Cybercrime: Introduction, Motivation and Methods

Computer-related crime or “cybercrime” or “e-crime” or “digital technology crime” is a long-established phenomenon, but the growth of global connectivity is inseparably tied to the development of contemporary cybercrime. Any criminal activity that involves a computer either as an instrument, target or a means for perpetuating further crimes comes within the ambit of cybercrime. A generalized definition of cybercrime may be “unlawful acts wherein the computer is either a tool or target or both”.

The proliferation of digital technology and the convergence of computing and communication devices have transformed the way in which we socialise and do business. While overwhelmingly positive, there has also been a dark side to these developments. Crime follows opportunity; virtually every advance has been accompanied by a corresponding niche to be exploited for criminal purposes. “Cybercrime” has been used to describe a wide range of offences, including offences against computer data and systems (such as “hacking”), computer-related forgery and fraud (such as “phishing”), content offences (such as disseminating child pornography), and copyright offences (such as the dissemination of pirated content).

The magic of digital cameras and sharing photos on the Internet is exploited by child pornographers. The convenience of electronic banking and online sales provides fertile ground for fraud. Electronic communication such as email and SMS may be used to stalk and harass. The ease with which digital media may be shared has led to an explosion in copyright infringement. Our increasing dependence on computers and digital networks makes the technology itself a tempting target; either for the gaining of information or as a means of causing disruption and damage. The idea of a separate category of ‘computer crime’ arose at about the same time that computers became more mainstream.

Generally speaking, computers play four roles in crimes: They serve as objects, subjects, tools, and symbols (Parker 1998). Computers are the objects of crime when they are sabotaged or stolen. There are numerous cases of computers being shot, blown up, burned, beaten with blunt instruments, kicked, crushed and contaminated (Ibid). The damage may be intentional, as in the case of an irate taxpayer who shot a computer four times through the window of the local tax office; or unintentional, as in the case of a couple who engage in sexual intercourse while sitting on computer sabotage and destroy information, or at least make it unavailable. Computers play the role of subjects when they are the environment in which technologies commit crimes. Computer virus attacks fall into this category. When automated crimes take place, computers will be the subjects of attacks. The third role of computers in crime is as tools, enabling criminals to produce false information or plan and control crimes. Finally, computers are also used as symbols to deceive victims. In a $50 million securities-investment fraud case in Florida, a stock broker deceived his victims by falsely claiming that he possessed a giant computer and secret software to engage in high-profit arbitrage. In reality, the man had only a desktop computer that he used to print false investment statements. He deceived new investors by paying false profits to early investors with money invested by the new ones (Parker 1998).

In the United States, police departments are establishing computer crime units, and cybercrime makes up a large proportion of the offences investigated by these divisions. The National Cybercrime training Partnership (NCTP) encompasses local, state, and federal law enforcement agencies in the United States.¹ The International Association of Chiefs of Police (IACP) hosts an annual Law Enforcement Information Management training conference that focuses on IT security and cybercrime.² The European Union has created a body called the forum on Cybercrime, and a number of European states have signed the Council of Europe’s Convention on Cybercrime treaty, which seeks to standardize European laws concerning cybercrime. From this perspective, each organization and policy maker has their own ideas of what cybercrime is and isn’t. These definitions may vary considerably. To effectively discuss cybercrime in this part, however, we need a working definition. Toward that end, we start with a board, general definition, before moving towards a more specific one.

When speaking about cybercrime, we usually speak about two major categories of offence: in the first, a computer connected to a network is the target of the offence; this is the case of attacks on network confidentiality, integrity and/or availability.³ The other category consists of traditional offences such as theft, fraud, and forgery which are committed with the assistance of/or by means of computers connected to a network, computer networks and related information and communications technology. Cybercrime ranges from computer fraud, theft and forgery to infringements of privacy, the propagation of harmful content, the falsification of prostitution, and organized crime. In many instances, specific pieces of legislation contain definitions of terms. However legislators don’t always do a good job of defining terms (Shinder 2002, p. 6). Sometimes they don’t define them at all, leaving it up to law enforcement agencies to guess, until the courts ultimately make a decision (Ibid). One of the biggest criticisms to the definition of computer crime conducted by the U.S Department of Justice (DOJ) is of its overly broad concept. The (DOJ) defines computer crime as “any violation of criminal law that involved the knowledge of computer technology for its perpetration, investigation, or prosecution”. Under this definition, virtually any crime could be classified as a computer crime, simply because a detective searched a computer database as part of the investigation.

One of the factors that make a hard-and-fast definition of cybercrime difficult is the jurisdictional dilemma. Laws in different jurisdictions define terms differently, and it is important for law enforcement officers who investigate crimes, as well as network administrators who want to become involved in prosecuting cybercrime that are committed against networks, to become familiar with the applicable laws (Ibid).

