Centenial Celebration

Transaction Search Form: please type in any of the fields below.

Date: November 22, 2024 Fri

Time: 11:49 am

Results for cybercrime

150 results found

Author: United States. Executive Office of the President

Title: Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure

Summary: The President directed a comprehensive review to assess the United States' policies and structures for cybersecurity. This paper summarizes the conclusions of the review team, which was composed of government cybersecurity experts with input from a cross-section of industry, academia, the civil liberties and privacy communities, State governments, international partners, and the Legislative and Executive Branches. Cybersecurity policy includes strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.

Details: Washington, DC: Executive Office of the President of the United States, 2009

Source:

Year: 2009

Country: United States

URL:

Shelf Number: 155194

Keywords:
Criminal Justice Policy
Cybercrime

Author: Australia. Parliament. House of Representatives. Standing Committee on Communications

Title: Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime. The Report of the Inquiry into Cyber Crime

Summary: This report asserts that Australian home computer users and small businesses have been left to fend for themselves against the growing problem of organized cyber crime. The committee makes 34 recommendations aimed at improving Australia's response to the growth of cyber crime, and further recommends that an Office of Online Security be established to coordinate cyber crime policy across the Commonwealth, State and Territory governments, and foster partnerships with industry and the community.

Details: Canberra: Australian Parliament, 2010. 260p.

Source: Internet Resource

Year: 2010

Country: Australia

URL:

Shelf Number: 119160

Keywords:
Computer Crimes
Cybercrime
Identity Theft
Internet Safety
Organized Crime

Author: United Nations Office on Drugs and Crime

Title: The Globalization of Crime: A Transnational Organized Crime Threat Assessment

Summary: "In The Globalization of Crime: A Transnational Organized Crime Threat Assessment, UNODC analyses a range of key transnational crime threats, including human trafficking, migrant smuggling, the illicit heroin and cocaine trades, cybercrime, maritime piracy and trafficking in environmental resources, firearms and counterfeit goods. The report also examines a number of cases where transnational organized crime and instability amplify each other to create vicious circles in which countries or even subregions may become locked. Thus, the report offers a striking view of the global dimensions of organized crime today."

Details: Vienna: UNODC, 2010. 303p.

Source: Internet Resource

Year: 2010

Country: International

URL:

Shelf Number: 119407

Keywords:
Counterfeiting
Cybercrime
Human Trafficking
Maritime Crime
Migrant Smuggling
Organized Crime
Pirates
Transnational Crime

Author: Baker, Wade

Title: 2010 Data Breach Investigations Report

Summary: "In some ways, data breaches have a lot in common with fingerprints. Each is unique and we learn a great deal by analyzing the various patterns, lines, and contours that comprise each one. The main value of fingerprints, however, lies in their ability to identify a particular individual in particular circumstances. In this sense, studying them in bulk offers little additional benefit. On the other hand, the analysis of breaches in aggregate can be of great benefit; the more we study, the more prepared we are to stop them. Not surprisingly, the United States Secret Service (USSS) is also interested in studying and stopping data breaches. This was a driving force in their decision to join us in this 2010 Data Breach Investigations Report. They’ve increased the scope of what we’re able to study dramatically by including a few hundred of their own cases to the mix. Also included are two appendices from the USSS. One delves into online criminal communities and the other focuses prosecuting cybercrime. We’re grateful for their contributions and believe organizations and individuals around the world will benefit from their efforts. With the addition of Verizon’s 2009 caseload and data contributed from the USSS, the DBIR series now spans six years, 900+ breaches, and over 900 million compromised records."

Details: Basking Ridge, NJ: Verizon Business, 2010. 64p.

Source: Internet Resource

Year: 2010

Country: United States

URL:

Shelf Number: 119521

Keywords:
Cybercrime
Internet
Internet Safety

Author: Knake, Robert K.

Title: Internet Governance in an Age of Cyber Insecurity

Summary: This report briefly examines the technological decisions that have enabled both the Internet’s spectacular success and its troubling vulnerability to attack. Arguing that the United States can no longer cede the initiative on cyber issues to countries that do not share its interests, it outlines an agenda that the United States can pursue in concert with its allies on the international stage.

Details: Washington, DC: Council on Foreign Relations, 2010. 48p.

Source: Internet Resource: Council Special Report No. 56: Accessed September 6, 2010 at: http://www.cfr.org/publication/22832/internet_governance_in_an_age_of_cyber_insecurity.html

Year: 2010

Country: United States

URL: http://www.cfr.org/publication/22832/internet_governance_in_an_age_of_cyber_insecurity.html

Shelf Number: 119746

Keywords:
Computer Crimes
Cyber Security
Cybercrime
Cyberterrorism
Internet Crimes

Author: Bajaj, Kamlesh

Title: The Cybersecurity Agenda: Mobilizing for International Action

Summary: Cyberspace comprises IT networks, computer resources, and all the fixed and mobile devices connected to the global Internet. A nation’s cyberspace is part of the global cyberspace; it cannot be isolated to define its boundaries since cyberspace is borderless. This is what makes cyberspace unique. Unlike the physical world that is limited by geographical boundaries in space—land, sea, river waters, and air—cyberspace can and is continuing to expand. Increased Internet penetration is leading to growth of cyberspace, since its size is proportional to the activities that are carried through it. Cyberspace merges seamlessly with the physical world. So do cyber crimes. Cyber attackers can disrupt critical infrastructures such as financial and air traffic control systems, producing effects that are similar to terrorist attacks in the physical space They can also carry out identity theft and financial fraud; steal corporate information such as intellectual property; conduct espionage to steal state and military secrets; and recruit criminals and others to carry out physical terrorist activities. Anyone can exploit vulnerabilities in any system connected to the Internet and attack it from anywhere in the world without being identified. As the Internet and new technologies grow, so do their vulnerabilities. Knowledge about these vulnerabilities and how to exploit them are widely available on the Internet. During the development of the global digital Internet and communications technology (ICT) infrastructure, the key considerations were interoperability and efficiency, not security. The explosion of mobile devices continues to be based on these insecure systems of Internet protocols. It is increasingly cheap to launch cyber attacks, but security systems are getting more and more expensive. This growing asymmetry is a game changer. It has another dimension, too—individuals, terrorists, criminal gangs, or smaller nations can take on much bigger powers in cyberspace, and through it, in the physical world, as well. The effects of attacks on critical infrastructure such as electricity and water supplies are similar to those that would be caused by weapons of mass destruction, without the need for any physical attacks. Proving attribution in cyberspace is a great challenge. In most cases, it is extremely difficult to attribute cyber attacks to nation-states, collecting irrefutable evidence. The very nature of botnets and zombies makes it difficult to do so, leading to the conclusion that “the Internet is the perfect platform for plausible deniability.” Nations are developing cyber attack capabilities with a view to dominating cyberspace. However, unilateral dominance in cyberspace is not achievable by any country. But uncontrolled growth of cyber attack capabilities—in effect, cyber attack proliferation — is an increasingly troubling phenomenon. Yet another disturbing reality is that cyber attacks can be launched ever more easily, and propagated faster using the same broadband that nations are building for global e-commerce. Finally, the consequences of a cyber attack are more likely to be indirect and more uncertain than most scenarios currently envision; we may not always recognize the damage inflicted by cyber attackers. Cybersecurity is a global problem that has to be addressed globally by all governments jointly. No government can fight cybercrime or secure its cyberspace in isolation. Cybersecurity is not a technology problem that can be ‘solved’; it is a risk to be managed by a combination of defensive technology, astute analysis and information warfare, and traditional diplomacy. Cyber attacks constitute an instrument of national policy at the nexus of technology, policy, law, ethics, and national security. Such attacks should spur debate and discussion, without any secrecy, both inside and outside governments at national and international levels. This is all the more so because of the growing number of significant actors not tied to, or even loosely affiliated with, nation-states. Over the last few months, events in cyberspace such as the GhostNet attacks on governments and large multinational corporations, whether to steal intellectual property or attack free speech, bear this out. They are not restricted by geographical borders or national laws. There is an added dimension to this problem: the infrastructures are owned and operated by the private sector, and cyberspace passes through various legal jurisdictions all over the world. Each government has to engage in supporting its private sector for cybersecurity through effective public-private partnership (PPP) models, with clearly-defined roles for government and industry. Because cyberspace is relatively new, legal concepts for ‘standards of care’ do not exist. Should governments create incentives to generate collective action? For example, they could reduce liability in exchange for improved security, or introduce tax incentives, new regulatory requirements, and compliance mechanisms. Nations have to take appropriate steps in their respective jurisdictions to create necessary laws, promote the implementation of reasonable security practices, incident management, and information sharing mechanisms, and continuously educate both corporate and home users about cybersecurity. International cooperation is essential to securing cyberspace. When it comes to tracking cyber criminals, it is not only the laws dealing with cyber crimes that must exist in various countries, but the collection of appropriate cyber forensics data in various jurisdictions and their presentation in courts of law, which are essential to bring criminals to justice in sovereign countries.

