20.06.2019 in Analysis
Combating Cybercrime

Introduction

Digital information has become ubiquitous in the contemporary world. Recent developments in the sphere of information technology have induced not only the vast expansion of e-commerce but also innovative forms of breaching the law. Such breakthroughs play a major role in devising innovative methods of committing traditional crimes and emergence of new forms of criminal activity. Offences connected with the use of the Internet and other computer networks pose a serious threat on a local, national, and international scale. In order to eliminate the danger, international organizations in cooperation with national legislative bodies and private sector need to implement new strategies. Understanding the nature of cybercrimes can help determine the types and effectiveness of current methods that can combat computer-related criminal activity in the context of global and national approaches implemented by certain countries.

Cybercrimes

The Definition of Cybercrime

According to Eoghan Casey (2011), one of the most renowned researches in the cybercrime sphere, a computer-related crime is the offence that is based on the use of a computer for a number of reasons (p. 36). Firstly, the computer plays the role of an instrument in the criminal activity. Secondly, the device is the target of a crime. Thirdly, the computer is a repository of evidence (Casey, 2011, p.39). These categories are not mutually exclusive, with a single crime being reflected in more than one category. Moreover, computer-related offences are characterized by a wreaking destruction of software and hardware (Hess, 2009, p. 259). 

Types of Cybercrimes

There are three basic groups of cybercrimes. First, unauthorized access to a computer and the programs is meant for stealing passwords and data. Second, creation and distribution of malicious programs are aimed at damaging systems and information. Third, harassment and stalking in cyberspace target individual users (Blyth, 2008, p. 164). For example, social networking sites may foster the increase in such crimes because there is insufficient protection of vulnerable users. A separate group comprises offences that relate to cyberterrorism. Attacks against information systems are known as cyberterrorism because such systems constitute a part of the critical infrastructure of a state (Bantekas, 2007, p. 14). 

Prevalence of Cybercrimes

The nature of computer-related crimes increases the prevalence of criminal activity and determines the problems that hinder effective reduction of the rate of such offences. Such crimes can be conducted from the offender’s home against the target that is located in another city or country. It proves the simplicity of such misdemeanor and impossibility of detection of the perpetrators. Hess (2009) assesses the chance of catching an offender as one in 27,000 (p. 262). As a result, most cyber-offences are not prosecuted, which influences the further growth of the crime rate. According to Hess (2009), only 12 percent are reported, and 3 percent of criminals are imprisoned (p. 262). What is more, such offences entail the damage that exceeds the physical limitations of traditional crime. For example, in the United States, the cost of deleting malicious program varies from $100,000 to $1 billion (Blyth, 2008, p. 164). The estimated financial loss to corporations as a result of cybercrimes amounts to a minimum of $9.7 billion annually (Finklea & Theohary, 2015, p. 18). 

 

Assessment of Current Approaches

The Cybercrime Convention as a Method of Combating Cybercrimes

One is the most effective methods of eliminating cyber threat is signing and ratifying treaties on defensive collaboration. The Cybercrime Convention of the Council of Europe is the first and the only international agreement that addresses the crimes performed via the Internet and other computer networks on such a grand scale. In June 2001, the Convention was adopted, and it entered into force on July 1, 2004. To date, it has been signed by 47 states, and 31 of them have already ratified it. The U.S. Senate did this on August 3, 2006. After having agreed to the treaty, it is incumbent on the countries to pass the appropriate legislation that addresses cybercrimes and provide international cooperation when needed (Finklea & Theohary, 2015, p. 25). For this reason, there is a list of crimes that each state must integrate into its legislation. 

In order to provide protection from computer-related crimes, the treaty pursues the improvement in investigative techniques, harmonization of national laws, and stimulation of cooperation among nations. The member states of the Council of Europe and those who have been engaged in the drafting process are eligible to sign and ratify this agreement (Council of Europe [CoE], 2001). Its main objective is to assist in detection, investigation, and prosecution of cybercrimes, insisting on adoption of new laws that counter computer-related offences more strictly. For example, the relevant legislation gives law enforcement agencies the right to search computer networks and intercept computer intruders. Due to this treaty, efficient international cooperation is ensured to sustain effective investigation. Furthermore, the Convention includes provisions directed toward combating child pornography, the infringement of copyright, cyberfraud, and hacking (CoE, 2001). What is more, there is the Additional Protocol to the Convention that determines the propaganda of racist and xenophobic views on the Internet as an offence (Bantekas, 2007, p. 267). 