One of the major problems with adequately defining cybercrime is the lack of concrete statistical data on these offences. As the reporting of crime is voluntary, the figures are almost certainly much lower than the actual occurrence of networked-related crime.

In many cases, crimes that legislators would call cybercrimes are just the ‘same old stuff’, except that a computer network is somehow involved. The computer network gives criminals a new way to commit existing crimes. Statutes that prohibit these acts can be applied to people who use a computer to commit them as well as to those who commit them without the use of a computer or network (Parker 1998, p. 114).

In other cases, the crime is unique and came into existence with the advent of the network. Hacking into computer systems is an example; while it might be linked to breaking and entering a home or business building, the elements that comprise unauthorized computer access and physical breaking and entering are different.

Most US states have laws pertaining to computer crime. These statutes are generally enforced by state and local police and might contain their own definitions of terms. The Texas Penal Code’s Computer Crime section, defines Breach of Computer Security as “A person commits an offence if the person knowingly accesses a computer, computer network, or computer system without the effective consent of the owner”.

California Penal Code, on the other hand, defines a list of eight acts that constitute computer crime, including: altering, damaging, deleting, or otherwise using computer data to execute a scheme to defraud; deceiving, extorting, or wrongfully controlling or obtaining money, property, or data using computer services without permission; disrupting computer services; assisting another in unlawfully accessing a computer; or introducing contaminates into a system or network. Thus, the definition of cybercrime under state law differs, depending on the state. Perhaps we should look to international organizations to provide a standard definition of cybercrime.

At the Tenth United Nations Congress on the Prevention of Crime and Treatment of Offenders, in a workshop devoted to the issues of crimes related to computer networks, cybercrime was broken into two categories and defined as:

These definitions, although not completely definitive, do give us a good starting point on what we mean by cybercrime. Cybercrime, according to these definitions, involves computers and networks. In cybercrime, the “cyber” component usually refers to perpetrating qualitatively new offences enabled by information technology or integrating cyberspace into more traditional activities. Having defined the concept of cybercrime, it becomes necessary to compare it with traditional crime. This involves examination of its characteristics, what makes it vulnerable to being manipulated, and the reports that have been conducted on its incidence and the damage it inflicts.

Cybercrime is one of the fastest growing areas of crime. More and more criminals are exploiting the speed, convenience and anonymity that modern technologies offer in order to commit a diverse range of criminal activities. In past, cybercrime has been committed by individuals or small groups of individuals. However, we are now seeing an emerging trend with traditional organized crime syndicates and criminally minded technology professionals working together and pooling their resources and expertise.

The act of defining crime is often, but not always, a step toward controlling it. That is, the ostensible purpose of defining illegal behaviours as criminal is to make them liable to public prosecution and punishment (Crutchfield 2000, p. 7). Historically, “crime” was addressed at the local, community level of government (Hitchens 2003). Crime was small-scale, consisting of illegal acts committed by some persons that were directed against a victim. “Crimes”, which were consistent across societies; fell into routinized, clearly-defined categories that reflected the basic categories of anti-social motivation, Crime was murder, robbery, and rape (Balckstone 1979).

Crime was also personal, if the victim and the offender did not know each other; they were likely to share community ties that put offences into a manageable, knowable context (Goodman and Brenner 2000, p. 151). This principle did not only facilitate the process of apprehending offenders—who stood a good chance of being identified by the victim or by reputation—but also gave citizens the illusion of security, the conceit that they could avoid being victimized if they avoided some activities or certain associations (Ibid). Law enforcement officers dealt with this type of crime because its parochial character meant investigations were limited in scope and because the incidence of crime stood in relatively modest proportion to the size of the local populace. Law enforcement’s effectiveness in this regard contributed to a popular perception that social order was being maintained and that crime would not go unpunished (Ibid).

The development of ICTs in urbanization and in geographical mobility undermined this model to some extent, although it continued to function effectively for the most part. Legislators quickly adapted to the fact that ICTs could be used to commit fraud and to harass others. Because they modified their substantive criminal law to encompass these activities, the old model still functions effectively for traditional real world crime.

Unlike traditional crime, however, cybercrime is a global crime. As a European Report explains:

computer-related crimes are committed across cyberspace and don’t stop at the conventional state-borders. They can be perpetrated from anywhere and against any computer user in the world.

In order to understand the sea of change ICTs introduce into criminal activity, it is important to consider a hypothetical: one can analogize a denial of service attack to using the telephone to shut down a supermarket business, by calling the business’ telephone number repeatedly, persistently, without remorse, and thereby preventing any other callers from getting through to place their orders. On such a base, the vector of cyberspace lets someone carry out an attack such as this easily, and with very little risk of apprehension. It is so easy, in fact, that a 13 year-old hacker used a denial of service attack to shut down a computer company. Furthermore, in addition to the increased scale of criminal activity that cybercrime offers, it also has a tendency to evade traditional offence categories. While some of its categories consist of using ICTs to commit traditional crimes, it also manifests itself as new varieties of activity that cannot be prosecuted using traditional offence categories.