Details: Washington, DC: EastWest Institute, 2010. 24p.

Source: Internet Resource: Accessed October 13, 2010 at: http://www.ewi.info/system/files/Bajaj_Web.pdf

Year: 2010

Country: International

URL: http://www.ewi.info/system/files/Bajaj_Web.pdf

Shelf Number: 119942

Keywords:
Computer Crimes
Cybercrime
Cybersecurity
Internet Crimes

Author: Choo, Kim-Kwang Raymond

Title: Cloud Computing: Challenges and Future Directions

Summary: Cloud computing can be defined as a pool of virtualised computing resources that allows users to gain access to applications and data in a web-based environment on demand. This paper explains the various cloud architecture and usage models that exist and some of the benefits in using cloud services. It seeks to contribute to a better understanding of the emerging threat landscape created by cloud computing, with a view to identifying avenues for risk reduction. Three avenues for action are identified, in particular, the need for a culture of cyber security to be created through the development of effective public-private partnerships; the need for Australia’s privacy regime to be reformed to deal with the issues created by cloud computing and the need for cyber-security researchers to find ways in which to mitigate existing and new security risks in the cloud computing environment. Cloud computing is now firmly established in the information technology landscape and its security risks need to be mapped and addressed at this critical stage in its development.

Details: Canberra: Australian Institute of Criminology, 2010. 6p.

Source: Internet Resource: Trends & Issues in Crime and Criminal Justice, No. 400: Accessed October 26, 2010 at: http://www.aic.gov.au/documents/C/4/D/%7BC4D887F9-7D3B-4CFE-9D88-567C01AB8CA0%7Dtandi400.pdf

Year: 2010

Country: International

URL: http://www.aic.gov.au/documents/C/4/D/%7BC4D887F9-7D3B-4CFE-9D88-567C01AB8CA0%7Dtandi400.pdf

Shelf Number: 120097

Keywords:
Computer Crimes
Computer Security
Cybercrime

Author: Smith, L. Murphy

Title: Cyber Crimes Aimed at Publicly Traded Companies: Is Stock Price Affected?

Summary: E-commerce has been a boon for business. A great deal of business activity now occurs in the realm of cyberspace on the Web. The downside of cyber-business is cyber crimes, also called electronic crime or simply e-crime. Cyber crime costs publicly traded companies billions of dollars annually in stolen assets and lost business. Further, when a company falls prey to cyber criminals, this may concern customers who worry about the security of their business transactions with the company. As a result, a company can lose future business if it is perceived to be vulnerable to cyber crime. Such vulnerability may even lead to a decrease in the market value of the company, due to legitimate concerns of financial analysts, investors, and creditors. This study first provides an overview of common cyber crimes. Second, a review is made of specific cases of publicly traded companies in news stories concerning cyber crime. Third and last, the impact of cyber crime news stories on companies’ stock price is analyzed. Results suggest that not only can cyber crime cost a company directly in stolen assets, lost business, and reputation, but also can affect the company’s stock performance, at least in the short run. Consequently, companies must do all that they can to avoid becoming a victim of cyber crime.

Details: College Station, TX: Texas A& M University, 2009. 21p.

Source: Internet Resource: Accessed October 28, 2010 at: http://www.upf.go.ug/cyber_crime.pdf

Year: 2009

Country: United States

URL: http://www.upf.go.ug/cyber_crime.pdf

Shelf Number: 120110

Keywords:
Computer Fraud
Cybercrime

Author: Cross-Border Crime Forum

Title: Identity-Related Crime: A Threat Assessment. A Report to the Attorney General of the United States and the Minister of Public Safety of Canada

Summary: This threat assessment focuses on five aspects of the identity-related crime problem as it affects Canada and the United States: (1) the scope and extent of the problem; (2) the purposes of identity-related crime; (3) the categories of individuals who engage in or are victimized by identity-related crime; (4) the methods and techniques that criminals use to commit identity-related crime; and (5) the responses to the problem. Its purpose is to identify and describe the most problematic features of this crime problem, as well as the approaches being used in both countries to combat it. Annually, a significant percentage of the U.S and Canadian populations is the victim of some kind of identity-related crime. The continuing vulnerability and insecurity of various types of payment mechanisms and identification documents is one of the persistent problems in combating identity-related crime. Criminals and criminal organizations engage in a wide variety of identity-related crime to commit fraud, unlawfully obtaining goods, services, or benefits from the public or private sector.

Details: S.l.: Cross-Border Crime Forum, 2010. 27p.

Source: Internet Resource: Accessed December 21, 2010 at: http://www.justice.gov/criminal/fraud/documents/reports/2010/11-01-10mass-market-fraud.pdf

Year: 2010

Country: United States

URL: http://www.justice.gov/criminal/fraud/documents/reports/2010/11-01-10mass-market-fraud.pdf

Shelf Number: 120565

Keywords:
Cybercrime
Identity Theft

Author: Queensland Schools Alliance Against Violence

Title: Working Together: Queensland Schools Alliance Against Violence Report

Summary: The formation of the Queensland Schools Alliance Against Violence (QSAAV) provided an important opportunity for the school sectors to collaborate on how best to respond to the issues of bullying and violence in Queensland schools. The issues facing students, school staff and parents are complex, and the possible responses are varied given the unique characteristics of our schools and general population. There is clearly a common concern about bullying, cyber bullying and violence in schools, and a need for effective responses to support students, parents and schools at the individual school, broader community and systemic policy levels. Much effort is already occurring in schools and school sectors to address the issues, but focused ongoing attention and commitment will be required. It is also clear that working to prevent incidents and to respond effectively when incidents do occur requires constant effort and vigilance. The prevention of bullying, cyber bullying and violence in schools must engage students and become part of the broader conversation across the community. Schools cannot successfully deal with these issues in isolation. They require the cooperation of the broader community, and QSAAV has produced an evidence-based framework within which this can occur. This report provides a summary of the information and advice considered by QSAAV during its six-month term, and includes recommendations for consideration by the Minister for Education and Training.