The Role of Framework Decision in the Fight with Computer-Related Crimes

In 2005, the Council of the European Union adopted the revised version of Framework Decision that was designed to detect attacks against information systems. The objective of this document was to ensure that member states implement criminal penalties that restrict crimes against information systems. Moreover, Framework Decision provides the list of such crimes, among which there are “illegal access to information systems, illegal system interference, and illegal data interference” (The Council of the European Union, 2005). In its efforts, the Convention is more productive and encompassing than EU Framework Decision as the Council of Europe comprises 47 member states in comparison with 20 members of the EU (Summers, Schwarzenegger, Ege, & Young, 2014, p. 237). Moreover, implementation of the Framework Decision is mandatory for the EU states. The Convention does not include provisions on instigation in contrast to the Framework Decision.

National and Local Strategies that are Implemented to Prevent and Counter Crimes

National and local approaches of combating cybercrimes include two main categories: crime prevention and criminal justice. The practices that effectively assist in prevention and combating computer-related offences include enhancement in the law enforcement capacity and the increase in cyber threat awareness. For example, there are constant educational and practical workshops and conferences that address innovative methods of cybersecurity, and continual promotion of defensive cooperation at government, community, private, and international levels (Casey, 2011, p. 182). As a result, cybercrime strategies are incorporated into the law system of 70 percent of countries (United Nations Office on Drugs and Crime [UNODC], 2013, p. xv). 

Half of the states have adopted laws about data protection and usage. Consequently, Internet service providers must abide by such regulations. They are obliged to delete personal information under the law of data protection. What is more, organizations must notify people about incidents of data breaches (UNODC, 2013, p. xxvii). There are programs that are used to exploit computer vulnerabilities and implement mechanism for self-propagation. For example, such a program, known as Ramen Toolkit, has been released for public use (Blyth, 2008, p. 164). 

According to the UNODC (2013) recent research, the majority of personal computers, including in the developing countries, are protected with a special security technology, which proves the effectiveness of adoption of correspondent laws (p. 121). User and employee education in combination with the presentation of security systems considerably decreases the rate of attacks in the private sector. There is a wide usage of such protective measures as firewalls, content identification, intrusion detection, and digital evidence preservation techniques (Finklea & Theohary, 2015, p. 26). However, some medium-sized companies underestimate the possible threat, imagining that they cannot become a target (UNODC, 2013, p. xvii). Therefore, they are reluctant to protect systems at full capacity. It means that complete reliance on the responsibility of individuals and organizations is not the most successful method of combating cyber attacks.  

Necessary Improvements

Although the mentioned efforts are successful at varying degrees, there are a number of issues that need improvement. The transnational aspect of cybercrimes adds jurisdictional complication to detection and prosecution of the offenders. The situation is also aggravated because criminal investigation processes differ in each state, and police power is limited within the national border. Moreover, in the attempt to combat computer-related crimes, governments and companies should understand the nature of the criminal intent and activities. Countries vary in their methods of investigation and punishment of cybercrimes. Despite the fact that countries regularly adopt new laws, most of such enforcements do not concentrate on the long-term threats.  

A slow and laborious process of applying the law affects the global strategies aimed against cybercrimes. Little consistency among the countries’ legislation results in inadequate cooperation and adoption of laws that differ from country to country. Consequently, more sophisticated and indictable crimes, which have been recently devised by criminals, reach every corner of the contemporary world. It means that while every state is reaching agreement on mutual assistance in the prosecution of cybercrime, the rate of such offences is increasing exponentially. 

In most countries, there is no national strategy particularly concentrated on combating cybercrimes. Instead, there are broad policies that only include components of such crimes. There should be a distinct and clear strategy with specific cyber-related objectives and detailed description of the methods to meet these requirements. Concurrently, it is vital to incorporate these various approaches to counter the array of cybercrimes. Such policies will provide a broader framework for more effective combating of digital domain crimes. What is more, there should be a comprehensive international record of all cybercrime incidents with their impact. The absence of such data hinders the assessment of the magnitude of cyber threats and  the prevalence of cybercrimes. 

Analysis and Comparison of Methods Used by Some Countries

The Role of the United States

Analysis and comparison of the approaches that have been adopted by certain countries to fight with cybercrimes will allow to make amendments in the existing methods and implement the new ones. Analysis of organizations, legislation, and public involvement of the USA, Germany, the United Arab Emirates, China, and Australia gives the international perspective on the methods of countering the computer-related criminal activity.  