The dissemination of the “Love Bug” virus illustrates this. Virus experts quickly traced this virus to the Philippines. Using Information supplied by an internet service provider, agents from the Philippines’ National Bureau of Investigation and from the FBI identified individuals suspected of creating and disseminating the “Love Bug”. However, they ran into problems with their investigation: the Philippines had no cybercrime laws, so creating and disseminating a virus was not a crime. Law enforcement officers had no hard time convincing a magistrate to issue a warrant to search the suspects’ apartment. Later on, moreover, the suspected author of the virus could not be prosecuted under the repertoire of offences defined by the Philippines criminal code.

Cybercrime’s ability to morph into new and different forms of antisocial activity that evade the reach of existing penal law creates challenges for legislations around the world. Criminals have the ability of exploiting gaps in their own country’s penal law in order to victimize their fellow citizens with impunity. Additionally, cybercriminals can exploit gaps in penal laws of other countries in order to victimize those nation’s citizens, and others. As the “Love Bug” episode demonstrated, cybercrime is global crime.

The definition of white collar crime has been an enduring topic of debate over the past century. Some are of the opinion that white collar crime is a “social rather than a legal concept, one invented not by lawyers but by social scientists”. There is no specific offence or group of offences that can be identified as white collar crime. As such, white collar crime is a concept similar to cybercrime in definitional difficulties (Smith et al. 2004, p. 10).

The traditional definition of white collar crime focused on crimes committed by persons of high status and social repute in the course of their occupation. Included in this definition were crimes committed by company officers, public servants, and professionals such as doctors and lawyers. The original emphasis was on economic crime, although over time, white collar crime has come to include any acts of occupational deviance involving a breach of the law or ethical principles. As such, it has been suggested that white collar crime now includes almost any form of illegality other than conventional street crimes (Ibid).

Technological developments over the past decade have created further complexities surrounding the types of persons able to commit white collar crime. The perpetration of an online fraud for example, might just as easily be a self-taught teenager using personal computer at home, as an educated professional in the workplace.

A simple categorisation distinguishes crimes committed by specified types of offenders from crimes perpetrated in specified ways. The essence of white collar crime, however, remains rooted in abuse of power and breach of trust, and usually involves the pursuit of financial gain as a motive (Ibid).

Clearly, not all white collar crimes involve the use of digital technologies, although in recent times the vast majority have done. Examples of those which do not include acts of violence committed in the workplace, such as the sexual assault of patients by doctors, and some environmental crimes, such as pollution (although even the later can be committed electronically).

The category of fraud or financial crimes of dishonesty intersects with white collar crime, economic crime, and cybercrime. Overlying these concepts are the categories of property crime and corporate crime. Property crime is sometimes used synonymously with economic crime, although trespass, for example, or acts of vandalism would not be economic, but nonetheless clearly property-related.

Problems also arise in relation to the types of property protected by criminal law. Notably, at least until recently, information has usually been regarded as being outside the scope of criminal prosecutions, dealt with instead by a range of intellectual property regimes such as copyright, patents, designs and protection of confidential information (Ibid).

Knowing how much crime is committed might help us decide on how much to spend on security. Estimates by security experts of annual losses from computer crime range from $555 million to more than $13 billion (Parker 1998, p. 10), but there are actually no valid statistics on the losses from this type of crime, because no one knows how many cases go unreported. Even when the victims of computer crimes are aware of the crimes, they are usually relocated to report their losses, especially if those losses can be easily hidden (UNESCO 2000). Victims can lose more from reporting crimes than they lose from the crimes themselves. Embarrassment, key staff diverted to prepare evidence and testify, legal fees, increased insurance premiums, and exposure of vulnerabilities and security failures can all result from reporting computer crime incidents (Parker 1998, p. 10).

As every aspect of commerce and communication has been changed by the Internet, crime has evolved to profit from the millions of potential victims connected to one global network. There are various reasons for the growth of cybercrime. First of all, the technology for cybercrime has become more easily accessible. Software tools can be purchased online that allow the user to locate open ports or overcome password protection. These tools allow a much wider range of people to become offenders, not just those with a special gift for computing. Cybercrime’s place is growing due to the exponential connectivity, increased subject knowledge, cultural awareness, and programmable onboard electronics, which increase the number of potential targets. Compared to other crimes and offenses, it generally requires a smaller investment and can be carried out in various locations, without any geographical constraints, with no consideration to borders.