Understanding Cybercrime: Phenomena, Challenge And Legal .

3y ago
29 Views
2 Downloads
3.01 MB
366 Pages
Last View : 2m ago
Last Download : 2m ago
Upload by : Mya Leung
Transcription

September 2012CYBERCRIMEInternational Telecommunication UnionTelecommunication Development BureauPlace des NationsCH-1211 Geneva 20Switzerlandwww.itu.intUNDERSTANDING CYBERCRIME:UNDERSTANDING CYBERCRIME: PHENOMENA , CHALLENGES AND LEGAL RESPONSEP H E N O M E N A ,A N DL E G A L09/2012Printed in SwitzerlandGeneva, 2012C H A L L E N G E SR E S P O N S ES e p t e m b e r2 0 1 2Te l e c o m m u n i c a t i o n D e v e l o p m e n t S e c t o r

Understanding cybercrime:Phenomena, challenges andlegal responseSeptember 2012

The ITU publication Understanding cybercrime: phenomena, challenges and legal response has beenprepared by Prof. Dr. Marco Gercke and is a new edition of a report previously entitled UnderstandingCybercrime: A Guide for Developing Countries. The author wishes to thank the Infrastructure EnablingEnvironment and E-Application Department, ITU Telecommunication Development Bureau.This publication is available online at: ml ITU 2012All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without theprior written permission of ITU.

Understanding cybercrime: Phenomena, challenges and legal responseTable of contentsPagePurpose .iii1.Introduction .1.1 Infrastructure and services .1.2 Advantages and risks .1.3 Cybersecurity and cybercrime .1.4 International dimensions of cybercrime.1.5 Consequences for developing countries.1122342.The phenomena of cybercrime .2.1 Definitions.2.2 Typology of cybercrime .2.3 Development of computer crime and cybercrime .2.4 Extent and impact of cybercrime offences .2.5 Offences against the confidentiality, integrity and availability of computerdata and systems .2.6 Content-related offences.2.7 Copyright and trademark related offences .2.8 Computer-related offences .2.9 Combination offences .111112121416212729333.The challenges of fighting cybercrime .3.1 Opportunities .3.2 General challenges.3.3 Legal challenges .747475824.Anti-cybercrime strategies .4.1 Cybercrime legislation as an integral part of a cybersecurity strategy .4.2 A cybercrime policy as starting point .4.3 The role of regulators in fighting cybercrime .9797981015.Overview of activities of regional and international organizations .5.1 International approaches .5.2 Regional approaches.5.3 Scientific and independent approaches .5.4 The relationship between regional and international legislative approaches .5.5 The relationship between international and national legislative approaches .1141141231441441456.Legal response .6.1 Definitions.6.2 Substantive criminal law .6.3 Digital evidence .6.4 Justisdiction .6.5 Procedural law .6.6 International cooperation.6.7 Liability of Internet providers .1691691772252342382662807.[Keyword Index] . Error! Bookmark not dei

