Computer Crime Research Center


Criminalization of computer wrongdoing prerequisite for combating computer crime

Date: April 25, 2005

... such as extortion and harassment are also carried out online. In recent years, increasing attention has been devoted to the relation between terrorism and the Internet, as the Internet was being used to facilitate terrorist financing and as a logistics tool for planning terrorist acts.

The working paper contains some recommendations, including a broad, inclusive focus to address problems of cybercrime, going beyond criminal law, penal procedures and law enforcement. International cooperation at all levels should be developed further. All States should be encouraged to update their criminal laws as soon as possible in order to address the particular nature of computer-related crimes. Governments, the private sector and non-governmental organizations should work together to bridge the digital divide, raise public awareness about computer-related crime and to enhance the capacity of criminal justice professionals.

The working paper further recommends that attention should be devoted to establishing, improving and broadening the current practical tools for international information sharing, and early warning systems, using Interpol, alert mechanisms of the Group of Eight, the Convention on Cybercrime, Computer Emergency Response Teams ( CERTs ) and the Forum of Incident Response and Security Teams ( FIRST ). Computer-related crime policy should be evidence-based and subject to rigorous evaluation to ensure efficiency and effectiveness.

SLAWOMIR REDO of the United Nations Office on Drugs and Crime introduced the background paper.

Welcoming Remarks

TAEHOON LEE, President, Korean Institute of Criminology, said the rapid growth and globalization of information technologies had dramatically changed the way people communicated. Millions of people paid bills, consulted professionals, conducted research and made connections with family and friends in cyberspace. As cyberspace continued to become an integral part of life, cybercrime or computer crime posed new challenges to the criminal justice system. The global nature of cybercrime raised difficult legislative problems of jurisdiction as criminals used offshore servers and Internet sites to avoid domestic regulations. Crime in cyberspace, such as cyberterrorism, cyber-money-laundering, cybergambling, Internet fraud and cyberstalking, could occur instantaneously, and offenders targeted victims in other countries where the offence was not easily detected.

The seriousness of cybercrime was reflected in the fact that cyberspace had become the target of terrorists and organized crime groups, he said. Unfortunately, there were few bilateral or multilateral treaties or conventions addressing important cybercrime issues. The Council of Europe Convention on Cybercrime was the first international treaty on the subject. The Korean Institute of Criminology was a government-sponsored research institute tasked with analysing trends, causes and consequences of crime and providing control measures and preventive policies. The Institute’s primary goal was to assist in the Government’s criminal justice policy formulation through research. He hoped the workshop would serve as a valuable forum to promote international operation on crime prevention and crime control.

Keynote Address

KRAISORN PORNSUTEE, Permanent Secretary, Ministry of Information and Communication Technology, Thailand, said the workshop had been organized to find ways to combat computer-related crimes. For that, a prerequisite was to criminalize acts of computer wrongdoing. Attitudes varied greatly from country to country as to what constituted a nuisance and what was a crime. For example, in Thailand, lese-majesty was considered to be a crime of the most serious magnitude. In some jurisdictions, it was an act that fell under freedom of speech. That was but one example of the task in reconciling internationally what was to be considered a crime.

He said the next crucial element of any international effort against cybercrime was to facilitate technology transfer and engage in capacity-building. Information and communication technology had developed at a breakneck speed. Legal and technology experts needed to cooperate closely without any barriers whatsoever. The digital divide between the legal and technical matters needed to be closed at the national, regional and global levels to effectively put up a fight against what was essentially a global crime wave. In his country, his Ministry was the spearhead in the effort to bridge the digital divide. And its network reached into the smallest village. Crime had grown so fast in the “bottomless world of cyberspace” that legal and law enforcement bodies should step up to the plate.

Recent Trends in Cybercrime

PETER GRABOSKY, Professor, Australian National University, said digital technologies now provided ordinary citizens with the capacity to inflict massive harm. The uptake of digital technology was uneven around the world. What was happening in Country A on one side of the digital divide would happen next year in Country B on the other.

He described three trends in computer crime, namely sophistication, commercialization and integration. Sophistication meant the greater skill and capacity that criminals brought today. The speed with which viruses travelled the world was much more rapid today, and it was possible to produce perfect imitations of legitimate websites, using them to infect visitors and steal credit card information. The term “phishing” was used for the practice of sending messages that appeared to be from a legitimate source to a criminal site. Crime followed opportunity, and development would attract new crime. One such area was wireless networks. “War driving” meant driving around in a motor vehicle with an antenna to locate access points.

Regarding commercialization, he said that legitimate electronic commerce provided opportunities to exploit that commerce. Hackers now offered their services on a fee-for-service basis, in other words, hackers for hire. Integration meant the combination of different criminal acts in furtherance of the same criminal enterprise. Extortion included communicating a threat electronically, targeting information systems, demanding payment in digital form and using digital technology to collect intelligence about victims.

Cyberterrorism referred to unlawful attacks against computers and networks to intimidate or coerce a government or its people in furtherance of political or social objectives, he continued. There had been no catastrophic successes yet, however. For the time being, terrorists preferred truck bombs to logic bombs. Terrorists could send and receive message aided by encryption. Digital technology was good for collecting information. The Internet was an ideal medium for propaganda. Digital technology was also ideal for psychological warfare, projecting images of hostage executions with profound impact.

The challenge for lawmakers was to differentiate between the legitimate uses of cyberspace from communications directly in furtherance of terrorism, he said. To control cybercrime it was important to strive for harmonization in criminal law to develop a seamless mutual assistance framework. Technology would continue to grow and, as it did, new criminal opportunities would be created. Those who failed to anticipate the future were in for a huge shock when it arrived.

Digital Divide and Cybercrime

GARETH SANSOM, Director, Technology and Analysis, Criminal Law Policy Section, Department of Justice, Canada, said the term “digital divide” invoked the idea of a gap between the haves and have-nots, in this case linked to information and communication technology. The digital divide brought to mind differences in the capability to use information and communication technology between different groups. “Infostate” was an indicator that comprised different elements that constituted how individuals and organizations communicated, as well as how information might be acquired, as well as the education level within a country that enabled people to use information and communication technology. There had been progress over the past decade, and the gap was gradually closing. All things equal, however, it would take decades for countries at the bottom to reach the status of the countries in the middle.

He said the widespread adoption of computer networks had realized dividends in the economic area. There were, however, also distinct patterns of vulnerability for cybercrime. Countries at the lower end of the digital divide were used as staging grounds to launch attacks. Emerging information and communication technology infrastructure was disproportionately vulnerable to attacks.

The type and scale of computers and networks were different for corporate and consumer groups. A monolithic response to cybercrime was, therefore, not viable. Consumers had become vulnerable to telemarketing fraud, phishing and online auction fraud.

The matter of computer viruses was another issue. One class of those viruses was called “worms”. Worms were independently replicating and autonomous, seeking out their own targets. Some types of worms replicated too fast for human intervention. They would require an automated defence. Some worms showed high penetration in countries with a high infostate, more so than in countries with low infostate density, and vice versa.

He said worm infections occurred mostly in the most advanced countries. Developing countries saw an explosion of usage of mobile phones. There was now a new virus that specifically infected mobile telephones...

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2006-11-05 12:27:02 - Great work!... Emily
2006-11-05 12:26:57 - Good design! My homepage | Please visit Felix
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo