CYBERCRIME
INTRODUCTION
Pwp introduction with information about the paper and the oral exam.
MODULE 1: CYBERCRIME: ACTS, ACTORS AND CHALLENGES
Brainstorm
DEFINITION
Cybersecurity Strategy of the European Union: An open, safe and secure
cyberspace JOIN(2013)1 final: Cybercrime commonly refers to a broad range of
different criminal activities where computers and information systems are involved
either as a primary tool or as a primary target ()
Europol IOCTA: divide cybercrime in 2 types
Cyber facilitated: computers are used to commit a crime
Cyber-dependent crimes: without technologies, it is not possible to
commit a crime
Variety of classifications
1
,CHARACTERISTICS OF CYBERCRIME
Difference between offline and cybercrime
1. Scale: you can target more people
2. Accessibility: technology is accessible
3. Anonymity: you can hide behind the screen (challenging for law enforcement) but not totally
anonymous
4. portability & transferability (vb use of cloud services, volatility of data/ servers)
5. global reach (offline: mostly in 1 place)
ACTS
Hacking
Sextortion
Phishing
Cyber attacks
o Malware attacks (see graphics)
Fraud
o Ex. Donate to charity
Online child sexual exploitation
Social engineering
Impersonation
Threat landscape report (ENISA)
Ransomware: they block information and ask money in return to deblock
2
, Cross-cutting crime factors are those which impact, facilitate or otherwise contribute to
multiple crime areas but are not necessarily inherently criminal themselves.
Grey infrastructure: legitimate tools & techniques that are abused by cybercriminals
ACTORS
State-nexus threat groups: Groups closely linked to states
Cybercriminals: online fraud for financial gain
Hackers for hire
Hacktivists: politically motivated actors
Insiders: people on the inside of the company of the government who help the hackers
Victims
See table 1 pwp module 2:
Individuals and small criminal groups
Insiders
Organized criminal groups
State and state-affiliated agents
Hacktivists
Cyberterrorists
Script kiddies
CHALLENGES
Evolving threat landscape & expertise gap
which threats and how to tackle them
Criminalisation of offences
which offences, how to define them, etc.
Jurisdiction
who is competent to investigate and prosecute
Procedural law & investigations
e-evidence & loss of data, cross-border access to data, anonymity of perpetrators
International cooperation
how can cooperation between LEA in different countries be facilitated
Role of intermediaries
what is the role of private actors, for instance regarding subscriber data, handing over evidence, removing illegal
content, etc.?
Assistance to victims
how can victims be encouraged to report crimes, how can they be assisted in the aftermath
Education, training and awareness
how can awareness and knowledge of citizens be improved
3
, MODULE 2. CYBERCRIME: POLICY AND LEGISLATION
what kind of acts should be criminalized?
Which acts are adopted in criminal
legislation in national level?
We see the acts on European level but to
implement it you need to look at the
national level.
Also acts for private actors
Left side: overview of the instruments of
the level of the council of Europe.
Right side: overview of the instruments of the level of the EU
Fragmented landscape: you need to look in different legislatives instruments to find the
correct legislative
(1) COUNCIL OF EUROPE: CYBERCRIME CONVENTION (BUDAPEST CONVENTION)
Adoption: 23 November 2001, Budapest
Although the convention is old it is still relevant.
o It is future-proof, neutral technology definition.
Council of Europe made this an important issue so member states could use this as
inspiration to make their own legislation.
Member states of the convention on cybercrime: it is not only the members of the council of
Europe who participate but also other states -> 68 countries ratified. 50 countries signed but
not ratified.
o From the beginning it was clear to make the convention open for other countries,
this resulted in the presence of the USA and Japan during the negotiations. Also after
the convention was adopted the goal was to harmonies and make international
cooperation. So a lot of countries need to ratify to adopt the goal.
Provision stays abstract and general so they are sometimes implemented in a different way
in different countries but it still harmonies;
3 PILLARS
Harmonizing domestic criminal substantive elements of offenses
o Establishing a common minimum standard for relevant offenses
Which offences do the members need to implement in their national law
Important: easier to cooperate, and exchange information, preventing
perpetrators from locating themselves in countries where there is no
legislation (forum-shopping), double criminality
o Prevent abuses from being shifted to a Party with a previously lower standard
4
INTRODUCTION
Pwp introduction with information about the paper and the oral exam.