Understanding cybercrime: Phenomena, challenges and legal responsePurposeThe purpose of the ITU report Understanding Cybercrime: Phenomena, Challenges and Legal Response isto assist countries in understanding the legal aspects of cybersecurity and to help harmonize legalframeworks. As such, the report aims to help developing countries better understand the national andinternational implications of growing cyberthreats, to assess the requirements of existing national,regional and international instruments, and to assist countries in establishing a sound legal foundation.This report provides a comprehensive overview of the most relevant topics linked to the legal aspects ofcybercrime and focuses on the demands of developing countries. Due to the transnational dimension ofcybercrime, the legal instruments are the same for developing and developed countries. However, thereferences used were selected for the benefit of developing countries, in addition to a broad selection ofresources provided for a more in-depth study of the different topics. Whenever possible, publiclyavailable sources were used, including many free-of-charge editions of online law journals.The report contains six main chapters. After an introduction (Chapter 1), it provides an overview of thephenomena of cybercrime (Chapter 2). This includes descriptions of how crimes are committed andexplanations of the most widespread cybercrime offences such as hacking, identity theft and denial-ofservice attacks. An overview of the challenges is also provided, as they relate to the investigation andprosecution of cybercrime (Chapters 3 and 4). After a summary of some of the activities undertaken byinternational and regional organizations in the fight against cybercrime (Chapter 5), it continues with ananalysis of different legal approaches with regard to substantive criminal law, procedural law, digitalevidence, international cooperation and the responsibility of Internet service providers (Chapter 6),including examples of international approaches as well as good-practice examples from national solutions.This publication addresses the first of the seven strategic goals of the ITU Global Cybersecurity Agenda(GCA), which calls for the elaboration of strategies for the development of cybercrime legislation that isglobally applicable and interoperable with existing national and regional legislative measures, as well asaddressing the approach to organizing national cybersecurity efforts under ITU-D Study Group 1 Question22/1. Establishing the appropriate legal infrastructure is an integral component of a national cybersecuritystrategy. The related mandate of ITU with regard to capacity building was emphasized by Resolution 130(Rev. Guadalajara, 2010) of the ITU Plenipotentiary Conference, on Strengthening the role of ITU inbuilding confidence and security in the use of information and communication technologies. The adoptionby all countries of appropriate legislation against the misuse of ICTs for criminal or other purposes,including activities intended to affect the integrity of national critical information infrastructures, iscentral to achieving global cybersecurity. Since threats can originate anywhere around the globe, thechallenges are inherently international in scope and require international cooperation, investigativeassistance, and common substantive and procedural provisions. Thus, it is important that countriesharmonize their legal frameworks to combat cybercrime and facilitate international cooperation.Disclaimer regarding hyperlinksThe document contains several hundred links to publically available documents. All references werechecked at the time the links were added to the footnotes. However, no guarantee can be provided thatthe up-to-date content of the pages to which the links relate are still the same. Therefore the reference –wherever possible – also includes information about the author or publishing institution, title and ifpossible year of the publication to enable the reader to search for the document if the linked document isnot available anymore.iii

Understanding cybercrime: Phenomena, challenges and legal response1.IntroductionBibliography (selected): Barney, Prometheus Wired: The Hope for Democracy in the Age of NetworkTechnology, 2001; Comer, Internetworking with TCP/IP – Principles, Protocols and Architecture, 2006;Dutta/De Meyer/Jain/Richter, The Information Society in an Enlarged Europe, 2006; Gercke, The SlowWake of a Global Approach Against Cybercrime, Computer Law Review International 2006, page 141 etseq.; Hayden, Cybercrime’s impact on Information security, Cybercrime and Security, IA-3; Kellermann,Technology risk checklist, Cybercrime and Security, IIB-2; Masuda, The Information Society asPost-Industrial Society, 1980; Sieber, The Threat of Cybercrime, Organised crime in Europe: the threat ofCybercrime, 2005; Tanebaum, Computer Networks, 2002; Wigert, Varying policy responses to CriticalInformation Infrastructure Protection (CIIP) in selected countries, Cybercrime and Security, IIB-1; Yang,Miao, ACM International Conference Proceeding Series; Vol. 113; Proceedings of the 7th InternationalConference on Electronic Commerce, page 52-56; Zittrain, History of Online Gatekeeping, Harvard Journalof Law & Technology, 2006, Vol. 19, No. 2.1.1Infrastructure and servicesThe Internet is one of the fastest-growing areas of technical infrastructure development. 1 Today,information and communication technologies (ICTs) are omnipresent and the trend towards digitization isgrowing. The demand for Internet and computer connectivity has led to the integration of computertechnology into products that have usually functioned without it, such as cars and buildings.2 Electricitysupply, transportation infrastructure, military services and logistics – virtually all modern services dependon the use of ICTs.3Although the development of new technologies is focused mainly on meeting consumer demands inwestern countries, developing countries can also benefit from new technologies.4 With the availability oflong-distance wireless communication technologies such as WiMAX5 and computer systems that are nowavailable for less than USD 2006, many more people in developing countries should have easier access tothe Internet and related products and services.7The influence of ICTs on society goes far beyond establishing basic information infrastructure. Theavailability of ICTs is a foundation for development in the creation, availability and use of network-basedservices. 8 E-mails have displaced traditional letters 9 ; online web representation is nowadays moreimportant for businesses than printed publicity materials; 10 and Internet-based communication andphone services are growing faster than landline communications.11The availability of ICTs and new network-based services offer a number of advantages for society ingeneral, especially for developing countries.ICT applications, such as e-government, e-commerce, e-education, e-health and e-environment, are seenas enablers for development, as they provide an efficient channel to deliver a wide range of basic servicesin remote and rural areas. ICT applications can facilitate the achievement of millennium developmenttargets, reducing poverty and improving health and environmental conditions in developing countries.Given the right approach, context and implementation processes, investments in ICT applications andtools can result in productivity and quality improvements. In turn, ICT applications may release technicaland human capacity and enable greater access to basic services. In this regard, online identity theft andthe act of capturing another person’s credentials and/or personal information via the Internet with theintent to fraudulently reuse it for criminal purposes is now one of the main threats to further deploymentof e-government and e-business services.12The costs of Internet services are often also much lower than comparable services outside the network.13E-mail services are often available free of charge or cost very little compared to traditional postalservices.14 The online encyclopaedia Wikipedia15 can be used free of charge, as can hundreds of onlinehosting services.16 Lower costs are important, as they enable services to be used by many more users,including people with only limited income. Given the limited financial resources of many people indeveloping countries, the Internet enables them to use services they may not otherwise have access tooutside the network.1

