Special Report 08 | March 2015 Cyber space and underworld Prof. Anis H. Bajrektarevic, Dimitra Karantzeni
08 www.moderndiplomacy.eu
Anis H. Bajrektarevic is a Professor and a Chairperson for International Law and Global Political studies at the Austrian IMC University of Applied Sciences. He is editor of the NY-based Addlton’s GHIR Journal (Geopolitics, History and Intl. Relations), as well as the Senior Editorial member of many specialized international magazines, including the Canadian Energy Institute’s Journal Geopolitics of Energy. For the past 15 years, prof. Anis has organized dozens of public events by hosting numerous heads of missions to the UN Vienna and OSCE (Organization for Security and Cooperation in Europe), including ambassadors of all five Caspian riparian (and all five Arctic littoral) states. For the same period, professor also organized some two dozens of study visits for his students to the Vienna, Geneva and Paris based safety/security and energy-related organizations (such as ECE, DA Com., OECD, IEA, etc.) Contact: anis(at)bajrektarevic.eu Dimitra Karantzeni is a graduate of Communication and Mass Media from the University of Athens, also holding a M.Sc. in European and International Studies from the School of Law, Economics and Political Sciences of the same University. She is currently working as a Communication Specialist and independent researcher on the Journal of Modern Diplomacy. Contact at: d.karantzeni(at)moderndiplomacy.eu
CONTENTS 05. Cybercrime: Introduction 08. Legal Frameworks and Institutions 10. Regional Foras and Initiatives 14. Unlawful Access Alteration and Hindering of Functioning 16. Non Governmental Approaches to combat Viruses, Worms and Other Malicious Software 20. E-Fraud, Abuse of Data, Unsolicited Messages and other Related Cyber-Wrongdoings 26. Intellectual Property Oences and Abuse of Copyrights 28. Piracy Criminalization and Law Enforcement 32. Content related oences 36. Conclusion
40. Cybercrime in Central Asia 41. Country Overview Kazakhstan Kyrgyzstan Tajikistan Turkmenistan Uzbekistan 43. Memberships in International Organizations Combating Cybercrime 44. Criminal Codes 45. Current Situation
A
ccording to the Internet World Usage and Population Statistics the internet has expanded at an average rate of 444% on a global level from 2000 to 2010; an estimated 2 billion people are online worldwide. The tremendous growth of cyberspace has also led to an increase in cybercrime which results in lost revenues, loss of sensitive data and damage to equipment. Today, around 40% of the world population has an internet connection today, reaching a number of almost three billion users by the end of 2014. [1] The use of Internet in the developing countries will be on rise and will account for 2/3rd of the Internet users globally. In the past 5 years, the Internet users in the developing countries have doubled from 974 million (2009) to 1.9 billion (2014). [2]
Cybercrime includes crimes in which the computer or computer network is the target of the criminal activity, offences where the computer is a tool used to commit the crime and crimes in which the computer is an incidental aspect of the commission of the crime but may afford evidence of the crime (US Department of Justice). ‘’The new definition proposed in SA law – Electronic Communications and Transactions Amendment Bill, 2012 (26 October 2012) states: “cyber crime” means any criminal or other offence that is facilitated by or involves the use of electronic communications or information systems, including any device or the Internet or any one or more of them.‘‘ There is one widely used and accepted term, but there also exists a number of different perceptions and applications on various fields of jurisdictions per case and per country. (Cybercrime.org) [3]
[1] http://www.internetlivestats.com/internetusers/ [2] Internet Statistics 20142015: http://sourcedigit.com/889 2-internet-statistics-20142015-nearly-40-3-billionworld-will-internet-2015/ [3]http://cybercrime.org.za/ definition
07 /
08
The incentive to commit a crime depends on various factors such as the availability of exploitable security gaps, the interconnection of potential accomplices and a low risk of criminal prosecution. The Internet makes it easy to address a broad scale of people, like-minded offenders or possible victims. It facilitates virtual encounters to share criminal ideas around the world for example through bulletin boards. In recent years it has even become lucrative to sell software tools which enable the user to hack into protected networks. Today, due to this development little professional knowledge to crack systems is required which enables comparatively unskilled people to operate as cyber criminals. Internet access is not limited; anybody can obtain and exchange information about usable loopholes and take advantage of extensive knowledge to realize dubious operations. The Internet grants anonymity to a high degree. The uncontrolled extent of anonymity offered, which is of course rather appealing to users, has somehow gone out of limits causing a kind of web anarchy.
Even though a significant level of anonymity may be necessary so to protect users’ basic human rights, it seems to be gradually transformed into a gateway to abuse. It is complicated and time consuming to follow the information and communication flow. The lack of capable guardians and common legislation is decisive as the World Wide Web is not restricted by political borders. Computer networks go beyond these borders and national jurisdiction which makes it increasingly difficult to prosecute cybercrime. ‘’Lack of co-ordination in law enforcement and legislation, lack of common consensus on what constitutes cybercrime, lack of awareness and trust, lack of information sharing and lack of robust data on cybercrime are just some of the issues that both afflict cybercrime responses and cloud our understanding of cybercrime.’’ (E-crime Project – EU) [4] Huge amounts of information in form of data can easily be collected and be stored. This information can be used by companies to identify potential customers but also to spy on people for fraudulent purposes. The enormous amount of data makes surveillance of illegal activities very cost, knowledge and time intensive.
Legal Frameworks and Institutions The differentiating factor regarding cybercrime is its global scale and the lack of physical borders. In order to gain control of this specific situation international organizations are formed and standards are set. ICANN The not-for-profit public-benefit Internet Corporation for Assigned Names and Numbers (ICANN) coordinates the unique addresses of the Internet’s naming system. The Domain Name System (DNS) links a precise series of letters with a precise series of numbers, the IP address. Additionally ICANN ensures that the copies of all IP addresses worldwide stored on 13 root servers are always up to date. ICANN doesn’t control a websites’ content before assigning addresses.
In December 2000, 147 members of the United Nations signed the Palermo Convention with the aim to strengthen international cooperation to combat global crime. Within this global framework the “Resolution to Combat Criminal Misuse of Information Technologies” deals with cybercrime.
In April 2010 the UN rejected a proposal for a treaty on global cybercrime as no consensus could be found between the nations. The objective was to replace the Council of Europe Convention on Cybercrime, which is currently the most important document on cybercrime, as many nations claimed it is a European approach and doesn’t fit for global purpose. In particular, a few non-European states such as China and Russia, oppose the Budapest convention, seeking for a new international treaty. However, controversies United Nations System and oppositions seem to hamper progress in According to the UN cyberspace is seen as this direction. the fifth global common space along with land, sea, air and outer space. It is indispen- International Telecommunications Union sable to coordinate and govern its shared The International Telecommunications use among all nations. The ultimate objec- Union (ITU) is part of the UN system and tive is to achieve peace and security in cyber- works on an international approach to fight space though the implementation of cybercrime and spam. In 2008 the Internet Governance Forum (IGF) was established to international law. serve as an open forum on Cyber security.
[4] http://ecrime-project.eu/ , http://www2.warwick.a c.uk/fac/sci/wmg/research/csc/research/pro jects/
09 /
10
In this regard, the ITU Secretary-General launched the Global Cybersecurity Agenda (GCA) on 17 May 2007, with the contribution of partners from governments, industry, regional and international organizations, academic and research institutions in order to enhance security and confidence within the information society. Its actions are based on five basic pillars: 1. Legal measures 2. Technical and procedural measures 3. Organizational Structures 4. Capacity building 5. International Cooperation According to this multi-level approach, GCA covers all major fields of interest, as it takes care of all legislative (necessary law provisions, investigation instruments etc.) and technical (schemes, protocols etc.) procedures needed and at the same time raises national awareness on this area and promotes international dialogue as regards the common goal of fighting cybercrime attacks. (ITU, 2012, pp 3) In close correlation with this initiative there’s also the Global Cybersecurity Index (GCI), an ITU-ABI research joint project aiming to rank the cybersecurity capabilities of nation states, concerning legal, technical, organizational etc. matters. [5] World Intellectual Property Organisation Another UN agency, with headquarter in Geneva is the World Intellectual Property Organisation (WIPO). The organisation establishes international laws on trademarks and patents among its member states and deals with applications for international patents.
