1
Cybercrime
- Readings
- EU Law x
- CoE / international Law
- Case law
- National / Dutch law
Exam Information
Multiple Choice: 16 Questions in 25 minutes
- revise the mandatory literature & combine it with the notes
- questions have different formats
→ short answers (< 70 words)
→ most are closed questions in MC format
→ true / false
- you cannot go back to the previous question
- particularly literature → main arguments
- do and look at the sample quiz
Take-Home Exam
- types of questions:
→ apply Cybercrime Convention (or national provisions) to cases
→ answer questions about the main arguments (not details) in the literature
→ provide insight in cybercrime governance by answering open questions
- you can use all written sources (incl. CCC and Expl. Memorandum), literature, slides, lecture
notes
- you have a 10% margin for word limits
- the essay questions must be substantiated with arguments and references to relevant sources
- references should be in footnotes, as complete as possible
- be to the point in your answer
General information
- slides on national legislation are only relevant within explaining how difficult it is to regulate
cybercrime and show there are differences in national laws
, 2
Lecture 1: Concepts of cybercrime and practical issues
- David S. Wall, Crime, Security and Information Communication Technologies: The Changing
Cybersecurity Threat Landscape and Its Implications for Regulation and Policing (2017)
- Peter Grabosky, The Evolution of Cybercrime (2014)
- Bert-Jaap Koops, The Internet and Its Opportunities for Cybercrime (2011)
Today’s lecture I. Talking about cybercrime
- terminology
- definitions
II. Talking about cybercrime
- characteristics
- incidence
III. Typology of cybercrime
- cybercrime convention types
- wall’s generations
IV. Practical issues
Terminology Earlier (1970s)…
- computer abuse
- computer fraud
- computer-related crime
Later…
- ICT crime
- informatics crime
Now…
- internet crime
- cyberspace crime
- cybercrime
- high-tech crime (use of technological tools)
Computer-crime vs cybercrime Donn Parker’s computer crime (1973)
1. Computer and data as object of crime
2. Computer and data as instrument of crime
EU’s cybercrime
= criminal acts committed using electronic communications networks and
information systems or against such networks and systems
Wall’s definition(s) of a) Crimes that take place within cyberspace
cybercrime (2007, p. 10) b) Occurrence of harmful behaviour somehow related to the misuse of a
networked computer system
c) Criminal or harmful activities that involve the acquisition or manipulation
of information for gain
Incidence: what we don’t There is only few reliable data available
know about cybercrime - lack of awareness
- lack of reporting (due to embarrassment, reputation or no competence)
- lack of registering (lack of shared concepts and thus no harmonisation)
- lack of prosecution (belief that cybercrimes are minor, and no priority)
- many figures come from security companies
- security ‘incidents’ are not cybercrime
Limited criminological research
- offender profiles
- victim profiles
- motivations
Result: limited hard evidence of what is really happening in cybercrime.
, 3
Mythology of cybercrime Fiction: movies and novels
- first generation hacker movies (60s-80s): computers / genius ‘noble hacker’
- early second second generation (80s-90s): connected computers / whizzkid
hacker
- later second generation (90s-00s): internet / destructive anti-hero
- third generation (90s-00s): virtual worlds
Media and politics
- overblown newspaper reports (self-repeating and self-fulfilling stories)
- rhetoric abounds
- culture of fear and risk society (governing through crime, policy propaganda,
‘future shock’)
→ Result: this is a mindset which necessitates taking countermeasures
Wall’s essential characteristics - Networking
of today’s cybercrime - Information value
- Globalisation (glocalisation)
Incidence: what we think While acknowledging the lack of reliable empirical data, we think that…
- Cybercrime is constantly rising.
- Consequences are becoming more serious.
- The goal is no longer reputation, it’s money
→ or power: links with cyber-espionage, cyber-terrorism and cyber-warfare
- Mass manipulation (phishing) is increasingly being replaced by…
a) personalised attacks, individually shaped for the victim (spear-fishing)
b) infiltration (botnets)
- A large black market of malware, botnets and financial data has surfaced.
