the Parliament. In this article, attention is given to how the legal and policy-making process enabling Australia to be compliant with the European Convention on Cybercrime came about. Among the motivations that informed both the development of the Convention in Europe and then the Australian exercise of legislating for compliance with it was a range of legitimate concerns about the impact that cybercrime can have on individuals and communities. This article makes the case that equal attention also needs to be given to ensuring that legislators and policy makers differentiate between legitimate security imperatives and any over-reach evident in the implementation of this legislation that affects rule of law principles, our capacity to engage in democratic practices, and our civic and human rights.

Key Concepts in Crime and Society

This book is an introduction to key issues in the area of crime as it connects to society. The book is divided into three parts: Understanding Crime and Criminality: introduces topics such as the social construction of crime and deviance, social control, the fear of crime, poverty and exclusion, white collar crime, victims of crime, race/gender and crime. Types of Crime and Criminality: explores examples including human trafficking, sex work, drug crime, environmental crime, cyber crime, war crime, terrorism, and interpersonal violence. Responses to Crime: looks at areas such as crime and the media, policing, moral panics, deterrence, prisons and rehabilitation.

Cyber warfare: a multidisciplinary analysis

Cyber warfare is an increasingly important emerging phenomenon in international relations. The focus of this edited volume is on this notion of cyber warfare, meaning interstate cyber aggression, as distinct from cyber-terrorism or cyber-crime. Waging warfare in cyberspace has the capacity to be as devastating as any conventional means of conducting armed conflict. However, while there is a growing amount of literature on the subject within disciplines, there has been very little work done on cyber warfare across disciplines, which necessarily limits our understanding of it. This book is a major multidisciplinary analysis of cyber warfare, featuring contributions by world-leading experts from a mixture of academic and professional backgrounds.

Dealing with the problem of cybercrime

Lack of a universally accepted and comprehensive taxonomy of cybercrime seriously impedes international efforts to accurately identify, report and monitor cybercrime trends. There is, not surprisingly, a corresponding disconnect internationally on the cybercrime legislation front, a much more serious problem and one which the International Telecommunication Union (ITU) says requires „the urgent attention of all nations‟. Yet, and despite the existence of the Council of Europe Convention on Cybercrime, a proposal for a global cybercrime treaty was rejected by the United Nations (UN) as recently as April 2010. This paper presents a refined and comprehensive taxonomy of cybercrime and demonstrates its utility for widespread use. It analyses how the USA, the UK, Australia and the UAE align with the CoE Convention and finds that more needs to be done to achieve conformance. We conclude with an analysis of the approaches used in Australia, in Queensland, and in the UAE, in Abu Dhabi, to fight cybercrime and identify a number of shared problems.

“Nobody’s holding a gun to your head…” examining current discourses surrounding victims of online fraud

The current discourse surrounding victims of online fraud is heavily premised on an individual notion of greed. The strength of this discourse permeates the thinking of those who have not experienced this type of crime, as well as victims themselves. The current discourse also manifests itself in theories of victim precipitation, which again assigns the locus of blame to individuals for their actions in an offence. While these typologies and categorisations of victims have been critiqued as “victim blaming” in other fields, this has not occurred with regard to online fraud victims, where victim focused ideas of responsibility for the offence continue to dominate. This paper illustrates the nature and extent of the greed discourse and argues that it forms part of a wider construction of online fraud that sees responsibility for victimisation lie with the victims themselves and their actions. It argues that the current discourse does not take into account the level of deception and the targeting of vulnerability that is employed by the offender in perpetrating this type of crime. It concludes by advocating the need to further examine and challenge this discourse, especially with regard to its potential impact for victim’s access to support services and the wider criminal justice system.

