Download Cybercrimes: Types, Categories, and Offenses and more Schemes and Mind Maps Law in PDF only on Docsity!
Identity fraud, where someone is impersonated in order to commit a criminal act, has risen – and is still rising. What’s causing this rise is a growth of tech. Mobile, internet and device use all mean there is more digital exposure. It’s therefore perhaps not surprising that cybercrime is starting to dominate fraud – and is now accounting for a large proportion of all fraud and identity theft. Those who are the most tech savvy are experiencing most of the identity fraud cases. There is now more personally identifiable data, being transmitted on the internet leaving it much more vulnerable for the owner. The days of imitating someone in person are starting to dwindle away. Today, businesses and people need to grapple with proving and validating identities that are hidden behind a computer. While cybercrime in some respects is relatively new, in some cases, the acts committed from cybercrime aren’t that sophisticated or innovative. From impersonations of companies, or viruses through to hacking of data and account cloning. The more we conduct our lives online, the more vigilant we need to be and the smarter a business needs to be at prevention and detection. In 2016 Cybercrime was at an all-time high, making it the fastest growing area of fraud. The number of cyber-attacks targeting UK-based businesses increased by more than half in the second quarter of 2017 according to a new report. This surge in attack may be due to hackers and fraudsters assuming small businesses have lower defenses (and resources) in comparison to larger corporations. 1.4 million cyber-attacks and 600,000 crimes involving unauthorized access to personal information (such as hacking of emails, social media or other online accounts), the problem is vast. October 2016 saw a spike in detected loan fraud – caused by a large scale attack affecting a couple of high profile organizations. Statistically, people are 20 times more likely to be a victim of fraud than of a robbery. In the UK, online fraud is particularly prevalent in bank account fraud (largely through phishing emails). In addition, computer viruses from ransomware cost £1.3m, and hacking £681k.
Research houses including KPMG recently reported that last year there was more than £1 billion pounds of fraudulent activity– a 55% increase compared to 2015. A large proportion of this is cybercrime orientated – with trends seeing criminals attacking less, but targeting larger sums of money such as pensions (costing more than £1m last year). The UK government announced plans to invest £1.9 billion in cybersecurity over five years with a view to automating and enhancing the country’s cybersecurity defenses. While the government takes time to understand the problem, it’s important businesses don’t sit back and do nothing in waiting. Instead, understand what constitutes cybercrime and where the main risks lie. Business fraud has been on a dramatic uptick over the last decade and cybercrime stands near the top of the list of losses and events that organizations are experiencing. A new report out from consulting powerhouse PwC found that the ratio of organizations who admitted to falling prey to economic crime in the past year has increased by 63% since 2008, with just under half of organizations admitting to being victims. Most relevant to cybersecurity professionals, the 2018 Global Economic Crime and Fraud Survey showed that globally cybercrime was the number two type of fraud behind asset misappropriation, ahead of business misconduct, bribery and corruption, and fraud committed by the consumer. In the UK it was the top fraud category. In some ways the incidence of cybercrime relative to other fraud may be understated, because certain types of general fraud are initiated through cyberattack. While all digital fraud is fraud, not all fraud is digital. It can therefore be helpful to distinguish two forms of cybercrime: (1) As digital theft (the stolen goods, not the smashed door). This type of attack could include stealing cash, personal information, and intellectual property, and could involve extortion, ransomware, or a host of other crimes. (2) As digital fraud. This type of attack is in many ways the more long-lasting and disruptive, because the fraudster penetrates an open door (typically, but not always, a customer- or employee-facing access point) and uses the company’s own business