What we know: opportunity The internet…
structure for cybercrime 1. has a global reach
(Koops) 2. leads to deterritorialisation
3. allows for decentralised, flexible networks for organising crime and sharing
knowledge (swarming model rather than gang or mafia oder of organised crime)
4. facilitates anonymity
5. enables distant interaction with victims
6. has structural limitations to capable guardianship
7. facilitates an information economy
8. facilitates manipulability of data and software with minimal cost
9. has rapid innovation cycles
10. allows for automation of criminal processes
11. can blow up the scale of a crime (global search for weakest link)
12. allows for aggregation of a large number of insubstantial gains
Victims of cybercrime (NL) Hacking is the biggest / most occurrent crime
→ defined very broadly (possible reason for it)
Victim characterisations (NL) - Mostly male
- Mostly between 15 and 25 years
Incidence: conclusion - Professionalisation and commercialisation of cybercrime
- At the same time, cybercrime is also becoming ‘of the people’ (widespread low-
end crime)
Types and generations of cybercrime (Koops)
, 4
Cybercrime Convention 2001: - CIA crimes (computer integrity crimes) → arts. 2-6
three basic types = these crimes include illegal access, illegal interception, data interference…
they generally deal with:
→ confidentiality (hacking, wiretapping, espionage)
→ integrity (viruses, data interference)
→ availability (DoS attack)
- Traditional crimes (computer-assisted crimes) → arts. 7-8
= these mainly relate to…
→ forgery
→ fraud
- Content (computer-facilitated) crimes → arts. 9-10
= these daily relate to…
→ child pornography, hate crimes
→ copyright infringement
Wall’s three generations First generation: cyber-assisted
(Koops) - using computers (to assist traditional crime)
→ traditional = ordinary, low-end cybercrime
Second generation: cyber-enabled
- using networks on a global span
→ hybrid, adaptive cybercrimes, referring to largely traditional crimes with
globalised opportunity (due to evolving technology)
Third generation: cyber-dependent
- wholly mediated by technology
→ leads to true, sui-generis, high-end cybercrimes
Transformation test: how does crime occur if you take away the internet?
Fourth generation?
1. Wall: wholly ‘virtual crime’?
2. Wall: or Ambient Intelligence (Internet of Things) crime?
→ Koops’ megatrend 1: the internet as the infrastructure of everything
3. Koops: or bodily-integrity (Internet of People) crime?
(Sort of) mapping the
typologies X
Food for thought: the future of - Offline and online spaces collapse
cybercrime? - Criminals move from traditional crime to cybercrime (and back)
- What does this mean for the study, law and policy of cybercrime?
→ Will all crime (also) involve cyber?
→ Can cybercrime be studied as a separate subject?
→ Can cybercrime be addressed as a distinct form of crime?
Cybercrime
- Readings
- EU Law x
- CoE / international Law
- Case law
- National / Dutch law
Exam Information
Multiple Choice: 16 Questions in 25 minutes
- revise the mandatory literature & combine it with the notes
- questions have different formats
→ short answers (< 70 words)
→ most are closed questions in MC format
→ true / false
- you cannot go back to the previous question
- particularly literature → main arguments
- do and look at the sample quiz
Take-Home Exam
- types of questions:
→ apply Cybercrime Convention (or national provisions) to cases
→ answer questions about the main arguments (not details) in the literature
→ provide insight in cybercrime governance by answering open questions
- you can use all written sources (incl. CCC and Expl. Memorandum), literature, slides, lecture
notes
- you have a 10% margin for word limits
- the essay questions must be substantiated with arguments and references to relevant sources
- references should be in footnotes, as complete as possible
- be to the point in your answer
General information
- slides on national legislation are only relevant within explaining how difficult it is to regulate
cybercrime and show there are differences in national laws
, 2
Lecture 1: Concepts of cybercrime and practical issues
- David S. Wall, Crime, Security and Information Communication Technologies: The Changing
Cybersecurity Threat Landscape and Its Implications for Regulation and Policing (2017)
- Peter Grabosky, The Evolution of Cybercrime (2014)
- Bert-Jaap Koops, The Internet and Its Opportunities for Cybercrime (2011)
Today’s lecture I. Talking about cybercrime
- terminology
- definitions
II. Talking about cybercrime
- characteristics
- incidence
III. Typology of cybercrime
- cybercrime convention types
- wall’s generations
IV. Practical issues
Terminology Earlier (1970s)…
- computer abuse
- computer fraud
- computer-related crime
Later…
- ICT crime
- informatics crime
Now…
- internet crime
- cyberspace crime
- cybercrime
- high-tech crime (use of technological tools)
Computer-crime vs cybercrime Donn Parker’s computer crime (1973)
1. Computer and data as object of crime
2. Computer and data as instrument of crime
EU’s cybercrime
= criminal acts committed using electronic communications networks and
information systems or against such networks and systems
Wall’s definition(s) of a) Crimes that take place within cyberspace
cybercrime (2007, p. 10) b) Occurrence of harmful behaviour somehow related to the misuse of a
networked computer system
c) Criminal or harmful activities that involve the acquisition or manipulation
of information for gain
Incidence: what we don’t There is only few reliable data available
know about cybercrime - lack of awareness
- lack of reporting (due to embarrassment, reputation or no competence)
- lack of registering (lack of shared concepts and thus no harmonisation)
- lack of prosecution (belief that cybercrimes are minor, and no priority)
- many figures come from security companies
- security ‘incidents’ are not cybercrime
Limited criminological research
- offender profiles
- victim profiles
- motivations
Result: limited hard evidence of what is really happening in cybercrime.