The United States concentrates on both military attributes of cybersecurity and the global element in the attempt to decrease the rate of cybercrimes. The year 2011 was marked with the passing of a number of documents that address computer-related offences. In July, the Office of the Secretary of Defense created a strategy under the title “Department of Defense Strategy for Operating in Cyberspace.” It is also called the Five Strategic Initiatives, adopting the prominent military command and engaging innovative defense operating theories. In May, the International Strategy for Cyberspace was issued with the broader focus on cybersecurity. In its seven policy priorities, it addresses the methods how the United States will enhance national and multilateral combating capacities. Furthermore, the Internet Crime Complaint Center (IC3) was founded to receive and refer complaints about cybercrimes to the corresponding federal, state, or local agencies. It is considered to be the main reporting institution that plays a major role in fighting with computer-related offences (Casey, 2011, p. 85-87).

Currently, although computer fraud is known to be a leading offence, it is not defined as a predicate one under the Racketeer Influenced Corrupt Organization Act. That is why, the Obama Administration has provided a recommendation to include computer fraud as a serious offence in the revision version of RICO provisions (The White House, 2015). This will help boost the efficiency of investigation and prosecution of wire, bank, and access device types of fraud. In October 2014, the BuySecure initiative was presented with the intention to encourage the use of the latest chip and PIN technology in retail. In January 2015, the President proposed a new cybersecurity legislation to the Congress. Its fundamental provisions cover information sharing and data breach notification (The White House, 2015). 

Germany’s Contribution

Germany has been considered one of the major targets of computer-related crimes in Europe, mainly being affected by bot infections. In 2011, Federal Cyber Security Strategy was published to concentrate on such areas as resultative crime control, coordinated national plan on cybersecurity, personnel training, and security of IT systems from cyber attacks. The same year, the National Cyber Response Centre (NCAZ) was created to assess cyber attacks and develop an appropriate defense system. In 2009, the Act to Strengthen the Security of Federal Information Technology was adopted, guaranteeing additional security against threats to federal technologies, malicious software, and intrusion into personal data (Summers et all., 2014, p. 226). 

In addition to governmental engagement, representatives from private sector contribute to combating cybercrimes. Thus, CERTCOM AG is a commercial response team that promotes IT security products to manufacturing companies. What is more, CERT-Verbund functions as an alliance of public and private computer security (Levin et all., 2012, p. 23). 

Germany is recognized as the leader in legal and regulatory framework among other examined countries. It is important to stress that the country has a comprehensive national cyber strategy as well as effective cybersecurity plan (Levin et all., 2012, p. 23). Nevertheless, Germany should provide additional funds for cybersecurity. Although there is a substantial number of public and private computer emergency response teams, they are too decentralized, which hinders the cooperation that can bring more results. In addition, more efforts should be applied to enhance the coordination between the state agencies and the private sector. 

The achievement of China

China is considered to be involved in a tolerating cyber-espionage against other countries. China is assessed as the world’s spam-producing country. However, the country is also susceptible to a substantial amount of different forms of cybercrime pertaining to domestic business and retail-related fraud. According to the Chinese government survey, 90 percent of Chinese PCs were infected with malware when connected to the Internet (Chang, 2012, p. 55-56). Apart from the necessity in cyberprotection, China strives to capitalize e-commerce. In order to accomplish these two goals, Chinese government has a leading role in developing cybercrime policy. However, at the same time, it deprives the public sector of the opportunity to contribute (Levin et all., 2012, p. 50). 

Unlike the Western approach that is dedicated to the security of infrastructure and communication networks, China’s attention is concentrated on the protection of content. Until now, the country has not issued an official cybersecurity strategy. However, in 2006, the National Defense White Paper proclaimed the country’s engagement in the “informationization of the military” (Chang, 2012, p. 20). Thus, military network must be modernized and improved in accordance with the policy of the development of cyber-warfare capabilities. To compare, China is gradually reaching the rate of achievements of the US in this sphere. In 2010, the first “Information Support Base,” which is a cyber command, was revealed. Since then, banks and infrastructure and government institutions have been using Chinese security technology. Furthermore, China has agreed to bilateral police cooperation with thirty countries. Due to such assistance, 721 cybercrimes have been successfully investigated in 41 countries (Chang, 2012, p. 118-121). 