Highly skilled individuals or groups who can code and disseminate software to attack computer networks and systems, either to commit crime or facilitate others to do so; Individuals or groups with high skill levels but low criminal intent, for example protest hacktivists; Individuals or groups with low skill levels but the ability to use cyber tools developed by others; Organized criminal groups; Cyber-terrorists who intend to cause maximum disruption and impact; Other states and state sponsored groups launching cyber-attacks with the aim of collecting information on or compromising UK government, defense, economic and industrial assets; and Insiders or employees with privileged access to computers and networks. The majority of cyber criminals have relatively low skills levels, but their attacks are increasingly enabled by the growing online criminal marketplace, which provides easy access to sophisticated and bespoke tools and expertise, allowing these less skilled cybercriminals to exploit a wide range of vulnerabilities. Hacking Hacking is a form of intrusion targeted at computers, including mobile phones and personal tablet devices. It is the unauthorized use of, or access into, computers or networks by exploiting identified security vulnerabilities. Hacking can be used to: gather personal data or information of use to criminals; deface websites; or launch DoS or DDoS attacks. Cybercriminals may use a number of methods to hack into a computer system or network. In many cases, the offender may be motivated by personal profit or financial gain. Consideration should be given to the impacts associated with the primary
offending behavior as well as any subsequent offending. For larger organizations, the financial losses may be very significant, or may have severe impacts on infrastructure, which also need to be taken into account. Disruption of Computer Functionality Malware (malicious software) spreads between computers and interferes with computer operations. Malware may be destructive, for example, deleting files or causing system crashes, but may also be used to steal personal data. Prosecutors need to be aware that some program have a dual use. They have a legitimate function but can also be used for criminal purposes. Types of malware include: Viruses are one of the most well-known types of malware. They can cause mild computer dysfunction, but can also have more severe effects in terms of damaging or deleting hardware, software or file They are self-replicating programs, which spread within and between computers. They require a host (such as a file) in a computer to act as a carrier, but they cannot infect a computer without human action to run or open the infected file. Worms are also self-replicating programs, but they can spread autonomously, within and between computers, without requiring a host or any human action. The impact of worms can therefore be more severe than viruses, causing destruction across whole networks. Worms can also be used to drop Trojans onto the network system. Trojans are malicious computer programs that present themselves as useful, routine, or interesting in order to persuade a victim to install it. This malware can perform functions, such as stealing data, without the user's knowledge and may trick users by undertaking a routine task while actually undertaking hidden, unauthorized action. Spyware is software that invades users' privacy by gathering sensitive or personal information from infected systems and monitoring the websites visited. This information may then be transmitted to third party Spyware can sometimes be hidden within adware (free and sometimes unwanted software that requires you to watch advertisements in
155 HL, Lord Hoffman defined computer as 'a device for storing, processing and retrieving information'; this means that a mobile smartphone or personal tablet device could also be defined as a computer in the same way as a traditional 'desk-top' computer or 'PC'. There is jurisdiction to prosecute all CMA offences if there is "at least one significant link with the domestic jurisdiction" (England and Wales) in the circumstances of the case. Offences under the CMA: Section 1 – causing a computer to perform a function with intent to secure unauthorized access to computer material This offence involves 'access without right' and is often the precursor to more serious offending. There has to be knowledge on the part of the offender that the access is unauthorized; mere recklessness is not sufficient. There also must have been an intention to access a program or data held in a computer. Note the offence is committed irrespective of whether access is obtained. Section 2 - unauthorized access with intent to commit or facilitate commission of further offence Section 3 - unauthorized acts with intent to impair the operation of a computer. The offence is committed if the person behaves recklessly as to whether the act will impair, prevent access to or hinder the operations of a computer. Section 3 should be considered in cases involving DDoS. Section 3ZA - unauthorized acts causing, or creating risk of, serious damage, for example, to human welfare, the environment, economy or national security. This section is aimed at those who seek to attack the critical national infrastructure. Section 3 A - making, supplying or obtaining articles for use in offences contrary to sections 1,3 or 3ZA. Section 3A deals with those who make or supply malware.