Interpol The International Police Organisation investigates in a wide variety of cybercrime issues. Its 188 Member countries confer vast legal capacities to the organisations international operations to combat cybercrime. During a conference held in April 2011 President Khoo Boon Hui pointed out the importance of increased co-operation to combat crime of the 21st century. He emphasised that Interpol has to focus on research and innovation to be steeled for the digital threat and to ensure online security. The primary scope concerning cybercrimes includes financial and hightech crimes such as payment card fraud, money laundering, intellectual property crime, new technology-related crimes and financial fraud. Interpol has regional working parties in Africa, Asia, Latin America and Europe to deal with specific issues. Today, the fight against cyber-crime remains crucial and there are important pillars that need to be addressed in the forthcoming conference in Singapore, in 1-3 October 2014, such as: •The prevention and detection of cybercrimes •The Investigation on techniques, search and seizure, forensics •The prosecution and trial on cybercrime cases [6] The European Working Party published and regularly updates the Information Technology Crime Investigation Manual which serves as a valuable guideline for online investigation. In January 2010 two new projects on “Operational Botnet Mitigation” and “IT Crime in the Future” were started. The first project aims to reduce the threat of botnets and to arrest developers. The project on future IT crime intends to identify potential misuse of latest technologies.
Regional Foras and Initiatives
Organisation for Economic Cooperation and Development The guidelines for the Security of Information Systems and Networks “Towards a Culture of Security” were adopted in 2002 by the OECD. The main focus is on public risk awareness, measures and policies to reduce or minimize those risks and eventual implementation of comprehensive international legislation. The implementation plan for these guidelines points out the importance of government initiatives to increase public awareness of cyber security. It provides a list the most critical internet security vulnerabilities to show potential threats for users. Council of Europe The Committee of Experts on Crime in Cyberspace adopted The Council of Europe Convention on Cybercrime. On November 23, 2001 this treaty was signed by 27 European countries, Japan, USA and Canada in Budapest, Hungary. Is represents the first international agreement to deal with crimes committed via computer networks, copyright infringements, computer-related fraud, child pornography and security violations.
It entered into force in July 2004 after a protocol dealing with racist and xenophobic online content was included. In 2008 guidelines to strengthen co-operation between law-enforcement agencies and Internet service providers in were adopted. The Council of European Convention on Cybercrime still is the most important legal instrument concerning Cybercrime. Today it has been ratified by 42 States; whereas 5 Ratifications including at least 3 member States of the Council of Europe are in the process of entering into force. [7]
The legal classification of cybercrime according to the Council of Europe Convention on Cybercrime covers: Unlawful Access, Alteration and Hindering of Functionality This includes unauthorized access through hacking, malware and computer espionage as well as the manipulation of computer systems or establishment of botnets.
[5] International Telecommunication Union – cybercrime: http://www.itu.int/en/ITU D/Cybersecurity/Pages/G CI.aspx [6] https://www.europol.europa.eu/latest_news/interpol-europol-cybercrim e-conference-2014 [7] Status as of: 18/9/2014, Convention on Cybercrime – Council of Europe: http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT= 185&CL=ENG
E-Fraud, Abuse of Data, Unsolicited E-mail Spam e-mails, illegal collection of data referred to as phishing and the unauthorized collection of personal data are part of this category. Furthermore identity theft such as credit card abuse and cyber fraud including fake auctions, pyramid games or factious job offers and sweepstakes are part of this chapter. Intellectual Property and Abuse of Copyrights This part deals with software copies and illegal music and movie download. Content related Offences This section mainly refers to child pornography, racist statements and content inciting to crime such as terrorist attacks.
[8] Cyber Europe 2012 – key findings: file:///C:/Users/Dimitra/Downloads/Cyber %20Europe%202012%20%20Key%20Findings %20Report.pdf
European Union The European Union has seen the significance of the Internet for the regions economic growth and social development. Similar to the Council of Europe the European Union established legislations dealing with cybercrime, the “eEurope Initiative” in 2000. To improve network security the Information Security Agency (ENISA) was set up which serves as a communication tool between the member states.
The EU also runs a 24-hour information network for combating high-tech crime together with the G8. Since 2002 the European Commission’s “proposal for a council framework decision on attacks against information systems” is the basis for legal definitions and criminal offences among the EU member states. On the 15thApril 2011 Neelie Kroes, VicePresident of the European Commission for the digital Agenda, presented the EU’s goals to improve cyber-security. Firstly, all 27 EU members need to have functioning Computer Emergency Response Teams. Furthermore, the first European cyber-incident contingency plan was developed in 2012. Cyber Europe 2012 proved really valuable in improving international cybercrime management, via cooperation between all members, whereas training of all stakeholders on the use of procedures as well as the involvement of the private sector in future exercises were deemed as indispensable elements of a more effective strategy against cybercrime. [8] Pan-European cyber incident exercises will be continued. Global adoption of agreed principles for the stability and resilience of the Internet must be promoted and strategic partnerships will be strengthened.
Europol The European Police connects police offices and encourages information exchange and cross-border investigation among its members. The agency holds an important position in the European Cybercrime Task Force to promote Europe-wide progress against computer criminality. The cybercrime database collects data and makes it accessible for regional police agencies. Since 2011 Europol joins the Virtual Global Taskforce to combat child exploitation. Progress was also made in the European Commission’s decision to establish a European Cybercrime Center, in order to effectively fight internet criminality. Europol’s European Cybercrime Center (EC3) officially commenced its activities on 1 January 2013 with a mandate to tackle the following areas of cybercrime:
League of Arab States The League of Arab States cooperates with the UN, ODC and Interpol in order to fight cybercrime effectively. In many member countries law on digital crimes is not well developed. The organisation seeks to improve its situation step by step to protect the information society.
Organisation of American States The Intergovernmental Expert Group on Cybercrime was established in 1999 in Peru with the goal to analyse criminal activity that targets computers and to examine domestic legislation of the 35 OAS member states.
of Contact for crimes involving computers and worked out principles and action plan to combat transnational thigh-tech crime. One of the goals is to develop comprehensive substantive and procedural computer crime laws around the globe to ensure that no offender can avoid sanctions by emigrating.
Asia Pacific Economic Cooperation The Asia Pacific Economic Cooperation (APEC) adopted the EU Convention on Cybercrime and introduced the Computer Emergency Response Team (CERT). Furthermore the “Leader’s Statement on Fighting •That committed by organised groups to Terrorism & Promoting Growth” was initially generate large criminal profits such as online released in 2002 fraud •That which causes serious harm to the vic- The G8 Initiative tim such as online child sexual exploitation The G8 assigned groups of experts, known as •That which affects critical infrastructure and “Lyon Group” to address specific crime reinformation systems in the European Union lated issues. The subgroup on High-Tech [9] Crime created a Network for 24-Hour Points
[9] Europol’s European Cybercrime Center – Europa: https://www.europol.europa.eu/ec3
Virus A computer virus is a self-spreading programme which can undertake uncontrollable modifications on a computer. In order to be activated the file to which the virus is attached has to be executed. Today most viruses are attached to e-mails or File Transfer Protocols (FTP). The name comes from its biological equivalent. Like a virus that affects human beings computer viruses need a host to reproduce itself. In order to spread onto numerous computers and documents before they are found, most viruses are programmed to be as inconspicuous as possible. Hence, the majority of viruses only use up memory space and slows down the computer. The most common form today is the E-mail virus, an attachment in an E-mail document. Once the e-mail or the attachment is opened, the virus infects the computer and sends affected mails to everyone in the address book. There are controversial opinions among experts how to differentiate complex viruses and worms. Today the simple from of computer viruses is mostly outdated as they can easily be detected by modern anti-virus software.
More complex forms of malicious software which frequently appear online are referred to as worms. Worm The main difference to a virus is that worms duplicate and spread themselves on computer networks and that they do not depend on a host file. Worms can have similar consequences as viruses such as destroying important data or hindering programs from functioning. Some worms are created to open so-called security back doors to grant the author access and control over another computer. Such networks of “Zombie” computers are called botnets which then can be used for criminal purpose. Trojan A Trojan appears to be useful software but once downloaded it attacks the computer. It can not replicate itself like viruses or worms. They modify or destroy files, change desktop settings or activate and spread other malware. What is even more dangerous about them is that they can just like worms open back doors and grant unauthorized access to data and add the computer to a botnet.
Unlawful Access Alteration and Hindering of Functioning
Bot Attacks Bots collect information from computers in a network. Bots are not used to harm data on a single computer but rather to gather passwords or financial information. Worms and Trojans open backdoors on computers and connect infected devices to a botnet. They can be used for various criminal purposes and access to such a network is sold to spammers. This criminal service is very lucrative and has become one of the most serious threats in the digital world. Infected computers can be used to send spam or attack servers with the goal to render services inoperable. This so-called Distributed Denial-ofService attacks (DDoS) cause companies’ websites or online services to crash which results in considerable financial damage. Such botnets are also used to provide anonymity as the infected computer appears to be the invader.