MODULE 1: CYBERCRIME: ACTS, ACTORS AND CHALLENGES
Brainstorm
DEFINITION
Cybersecurity Strategy of the European Union: An open, safe and secure
cyberspace JOIN(2013)1 final: Cybercrime commonly refers to a broad range of
different criminal activities where computers and information systems are involved
either as a primary tool or as a primary target ()
Europol IOCTA: divide cybercrime in 2 types
Cyber facilitated: computers are used to commit a crime
Cyber-dependent crimes: without technologies, it is not possible to
commit a crime
Variety of classifications
1
,CHARACTERISTICS OF CYBERCRIME
Difference between offline and cybercrime
1. Scale: you can target more people
2. Accessibility: technology is accessible
3. Anonymity: you can hide behind the screen (challenging for law enforcement) but not totally
anonymous
4. portability & transferability (vb use of cloud services, volatility of data/ servers)
5. global reach (offline: mostly in 1 place)
ACTS
Hacking
Sextortion
Phishing
Cyber attacks
o Malware attacks (see graphics)
Fraud
o Ex. Donate to charity
Online child sexual exploitation
Social engineering
Impersonation
Threat landscape report (ENISA)
Ransomware: they block information and ask money in return to deblock
2
, Cross-cutting crime factors are those which impact, facilitate or otherwise contribute to
multiple crime areas but are not necessarily inherently criminal themselves.
Grey infrastructure: legitimate tools & techniques that are abused by cybercriminals
ACTORS
State-nexus threat groups: Groups closely linked to states
Cybercriminals: online fraud for financial gain
Hackers for hire
Hacktivists: politically motivated actors
Insiders: people on the inside of the company of the government who help the hackers
Victims
See table 1 pwp module 2:
Individuals and small criminal groups
Insiders
Organized criminal groups
State and state-affiliated agents
Hacktivists
Cyberterrorists
Script kiddies
CHALLENGES
Evolving threat landscape & expertise gap
which threats and how to tackle them
Criminalisation of offences
which offences, how to define them, etc.
Jurisdiction
who is competent to investigate and prosecute
Procedural law & investigations
e-evidence & loss of data, cross-border access to data, anonymity of perpetrators
International cooperation
how can cooperation between LEA in different countries be facilitated
Role of intermediaries
what is the role of private actors, for instance regarding subscriber data, handing over evidence, removing illegal
content, etc.?
Assistance to victims
how can victims be encouraged to report crimes, how can they be assisted in the aftermath
Education, training and awareness
how can awareness and knowledge of citizens be improved
3
, MODULE 2. CYBERCRIME: POLICY AND LEGISLATION
what kind of acts should be criminalized?
Which acts are adopted in criminal
legislation in national level?
We see the acts on European level but to
implement it you need to look at the
national level.
Also acts for private actors
Left side: overview of the instruments of
the level of the council of Europe.
Right side: overview of the instruments of the level of the EU
Fragmented landscape: you need to look in different legislatives instruments to find the
correct legislative
(1) COUNCIL OF EUROPE: CYBERCRIME CONVENTION (BUDAPEST CONVENTION)
Adoption: 23 November 2001, Budapest
Although the convention is old it is still relevant.
o It is future-proof, neutral technology definition.
Council of Europe made this an important issue so member states could use this as
inspiration to make their own legislation.
Member states of the convention on cybercrime: it is not only the members of the council of
Europe who participate but also other states -> 68 countries ratified. 50 countries signed but
not ratified.
o From the beginning it was clear to make the convention open for other countries,
this resulted in the presence of the USA and Japan during the negotiations. Also after
the convention was adopted the goal was to harmonies and make international
cooperation. So a lot of countries need to ratify to adopt the goal.
Provision stays abstract and general so they are sometimes implemented in a different way
in different countries but it still harmonies;
3 PILLARS
Harmonizing domestic criminal substantive elements of offenses
o Establishing a common minimum standard for relevant offenses
Which offences do the members need to implement in their national law
Important: easier to cooperate, and exchange information, preventing
perpetrators from locating themselves in countries where there is no
legislation (forum-shopping), double criminality
o Prevent abuses from being shifted to a Party with a previously lower standard
4