There is jurisdiction to prosecute all CMA offences if there is "at least one significant link with the domestic jurisdiction" (England and Wales) in the circumstances of the case Under section 3(1) of the Investigatory Powers Act 2016 (‘IPA’), which came into force on 27 June 2018, it is an offence to intentionally intercept a communication (in the UK and without lawful authority) in the course of its transmission by means of a public or private telecommunication system or a public postal service. Such offences are triable either way and any prosecution requires the DPP's consent. A similar offence, now omitted under Schedule 10, paragraph 45 of the IPA, existed under section 1 of the Regulation of Investigatory Powers Act 2000 (‘RIPA’) and continues to apply to offences committed before 27 June 2018. Offences under sections 170 to 173 of the Data Protection Act 2018 (‘DPA’) may be committed alongside cyber-defendant crimes. These include: Knowingly or recklessly obtaining or disclosing personal data without the consent; Procuring the disclosure of any personal data to another person without consent or after retaining personal data without the consent of that person Selling personal data disclosed or retained without consent. Cyber-Enabled Crimes These are crimes which do not depend on computers or networks but have been transformed in scale or form by the use of the internet and communications technology. They fall into the following categories: Economic related cybercrime, including: o Fraud o Intellectual property crime - piracy, counterfeiting and forgery Online marketplaces for illegal items
Fraud Cyber-enabled fraud is possibly the most common of all cybercrime offences. The internet allows offenders to hide their identities behind websites and email addresses, providing a forum in which they never have to meet a victim in person to commit the crime. Some offenders may also be part of a wider criminal gang who may also never meet each other, with members based anywhere in the world. Online fraud can be committed in a number of ways. For example: Electronic financial frauds , for example, online banking frauds and internet enabled card-not-present (CNP) fraud. Internet-enabled CNP fraud involves transactions conducted remotely, over the internet, where neither cardholder nor card is present Related to this are e-commerce frauds, which refer more generally to fraudulent financial transactions related to retail sales carried out online. Both businesses and customers may be victims. Fraudulent sales through online auction or retail sites or through fake websites, which may offer goods or services that are not provide Alternatively buyers may be led to purchase a counterfeit product (when led to believe it was an original). This may also include other retail misrepresentations, such as online ticketing fraud Mass-marketing frauds and consumer scams , including but not limited to: o Phishing scams are a particular kind of mass-marketing fraud: they refer specifically to the use of fraudulent emails disguised as legitimate emails that ask or fish for personal or corporate information from users, for example, passwords or bank account data Phishing attempts can be sent out an masse to a range of potential targets; o Pharming occurs where a user is directed to a fake website, sometimes from phishing emails, to input their personal details; and o Online romance (or social networking/dating website) frauds. Individuals may be contacted via social networking or dating sites and persuaded to part with personal information or money following a lengthy online relationship.
Cyber criminals may seek to obtain personal and financial data for fraudulent purposes. Valuable forms of data may include: personal information (names, bank details, and National Insurance numbers); company accounts; client databases; and intellectual property (for example, new company products or innovations). Relevant Offences and Legislation Offences under the Fraud Act 2006 are applicable to a wide range of cyber-frauds by focusing on the underlying dishonesty and deception. The nature of the offending will dictate the appropriate charges, and prosecutors may also consider offences under the Theft Act 1968, Theft Act 1978, CMA, Forgery and Counterfeiting Act 1981, and Proceeds of Crime Act 2002 (‘POCA’). Note that if an offender accesses data, reads it and then uses the information for his/her own purposes, then this is not an offence contrary to the Theft Act. Confidential information per se does not come within the definition of property in section 4 of the Theft Act 1968 and cannot be stolen ( Oxford v Moss 68 Cr App R183 DC). It is likely however that this would constitute an offence under section 1(1) CMA. Also, if it was done with the intent to commit or facilitate the commission of further offences, it would constitute an offence contrary to section 2(1) CMA. Intellectual Property Crime (Piracy, Counterfeiting and Forgery) Intellectual property is defined as a right by an owner, of a copyright, design, patent or trademark. Intellectual property crime can cover a wide range of activities, such as the unauthorized use of another's intellectual property, through the manufacture, use, sale/import of the property without prior permission.