The actual offender can not be traced back. Another exploitation possibility is the allocation of illegal data on infected computers. The largest botnet observed in 2010 was “Rustock” with 1 million infected computers under its control. Spyware Spyware collects information about the user and sends it to a central server. This can include internet surfing habits or the use of certain programs. This information is sold to firms in order to find out about the preferences and habits of the user and take commercial advantage of it. Adware is a specific type of spyware where pup-up ads appear on the infected computer. The installation of such software happens unnoticed, often as piggyback on desirable software.
Several antivirus companies have developed programs to secure data and hinder the access of malware to computers. The best known are Symantec, McAfee, Kaspersky and Panda Software. They develop antivirus programs, collect information about existing viruses and some provide security consultation and data recovery. Antivirus software cleans infected files, scans e-mails and provides a firewall to monitor data transfer and block unauthorized access to the computer.
The importance of Antivirus Software Nowadays, most newly sold computers already include not only an operating system which usually contains protection mechanisms itself but also separate virus protection programs. Basic antivirus software is of great importance and should be provided for all users. An unprotected computer represents a security threat for other computers in the network; therefore protection should be aordable and accessible for everyone. The number of infected computers steadily increased over the years. In 2010 the security software company Symantec recorded over 3 billion malware attacks. The costs for victims by malware are usually labor expenses as well as tools and software to limit attacks. The Virus Outbreak Life Cycle A usual virus runs through four phases. The first is its emerging state where it appears the first time. Antivirus software is developed. Some viruses spread very rapidly which is said to be the epidemic stage.
Non Governmental Approaches to combat Viruses, Worms and Other Malicious Software
Once more and more users update their antivirus software, the virus attacks decline which is the existing phase. The stage of eradication is the last phase where the virus hardly shows up anymore. Anyway a virus hardly ever disappears completely from the internet.
The Sober worm turned off antivirus protection and could therefore spread quickly. It slowed down traffic but did not delete data. In 2010 the Stuxnet worm launched targeted attacks (spear phishing) and made use of social engineering to spread successfully. It is suspected that the Stuxnet worm was created to infect the control technology of a Most popular Viruses and Worms uranium enrichment plant in Iran. The fist inThe “I love you” worm which first appeared in fection happened using a USB storage 2000 spread itself very quickly due to its psy- medium. chological approach. It was disguised as a love letter. Once the attachment was opened Hacking it spread to people in the address book. The Hacking means to gain unauthorized access worldwide damage it caused is estimated to to a computer. There has to be distinguished be around USD 10 billion. It destroyed vari- between “black hats” or “Crackers” who use ous files on the infected computer. their knowledge to cause damage and “white hats” who try to detect possible secuThe MyDoom worm was a very fast spread- rity holes. A third group are so-called “gray ing worm. It also attacked big companies hats” who provide information about security wholes which can be used to eliminate such as Microsoft, Google and AltaVista. The Sasser worm in 2004 caused major dam- security holes or exploit them. age to organizations such as Delta Airlines, There are several further classifications for Deutsche Post and even the European com- hackers depending on their intent. mission.
17 /
18
10 Worst Computer Viruses of all time (starting from the latest one)
1.Storm Worm 2.Leap-A/Oompa-A 3.Sasser and Netsky 4.My Doom 5.SQL Slammer/Sapphire 6.Nimda 7.Code Red and Code Red II 8.The Klez Virus 9.I love you 10.Melissa Some try to attack infrastructures, communication or emergency services, others modify websites to promote political ideologies, malware writers create tools for hackers to gain access to computer systems. A special form of hackers, called Samurai or Sneakers, test the eectiveness of the security system. Another group of hackers crack and distribute copyrighted software. Hackers are attracted by the challenge to break into a system which is said to be protected. In many cases they are paid to collect secured data from a computer. Many vulnerabilities are well known and exploited by hackers. This can be the case when security software is not yet updated by all users. Crackers can not only destroy, modify and steal data but also use the computer to store their data or send e-mails. Some also change websites to propagate their ideologies or humiliate the website owner.
The oenders One of the hackers who became famous was the author of the Melissa worm. After he had served his sentence he started working for the FBI. Kevin Mitnick hacked into computer systems over 15 years. Later he set up an internet security company and worked as a consultant in this area. L0pht Industries was a group of gray hackers detecting security holes and publishing them. In 2004 this organization was acquired by Symatec. Hackers often belong to a group in order to exchange information about security holes or simply to propagate their latest achievements. In the 1990’s some of these groups work against each other. Hacker conferences take place to exchange information about existing security holes. The latest developments and the easy access to information made it relatively easy for average people to exploit security holes in networks.
Today the typical hacker, whose initiative often was simply to prove that he can brake into a system which is perceived as secure, has changed. Software for hacking or spam attacks can be bought for $500 or less, with the result that no special skills are required to cause considerable damage. Costs According to Symantec’s report of 2010 the average cost per incident of a data breach in the US was $7.2 million. Nowadays, according to security software-maker McAfee (INTC) and the Washington think tank Center for Strategic and International Studies recent report, a sum of about $575 billion is estimated as the annual global cost of cybercrime activities, with Netherlands and Germany at the top of the list, as the countries with the highest levels of cybercrime, relative to gross domestic product. [11]
Other important findings of the report underline the high probability of cybercrime’s growth, as more and more consumers and companies go online, whereas at the same time efforts aiming to protect users from cyber theft fail to reach their primary goals. In addition to this, cybercrimes targeting copyrights tend to slow the pace of global innovation and consequent investments. Overall, cybercrimes are generating a huge amount of money as intangible goods are the most important assets for companies in the 21st century. Intellectual capital is far more valuable for companies and lucrative to steal for criminals than tangible assets. The actual costs of cybercrime are hard to estimate and official data varies widely. What can be said with certainty is that the costs rise dramatically as illegal business with data becomes more and more popular.
[11] Report: ‘’Net Losses: Estimating the Global Cost of Cybercrime Economic impact of cybercrime II’’, Center for Strategic and International Studies, June 2014: http://www.mcafee.com/ ca/resources/reports/rpeconomic-impact-cybercrime2.pdf
E-Fraud, Abuse of Data, Unsolicited Messages and other Related Cyber-Wrongdoings
Spam Spam is bulk e-mails sent to spread advertisements, political messages, chain letters and also charity appeals. The main problem about spam is the time the addressee has to spend to read or delete it and the memory space it uses up. Most spam is sent for commercial or propaganda purposes. The most common content of spam is gambling, pornography, medication and other advertisements. Generally, spam is illegal in most countries, nevertheless it is difficult to find out weather the e-mail was solicited or not. Some part of spam also serves a fraudulent purpose, convincing the person to transfer money or inform them about passwords and codes. The spammers often hide their real address and make the e-mail appear to be harmless. Hackers can use other computers to distribute e-mails without being identified.
Costs The main costs of spam are opportunity costs as it takes time to scan and delete emails. The cost for a single person is low but the cost for a whole company in form of forgone working hours can be significant. There are organizations which collect addresses and data and sell that to spammers. These e-mail addresses can be goals for advertisements.In order to reduce spam most e-mail accounts have spam filters installed and security companies offer software to reduce spam. Messages with a direct aim of advertising or which have been sent to more than 50 addressees are referred to as spam. According to the Directive on Electronic Communication and Privacy (2002/58 EC) unsolicited commercial e-mails are prohibited within the EU members. Additionally commercial emails must include a button where the addressee can “opt out” as a recipient.
The “CAN-SPAM Act” serves as a similar standard for the United States. The Contact Network of Spam Enforcement in the EU and the London Action Plan on Spam for the US and UK are non-binding agreements to co-operate in information exchange and legislation enforcement. Especially for medium and small businesses bulk e-mails where an easy and cheap way of advertisement, to fight against the prohibition of spam the National Organization of Internet Commerce (NOIC) has been formed. Phishing & Social Networks Phishing refers to an e-mail disguised as a real institution’s e-mail asking for confidential information. Common targets are customers of banks and online financial services. The internet user is asked to send the password in order to alter his account. The organizations’ web sites are replicated (so-called spoofing sites) and appear just like the real site. It is hard to identify the fake site; however those e-mails and sites often include spelling mistakes which could reveal them.