Details: Brisbane: Queensland Government, 2010. 45p., app.

Source: Internet Resource: Accessed February 18, 2011 at: http://education.qld.gov.au/studentservices/behaviour/qsaav/docs/qsaav_report.pdf

Year: 2010

Country: Australia

URL: http://education.qld.gov.au/studentservices/behaviour/qsaav/docs/qsaav_report.pdf

Shelf Number: 120819

Keywords:
Cyberbullying
Cybercrime
School Bullying
School Violence

Author: Choo, Kim-Kwang Raymond

Title: Cyber Threat Landscape Faced by Financial and Insurance Industry

Summary: Opportunities for criminals to engage in transnational activities have expanded with globalisation and advancements in information and communications technologies. Cyber criminal activities will increasingly affect the financial security of online business. It is widely accepted that the financial and insurance industry is the ‘target of choice’ for financially motivated cyber criminals. Yet there is a lack of understanding about the true magnitude of cyber crime and its impact on businesses. Drawing on data from a 2008 Australia-wide survey conducted by the Australian Institute of Criminology, this paper contributes to a better understanding of the threat landscape faced by the financial and insurance industry by assessing the top four risk areas reported by the survey respondents. The paper also examines whether the results from the financial and insurance industries differ from other industries and identifies ways in which industries (particularly the financial and insurance industry), can neutralise or reduce cyber crime opportunities.

Details: Canberra: Australian Institute of Criminology, 2011. 6p.

Source: Internet Resource: Trends & Issues in Crime and Criminal Justice, No. 408: Accessed February 22, 2011 at: http://www.aic.gov.au/documents/8/F/B/%7B8FB75BEB-DA4B-458B-A444-1EED76001EEE%7Dtandi408.pdf

Year: 2011

Country: Australia

URL: http://www.aic.gov.au/documents/8/F/B/%7B8FB75BEB-DA4B-458B-A444-1EED76001EEE%7Dtandi408.pdf

Shelf Number: 120849

Keywords:
Cybercrime
Financial Crimes
Internet Crimes

Author: Detica

Title: The Cost of Cyber Crime. A Detica Report in Partnership with the Office of Cyber Security and Information Assurance in the Cabinet Office

Summary: "Few areas of our lives remain untouched by the digital revolution. Across the world, there are now nearly two billion internet users and over five billion mobile phone connections; every day, we send 294 billion emails and five billion SMS messages. Over 91 per cent of UK businesses and 73 per cent of UK households have internet access and £47.2 billion was spent online in the UK alone in 2009. Our society is now almost entirely dependent on the continued availability, accuracy and confidentiality of its Information and Communications Technology (ICT). We need it for our economic health, for the domestic machinery of government, for national defence and for our day-to-day social and cultural existence. As well as significant benefits, the technology has also enabled old crimes to be committed in new and more subtle ways. In its National Security Strategy, cyber threats are recognised by the Government as one of four ‘Tier One’ risks to the UK’s security. But estimates of the cost of cyber crime have until now not been able to provide a justifiable estimate of economic impact and have failed to address the breadth of the problem. Therefore, the Office of Cyber Security and Information Assurance (OCSIA) worked with Detica to look more closely at the cost of cyber crime in the UK and, in particular, to gain a better appreciation of the costs to the UK economy of Intellectual Property (IP) theft and industrial espionage. Further developments of cyber crime policy, strategies and detailed plans will thus benefit from this insight."

Details: London: U.K. Cabinet Office, 2011. 32p.

Source: Internet Resource: Accessed February 22, 2011 at: http://www.cabinetoffice.gov.uk/sites/default/files/resources/the-cost-of-cyber-crime-full-report.pdf

Year: 2011

Country: United Kingdom

URL: http://www.cabinetoffice.gov.uk/sites/default/files/resources/the-cost-of-cyber-crime-full-report.pdf

Shelf Number: 120839

Keywords:
Costs of Crime
Cybercrime
Extortion
Identity Theft
Internet Crimes
Internet Safety

Author: North Carolina Governor's Crime Commission, Criminal Justice Analysis Center

Title: Computer Crime in North Carolina: Assessing the Needs of Local Law Enforcement

Summary: Crimes with a cyber component once included acts such as hacking, financial fraud, theft of intellectual property and so on. Recently, crimes of this nature have evolved as citizens become more technology-savvy and gain easier access to computers. Many would agree that without proper investigative training and tools, successful prosecution of these crimes can never occur. While the primary purpose of this exploratory study is to assess investigative needs of law enforcement, the study also seeks to examine the prevalence of computer crime in North Carolina along with current procedures and activities surrounding it. An 18-item questionnaire was developed to measure the impact of cyber crime on investigations and to determine both the strengths and weaknesses of law enforcement in dealing with crimes containing a cyber component. Part one focused on the number and types of cyber crimes experienced while part two pertained specifically to computer-mediated crime. Open-ended questions throughout the survey provided respondents with the opportunity to suggest additional training initiatives and share additional comments on what steps can be taken to lessen the extent of crimes with a cyber component. Two distinct survey samples from police departments and sheriffs’ offices were randomly selected to receive a survey by mail. Samples excluded airport, college/university, hospital and state agencies. A total of 80 surveys were distributed to sheriffs’ offices and a total of 183 surveys were sent to police departments. This comprised 80 percent of all sheriffs’ offices and almost 53 percent of the total number of local police departments being surveyed. The combined jurisdictional resident population of surveyed agencies comprised over 71 percent of the state’s total resident population. A total of 127 surveys were completed and returned by law enforcement agencies equating to a 48.3 percent response rate. The combined jurisdictional resident population of responding agencies comprised over 46 percent of the state’s total resident population. Seventy-one counties were represented with at least one responding agency. In 2008, responding agencies indicated that roughly 6 percent of investigations contained a cyber component. Based on a linear projection, there were approximately 26,257 cases statewide containing a cyber component in 2008. This equates to 294.1 cases per 100,000 residents, a rate which is comparable to the rate of aggravated assaults and motor vehicle thefts reported in North Carolina. The three most frequently investigated computer crimes by an average reporting agency were fraud related (79.3%), criminal threatening (8.5%), and online enticement of minors/child pornography (4.9%). Cumulatively, respondents indicated that 198 (26.6%) of 745 investigators have received training, with the average agency reporting that one-third of their investigators had been trained. Fifty-two percent of agencies indicated that investigators had receiving local or inhouse training while 54 percent and 27 percent of agencies indicated training at the state and national levels respectively. Over 85 percent of respondents indicated that their agencies collect computer/electronic evidence during investigation. However, only about two-thirds of these agencies reported having standard protocols established for handling evidence of this nature. The inability to trace and monitor Internet communications and the lack of training were seen as the two largest investigative impediments for crimes with a cyber component. Another substantial concern by law enforcement is the public’s apathy and lack of awareness towards crimes with a cyber component. Respondents were either indifferent or minimally concerned about the lack of standard operating procedures, search warrant issues, jurisdictional issues, lack of information sharing, and lack of technical expertise due to staff turnover. At the time of survey, roughly four out of every 10 agencies actually conducted cyber crime prevention or awareness activities and just over 30 percent were involved in official partnerships with other agencies or private entities to combat cyber crime. Over two-thirds of agencies expressed that they were either totally unprepared or somewhat unprepared in terms of equipment. Similarly, over half of respondents felt unprepared in terms of training and about 60 percent believed they were unprepared in terms of personnel. Law enforcement responded more positively in regards to their coordination with other agencies. Although over one-third of agencies answered neutrally, almost 39 percent of agencies believed they were prepared. Computer-mediated crime was briefly examined as it is one of the newest types of crime involving computers and is likely to expand in coming years. For the purposes of this study, computer-mediated crimes are defined as those traditional types of crime (theft, robbery, rape, assault, etc.) that are furthered either by the use of a computer or electronic device. Many cases were mediated through means of the Internet with crimes ranging from robberies facilitated by Craigslist to statutory rape through meeting over MySpace to burglaries perpetrated after taking virtual tours of rental properties. As a whole, law enforcement slightly agreed that they lack the power to prevent or curtail computer-mediated crime. In fact, half of respondents agreed that they have little power to curtail these types of crime in comparison to only under one-fourth of agencies who disagreed. A much higher level of agreement was measured regarding the expected growth of computer-mediated crime. Overwhelmingly, agencies agreed that their jurisdiction will experience an increase in computer-mediated crime in the next five years. One-half of respondents agreed coupled with an additional one-third who strongly agreed that legislators should enhance penalties for traditional crimes mediated by a computer or electronic device. When surveyed about the adequacy of current North Carolina statutes for prosecuting cyber crime perpetrators, law enforcement responses were most commonly neutral. However, interestingly enough, no respondents strongly agreed and only 19 percent of respondents agreed that current statutes are adequate enough. Lastly, the survey measured opinions on whether introduction of a bill was needed in North Carolina to impede computerrelated victimization. New Jersey State Legislative Bill A2864/S1429 makes it a crime of the third degree if a person attempts, via electronic or any other means, to lure or entice a person into a motor vehicle, structure or isolated area, or to meet or appear at any place, with a purpose to commit a criminal offense with or against the person lured or enticed or against any other person. Over 87 percent of respondents believed introduction of a similar bill is needed in North Carolina. Study findings revealed several areas of concern related to the investigation of computer-related crime. According to remarks, it appears investigators and prosecutors are disconnected when dealing with crimes involving a cyber component. Funding consideration should be given to establish pilot sites for joint training sessions between detectives and prosecutors among neighboring judicial districts across the state. In addition, equipment, training and personnel must all be enhanced in hopes of curtailing cyber crimes including computer-mediated crimes.