Using easily available technology to set up websites offering fake goods, either billed as genuine, or clearly fake. Forgery involves making a false object or document with the intention to induce somebody to accept it as genuine and thereby act to his own or another's prejudice. Computers (including computer files), mobile phones, social networking and internet sites can all be used in the creation and transmission of forged or falsified instruments or documents. Moreover, the documents or instruments created can also be used for further offending. Relevant Offences and Legislation Cyber piracy of music/films/e-books and other items is copyright infringement and is an offence under the Copyright Designs and Patents Act 1988. Counterfeiting goods is a trade mark infringement and is an offence under the Trade Marks Act 1994. Consideration should also be given to the Counterfeiting and Forgery Act 1981, Video Recordings Act 2010, the Registered Designs Act 1949. As well the predicate intellectual property offences governed by the relevant legislation, general statutory offences under the Fraud Act 2006 and money laundering offences under Part 7 of POCA should also be considered. For instance, if an individual offers a fake item for sale online, which they falsely represent to be a genuine article, prosecution under the Forgery and Counterfeiting Act 1981 should be considered, alongside offences under the Fraud Act 2006 and POCA. Online Marketplaces for Illegal Items Online marketplaces are used by criminals to not just to trade cyber skills, tools and techniques, but to trade and sell other illegal items, such as stolen credit card details,
drugs and firearms. These marketplaces are often 'hidden' online, and facilitated by individuals coordinating the trading of these goods. Where more than one individual is collectively running such a website, a charge of conspiracy against those doing so, under section 1(1) of the Criminal Law Act 1977, may be considered. However, when considering a case involving the trading of illegal goods online, it is advisable to consider charges against individuals 'selling', or facilitating the selling of objects online, as distinct from those who are 'buying'. Each case must be considered on its merits, but in many instances, there may not be sufficient evidence to demonstrate a large conspiracy between multiple users of one marketplace, where a number of seemingly distinct transactions have been made. In the event that an individual is selling or facilitating the trading of illegal goods online, consideration should be given to charges of encouraging or assisting an offence, under section 46 of the Serious Crime Act 2007. It can be charged where the defendant does an act capable of encouraging or assisting the commission of one or more of a number of offences, believing one or more will be committed. Where individuals are suspected of purchasing illegal goods online, consideration should be given to charges of attempting to commit an offence, such as one under the Fraud Act 2006, Misuse of Drugs Act 1971, or Firearms Act 1968, where it can be proved the suspect has gone beyond the preparatory stage of doing so. A charge of conspiracy under section 1(1) of the Criminal Law Act 1977, or the common law offence of conspiracy to defraud, may also be appropriate. Dark Web The dark web comprises of internet sites and content that are, intentionally hidden and inaccessible through standard web browsers. The dark web is used to facilitate criminal activity across a wide range of threats and can be used by criminals to create so-
Section 32 of the Criminal Justice and Courts Act 2015 makes the offence an either-way offence and increases the maximum penalty to two years' imprisonment and/or a level 4 fine. This will allow more time for investigation, and make a more serious penalty available in appropriate cases. This came into force on 13 April 2015. Section 127 of the Communications Act 2003 makes it an offence to send through a 'public electronic communications network' a message or other matter that is 'grossly offensive' or of an 'indecent, obscene or menacing character'. The same section also provides that it is an offence to send or false message 'for the purpose of causing annoyance, inconvenience or needless anxiety to another'. Cyber-Bullying/Trolling Cyber bullying is bullying that takes place using communications technology, such as social media, but also text messages, apps, chats, emails and other forms of communication. Depending on the nature of the bullying, it may also constitute criminal activity and prosecutors should apply the principles outlined in the legal guidance on communications via social media when considering allegations of this nature. For example, cyber bullying might involve harassment, threatening behavior, sending false information about someone, impersonation, cyber stalking or grossly offensive messages. It is important to remember that evidence of bullying online may be indicative of bullying and possible further offences offline too. Virtual Mobbing Virtual mobbing occurs when a number of individuals use social media or messaging to make comments about another individual, usually because they are opposed to that person's opinions. As above, the principles outlined in the legal guidance on communications sent by social media should be applied. In cases where certain individuals encourage others to send such messages, prosecutors should consider