, 3
Mythology of cybercrime Fiction: movies and novels
- first generation hacker movies (60s-80s): computers / genius ‘noble hacker’
- early second second generation (80s-90s): connected computers / whizzkid
hacker
- later second generation (90s-00s): internet / destructive anti-hero
- third generation (90s-00s): virtual worlds
Media and politics
- overblown newspaper reports (self-repeating and self-fulfilling stories)
- rhetoric abounds
- culture of fear and risk society (governing through crime, policy propaganda,
‘future shock’)
→ Result: this is a mindset which necessitates taking countermeasures
Wall’s essential characteristics - Networking
of today’s cybercrime - Information value
- Globalisation (glocalisation)
Incidence: what we think While acknowledging the lack of reliable empirical data, we think that…
- Cybercrime is constantly rising.
- Consequences are becoming more serious.
- The goal is no longer reputation, it’s money
→ or power: links with cyber-espionage, cyber-terrorism and cyber-warfare
- Mass manipulation (phishing) is increasingly being replaced by…
a) personalised attacks, individually shaped for the victim (spear-fishing)
b) infiltration (botnets)
- A large black market of malware, botnets and financial data has surfaced.
What we know: opportunity The internet…
structure for cybercrime 1. has a global reach
(Koops) 2. leads to deterritorialisation
3. allows for decentralised, flexible networks for organising crime and sharing
knowledge (swarming model rather than gang or mafia oder of organised crime)
4. facilitates anonymity
5. enables distant interaction with victims
6. has structural limitations to capable guardianship
7. facilitates an information economy
8. facilitates manipulability of data and software with minimal cost
9. has rapid innovation cycles
10. allows for automation of criminal processes
11. can blow up the scale of a crime (global search for weakest link)
12. allows for aggregation of a large number of insubstantial gains
Victims of cybercrime (NL) Hacking is the biggest / most occurrent crime
→ defined very broadly (possible reason for it)
Victim characterisations (NL) - Mostly male
- Mostly between 15 and 25 years
Incidence: conclusion - Professionalisation and commercialisation of cybercrime
- At the same time, cybercrime is also becoming ‘of the people’ (widespread low-
end crime)
Types and generations of cybercrime (Koops)
, 4
Cybercrime Convention 2001: - CIA crimes (computer integrity crimes) → arts. 2-6
three basic types = these crimes include illegal access, illegal interception, data interference…
they generally deal with:
→ confidentiality (hacking, wiretapping, espionage)
→ integrity (viruses, data interference)
→ availability (DoS attack)
- Traditional crimes (computer-assisted crimes) → arts. 7-8
= these mainly relate to…
→ forgery
→ fraud
- Content (computer-facilitated) crimes → arts. 9-10
= these daily relate to…
→ child pornography, hate crimes
→ copyright infringement
Wall’s three generations First generation: cyber-assisted
(Koops) - using computers (to assist traditional crime)
→ traditional = ordinary, low-end cybercrime
Second generation: cyber-enabled
- using networks on a global span
→ hybrid, adaptive cybercrimes, referring to largely traditional crimes with
globalised opportunity (due to evolving technology)
Third generation: cyber-dependent
- wholly mediated by technology
→ leads to true, sui-generis, high-end cybercrimes
Transformation test: how does crime occur if you take away the internet?
Fourth generation?
1. Wall: wholly ‘virtual crime’?
2. Wall: or Ambient Intelligence (Internet of Things) crime?
→ Koops’ megatrend 1: the internet as the infrastructure of everything
3. Koops: or bodily-integrity (Internet of People) crime?
(Sort of) mapping the
typologies X
Food for thought: the future of - Offline and online spaces collapse
cybercrime? - Criminals move from traditional crime to cybercrime (and back)
- What does this mean for the study, law and policy of cybercrime?
→ Will all crime (also) involve cyber?
→ Can cybercrime be studied as a separate subject?
→ Can cybercrime be addressed as a distinct form of crime?