Details: Raleigh, NC: Governor's Crime Commission, 2010. 22p.

Source: Internet Resource: Accessed March 8, 2011 at: http://www.ncgccd.org/pdfs/pubs/cybercrime.pdf

Year: 2010

Country: United States

URL: http://www.ncgccd.org/pdfs/pubs/cybercrime.pdf

Shelf Number: 120890

Keywords:
Computer Crimes (North Carolina)
Criminal Investigation
Cybercrime
Internet Crimes

Author: Blackburn, John

Title: Optimising Australia's Response to the Cyber Challenge

Summary: The Australian Government’s 2009 Cyber Security Strategy states that cyber security is one of Australia’s top-tier national security priorities. It highlights that Australia’s national security, economic prosperity and social wellbeing are critically dependent upon the availability, integrity and confidentiality of a range of information and communications technologies. There is a growing threat from state and non-state actors who compromise, steal, change or destroy information and information systems upon which societies depend. This report examines the nature of the cyber challenge confronting Australia and how such a threat can be better addressed. Australia may well have reached a “tipping point” where the current trajectory of cyber responses is being rapidly outpaced by the evolving threat. In seeking to maintain a secure, resilient and trusted electronic operating environment that supports Australia’s national security and maximises the benefits of the digital economy, the Australian Government has defined cyber security as “Measures relating to the confidentiality, availability and integrity of information that is processed, stored and communicated by electronic or similar means”. The government’s strategy is well thought out and clearly identifies key near-term initiatives that address the cyber security threat. However, the breadth, scale and growth rate of the threat are such that the current cyber security program is not keeping pace. In fact, the actions taken to date have helped highlight the scale of the problem and underscored that more needs to be done in order to address the challenge. A complicating issue is that of public awareness. A large part of the Australian population does not comprehend the scale of the growing cyber threat, nor the potential impact of that threat on personal and national wellbeing. That lack of understanding, and therefore commitment to addressing the threat, is a fundamental weakness in the individual and collective security of Australians. This report seeks to answer two fundamental questions: are we doing enough to address the growing threat to our national and individual security in the cyber environment, and if not, what do we need to do? The report concludes that whilst progress in implementing the government’s 2009 Cyber Security Strategy has been laudable, we are not keeping pace with the growing threat and as a result are placing our collective and individual security at risk. What is lacking is a whole-of-nation, government-led integrated long-term National Cyber Strategy and Plan with defined responsibilities, identified priorities and dedicated resources that recognises the scale of the cyber challenge and the need to address that challenge in a more comprehensive manner. Australia needs to further harmonise the roles and responsibilities of government, industry and the public. While there will be technical challenges in meeting the evolving threat, the greatest challenges will centre on the cultural and organisational changes that will be needed to improve Australia’s security in the cyber environment. Specific conclusions and recommendations include: • Develop a whole-of-nation, government-led integrated long-term National Cyber Strategy and Cyber Capability Plan (as a subset of the National Security Strategy) with defined responsibilities, identified priorities and dedicated resources. • Assign the lead to coordinate cyber-related security issues across government to the Office of the National Security Adviser. • Continue to build on the current cyber programs but with some process and structural change to ensure the cyber threat is understood and cyber vulnerabilities are reduced, a credible counter-attack capability is developed, continuous technology discovery is pursued, culture change is effected, and alignment with key allies is achieved. • Accelerate systemic change through a suite of proactive measures such as a proposed National Security Innovation Centre, a virtual Cyber Academy, a Cyber Test Range, and a cyber Cooperative Research Centre (CRC). This will help to normalise cyber as a part of everyday activity. A key consideration regarding any recommended actions is that of timing - the gap between threat and response capabilities is growing. In the aftermath of the global economic crisis all governments are faced with increasing financial pressures. Projected growth in public and private debt as well as social security and health costs will likely exacerbate these financial pressures in the future. If we do not increase our focus on cyberspace, the threat will grow faster than our response and the cost of addressing the growing threat gap in the future will increase, possibly exponentially. Any delay in taking action may prove unaffordable in the long-term and introduce greater risks.

Details: Kingston, ACT, AUS: Kokoda Foundation, 2011. 84p.

Source: Internet Resource: Kokoda Papers, No. 14: Accessed March 16, 2011 at: http://www.kokodafoundation.org/Resources/Documents/KP14ResponsetoCyber.pdf

Year: 2011

Country: Australia

URL: http://www.kokodafoundation.org/Resources/Documents/KP14ResponsetoCyber.pdf

Shelf Number: 121021

Keywords:
Computer Crimes
Computer Networks
Computer Security (Australia)
Cybercrime
Cyberterrorism

Author: Theohary, Catherine A.