The damage caused by phishing can be considerable if information for financial transactions is given away. Besides the costs which occur for the betrayed individual, the imitated companies also loose clients as a result of their damaged image. Most spam filters can identify phishing emails and delete them. Web browser programs can detect them if they have a website screening mechanism. Banks try to make their customers aware of the possible danger of phishing e-mails and encourage them never to give out any passwords or other confidential information. The Anti-Phishing Working Group (APWG) informs about current phishing attacks. Through the AntiPhishing act of 2005 in the US the imitation of another website in order to collect information has been prohibited by law. The evolving trend is so-called spear-phishing attacks where the victim is specifically targeted and compromised. By analyzing publicly available information from social networks or company websites, e-mails carrying malicious code are sent to selected persons, often highly ranked employees and CEOs. These messages appear to be completely legitimate as they come from people the victim knows and trusts. Hence, information can be easily collected and used for criminal purpose. This practice is especially damaging for companies as sensitive data on customers could be stolen. Social Networks pose a serious security threat these times. Employees might post employment details such as the company they work for, the department and their colleagues.
This might seem harmless, but makes it easy for offenders to spy out a company’s e-mail protocol, as the addresses are often easy to reconstruct once the name is known (e.g. firstname.lastname@company.com). By collecting details about the victim’s and its friends’ lives it is no problem to find a reason why the e-mail attachment should be opened. The sender could for example state that the message contains pictures of the latest holiday – private information which can easily be found in online profiles. Even if a person sets high security standards on its profile, by screening its friends personal information can be observed. Links to malicious websites posted on a person’s profile which lead other users to download hidden attack toolkits from those sites are another threat. Also the participation in surveys and quizzes is not recommended as the generated information can be used to create user profiles and detect habits and preferences. This information is vital for marketing companies which are willing to buy data from social networks. Therefore it is essential to carefully inform and educate people about possible dangers of social networks to avoid incautious handling of personal data. Identify Theft A combination of online and offline fraud is Identity Theft where another person’s identity is used to access bank accounts or combat a crime in the name of somebody else. It is officially defined as ‘‘the unauthorized use or attempted misuse of an existing credit card or other existing account,the misuse of personal information to open a new account
or for another fraudulent purpose, or a combination of these types of misuse.’’ According to the US Department of Justice, Javelin Strategy and Research, the average number of U.S. identity fraud victims annually reaches the sum of 11,571,900, whereas the average financial loss per identity theft incident is estimated at $4,930. Furthermore, total financial loss attributed to identity theft in 2013 has reached the amount of $24,700,000,000. [12]. Besides individual loss of money in case of an attack, the main threat to the economy is the loss of customers’ confidence in e-commerce practice. Also enterprises are harmed significantly if they are attack as they could suffer from bad reputation in case customer data bases are hacked into. Frequently personal information is gained though phishing, the inception of malware or hacking attacks. The risk of ID theft is very high in cases where only a valid credit card number or a social security number is needed. Most people use the same password several times, once the offender detects this password it grants him access to several accounts. The main part of the financial damage remains with the seller who is not reimbursed by financial institutions as it is his duty to check whether the buyer is the person he pretends to be. In 2011 Sony’s online network for the PlayStation was the target for extensive data theft of their customers. Besides personal data, such as names and addresses also passwords and credit card data of user’s accounts were stolen. Sony is accused of neglecting security issues, which made it possible that 77 million users of the website were affected.
[12] US Department of Justice, Javelin Strategy and Research, as cited in http://www.statisticbrain.c om/identity-theft-fraudstatistics/
23 /
24
Authentication A good authentication system provides secured online identities and several methods have been developed. The identity of a user can for example be connected to an e-mail address. Banks usually use an encrypted password and a second verification such as a fingerprint or a generated code.
Other online Fraud schemes There are a wide variety of dubious online offers where many people lose money because the putative lucrative oer was a fake. Auction Fraud is the case if either the seller or the buyer does not come up to the liabilities agreed upon. Fake job advertisements, where people are required to give personal information and bank account data to the Many consumers of online banking are con- pseudo employer, also fall in this category. cerned about the security systems. Research The information is then used for other purshows that more people would use this serv- pose. Similar to fake jobs there are online offers to become an aďŹƒliate who distributes ice if security was improved. the enterprises products.
The goods must be paid for in advance but never received. Other lucrative online job offers promise money for repackaging goods from home and sending those goods to international customers. In reality the merchandise was accumulated though fraudulent ways making the deceived person part of a criminal act. E-mails persuading the victim to make extremely lucrative investments are common practice to generate money. The so-called Nigerian letter requests the victim to give its bank account information in order to do a transfer of a lump sum. The person is granted a certain percentage of the sum. In reality, he or she will never receive any money as the purpose is to obtain information about financial accounts. Pyramid Schemes promise a huge return due to expansion of the game, if money is invested in it. Similar to offline pyramid games that does never happen and the person who received the money is never found. In many cases it is difficult to distinguish between serious e-mails or sites and those with a criminal intention. In general personal bank account data or credit card number should never be published as the real institution already has that information and would not ask for it. In many cases the sales person gives time pressure and states that the offer is only valid for a very short period of time. It is advisable to be careful and collect information about offers received online.
Online Fraud Criminalization and Law Enforcement The difficulty concerning online fraud is that it is very complicated, resource and time consuming to track the origin of the fraudulent action and to decide which national law has to be applied. The Internet Crime Complaint Center (IC3) is the one of the largest organization tracking and recording online fraud. Internet users can complain about computer related crimes. The complaints are forwarded to local or international law enforcement agencies. It deals with intellectual Property matters, hacking, espionage and ID theft. The consumer Sentinel is a database providing reports about online fraud. The network also enhances investigations and provides information about various jurisdictions. The international consumer Protection and Enforcement Network (ICPEN) helps to exchange information about online fraud internationally also in cooperation with the consumer Sentinel. In Europe the Anti-Fraud Office OLAF facilitates cross border investigation for organized crime. Cybercrime issues within its member states are incorporated into the agency’s range of tasks.
Intellectual Property Offences and Abuse of Copyrights
Piracy and Illegal Downloads Software piracy is the replication of software or media files for commercial purpose without authorization. File sharing Networks offer platforms to exchange music, movies or software. In general it is not illegal to run a platform which enables users to share files as long as no commercial purpose can be detected. Such peer-to-peer (p2p) networks encourage copyright infringement if the services are for free. The most popular case was Napster which ran into legal difficulties because of its practices. The economic impact of software copyright infringement is very harmful to several industries. The primary problem with copied software is that it is very easy to obtain, not only for private persons but also for many organizations. It can be downloaded from websites or p2p networks. Hence it is difficult to determine who uses pirated software. Every computer where the software is installed needs a license.
Copyright infringement is already the case if the software is installed on more computers than stated in the license agreement. The percentage of pirated software varies greatly around the world. The highest rate has Central and Eastern Europe with more than 60% of total software. The worldwide average is estimated to be about 40%. The most copied software actually is Adobe Photoshop followed by Microsoft Office and Nero 9 which is data burning and disc copying software. Broadband internet made it cheaper and faster to download pirated software. Software programmers try to find new methods to prevent the duplication of the product by introducing stricter registration requirements. The rapid growth of the internet facilitates piracy. A significant proportion of revenue is lost due to copyright infringement. A reduction of the piracy rate could increase economic growth and create jobs. Countries which could benefit most are China, Russia and India due to their huge potential in the IT sector.
27 /
28
Recording Industry – Commercial Piracy The sale of pirated music has a significant impact on the whole recording industry. Organized groups sell thousands of copied CDs making considerable profits as costs are low. The World Music Market consists of five major players, namely EMI Records, Sony, Vivendi Universal, AOL Time Warner and BMG which together make up to 90% of the total industry. The easiness of spreading music files via the internet through p2p networks lets the forgone profits for companies increase steadily. The record industry estimates that digital piracy caused a 30% decline in revenue in the period from 2004 to 2009. 95% of all music downloads are pirated. The worlds biggest pirate markets are in Asia, China, India, Indonesia, Pakistan and Russia. As copied music is easily accessible, the number of people downloading form file sharing networks is huge. When the first legitimate stores opened to sell music online, the whole industry changed but it still only represents a minor percentage of the total music market. A profitable service is the legal download of ringtones for mobile phones. A positive aspect of easy and widespread access to music files is the low barriers to entry for newcomers. An artist can quickly gain an online fan base and distribute its songs. Many amateurs use the internet to promote their music and offer their songs for free download. Legal online music stores offer the files either as a pay-per-download agreement or on a subscription fee basis. Apple provides its music in a specific format which is only compatible with the company’s music players.