Computer security incidents against Australian businesses : predictors of victimisation

Drawing on data from the Australian Business Assessment of Computer User Security (ABACUS) survey, this paper examines a range of factors that may influence businesses’ likelihood of being victimised by a computer security incident. It has been suggested that factors including business size, industry sector, level of outsourcing, expenditure on computer security functions and types of computer security tools and/or policies used may influence the probability of particular businesses experiencing such incidents. This paper uses probability modelling to test whether this is the case for the 4,000 businesses that responded to the ABACUS survey. It was found that the industry sector that a business belonged to, and business expenditure on computer security, were not related to businesses’ likelihood of detecting computer security incidents. Instead, the number of employees that a business has and whether computer security functions were outsourced were found to be key indicators of businesses’ likelihood of detecting incidents. Some of the implications of these findings are considered in this paper.

Winning the phishing war : a strategy for Australia

Phishing, a form of on-line identity theft, is a major problem worldwide, accounting for more than $7.5 Billion in losses in the US alone between 2005 and 2008. Australia was the first country to be targeted by Internet bank phishing in 2003 and continues to have a significant problem in this area. The major cyber crime groups responsible for phishing are based in Eastern Europe. They operate with a large degree of freedom due to the inherent difficulties in cross border law enforcement and the current situation in Eastern Europe, particularly in Russia and the Ukraine. They employ highly sophisticated and efficient technical tools to compromise victims and subvert bank authentication systems. However because it is difficult for them to repatriate the fraudulently obtained funds directly they employ Internet money mules in Australia to transfer the money via Western Union or Money gram. It is proposed a strategy, which firstly places more focus by Australian law enforcement upon transactions via Western Union and Money gram to detect this money laundering, would significantly impact the success of the Phishing attack model. This combined with a technical monitoring of Trojan technology and education of potential Internet money mules to avoid being duped would provide a winning strategy for the war on phishing for Australia.

How to tackle cybercrime before people even know they're a victim

An estimated A$75,000 is lost by Australians everyday to online fraud, according to the Australian Competition and Consumer Commission (ACCC). Given that this is based on reported crime, the real figure is likely to be much higher. It is well known that fraud, particularly online fraud, has a very low reporting rate. This also doesn’t even begin to encompass non-financial costs to victims. The real cost is likely to be much, much higher. There are many challenges to policing this type of crime, and victims who send money to overseas jurisdictions make it even harder, as does the likelihood of offenders creating false identities or simply stealing legitimate ones. But despite these challenges police have started to do something to prevent the impact and losses of online fraud. By accessing financial intelligence, police are able to identify individuals who are sending money to known high-risk countries for fraud. They then notify these people with their suspicions that they may be involved in fraud. In many cases the people don’t even know they may be victims or involved in online fraud.

Le Projet de convention européenne sur la criminalité dans le cyberespace:l’organisation des poursuites internes

Le Conseil de l'Europe a publié le 27 avril 2000 un Projet de convention sur la cybercriminalité dans le cadre d’un appel public à contribution de ses pays membres. Le texte doit être finalisé par un groupe d’experts avant décembre 2000 pour être adopté et ouvert à la signature par le comité des ministres du Conseil de l’Europe à l’automne 2001. Ce projet constitue le futur traité international contre la criminalité dans le cyberespace dans l’espace européen. Le Projet de convention sur la cybercriminalité poursuit deux objectifs. Premièrement, il vise la prévention des actes portant atteinte à la confidentialité, à l’intégrité et à la disponibilité des systèmes informatiques, des réseaux et des données. En second lieu, il prône l’adoption de pouvoirs suffisants pour permettre une lutte efficace contre les infractions pénales de haute technologie. Le cadre de mise en œuvre est possible, d'une part, en facilitant la détection, la recherche et la poursuite, tant au plan du droit de la procédure interne, qu’au niveau international. D'autre part, en prévoyant la création de dispositions matérielles appropriées en vue d’une coopération internationale alliant rapidité et efficacité. Finalement, en garantissant un équilibre adéquat entre les nécessités d’une répression démocratique et le respect des droits fondamentaux. L’objet de cet article est d’examiner le Projet de convention en ses dispositions organisant l’exercice des poursuites à un niveau interne, afin de pouvoir en percevoir autant les avantages que les faiblesses éventuelles au plan de la protection des droits et libertés de la personne.