Title: Terrorist Use of the Internet: Information Operations in Cyberspace

Summary: The Internet is used by international insurgents, jihadists, and terrorist organizations as a tool for radicalization and recruitment, a method of propaganda distribution, a means of communication, and ground for training. Although there are no known reported incidents of cyberattacks on critical infrastructure as acts of terror, this could potentially become a tactic in the future. There are several methods for countering terrorist and insurgent information operations on the Internet. The federal government has organizations that conduct strategic communications, counterpropaganda, and public diplomacy activities. The National Framework for Strategic Communication guides how interagency components are to integrate their activities. However, these organizations may be stovepiped within agencies, and competing agendas may be at stake. This report does not discuss technical and Internet architecture design solutions. Some may interpret the law to prevent federal agencies from conducting “propaganda” activities that may potentially reach domestic audiences. Others may wish to dismantle all websites that are seen to have malicious content or to facilitate acts of terror, while some may have a competing interest in keeping a site running and monitoring it for intelligence value. Key issues for Congress: • Although the Comprehensive National Cybersecurity Initiative addresses a federal cybersecurity strategy and departmental roles and responsibilities, overclassification, competing equities, and poor information sharing between agencies hinder implementation of a national cybersecurity strategy. (See “Federal Government Efforts to Address Cyberterrorism.”) • Federal agencies have interpreted the United States Information and Educational Exchange Act of 1948 (22 U.S.C. § 1461), also known as the Smith-Mundt Act, as creating a “firewall” between foreign and domestic audiences, limiting U.S. government counterpropaganda activities on the Internet. (See “Institutional Constraints.”) • Some agencies favor monitoring and surveillance of potentially harmful websites, while others would shut them down entirely. (See “Intelligence Gain/Loss Calculus.”) • Different agency approaches to combating terrorists’ use of the Internet and different definitions and strategies for activities such as information operations (IO) and strategic communications (SC) create an oversight challenge for Congress. (See “Counterpropaganda: Strategic Communications, Public Diplomacy, and Information Operations.”) Cybersecurity proposals from the 111th Congress such as S. 3480, which contained controversial provisions labeled by the media as the Internet “Kill Switch,” are likely to be reintroduced in some form in the 112th Congress. (See “Congressional Activity.”) With growing interest in strategic communications and public diplomacy, there may also be an effort to revise the Smith- Mundt Act.

Details: Washington, DC: Congressional Research Services, 2011. 19p.

Source: Internet Resource: R41674: Accessed March 22, 2011 at: http://www.fas.org/sgp/crs/terror/R41674.pdf

Year: 2011

Country: United States

URL: http://www.fas.org/sgp/crs/terror/R41674.pdf

Shelf Number: 121095

Keywords:
Cybercrime
Cybersecurity
Internet Crimes
Terrorism
Terrorists

Author: Lemieux, Frederic

Title: Investigating Cyber Security Threats: Exploring National Security and Law Enforcement Perspectives

Summary: This report focuses on how federal agencies define success in computer crime investigations and how they can facilitate the development and refinement of a comprehensive law enforcement strategy for addressing cyber threats. Through interviews with experienced computer crime investigators from the Federal Bureau of Investigation, the U.S. Secret Service, and the Air Force Office of Special Investigations, this project aims to identify how federal agencies conduct investigations related to cyber security and how they define operational success. Our findings show a clear emphasis on threat mitigation, instead of quantitative valuation of prosecutions, as the goal of the investigation. Strategies employ the use of intelligence gathering and sharing to fortify potential targets and identify prolific offenders. These observations are consistent with the current trends in traditional investigation which include the use of an intelligence-led policing model to combat the top national security risks to the United States.

Details: Washington, DC: George Washington University, Cyber Security Policy and Research Institute, 2011. 10p.

Source: Internet Resource: Report GW-CSPRI-2011-2: Accessed April 26, 2011 at: http://www.cspri.seas.gwu.edu/Seminar%20Abstracts%20and%20Papers/2011-2%20Investigating%20Cyber%20Security%20Threats%20Lemieux.pdf

Year: 2011

Country: United States

URL: http://www.cspri.seas.gwu.edu/Seminar%20Abstracts%20and%20Papers/2011-2%20Investigating%20Cyber%20Security%20Threats%20Lemieux.pdf

Shelf Number: 121496

Keywords:
Computer Crime
Computer Security
Cybercrime

Author: Sommer, Peter

Title: Reducing Systemic Cybersecurity Risk

Summary: This report is part of a broader OECD study into ―Future Global Shocks, examples of which could include a further failure of the global financial system, large-scale pandemics, escape of toxic substances resulting in wide-spread long-term pollution, and long-term weather or volcanic conditions inhibiting transport links across key intercontinental routes. The authors have concluded that very few single cyber-related events have the capacity to cause a global shock. Governments nevertheless need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate. There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services. In addition, reliable Internet and other computer facilities are essential in recovering from most other large-scale disasters.

Details: Paris: Organisation for Economic Co-operation and Development, 2011. 119p.

Source: Internet Resource: Accessed May 11, 2011 at: http://www.oecd.org/dataoecd/57/44/46889922.pdf

Year: 2011

Country: International

URL: http://www.oecd.org/dataoecd/57/44/46889922.pdf

Shelf Number: 121708

Keywords:
Computer Crimes
Cybercrime
Cybersecurity
Internet

Author: Saadawi, Tarek

Title: Cyber Infrastructure Protection

Summary: The Internet, as well as other telecommunication networks and information systems, have become an integrated part of our daily lives, and our dependency upon their underlying infrastructure is ever-increasing. Unfortunately, as our dependency has grown, so have hostile attacks on the cyber infrastructure by network predators. The lack of security as a core element in the initial design of these information systems has made common desktop software, infrastructure services, and information networks increasingly vulnerable to continuous and innovative breakers of security. Worms, viruses, and spam are examples of attacks that cost the global economy billions of dollars in lost productivity. Sophisticated distributed denial of service (DDoS) attacks that use thousands of web robots (bots) on the Internet and telecommunications networks are on the rise. The ramifications of these attacks are clear: the potential for a devastating largescale network failure, service interruption, or the total unavailability of service. Yet many security programs are based solely on reactive measures, such as the patching of software or the detection of attacks that have already occurred, instead of proactive measures that prevent attacks in the first place. Most of the network security configurations are performed manually and require experts to monitor, tune security devices, and recover from attacks. On the other hand, attacks are getting more sophisticated and highly automated, which gives the attackers an advantage in this technology race. A key contribution of this book is that it provides an integrated view and a comprehensive framework of the various issues relating to cyber infrastructure protection. It covers not only strategy and policy issues, but it also covers social, legal, and technical aspects of cyber security as well.

Details: Carlisle, PA: U.S. Army War College, Strategic Studies Institute, 2011. 324p.

Source: Internet Resource: Accessed May 18, 2011 at: www.strategicstudiesinstitute.army.mil/pubs/download.cfm?q=1067

Year: 2011

Country: United States

URL:

Shelf Number: 121739

Keywords:
Communications Security
Computer Crimes
Cyber Security
Cybercrime
Information Security
Internet Crimes

Author: Campbell, Richard J.