This strategy was very successful for Apple. Yahoo! offers its service at a monthly fee where users can listen to music on the database. For an additional fee the songs can be downloaded. Several campaigns against piracy have been launched by governments and the music industry in order to make the average internet user aware that it is illegal to download music. Even tough a lot of effort is made by the large music companies, piracy is more popular than ever and the costs are rising. However, it should be mentioned that probably only a comparably small part of the illegally downloaded music would also be purchased for money. Hence estimations about the total costs are rather vague. Movie Piracy Movie Piracy is a major concern for the movie industry as copies of films are widely spread over the internet. Many users are not aware that their act is illegal due to the easiness of downloading movies for free. The problem is even deepened as many movies are already available online before or at the same time they are shown in cinemas. Six major studios have formed an organization called Movielabs in order to combat movie piracy. The organization particularly focuses on developing methods to avoid camcording in cinemas and the digital distribution of movies. Motion Pictures Association of America (MPAA) has cooperated with governments around the world and launched several awareness campaigns. It is possible to legally download movies but due to relatively high costs, it has never prevailed.
Piracy Criminalization and Law Enforcement
Internationally Software and media files are protected by international copyrights. The Berne Convention for the Protection of Literary and Artistic works was the first international agreement to protect copyright across borders. The Agreement on Trade-Related Intellectual Property Rights contains provisions for copyrights for WTO members. It was added to the General Agreements on Tariffs and Trade (GATT) in 1994. It deals with provisions concerning copyrights, patents, trademarks, geographical indications and trade secrets. Also states which are no WTO members can be sanctioned. The World Intellectual Property Organization’s Copyright Treaty deals in detail with digital issues. Compared to the WTO treaty it includes prolongation of copyright from 50 to 70 years. It has been adopted by both the US and Europe.
In 2005 Interpol set up the Intellectual Property Crime Action Group to track copyright infringement. Training seminars for law enforcement authorities are held all around the world to increase the effectiveness of investigation. In February 2011 the Interpol Intellectual Property Crime Programme met for the 7th International Training Seminar on Intellectual Property in Mexico. The International Intellectual Property Alliance (IIPA) represents US copyright based industries. In cooperation with the US government it actively works on the protection and enforcement of copyrights. In its annual “Special 301” review it gives recommendations to foreign governments how to ensure effective protection of copyright. The alliance also took part in the TRIPS negotiations to foster intellectual property rights among the WTO members.
29 /
30
The EU commission’s recommendation 2005/737/EC of 2005 addresses illegal music downloads. The aim of the act is to create a single EU wide license system to promote legal music download services. In 2009 the Directive 2009/24/EC entered into force to ensure the intellectual property right protection of computer programs. Furthermore the European Commission established a European Observatory to provide data. Nationally The national regulations concerning copyright law are very diverse. In some either downloading or uploading files is illegal in others both or neither of it. The law in the US provides very strict copy right provisions where uploading and downloading files is prohibited. In Canada it is legal to download but not to upload music. Countries in the EU do not have a common law. In China and Russia copyright legislation is not well defined and organizations such as the WTO put pressure on those countries. Measures against Piracy A license agreement gives permission to use the software and prohibits unauthorized installation of the software to other computers than stated in the agreement. A common practice is to use software after entering a registration number and a code to ensure that the license agreement is obeyed.
Most Audio CDs and DVDs are equipped with a protection against copying. However, these protections have to meet certain standards to ensure that the product is fully usable, which make the majority easy to crack. Very common applications to share files today are instant messages, so-called torrents where users upload and download files simultaneously and newsgroups. These measures make it very difficult to trace back data and find the original source. Estimates show that bit torrents, which is a p2p file sharing protocol, accounting for 11% of worldwide internet traffic, what makes it the most popular file sharing system. Peer to Peer networks also play an important role in the distribution of child pornography. Ethical Issues on Piracy Above all, the key in the rapid development of all kinds of piracy is found in the consumers’ consciousness and the decision – making process that precedes every choice between a legal or an illegal purchase. So, what are the moral issues that arise and why a digital theft is almost socially exculpated, compared to a physical one? Some experts interestingly claim that there are two major parameters regarding the choice of piracy: •The seriousness of the potential consequences of the action •The degree of social acceptability
In other words, the harshness of the possible punishments that will occur after the revealing of the digital crime is the first criterion that affects the consumer’s decision on whether to avoid an illegal action (i.e. illegal downloading of music/films/software etc.) or not. We could also add the parameter of the probability of actual prosecution, as i.e. it by far seems less possible being arrested for illegal downloading of CDs than shoplifting, stealing cars etc. Internet’s chaotic environment, with its numerous users worldwide and all that anonymity it offers, creates the pseudo-sense of tolerance to minimum forms of violence, as digital ‘criminals’ are not perceived as unique cases but on the contrary as parts of an almost completely uncontrolled mass.
Secondly, identity theft is not socially perceived as a common crime. We could say that there exists a kind of tacit acceptance between consumers so that it’s acceptable and surely understood to prefer the cheapest and easiest option available, regardless of how ethical it is. Purchasing pirated products isn’t something that will marginalize a person or leave him badly exposed in society. On the contrary, it is an action that serves as an example for others to follow, which explains the massive diffusion of pirating through the years. So, ‘’the challenge for the software industry and public authorities is to increase the moral intensity and risk of the decision to buy or use pirated software’’. (Tan. B., 2002, pp 110)
Content related offences
Child Pornography The Council of Europe convention on cybercrime defines child pornography as “pornographic material that visually depicts: a minor engaged in sexually explicit conduct; a person appearing to be a minor engaged in sexually explicit conduct; realistic images representing a minor engaged in sexually explicit conduct. (…) the term “minor” shall include all persons under 18 years of age. A party may, however, require a lower agelimit, which shall be not less than 16 years” The UN definition for cybercrime states that “Child pornography means any representation, by whatever means, of a child engaged in real or simulated explicit sexual activities or any representation of the sexual parts of a child for primary sexual purposes” There is no common legislation concerning child pornography and the age limit which makes international combat very difficult. In 2008 World Congress III against the sexual exploitation of children took place in Rio de Janeiro.
The congress pointed out the importance for every nation to criminalize not only production but also distribution, receipt and possession of explicit images and videos. The declaration also calls for a ban on virtual child pornography, which includes comics and video games, to avoid the exchange of sexual ideas involving children. Internet Service Providers could play a major role in the dissemination of child abuse. According to the Rio declaration they should adopt measures to report abusive online content and a compulsory Code of Conduct. So far only Italy and the Philippines have implemented such law. Through the development of new technologies abusers and providers of child pornography can be detected easier. New software can identify faces on pictures and compare it with others. This “digital fingerprint” is used by Interpol find the current whereabouts of victims and criminals.
33 /
34
[14] http://www.ncsl.org/research/telecommunicationsand-information-technology /cyberstalking-and-cyberharassment-laws.aspx [15] Lee 1998:407, as referenced in Cyberstalking and the technologies of interpersonal terrorism, Br. H. Spitzberg and G. Hoobler, New Media and Society, Vol4(1):67–88, Sage Publications 2002, pg 71 [16] Cyberstalking, a New Crime: Evaluating the Effectiveness of Current State and Federal Laws, Naomi Goodno, 72 MO. L. REV. 125, 129 (2007) and Amy C. Radosevich, Note, Thwarting the Stalker: Are Anti-Stalking Measures Keeping Pace with Today’s Stalkers?, 2000 U. ILL. L. REV. 1371, 1387 (2000), as referenced in Cyberstalking and the Internet Landscape We Have Constructed, MERRITT BAER, VIRGINIA JOURNAL OF LAW & TECHNOLOGY, FALL 2010 UNIVERSITY OF VIRGINIA VOL. 15, NO. 154, pg 5
Another program allows authorities to track people who access illegal content from the internet by filtering websites. In 2009 the European Financial Coalition against Commercial Sexual Exploitation of Children Online created a network with the purpose to remove all online payment possibilities for the consumption of child pornography. A related issue is online enticement of children for sexual acts. It refers to adults persuading children, most likely teenagers, to meet for sexual activity. The adult tries to establish a relationship where the minor trusts the unknown person and exchanges personal information. Such online conversations might result in sexual child abuse in case of a face to face meeting. The Center for missing and exploited children built up an online reporting mechanism to facilitate investigation concerning this issue. In 2010 the ROBERT project by the EU Commission was launched. It is an awareness campaign for children, focusing on the importance of education and experience-sharing, in order to prevent children and adolescences from abusive contacts.