Cybersecurity in the United Arab Emirates

Cybersecurity in the UAE is regulated by the United Arab Emirates Computer Emergency Response Team (aeCERT). Like the Internet Crime Complaint Center in the US, it has become a central incident reporting point in the UAE. AeCERT also works on distribution of information about threats and vulnerabilities. Simultaneously, it develops expertise in information security and computer forensics. Although the UAE has considerably increased government and public attention to cyberthreats since the adoption of the first cybercrime law in 2006, there is still insufficiency in understanding of current computer-related issues and defensive collaboration (Alkaabi, 2011, p. 11; Summers et. all, 2014, p. 146). Therefore, aeCERT emphasizes the importance of enhancing security awareness in the UAE.

According to Alkaabi (2011), the UAE has lower alignment with the CoE Convention in comparison with other signatory countries because there is a lack of clarity as to some essential conditions for the offences enlisted in the treaty (p. 12). For this reason, the majority of laws are not applicable to the UAE. For example, Articles 2 and 11 of the CoE Convention require the crime to be committed “intentionally” (CoE, 2001). However, in order to apply criminal liability, most of the UAE Articles do not determine that the crime must be committed intentionally and without right (Alkaabi, 2011, p. 12). In fact, these two conditions are crucial for fighting with computer-related crimes. Consequently, the UAE legislation needs updating in terms of including the term “intentionally” into the legislation. This is the argument in support of the recommendation of the International Telecommunication Union: “The lack of a globally harmonized legal framework with respect to cyber criminal activities has become an issue requiring the urgent attention of all nations” (as cited in Alkaabi, 2011, p. 12).

Australia’s Measures Against Cybercrimes

In comparison with other countries, Australia pays addition attention to prevention rather than reduction of the results of the computer-related criminal activity. Thus, the protection of individuals, business, and government is guaranteed by CERT, which is the national computer emergency response team. It provides support and accurate information concerning current cyber threats and vulnerabilities. What is more, since 2010, Cyber Security Operation Centre (CSOC) has been functioning to coordinate operational responses to incidents connected with the attacks on government and critical infrastructure, like it is done in the USA and the UAE (Levin et all., 2012, p. 11). 

The research conducted by Alkaabi (2011) has shown that there is a need for formal policy and guidelines documents concerning the investigation of cybercrimes (p. 14). It is also important to provide regular trainings for the personnel of the Queensland Police Service in Australia and the Abu Dhabi Police Service in the UAE. It will allow to inform the staff about the recently emerged forms of cybercrime and teach them how to report and record such incidents as a distinct form in comparison with other types of crime (p. 14). 

Recommendations on how to Proceed

Improvement in International Cooperation

Although many mechanisms have been adopted by countries, there is a list of approaches that need improvement and introduction of new methods that will be effective in further advancements. In order to ensure the enforcement of the signed and ratified treaties, there should be an international police to control the adoption and fulfillment of the provisions. As an alternative, supporting informal police networks can be crucial for improvement of global cooperation. Intensifying the process of signing bilateral and multilateral agreements may involve more countries in the mutual fight against cybercrimes. There should be a clarification of the relevance of law enforcement investigations, which are based on extraterritorial data, to the country’s principles of sovereignty. Each country should agree on the international mechanism for obtaining and sharing electronic evidence (Finklea & Theohary, 2015, p. 26). 

Personal Data Security

Security must be ensured not only by individual users but also within organizations and companies. They should identify potential protection issues and install more reliable software. In order to realize such an initiative, all industries that work with computer technology should follow current developments in the criminal activity to produce more secure and up-to-date technology. It is especially essential in the era of cloud computing, which is characterized by the increased level of data breaches and cloud service abuse. There should be improved protection of consumer assets and isolation of user’s applications and information. Security provisions for cloud applications may be the best option to ensure security. 

Support for Developing Countries

It is important to arrange for developing countries the receipt of innovative technical assistance aimed at protection and management of the computer-related criminal activity. Such help can be provided on condition that the standards accepted in the model provisions are used. It can also be performed through focusing on multi-stakeholder delivery. Additional protection should be guaranteed through the establishment of regional and national connections with the inclusion of private and academic sectors. (UNODC, 2013, p. xv)

Conclusion

Due the international nature of the Internet, it is impossible to restrain cybercriminals in a single country. The harm can be reduced on condition that the efforts are combined. Apart from implementation of technical measures for computer protection, legal steps must be taken to deter cybercriminals. Ratification of international treaties is an effective way of countering cybercrimes because such documents work as a framework for both global cooperation and national regulation, controlling the processes of detection, prosecution, and punishment for computer-related offences. Moreover, harmonization of criminal law between states can improve current approaches aimed at combating cyber threat worldwide. Finally, using modern computer technology may significantly enhance cybersecurity.

Related essays