Title: The Smart Grid and Cybersecurity — Regulatory Policy and Issues

Summary: Electricity is vital to the commerce and daily functioning of United States. The modernization of the grid to accommodate today’s uses is leading to the incorporation of information processing capabilities for power system controls and operations monitoring. The “Smart Grid” is the name given to the evolving electric power network as new information technology systems and capabilities are incorporated. While these new components may add to the ability to control power flows and enhance the efficiency of grid operations, they also potentially increase the susceptibility of the grid to cyber (i.e., computer-related) attack since they are built around microprocessor devices whose basic functions are controlled by software programming. The potential for a major disruption or widespread damage to the nation’s power system from a large scale cyberattack has increased focus on the cybersecurity of the Smart Grid. Federal efforts to enhance the cybersecurity of the electrical grid were emphasized with the recognition of cybersecurity as a critical issue for electric utilities in developing the Smart Grid. The Federal Energy Regulatory Commission (FERC) received primary responsibility for the reliability of the bulk power system from the Energy Policy Act of 2005. FERC subsequently designated the North American Electric Reliability Corporation (NERC) as the “Electric Reliability Organization” (ERO) with the responsibility of establishing and enforcing reliability standards. Compliance with reliability standards for electric utilities thus changed from a voluntary, peer-driven undertaking to a mandatory function. The Energy Independence and Security Act of 2007 (EISA) later added requirements for “a reliable and secure electricity infrastructure” with regard to Smart Grid development. NERC is also responsible for standards for critical infrastructure protection (CIP) which focus on planning and procedures for the physical security of the grid. Self-determination is a key part of the CIP reliability process. Utilities are allowed to self-identify what they see as “critical assets” under NERC regulations. Only “critical cyber assets” (i.e., as essential to the reliable operation of critical assets) are subject to CIP standards. FERC has directed NERC to revise the standards so that some oversight of the identification process for critical cyber assets was provided, but any revision is again subject to stakeholder approval. While reliability standards are mandatory, the ERO process for developing regulations is somewhat unusual in that the regulations are essentially being established by the entities who are being regulated. This may potentially be a conflict of interest, especially when cost of compliance is a concern, and acceptable standards may conceivably result from the option with the lowest costs. Since utility systems are interconnected in many ways, the system with the least protected network potentially provides the weakest point of access. Cybersecurity threats represent a constantly moving and increasing target for mitigation activities and mitigation efforts could likewise spiral upward in costs. Recovery of costs may present a major challenge especially to distribution utilities and state commissions charged with overseeing utility costs. EISA only requires states to consider recovery of costs related to Smart Grid systems. FERC has jurisdiction over the bulk power grid, and cannot compel entities involved in distribution to comply with its regulations. Recoverability from a cyber attack on the scale of something which could take down a significant portion of the grid will likely be very difficult, but maintaining a ready inventory of critical spare parts in close proximity to key installations could quicken recovery efforts from some types of attack. The electricity grid is connected to (and largely dependent on) the natural gas pipeline, water supply, and telecommunications systems. Technologies being developed for use by the Smart Grid could also be used by these industries. Consideration could be given to applying similar control system device and system safeguards to these other critical utility systems.

Details: Washington, DC: Congressional Research Services, 2011. 25p.

Source: Internet Resource: R41886: Accessed July 21, 2011 at: http://www.fas.org/sgp/crs/misc/R41886.pdf

Year: 2011

Country: United States

URL: http://www.fas.org/sgp/crs/misc/R41886.pdf

Shelf Number: 122138

Keywords:
Computer Crimes
Cybercrime
Cybersecurity (U.S.)
Electrical Power

Author: Connolly, Chris

Title: An Overview of International Cyber-Security Awareness Raising and Educational Initiatives

Summary: This study presents a comparative study of international Cyber-Security awareness training and educational initiatives. The report examined 68 international initiatives. This project has consisted of two research components: Component 1 – Comparative analysis of international initiatives: The first component was a comparative analysis of the approaches taken internationally to provide awareness raising and educational activities designed to empower the general and small business community with respect to Cyber-Security risks. This study examined a selection (68 in total) of initiatives in 11 jurisdictions. This study is not intended to represent an exhaustive study of every initiative in every jurisdiction. There has been a focus on English language initiatives – although 13 French and German initiatives were included in the study. Australian initiatives and resources were not included in this study. Component 2 – Campaign evaluations: The second component was an analysis of the literature used to support the implementation of these strategies as well as literature that evaluates the effectiveness of Cyber-Security education and awareness raising programs. This involved the examination of the only 2 initiatives (out of 68) where an evaluation had been conducted – plus 5 evaluations of similar campaigns in other fields (such as cyber-safety). This study is reporting on evaluations that are available and not evaluating campaigns per se.

Details: Canberra: Australian Communications and Media Authority, 2011. 100p.

Source: Internet Resource: Accessed July 28, 2011 at: http://www.acma.gov.au/webwr/_assets/main/lib310665/galexia_report-overview_intnl_cybersecurity_awareness.pdf

Year: 2011

Country: International

URL: http://www.acma.gov.au/webwr/_assets/main/lib310665/galexia_report-overview_intnl_cybersecurity_awareness.pdf

Shelf Number: 122191

Keywords:
Computer Crimes
Cybercrime
Cybersecurity

Author: Finklea, Kristin M.

Title: The Interplay of Borders, Turf, Cyberspace, and Jurisdiction: Issues Confronting U.S. Law Enforcement

Summary: Savvy criminals constantly develop new techniques to target U.S. persons, businesses, and interests. Individual criminals as well as broad criminal networks exploit geographic borders, criminal turf, cyberspace, and law enforcement jurisdiction to dodge law enforcement countermeasures. Further, the interplay of these realities can potentially encumber policing measures. In light of these interwoven realities, policy makers may question how to best design policies to help law enforcement combat ever-evolving criminal threats. Criminals routinely take advantage of geographic borders. They thrive on their ability to illicitly cross borders, subvert border security regimens, and provide illegal products or services. Many crimes — particularly those of a cyber nature — have become increasi ngly transnational. While criminals may operate across geographic borders and jurisdictional boundaries, law enforcement may not be able to do so with the same ease. Moreover, obstacles such as disparities between the legal regimens of nations (what is considered a crime in one country may not be in another) and differences in willingness to extradite suspected criminals can hamper prosecutions. The law enforcement community has, however, expanded its working relationships with both domestic and international agencies. Globalization and technological innovation have fostered the expansion of both legitimate and criminal operations across physical borders as well as throughout cyberspace. Advanced, rapid communication systems have made it easier for criminals to carry out their operations remotely from their victims and members of their illicit networks. In the largely borderless cyber domain, criminals can rely on relative anonymity and a rather seamless environment to conduct illicit business. Further, in the rapidly evolving digital age, law enforcement may not have the technological capabilities to keep up with the pace of criminals. Some criminal groups establish their own operational “borders” by defining and defending the “turf” or territories they control. Similarly, U.S. law enforcement often remains constrained by its own notions of “turf” — partly defined in terms of competing agency-level priorities and jurisdictions. While some crimes are worked under the jurisdiction of a proprietary agency, others are not investigated under such clear lines. These investigative overlaps and a lack of data and information sharing can hinder law enforcement anti-crime efforts. U.S. law enforcement has, particularly since the terrorist attacks of September 11, 2001, increasingly relied on intelligence-led policing, enhanced interagency cooperation, and technological implementation to confront 21st century crime. For instance, enforcement agencies have used formal and informal interagency agreements as well as fusion centers and task forces to assimilate information and coordinate operations. Nonetheless, there have been notable impediments in implementing effective information sharing systems and relying on up-to-date technology. Congress may question how it can leverage its legislative and oversight roles to bolster U.S. law enforcement’s abilities to confront modern-day crime. For instance, Congress may consider whether federal law enforcement has the existing authorities, technology, and resources — both monetary and manpower — to counter 21st century criminals. Congress may also examine whether federal law enforcement is utilizing existing mechanisms to effectively coordinate investigations and share information.