According to Walker, ‘’social regulation within modern society has developed within physical bounds of time and space, but the development of cyberspace distanciates its inhabitants from local controls and the physical confines of nationality, sovereignty and governmentality leading to new possibilities in relationships and interaction.’’ (Walker, C.,) In other words, ‘’the idea of ‘governance without government’ may be the best approach for the development of the Internet.’’ (Akdeniz, Y., 1997) Finally, fields that shouldn’t be neglected are those of self-regulation, regarding both the degree of restrictions and supervisions applied by internet providers and of course the parents ‘ role, as the latter should become aware of parental control software and every other means available to protect their children from lurking digital hazards.
Other Banned Content It has to be distinguished between illegal and potentially harmful content. Potentially harmful content include sites which could influence minors in a negative way. Therefore more and more parents keep track of the inIt is important, though, to underline that the ternet activities of the children. Potentially internet mustn’t be an anarchic, lawless harmful content is not banned by law but place, a shelter of anonymity for every non- the user usually has to states one’s age. physical criminal action. Governments and policy makers should understand that such Illegal content is subject to national law ena multi-level, globally inter-connected net- forcement and can be punished. Such conwork could not be controlled and managed tent can refer to racial hatred, public safety under typical, domestic policies. An up-to- issues, threats to political stability and secudate, internationally common approach rity. The definition of illegal content varies should be adopted, so to avoid dangerous greatly around the globe, depending on the heterogeneities between countries’ penal national legislation. systems.
Therefore countries reign by an autocratic regime tend to have a wide number of banned content. The issue is highly controversial as countries classify for example opposition homepages to include harmful content. This can be seen as a violation of several human rights such as freedom of speech. In Germany and Austria sites propagating National Socialism or denying the Holocaust are forbidden by law. Cyberstalking - Cyberbullying Cyberstalking is ‘‘the use of the Internet, email or other electronic communications to stalk, and generally refers to a pattern of threatening or malicious behaviors. ’’ [14] According to Lee, ‘‘although cyberstalking may be viewed as quite distinct from spatial stalking, electronic stalking often leads to, or is accompanied by, physical stalking, and explicitly or implicitly threatens physical stalking ’’. [15] Cyberstalking is composed of different actions that could not be characterized as ille gal, if examined separately. There hides the great difficulty of dealing with this major security problem on the Internet. Anonymity offered online as well as the diffusion – usually deliberately – of many personal details of one’s life encourage such actions, which most of the times do not leave any real evidence behind. As clearly stated, "the Internet is a borderless medium that allows instantaneous and anonymous distribution of one’s message, and the stalker has the protection of the “veil of anonymity.” [16]
In other words, a possible stalker can harass its target from everywhere in the world via any available device connected to the internet, remaining uncontrolled and even without having to leave the comfort of his personal space. Various laws existing in different places all over the world minimize the possibilities to localize the stalker and of course proceed with the prosecution. As Naomi Harlin Goodno puts it, ‘‘the possibilities open to cyberstalkers are as endless, as the borders of the ubiquitous Internet.’’ [17] The European Union’s “Safer Internet Programme” supports initiatives and projects against misuse of the internet. IN the US several states have established a law against Cyberstalking.
[17] Cyberstalking, a New Crime: Evaluating the Effectiveness of Current State and Federal Laws, Naomi Harlin Goodno, Missouri Law Review, Volume 72 Issue 1 Winter 2007, pg 8
35 /
36
[18] Research on Cyberbullying, Australian Journal of Guidance and Counselling, Vol 20, No 2, Australian Academic Press, December 2010, pg 131 [19] No Bullying: http://nobullying.com/cyber-bullying-statistics-2014/ [20] Marcum, C. D., Ricketts, M. L., & Higgins, G. E. (2010). Assessing sex experiences of online victimization: An examination of adolescent online behaviors using routine activity theory. Criminal Justice Review, 35(4), 412 437, pg 426
However, at the same time, more than half of young people surveyed say that they never confide in their parents when cyber bullying happens to them. Additionally, only one out of every six parents of adolescents and teens The extension of this internet hazard to chil- are even aware of the scope and intensity indren and young adolescents is called cyber- volved with cyber bullying. [19] bullying, also known as cyber –mobbing (common term in Scandinavian and Ger- This evidence shows something even more manic languages). Maintaining the basic fea- serious than the phenomenon of cyber- bultures of traditional bullying with the addition lying itself. A great number of internet users of new digital communications media, are unfortunately poorly informed of both cyber- bullying refers to organized actions the range of possible uses of the internet and that use new information technologies (so- the risks that lurk for themselves or their chilcial platforms such as Facebook, twitter, dren. Buying a tablet or a smartphone as a YouTube, mobile phones etc.) in order to de- gift to a child or a teenager without having liberately harm (insult, embarrass, frighten the complete awareness of this product does etc. ) a person. The fundamental aspects of not make one modern parent but mostly ircyber-bullying, as recorded by the re- responsible. So, above all law enforcement searchers of the phenomenon include ‘‘…in- strategies and crime-preventing mechatentional harm, repetition over time and a nisms, the key to the solution of the problem power imbalance between victim and perpe- remains education. Increased awareness of all the serious dangers hidden online would trator(s).’’ [18] help internet and mainly social media users, Latest studies have added the criteria of especially youths, to limit the possibilities of anonymity – the feeling of ignorance of the becoming victims of cyberstalking. perpetrator’s identity magnifies fear – and publicity – the possibility to share anything As Marcum et al note, ‘’It is highly recomharmful or insulting with a large audience – mended that youths become educated issues that better illustrate all the prospects about the dangers of online communication of cyber- bullying in its current form. Accord- and adults (most likely parents and teachers) ing to Cyber Bullying Statistics for the year should develop simple guidelines for youths 2014, over half (52 percent) off young people online etiquette prior to initial internet use.’’ report being cyber bullied and 25 percent of [20] The combination of well-informed interteenagers report that they have experienced net users with a discreet but continuous repeated bullying via their cell phone or on parental control would create a more secure, internet environment for everyone. the internet.
Conclusion
The Internet represents an essential element in the 21st century and the volume of information is expected to expand even more rapidly. Not only the benefits for internet users increase, but also new threats arise. Cybercrime plays a major role in information society and provides almost infinite exploitation possibilities for criminal purpose. The latest estimations of economic costs of cybercrime amount to 1 trillion. Law enforcement agencies face complicated investigation procedures as cybercriminals operate around the globe. It is essential to provide a common legislation in order to effectively track oenders across political borders. The Council of Europe Convention on Cybercrime is the most widespread legal instrument and builds the basis for various other documents and legislations.
The simple computer virus can be easily detected by anti-virus software and has been mostly replaced by more complicated malicious software such as worms or Trojans. The main purpose of malicious software these days is to collect data or to connect the infected computer to a botnet. Such networks can be used for various criminal purposes such as the launch of Denial of Service or spam attacks. In recent years cyber-attacks have become increasingly popular as doors have been opened for non-specialists. Data and knowledge how to hack into systems can be purchased online. The commercialization and utilization of botnets a network of computers can be infected and controlled by the offender.
37 /
38
Reports on cybercrime are often not made as the crime is either not immediately noticed or not reported as the loss for the individual is not significant. Companies’ which frequently become a target try to keep the offence secretly as they are afraid of a bad reputation, especially if hackers stole personal customer data.
These “zombie” computers can be used to attack information systems, steal data or provide unauthorized access. Such networks can exercise automated attacks and send millions of spam e-mails per day. These messages are often related to Phishing in order to collect sensitive data, such as credit card numbers. The enormous capacity of attacks ensures that only a very small percentage of such Phishing e-mails have to be successful. Credit card abuse, which is the most common purpose of identity theft, is caused by phishing, malware and hacking attacks in order to collect sensitive data. Furthermore, the possibility to steal relatively small amounts of money form a huge number of separate people allows the offenders to be undetected for a long period.
Organized groups trade with intellectual property such as software, music and movies or illegal content, namely child pornography. These areas are highly profitable for offenders and crimes are very likely to increase in the near future. P2P networks made it easy and fast to exchange files and such websites remain a legal gray area. Whole industries experience considerable decline in profits due to illegal downloads. Both the music and the movie industry have established groups to fight intellectual property infringement in cooperation with government. All types of cybercrime have significant impacts on society, companies and government. It must be one of the major goals for international organizations to establish an effective network to combat cybercrime, trace offenders and make cyberspace a secure and useful tool for people around the world.