offences of encouraging or assisting crime under sections 44-46 under the Serious Crime Act 2007. False accounts Setting up a false social networking accounts or aliases could amount to criminal offences under the Fraud Act 2006 if there was a financial gain. Under section 8 possession or making or supplying articles for use in frauds includes any program or data held in electronic form. Some social networking sites may disable false accounts when they became aware of them. Offences that specifically target Individuals (including Cyber-Enabled VAWG) Developments in technology have also created a new landscape for controlling, sexually-motivated or other forms of interpersonal relationship offending. Disclosing private sexual images without consent, cyber stalking and harassment, and coercive and controlling behavior crimes are predominately but not exclusively perpetrated against women and girls, with online activity being used to humiliate, control and threaten as well plan and orchestrate acts of violence. Such crimes are often part of a wider pattern of behavior and incidents should be viewed within this wider context which can encapsulate both online and offline activity, including physical abuse. All VAWG related charging decisions should consider the context of the crime including the potential use of social media to exert power and control. For example, in cases of 'honor' based violence and forced marriage, threats to post personal information on social media can be used to bring shame on victims in order to silence and coerce. Offences under the CMA, such as unauthorized access to computer material with the intent to commit further offences or to impair the operation of a computer, are also
threatening or obscene emails or text messages; spamming (where the offender sends the victim multiple junk emails); live chat harassment or flaming (a form of online verbal abuse); leaving improper messages on online forums or message boards; trolling or cyber bullying; sending electronic viruses; sending unsolicited email; and cyber identity theft. Coercion and Control The Serious Crime Act 2015 introduced a domestic abuse offence to capture coercive and controlling behavior in intimate and familial relationships. This offence closed a gap in the law around patterns of coercive and controlling behavior in an on- going relationship between intimate partners or family members. The pattern of behavior and access to resources that the victim has must be considered when contemplating this offence. The use of the internet, social media, spyware and software to track and monitor the whereabouts of a victim and control their contact with others must be taken into account. For further guidance see the legal guidance Controlling or Coercive Behavior in an Intimate or Family Relationship, Domestic Abuse, Stalking and Harassment, Extreme Pornography, and Social Media. Child Sexual Offences and Indecent Images of Children The rapid growth of cyberspace has given perpetrators of child sexual abuse, and those who create and disseminate indecent images, a range of new tools to facilitate their offending. These crimes can be perpetrated through various social media, such as chat rooms, social networking sites, gaming devices that connect to the internet, as well as through direct email addresses or mobile numbers belonging to victims. Child Sexual Abuse
Cyberspace has the potential to allow offenders to target hundreds of children at a time and once initial contact with a child is made, the children may be subjected to threats and intimidation. The online abuse can be an end in itself without any contact offences taking place. However, contact offences may occur through arranging to meet up with the child, or persuading them to engage in sexual activity whilst they are filmed or photographed. Further offending may also occur through the dissemination of these films or photographs. Offenders for example may use various control elements as a tool to stop a victim reporting the sexual abuse (the control might take the form of threatening to publish photographs or recordings of them, including images of the victim being naked or being abused). Charges under the Sexual Offences Act 2003, Sexual Offences Act 1956 and Indecency with Children Act 1960 may all be considered. Note that section 69 of the Serious Crime Act 2015 created the offence of possessing a paedophile manual or any item that contains advice or guidance about abusing children sexually. This offence captures material giving advice on how to entrap or groom a child, commit other child abuse offences and escape capture. Online grooming Predatory individuals may access internet sites that children and young people visit in order to search for potential victims by location or interest. Children and young people may often reveal personal information online, such as where they live or go to school, or their family name, which is used by groomers to manipulate behaviours and build relationships with their victims. Information may be published through a number of different online platforms which are accessible to others, including social networking sites, multi-player gaming portals and other web-based forums.