Details: Washington, DC: Congressional Research Service, 2011. 41p.

Source: Internet Resource: R41927: Accessed August 9, 2011 at: http://www.fas.org/sgp/crs/misc/R41927.pdf

Year: 2011

Country: United States

URL: http://www.fas.org/sgp/crs/misc/R41927.pdf

Shelf Number: 122332

Keywords:
Criminal Networks
Cybercrime
Cybercriminals
Intelligence Gathering
Law Enforcement

Author: Shachtman, Noah

Title: Pirates of the ISPs: Tactics for Turning Online Crooks Into International Pariahs

Summary: At the beginning of the 19th century, piracy was an ongoing threat and an accepted military tactic. By the end of the century, it was taboo, occurring solely off the shores of failed states and minor powers. The practice of hijacking did not vanish entirely, of course; it is flourishing now on the world’s computer networks, costing companies and consumers countless billions of dollars. Cybercrime today seems like a nearly insoluble problem, much like piracy was centuries ago. There are steps, however, that can be taken to curb cybercrime’s growth—and perhaps begin to marginalize the people behind it. Some of the methods used to sideline piracy provide a useful, if incomplete, template for how to get it done. Shutting down the markets for stolen treasure cut off the pirates’ financial lifeblood; similar pushes could be made against the companies that support online criminals. Piracy was eventually brought to heel when nations took responsibility for what went on within its borders. Based on this precedent, cybercrime will only begin to be curbed when greater authority — and accountability — is exercised over the networks that form the sea on which these modern pirates sail. In this new campaign, however, private companies, not governments, will have to play the central role, as Harvard’s Tyler Moore and others have suggested. After all, the Internet is not a network of governments; it is mostly an amalgam of businesses that rely almost exclusively on handshake agreements to carry data from one side of the planet to another. The vast majority of the Internet’s infrastructure is in the hands of these 5,000 or so Internet Service Providers (ISPs) and carrier networks, as is the ability to keep crooks off that infrastructure. If this relatively small group can be persuaded to move against online criminals, it will represent an enormous step towards turning these crooks into global pariahs. The most productive thing ISPs can do to curb crime is put pressure on the companies that support and abet these underground enterprises. Currently, registration companies sell criminals their domain names, like “thief.com.” Hosting firms provide the server space and Internet Protocol addresses needed to make malicious content online accessible. But without ISPs, no business, straight or crooked, gets online. A simple statistic underscores the ISPs’ role as a critical intermediary: just 10 ISPs account for around 30 percent of all the spam-spewing machines on the planet. ISPs are well aware of which hosting companies, for example, are the most friendly to criminals; lists of these firms are published constantly. But,currently, ISPs have little motivation to cut these criminal havens off from the rest of the Internet. There is no penalty for allowing illicit traffic to transit over their networks. If anything, there is a strong incentive for maintaining business-as-usual: the hosting company that caters to crooks also has legitimate customers, and both pay for Internet access. So ISPs often turn a blind eye, even though the worst criminal havens are well-known. That is where government could help. It could introduce new mechanisms to hold hosting companies liable for the damage done by their criminal clientele. It could allow ISPs to be held liable for their criminal hosts. It could encourage and regulate ISPs to share more information on the threats they find. Government could also encourage more private businesses to come clean when they are victimized. Today, just three in ten organizations surveyed by the security firm McAfee report all of their data breaches. That not only obscures the true scope of cybercrime; it prevents criminals and criminal trends from being caught earlier. Government can alter that equation by expanding the requirements to report data breaches. It could require its contractors to purchase network security insurance, forcing companies to take these breaches more seriously. And it can pour new resources into and craft new strategies for disrupting criminals’ support networks. These steps will serve as important signals that America will no longer tolerate thieves and con artists operating on its networks. After all, 20 of the 50 most crime-friendly hosts in the world are American, according to the security researchers at HostExploit. As the United States gets serious in curbing these criminals, it can ask more from — and work more closely with — other countries. China, for instance, sees itself as the world’s biggest victim of cybercrime, even as it remains a hotbed for illicit activity. Not coincidentally, China is also only partially connected to the global community of ISPs. Dialogues to bring the Chinese closer into the fold will not only make it easier to marginalize cybercriminals; it will build momentum for broader negotiations on all sorts of Internet security issues.

Details: Washington, DC: John L. Thornton China Center at Brookings, 2011. 44p.

Source: Internet Resource: Cyber Security #1: Accessed August 26, 2011 at: http://www.brookings.edu/~/media/Files/rc/papers/2011/0725_cybersecurity_shachtman/0725_cybersecurity_shachtman.pdf

Year: 2011

Country: International

URL: http://www.brookings.edu/~/media/Files/rc/papers/2011/0725_cybersecurity_shachtman/0725_cybersecurity_shachtman.pdf

Shelf Number: 122561

Keywords:
Computer Crime
Cybercrime
Cybersecurity
Internet Crimes

Author: Truman, Jennifer Lynn

Title: Examining Intimate Partner Stalking and Use of Technology in Stalking Victimization

Summary: This research was designed to expand the empirical knowledge and understanding of stalking victimization by examining both intimate and nonintimate stalking and the use of technology to stalk. To accomplish this, the current research examined differences among intimate and nonintimate stalking, stalking types (cyberstalking, stalking with technology, and traditional stalking), and stalking types by the victim-offender relationship. Specifically, this research examined demographic differences, differences in severity, seriousness, victim reactions and responses to and effects of stalking. Findings revealed that overall intimate partner stalking victims experienced greater levels of seriousness and severity of stalking, and expressed more fear than nonintimate partner stalking victims. Additionally, they were more likely to have engaged in self-protective or help-seeking actions. With regard to stalking type, victims who were cyberstalked and stalked with technology experienced a greater variety of stalking behaviors, were more likely to define the behaviors as stalking, and took more actions to protect themselves than victims who were traditionally stalked. Moreover, those who were stalked with technology experienced a greater severity of stalking. And when examining differences among stalking types by the victim-offender relationship, intimate partner stalking victims were still more likely than nonintimate partner stalking victims to have experienced a greater severity of stalking. This research contributed to existing research by being the first to examine cyberstalking and stalking with technology with a national dataset, and adding to the knowledge of differences between intimate and nonintimate partner stalking. Implications for policy and for research are discussed.

Details: Orlando, FL: Department of Sociology, University of Central Florida, 2010. 241p.