Sources http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=8&DF=28/10/2010&CL=EN G http://www.brighthub.com/internet/security-privacy/articles/86809.aspx http://www.securitymanagement.com/news/uptick-cybercrime-cost-victims-big-2009-fbi-report-says006867 http://www.justice.gov/usao/moe/cybercrime.html http://www.internetworldstats.com/top20.htm http://www.icann.org/ http://www.icann.org/en/annualreport/annual-report-2010-en.pdf http://www.itu.int/ITU-D/cyb/cybersecurity/docs/UN_resolution_58_199.pdf http://multimedia.unodc.org/documents/data-and-analysis/tocta/10.Cybercrime.pdf http://www.un.org/events/11thcongress/docs/bkkcp19e.pdf http://www.un.org/events/11thcongress/docs/programme.pdf http://www.theregister.co.uk/2010/03/26/cybercrime_conference/ http://www.theregister.co.uk/2010/04/19/un_cybercrime_conventions/ http://www.coe.int/t/DGHL/cooperation/economiccrime/cybercrime/default_en.asp http://www.pbrunst.de/news/2010/03/un-konvention-gegen-cybercrime/ http://www.cybersecuritycooperation.org/moredocuments/24%20Hour%20Network/24%207%20invitation.pdf http://www.g20-g8.com/g8-g20/g8/english/home.18.htm http://www.mcafee.com/de/ https://www4.symantec.com/mktginfo/downloads/21182883_GA_REPORT_ISTR_Main-Report_0411_HI-RES.pdf http://old.saferinternet.org/ww/en/pub/insafe/safety/illegal_content.htm http://www.ecpat.net/EI/index.asp http://han.donauuni.ac.at/han/927/www.springerlink.com/content/22092n25t177u007/fulltext.pdf http://www.bbc.co.uk/news/technology-13192359 http://cybercrime.org.za/definition http://ecrime-project.eu/ http://www2.warwick.ac.uk/fac/sci/wmg/research/csc/research/projects/ INTERPOL-Europol Cybercrime Conference 2014, Europol’s European Cybercrime Center – Europa, accessible at: https://www.europol.europa.eu/ec3 US Department of Justice, Javelin Strategy and Research, as cited in http://www.statisticbrain.com/identity-theft-fraud-statistics/ Popular Science magazine: http://www.popsci.com/technology/article/2013-07/infographic-biggestthefts-data-visualized International Telecommunication Union – cybercrime: http://www.itu.int/en/ITUD/Cybersecurity/Pages/GCI.aspx Internet Live Statistics: http://www.internetlivestats.com/internet-users/ Internet Statistics 2014-2015: http://sourcedigit.com/8892-internet-statistics-2014-2015-nearly-40-3billion-world-will-internet-2015/ No Bullying: http://nobullying.com/cyber-bullying-statistics-2014/
39 /
40
References
Akdeniz Yaman (1997): Law and the Internet: Regulating Cyberspace, Chap. 13: Governance of Pornography and Child Pornography on the Global Internet: A Multi-Layered Approach, eds. Lilian Edwards and Charlotte Waelde Hart Publishing. Baer M. (2010): Cyberstalking and the Internet Landscape We Have Constructed, , Virginia Journal of Law & Technology, University of Virginia Vol. 15, No. 154. Clough, Jonathan (2010): Principles of Cybercrime: Cambridge University Press. Convention on Cybercrime, Council of Europe, Budapest, 23 November 2001. Cyber-Contempt: Fair Trials and the Internet, Walker Clive, Yearbook of Media and Entertainment Law. Cyber Europe 2012 – key findings and Recommendations, European Network and Information Security Agency (ENISA), December 2012. Goodno N. Harlin (2007): Cyberstalking, a New Crime: Evaluating the Effectiveness of Current State and Federal Laws, , Missouri Law Review, Volume 72 Issue 1. Lee, R. (1998): Romantic and Electronic Stalking in a College Context, William and Mary Journal of Women and the Law 4: 373–466. Net Losses: Estimating the Global Cost of Cybercrime Economic impact of cybercrime II, report, Center for Strategic and International Studies, June 2014.
Radosevich Amy C. (2000): Note, Thwarting the Stalker: Are Anti-Stalking Measures Keeping Pace with Today’s Stalkers?, U. ILL. L. REV. 1371, 1387, (2000). Research on Cyberbullying, Australian Journal of Guidance and Counselling, Vol 20, No 2, Australian Academic Press, December 2010. Spitzberg Br. H. and G. Hoobler (2002): Cyberstalking and the technologies of interpersonal terrorism, New Media and Society, Vol4(1):67–88, Sage Publications. Tan Benjamin (2002): Understanding ethical decision making with respect to purchase of pirated software, Journal of Consumer Marketing, Vol. 19, No 2. Understanding Cybercrime: Phenomena, Challenges and Legal Response,, ITU, Telecommunication Development Sector, September 2012.
Case Study
Cybercrime in Central Asia
41 /
42
In this section the impact and development of cybercrime on Central Asian countries will be investigated. Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan declared sovereignty after the collapse of the U.S.S.R. in 1991. Today these countries are governed by authoritarian regimes to differing extents.
Country Overview
Kazakhstan is the richest nation with a GDP per capita of $ 8,882 (IMF) among the postSoviet countries in Central Asia. It owes its economic wealth to oil wells near the Caspian Sea, nevertheless a major part of the population lives in poverty. The Kazakh President Nursultan A. Nazarbayev has been in office since 1991 and has exclusive power over constitutional amendments. He has a veto right against legislation and can dismiss the government. When President Nazarbayev was reelected in 2005 critical voices from the OSCE election observation mission were raised. According to the Worldwide Governance Indicators Kazakhstan scored 19 points out of 100 for Voice and Accountability. This figure not only confirms that people have little electoral freedom but also that freedom of expression, freedom of association and free media is highly restricted. Kyrgyzstan was ruled by President Askar Akaev until the revolution in 2005 and the leader of the opposition party Kurmanbek Bakiyev became the head of state. Violent riots broke out in 2010 and forced Kurmanbek Bakiyev to flee to Kazakhstan. The current President is Roza Otunbayeva is the first female head of state in the Central Asian region. Opinions differ greatly whether she will put an end to the difficulties.
Kyrgyzstan has one of the world’s highest rates of corruption and suffers from political instability which infects the country’s legal environment. The Kyrgyz economy heavily suffered from the separation of Russia. Even though the nation received high amounts of financial aid it is the second poorest post-Soviet country with a GDP per capita of $863 (IMF). Tajikistan fell into a civil after the collapse of the U.S.S.R which lasted until 1997. Since then Emomali Rakhmon is President. He changed the country’s constitution which now allows him to be president until 2020. Opposition parties are practically not tolerated. Tajikistan is the poorest country of the former Soviet Union with a GDP per capita of $ 740. Due to the high unemployment rate and difficult economic situation many Tajik work in Russia and send money to their families. Therefore the country is very dependent on the Russian economy. Extremist Islamic groups from Uzbekistan and Afghanistan have a high influence in the country. Estimations according to the UNODC state that 20% of Afghanistan’s heroin production pass through Tajikistan. The Worldwide Governance Indicators shows that control of corruption, political stability and voice and accountability have improved over the last 10 years but still are extremely low.
Turkmenistan was ruled by President for Life Saparmurat Niyazov until his death in 2006. He was known for his oppressive, dictatorial politics and an extreme cult of his personality. His successor Gurgangly Berdymukhamedov was elected in 2007 and represents both, head of government and head of state. No political opposition and foreign observers were allowed during the election. The World Press Freedom index ranks Turkmenistan among the tree least free countries. The economic system is reminiscent of the former Soviet plan-economy. The stateowned oil and gas companies brought relative prosperity to the nation, still the majority of the population lives in very poor circumstances.
Uzbekistan is ruled by Islam Karimov since 1991. He was reelected several times under heavy criticism of international observers, as no opposition party was permitted and several other standards were not met. In the Andijan massacre in 2005 armed troupes killed several hundred protestors. Since then Uzbekistan turned away from western countries and strengthened economic relations with Russia and China. The country has fought several border conflicts with Turkmenistan and Kyrgyzstan. The regime is accused of violating Human Rights and of not protecting basic freedoms constitutionally. Uzbekistan has considerable gold as well as oil and gas deposits. Its main export product is cotton.
