This paper examines the growing threat of cybercrime from multiple perspectives, tracing its historical development from early hacking culture in the 1960s through landmark incidents of the 1980s and 1990s. Drawing on crime statistics from the United States and the United Kingdom, the paper establishes the scale of the problem before turning to definitional debates surrounding terms such as "cybercrime" and "cyberterrorism." It then surveys national and international legislative responses, including the Council of Europe's Convention on Cybercrime and the European Network and Information Security Agency, while identifying persistent obstacles such as legal inconsistencies and insufficient technical expertise among lawmakers and judges. The paper concludes by recommending coordinated global policy, organizational preparedness, and public education as essential countermeasures.
As little as ten years ago, few people could have conceived of the Internet and its capabilities, let alone known how to illegally exploit this new communication vehicle. Yet today millions of people use the Web, and online crime is increasing at breakneck speed. Although much discussion has occurred about cybercrime worldwide, much more is needed to take a proactive stance. People at all levels — consumers, company owners, state officials, judicial systems, and government representatives — must be better trained on ways to implement and employ anti-cybercrime methods. In addition, both nationally and internationally, more consistent plans must be developed to deal with cyber-terrorist acts.
According to an article on ZDNet, startling figures from the National Hi-tech Crime Unit (NHTCU) in the United Kingdom were reported at an E-Crime Congress in London in early April. Last year, electronic crime cost companies in the UK alone an estimated £2.45 billion. Out of 200 companies surveyed, 178 experienced some form of high-tech crime. Of these firms, 90% reported that their systems had been intruded upon and 89% said data was stolen. Virus attacks hit 97% of survey respondents, costing them a total of more than £70 million. Nine percent had suffered financial fraud, at a cost of £68 million.
The situation in the United States does not fare any better. According to the National White Collar Crime Center (2004) study, the Internet Crime Complaint Center (IC3) — a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) — reported that from January 1, 2004 to December 31, 2004, the IC3 website received 207,449 complaint submissions. This was a 66.6% increase over 2003, when 124,509 complaints were received. These filings consisted of fraudulent and non-fraudulent complaints primarily related to the Internet. From these submissions, IC3 referred 103,959 complaints of fraud, the majority of which were committed over the Internet or a similar online service. This was a 64.2% rise over 2003, which saw 63,316 complaints referred. The total dollar loss from all referred cases of fraud was $68.14 million. The report also noted that Internet auction fraud was by far the most reported offense, accounting for 71.2% of referred complaints. Most experts believe that common forms of computer-related crime are significantly underreported because victims may not realize they have been involved in a crime, or may choose not to complain out of embarrassment or concern for corporate credibility.
The term "cybercrime" or "cyber fraud" is defined in various ways. When analyzing statistics and reports on this topic, it is therefore important to keep in mind that definitional variables exist. For example, Tavani, in "Defining the Boundaries of Computer Crime" (2001), defined "cybercrime" as "a special category of criminal acts that can only be executed through the utilization of computer and network technologies." In his view, cybercrime consists of three basic categories: software piracy, electronic break-ins, and computer sabotage.
Software piracy involves the unauthorized duplication of proprietary software and the distribution or making available of these copies over an electronic network. The unauthorized copying and distribution of MP3 files, for instance, falls under this category. Electronic break-ins consist of gaining unauthorized access to a computer system or to a private, password-protected Internet site. The third category, computer sabotage, involves the use of viruses, worms, and denial-of-service (DoS) attacks that interfere with electronic systems and disrupt the flow of information (Tavani). When cybercrime is carried out on a large scale, it is instead referred to as "cyberterror."
It did not take long after the development of the Internet for people to determine ways to both legally and illegally profit from this new communication system. However, cybercrime did not occur overnight, according to a 2002 report by Syngress. In the earlier days of computing and networking, criminals did not have the technical ability or hardware to break into mainframe systems. Cybercrime instead developed alongside the technological advances that made computing so easy and accessible that even young children could use the Internet for fun and information.
In the 1960s, the term "hacker" carried a far less negative connotation than it does today. It referred more to the ability to push a system beyond its previous capabilities than to any illegal action. Not surprisingly, the first hacker group emerged from the Massachusetts Institute of Technology in 1961. By the 1970s, however, "hacking" was being adopted by the "yippies" and other radical underground groups as part of their anti-establishment efforts. In the 1980s, the FBI began arresting some of the more prominent hackers, such as Kevin Mitnick (Syngress). In films such as Hackers in the 1990s, these individuals were still portrayed in a semi-romantic light.
In the background, however, other developments did not bode well for hackers' positive reputation. On the morning of November 3, 1988 — also known as "Black Thursday" — system administrators nationwide found that their computer networks were moving very slowly, if at all. If they could log in and generate a system status listing, they saw scores of "shell," or command interpreter, processes. If they tried to kill these processes, new ones appeared even faster. Rebooting had no positive effect.
These systems had been invaded by a computer worm — a program that duplicates itself across a network and uses resources on one machine to attack another. A worm is not the same as a "virus," which is a program fragment that inserts itself into other programs. This particular worm exploited lapses in system security to connect to machines across a network, bypass login authentication, copy itself, and then proceed to attack still more machines. The massive system load was generated by multitudes of worms attempting to propagate the epidemic (Seeley). After this event, the hacker was no longer seen as a "nice guy" in most people's eyes, especially those who had lost information or whose systems had been shut down.
By 1990, increasing numbers of email users recognized that their communications could be intercepted. Phillip Zimmermann developed an encryption program called Pretty Good Privacy (PGP) that could be used to protect private messages. However, PGP was also being used by individuals to conceal criminal activity (Syngress). The first cyber-bank, called First Virtual, went online in 1994, and hackers had all new horizons to explore. Internet Protocol security also began becoming a significant concern. In 1995, the U.S. Secret Service and Drug Enforcement Agency obtained an Internet wiretap to assist in developing a case against individuals accused of producing and selling illegal cell phone equipment. A year later, another electronic concern came to the forefront for both private and governmental groups: Internet pornography. Congress passed the Communications Decency Act, which was later deemed unconstitutional.
Also in 1995, a hacker shut down the Public Access Networks Corporation in New York (Goldstein, 1989). A "cancelbot" that wormed its way through Usenet decimated 25,000 messages. In addition, the Central Intelligence Agency, Federal Bureau of Investigation, and U.S. Air Force computer systems were all hacked.
Such events proved to be just the beginning (Denning, 2000). Over the following years, numerous agencies and private organizations were invaded by hackers, and several cyberterrorist incidents occurred. In 1998, Spanish protesters bombarded the Institute for Global Communications (IGC) with thousands of bogus email messages, making email undeliverable to users and tying up support lines. The protesters also spammed IGC staff and member accounts and clogged their Web page with fraudulent credit card orders. In the same year, a 12-year-old boy successfully hacked into the controls for the Roosevelt Dam in Arizona — an intrusion that could have released floodwaters and endangered at least one million people.
"EU and Council of Europe frameworks addressing cybercrime"
"Jurisdictional gaps and lawmakers' technical knowledge gaps"
"Corporate policies and employee training as prevention tools"
The increasing proliferation of technology-assisted criminal activity and cybercrime merits further attention from the global community through the enactment of necessary legislative provisions and the implementation of effective technological and enforcement tools that reduce criminal activity. Cybercrime should be subject to a global principle of public policy that aims at combating and preventing this form of organized crime through raising international awareness, increasing digital literacy, coordinating legislative efforts on national, regional, and worldwide levels, and establishing a high-level network of cooperation between enforcement agencies and police forces across the globe (Chawki).
You’re 55% through this paper. Sign up to read the remaining 3 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.