Understanding cybercrime: Phenomena, challenges and legal response1.2Advantages and risksThe introduction of ICTs into many aspects of everyday life has led to the development of the modernconcept of the information society. 17 This development of the information society offers greatopportunities.18 Unhindered access to information can support democracy, as the flow of information istaken out of the control of state authorities (as has happened, for example, in Eastern Europe and NorthAfrica).19 Technical developments have improved daily life – for example, online banking and shopping,the use of mobile data services and voice over Internet protocol (VoIP) telephony are just some examplesof how far the integration of ICTs into our daily lives has advanced.20However, the growth of the information society is accompanied by new and serious threats.21 Essentialservices such as water and electricity supply now rely on ICTs.22 Cars, traffic control, elevators, airconditioning and telephones also depend on the smooth functioning of ICTs.23 Attacks against informationinfrastructure and Internet services now have the potential to harm society in new and critical ways.24Attacks against information infrastructure and Internet services have already taken place.25 Online fraudand hacking attacks are just some examples of computer-related crimes that are committed on a largescale every day.26 The financial damage caused by cybercrime is reported to be enormous.27 In 2003alone, malicious software caused damages of up to USD 17 billion.28 By some estimates, revenues fromcybercrime exceeded USD 100 billion in 2007, outstripping the illegal trade in drugs for the first time.29Nearly 60 per cent of businesses in the United States believe that cybercrime is more costly to them thanphysical crime. 30 These estimates clearly demonstrate the importance of protecting informationinfrastructures.31Most of the above-mentioned attacks against computer infrastructure are not necessarily targetingcritical infrastructure. However, the malicious software “Stuxnet” that was discovered in 2010 underlinesthe threat of attacks focusing on critical infrastructure.32 The software, with more than 4 000 functions33,focused on computer systems running software that is typically used to control critical infrastructure.341.3Cybersecurity and cybercrimeCybercrime and cybersecurity are issues that can hardly be separated in an interconnected environment.The fact that the 2010 UN General Assembly resolution on cybersecurity35 addresses cybercrime as onemajor challenge underlines this.Cybersecurity36 plays an important role in the ongoing development of information technology, as well asInternet services. 37 Enhancing cybersecurity and protecting critical information infrastructures areessential to each nation’s security and economic well-being. Making the Internet safer (and protectingInternet users) has become integral to the development of new services as well as government policy.38Deterring cybercrime is an integral component of a national cybersecurity and critical informationinfrastructure protection strategy. In particular, this includes the adoption of appropriate legislationagainst the misuse of ICTs for criminal or other purposes and activities intended to affect the integrity ofnational critical infrastructures. At the national level, this is a shared responsibility requiring coordinatedaction related to prevention, preparation, response and recovery from incidents on the part ofgovernment authorities, the private sector and citizens. At the regional and international level, this entailscooperation and coordination with relevant partners. The formulation and implementation of a nationalframework and strategy for cybersecurity thus requires a comprehensive approach.39 Cybersecuritystrategies – for example, the development of technical protection systems or the education of users toprevent them from becoming victims of cybercrime – can help to reduce the risk of cybercrime.40 Thedevelopment and support of cybersecurity strategies are a vital element in the fight against cybercrime.41The legal, technical and institutional challenges posed by the issue of cybersecurity are global and farreaching, and can only be addressed through a coherent strategy taking into account the role of differentstakeholders and existing initiatives, within a framework of international cooperation.42 In this regard, theWorld Summit on the Information Society (WSIS)43 recognized the real and significant risks posed byinadequate cybersecurity and the proliferation of cybercrime. The provisions of §§ 108-110 of the WSISTunis Agenda for the Information Society44, including the Annex, set out a plan for multistakeholder2