43 /
44
Memberships in International Organizations Combating Cybercrime
None of the Central Asian states signed or ratified the EU Convention on Cybercrime which is the most important agreement on the issue internationally. Also Russia did not accept the convention and developed its own proposal, with very strict regulations on media content. Due to the geographical, political and cultural proximity several Central Asian countries could aim to adapt the Russian version. The Asian representatives at ICANN (International Corporation for Assigned Names and Numbers) are from Australia and New Zealand besides those two general representatives, China, Korea Japan, Taiwan, Hong Kong, Malaysia, Singapore and Singapore participate regularly in meetings. This indicates that for the Central Asian region it is impossible to participate in the decision making process at ICANN. Kazakhstan cooperates with Interpol to trace cyber criminals. The official percentage of virtual crimes in Kazakhstan is very low, as a result of little incentive for the executive body to track a crime that caused little harm. Furthermore it has to be proven that there was a criminal incentive behind the action according to law. Kazakhstan, Kyrgyzstan, Tajikistan and Uzbekistan together with China and Russia form the Shanghai Cooperation Organization (SCO) which was established to facilitate economic and political cooperation among its member states.
The Russian Interior Minister recently called for increased efforts to fight cybercrime among the SCO countries. There is no common legislation concerning cybercrime and national criminal codes are rather vague. The Collective Security Treaty Organization (CSTO) woks together with the Shanghai Cooperation Organization on security, crime and drug trafficking. The main function of the alliance of countries, including Kazakhstan, Kyrgyzstan, Tajikistan and Uzbekistan is to fight physical security threat. Recently the organization pointed out the importance to enter into a fight against digital crimes. In December 2010 CSTO delegates of the member states decided to shut down hundreds of websites which were accused of containing extremist content such as national or religious hatred and information for terrorist groupings. The sites could cause political damage to the states, as the Organization’s Secretary General Nikolay Bordyuzah stated. The nature of the sites’“extremist content” was not defined precisely but it could be assumed that they are critical of the actual political regimes in the region. Kazakhstan acted as the chairmanship in the Organization for Security and Co-operation in Europe (OSCE) during the summit in December 2010. On the agenda were numerous issues, including cybercrime.
Criminal Codes
Kazakhstan’s criminal code punishes unauthorized access to data with up to five monthly wages if committed by a single person. For organized groups sentence can be up to 3 years imprisonment. The spread of malicious software or modification of existing computer programs is also prohibited and can result in imprisonment up to five years in case of grave consequences through impudence. Kirghizstan’s Criminal Code is similar to the Kazakh version stating slightly different sentences. It additionally includes an article dealing with the violation of electronic computer, system or network operating rules which leads to alteration of protected data and is punished with denial of certain positions or privileges. Tajikistan’s law concerning cybercrime forbids unauthorized access to information in computer systems, modification of computer information, computer sabotage and illegal capture of computer information. Furthermore production and marketing of means to obtain unauthorized access is punished as well as the development of malicious software.
Turkmenistan’s criminal code additionally to similar articles as in the Kazakh code explicitly forbids the production of other’s algorithms, electronic computer software, databases and integral microcircuit topologies under one’s name. The Uzbek criminal code forbids unauthorized access to networks and illegal data acquisition from these networks as well as the production and spread of computer viruses. Several crimes such as child pornography in cyberspace are not specifically regulated but fall within general regulations.
45 /
46
Current Situation
The number of people who have access to the internet in central Asia is low compared to the rest of the world but the number internet connections are increasing all over central Asia. Still only a few people have home computers and for most the bureaucratic effort to get the permission for a connection makes it almost impossible. In Turkmenistan for example, the only internet provider is the state who charges around US$7,000 per month for a flat rate. Internet access in Turkmenistan is restricted by the state. The so-called “Turkmennet” does not grant access to several social networks or blogs just as to pages with politically critical content or independent news. Since a few years scattered Internet cafés can be found in cities. The fees are high and only a few can afford the online services. The Turkmen president, Saparmurat Niyazov, kept the nation isolated by forbidding an internet connection in households until his death in 2006. The current president repealed the law but prices for internet connections are still so high that hardly any inhabitant with an average annual income of about US$ 5.200 can afford it.
Recent revolutions in the Middle East and North Africa have been facilitated by the Internet. The totalitarian regimes in Uzbekistan and Turkmenistan have restricted information about these conflicts. There is no free media and sanctions against animadversion concerning the one party system are taken. Surfing on prohibited pages is violation of existing law, and entails criminal prosecution. The authoritarian government in Uzbekistan fears that after the bloody protests in May 2005, free media and information about the current situation in the Middle East and North Africa could fuel the tense situation in the country and lead to another wave of protests. The Internet facilitated the ousting of President Askar Akayev in Kyrgyztan. According to the Freedom of the Press Report of 2009 all central Asian countries are among the least free countries worldwide. Turkmenistan and Uzbekistan are even among the worst according to freedom house. In Kazakhstan and Uzbekistan electronic media is holistically controlled by the state.
In Tajikistan several websites have been blocked after publishing antigovernment statements. In internet cafés governmental officials regularly inspect and document what sites users access. Signs warn customers that it is prohibited by law to visit anti-constitutional sites. The richest country in central Asia Kazakhstan has in contrast to other central Asian states sufficient funds from oil revenues and does not depend on international aid programs. Therefore the regime of Presidents Nazaraev is very regulative concerning information technologies as it doesn’t have to meet any criteria in order to gain financial aid. The two governmental internet providers, Kazakhtelecom and Nursat, control what information is passed on to the public. All sites, which are declared as offensive, are blocked, among these also oppositions’ homepages. The Kazakh Agency for Information Technology and Communications is a government body officially established to implement state policy on information technology. The main functions of the agency are technical supervision and control of online activities as well as regulation of information flow. The nations’ relative wealth led to extensive governmental control over exchange of information within the country. In case of Central Asian countries it can be derived that independence from international aid restricts also freedom of press. In April 2009 several online news papers have been the target for cyber attacks. These have been the heaviest network attacks central Asia ever faced until then.
The online news papers “Zona.KZ” and “Respublika” were affected by a series of Denial of Service Attacks (DoS). The virtual fights lasted several months and the offenders could not be caught. The attack was executed though a botnent. Infected computers were controlled from hackers without giving notice to the PC owner. In 2000 two Kazakhs where arrested as they hacked into the system of Bloomberg and pressed money from the American company. The same year several credit card frauds occurring in the US originated from Kazakhstan. Cybercrime in Central Asia differs greatly from digital problems western countries have to deal with. The countries are more threatened by their own governments and the restriction of free press than by organized cybercrime. Comparably low rate of people who have internet access makes Central Asia an undesirable goal for hacker attacks. Nevertheless bot attacks in the US and Europe could origin form Central Asia. Speculations about Russian schools for professional hackers occur which could recruit students from the region. The oppressive regimes block access to independent news and isolate the countries from international events. This can be seen as a crime against human rights and freedom of press. It is essential for these countries to primarily grant the possibility of free access to cyber space in order to ensure basic rights of the population.
Sources
http://www.eurasianet.org/departments/insight/articles/pp072707.shtml http://www.taipeitimes.com/News/world/archives/2011/02/25/2003496768 http://www.sectsco.org/EN http://www.osce.org http://minnow.cc.gatech.edu/inta8803/uploads/2/internet_central_asia.pdf http://minnow.cc.gatech.edu/inta8803/uploads/2/internet_central_asia.pdf http://legislationline.org/documents/section/criminal-codes http://www.eurasianet.org/taxonomy/term/1738 http://english.ruvr.ru/2010/12/21/37409484.html http://info.worldbank.org/governance/wgi/index.asp http://info.worldbank.org/governance/wgi/sc_chart.asp http://www.imf.org/external/pubs/ft/weo/2011/01/weodata/weorept.aspx?sy=2008&ey= 2011&scsm=1&ssd=1&sort=country&ds=.&br=1&c=916&s=NGDPD%2CNGDPDPC%2CPP PGDP%2CPPPPC%2CLP&grp=0&a=&pr.x=46&pr.y=7 http://www.bbc.co.uk/news/world-asia-pacific-12677394 http://www.unodc.org/unodc/en/press/releases/2010/December/tajikistan-is-the-firstline-of-defence-in-stemming-afghan-drugs_-unodc-executive-director.html http://info.worldbank.org/governance/wgi/sc_chart.asp http://en.rsf.org/IMG/pdf/classement_en.pdf http://legendofpineridge.blogspot.com/2010/03/bbc-interviews-reformed-russianhacker.html