Understanding cybercrime: Phenomena, challenges and legal responseimplementation at the international level of the WSIS Geneva Plan of Action, 45 describing themultistakeholder implementation process according to eleven action lines and allocating responsibilitiesfor facilitating implementation of th

Understanding cybercrime: Phenomena, challenges and legal response 1 1. Introduction Bibliography (selected): Barney, Prometheus Wired: The Hope for Democracy in the Age of Network Technology, 2001; Comer, Internetworking with TCP/IP – Principles, Protocols and Architecture, 2006; Dutta/De Meyer/Jain/Richter, The Information Society in an Enlarged Europe, 2006; Gercke, The Slow

Related Documents:

hacking. Concept of Cybercrime. Concept of Cybercrime Underground Economy . Concept of Cybercrime. Concept of Cybercrime Phishing. Hacktivism Concept of Cybercrime. Cyberwar: Estonia Case Concept of Cybercrime "I felt the country was under attack by an invisible enemy. . . . It was

study.2 The collection of topics for consideration within a comprehensive study on cybercrime included the problem of cybercrime, legal responses to cybercrime, crime prevention and criminal justice capabilities and other responses to cybercrime, international organizations, and technical assistance.

The report contains six main chapters. After an introduction (Chapter 1), it provides an overview of the phenomena of cybercrime (Chapter 2). This includes descriptions of how crimes are committed and explanations of the most widespread cybercrime offences such as hacking, identity theft and denial-of-service attacks.

1. Transport Phenomena in liquid extraction 2. Transport Phenomena in gas absorption 3. Transport Phenomena in distillation Text Book 1. Transport Phenomena by R. B. Bird, W. E. Stewart & F. W. Lightfoot John Wiley & Sons 2. Momentum Transfer Operations by S. K. Gupta

Module 6 discusses digital forensics and cybercrime investigations. This Module explores the legal and ethical obligations of cybercrime investigators and digital forensics professionals, good practices in the handling of digital evidence, its analysis, the reporting of digital forensics results, and the assessment of digital evidence.

After defining stock market cybercrime and obtaining an estimate of the cost of cybercrime (in general) and of the impat of a y erattak on a listed ompany's share prie, we analysed the various ases available publicly, sometimes trying to anticipate the future of cyber insider trading, cyber price manipulation and cyber dissemination of false .

Asia-Pacific Regional Workshop on Fighting Cybercrime Transnational organized groups and Cybercrime Dr Kim-Kwang Raymond Choo Senior Lecturer / 2009 Fulbright (DFAT Professional) Scholar University of South Australia Visiting Researcher ARC Centre of Excellence in Policing and Security, Australian National University Associate

Accounting is an art of recording financial transactions of a business concern. There is a limitation for human memory. It is not possible to remember all transactions of the business. Therefore, the information is recorded in a set of books called Journal and other subsidiary books and it is useful for management in its decision making process. AcroPDF - A Quality PDF Writer and PDF Converter .