Source: Internet Resource: Dissertation: Accessed September, 1, 2011 at: http://etd.fcla.edu/CF/CFE0003022/Truman_Jennifer_L_201005_PhD.pdf

Year: 2010

Country: United States

URL: http://etd.fcla.edu/CF/CFE0003022/Truman_Jennifer_L_201005_PhD.pdf

Shelf Number: 122583

Keywords:
Cybercrime
Cyberstalking
Intimate Partner Violence
Stalking

Author: Perreault, Samuel

Title: Self-Reported Internet Victimization in Canada, 2009

Summary: Most Canadians use the Internet regularly (Middleton 2010). According to results from the 2010 Canadian Internet Use Survey, 8 out of 10 Canadian households had access to the Internet (Statistics Canada 2011). However, the advent of new information technologies is also creating new opportunities for crime and new risks of victimization (RCMP 2011; Public Safety 2011). In recent years, governments and institutions, as well as users, have identified the need to address the risk of victimization on the Internet (Kowalski 2002). However, to date, it remains difficult to measure the nature and extent of the issue. While police records provide some information, self-reported data show that only a small proportion of victimizations are reported to authorities (Perreault and Brennan 2010). In 2009, the General Social Survey (GSS) on Victimization was conducted on a sample of Canadians aged 15 years and older living in the provinces. For the first time, the GSS collected information from Canadians about their perceptions and experiences of victimization on the Internet, with a particular focus on cyber-bullying, Internet bank fraud and problems encountered with making online purchases. Drawing on the GSS data, this Juristat article presents information on Internet victimization as self-reported by Canadians. In particular, it examines the socio-demographic and economic characteristics (such as age, level of education and income status) and Internet use characteristics of those who have been victimized. This article also examines security concerns of Canadian Internet users as well as hate content found on the Internet.

Details: Ottawa: Statistics Canada, 2011. 31p.

Source: Internet Resource: Juristat: Accessed September 19, 2011 at: http://www.statcan.gc.ca/pub/85-002-x/2011001/article/11530-eng.pdf

Year: 2011

Country: Canada

URL: http://www.statcan.gc.ca/pub/85-002-x/2011001/article/11530-eng.pdf

Shelf Number: 122779

Keywords:
Cyberbullying
Cybercrime
Internet Crimes
Online Victimization
Victimization Surveys (Canada)

Author: Cornish, Paul

Title: Cyber Security and the UK's Critical National Infrastructure

Summary: Government cannot provide all the answers and guarantee national cyber security in all respects for all stakeholders. As a result, Critical National Infrastructure enterprises should seek to take on greater responsibilities and instil greater awareness across their organizations All organizations should look in more depth at their dependencies and vulnerabilities. Awareness and understanding of cyberspace should be 'normalised' and incorporated and embedded into standard management and business practices within and across government and the public and private sectors Cyber terminology should be clear and language proportionate to the threat. It should also encourage a clear distinction to be made between IT mishaps and genuine cyber attacks Research and investment in cyber security are essential to meeting and responding to the threat in a timely fashion. However, cyber security/protection should not be the preserve of IT departments but of senior executive boards, strategists and business leaders and it should be incorporated into all levels of an organization.

Details: London: Chatham House, 2011. 50p.

Source: Internet Resource: Accessed September 27, 2011 at: http://www.chathamhouse.org/sites/default/files/public/Research/International%20Security/r0911cyber.pdf

Year: 2011

Country: United Kingdom

URL: http://www.chathamhouse.org/sites/default/files/public/Research/International%20Security/r0911cyber.pdf

Shelf Number: 122923

Keywords:
Critical Infrastructure
Cybercrime
Cybersecurity (U.K.)
Terrorism

Author: Hill, Catherine

Title: Crossing the Line: Sexual Harassment at School

Summary: Sexual harassment has long been an unfortunate part of the climate in middle and high schools in the United States. Often considered a kind of bullying, sexual harassment by definition involves sex and gender and therefore warrants separate attention. The legal definition of sexual harassment also differentiates it from bullying. Based on a nationally representative survey of 1,965 students in grades 7–12 conducted in May and June 2011, Crossing the Line: Sexual Harassment at School provides fresh evidence about students’ experiences with sexual harassment, including being harassed, harassing someone else, or witnessing harassment. The survey asked students to share their reactions to their experience with sexual harassment and its impact on them. It also asked them about their ideas for how schools can respond to and prevent sexual harassment.

Details: Washington, DC: American Association of University Women, 2011. 52p.

Source: Internet Resource: Accessed November 10, 2011 at: http://www.aauw.org/learn/research/upload/CrossingTheLine.pdf



Year: 2011

Country: United States

URL: http://www.aauw.org/learn/research/upload/CrossingTheLine.pdf



Shelf Number: 123279

Keywords:
Cybercrime
School Crime
Sexual Harassment (U.S.)

Author: Budzilowicz, Lisa M.

Title: Who's on First? Challenges Facing Prosecutors and Financial Institutions in Responding to Identity Theft

Summary: Prosecutors and law enforcement struggle with how to approach victimized financial institutions and their consumers. Prosecutors rely on prompt reporting of crime and they need to access financial institutions' information, such as account data, video evidence, and witness statements, as evidence of the crimes. This report examines how prosecutors and financial institutions can work together to prevent, investigate, and prosecution identity theft.

Details: Alexandria, VA: National District Attorneys Association, American Prosecutors Research Institute, 2007. 66p.

Source: Internet Resource: Special Topics Series: Accessed January 13, 2012 at: http://www.ndaa.org/pdf/pub_whos_on_first_07.pdf

Year: 2007

Country: United States

URL: http://www.ndaa.org/pdf/pub_whos_on_first_07.pdf

Shelf Number: 123607

Keywords:
Consumer Fraud
Cybercrime
Financial Crimes
Identity Theft
Prosecutors

Author: Grauman, Brigid

Title: Cyber-security: The Vexed Question of Global Rules

Summary: This report is made up of a survey of some 250 leading authorities worldwide and of interviews carried out in late 2011 and early 2012 with over 80 cyber-security experts in government, companies, international organisations and academia. It offers a global snapshot of current thinking about the cyber-threat and the measures that should be taken to defend against it, and assesses the way ahead. It is aimed at the influential layperson, and deliberately avoids specialised language. For the moment, the “bad guys” have the upper hand – whether they are attacking systems for industrial or political espionage reasons, or simply to steal money - because the lack of international agreements allows them to operate swiftly and mostly with impunity. Protecting data and systems against cyber-attack has so far been about dousing the flames, although recently the focus has been shifting towards more assertive self-protection. The first part of this two-part report concentrates on the main issues that are slowing progress, starting with the absence of agreement on what we mean by terms like cyber-war or cyber-attack. It reflects sharp divisions over the rights of individuals and states in cyber-space. Most Western countries believe that freedom of access to the internet is a basic human right, and that he or she also has a right to privacy and security that should be protected by laws. UNESCO argues that the right to assemble in cyberspace comes under Article 19 of the Declaration of Human Rights. At the other end of the spectrum are those countries, like Russia and China, that favour a global treaty but nevertheless believe that access to the internet should be limited if it threatens regime stability, and that information can also be seen as a cyber-threat. For these countries, any state has the right to control content within its sovereign internet space. Linked to the rights and responsibilities of states is the thorny issue of attribution. There are those countries that say that attribution to a specific attacker is impossible, and that the focus has to be defence from attacks. Others argue that attribution is possible, but requires international cooperation, sharing of information and assistance from local authorities. Some states believe that cooperation is a threat to their sovereignty; others say they can’t be held responsible for the activities of individuals or private companies. And a number apparently fear openness because they don’t want to see restrictions on their political or military objectives. Some clear themes emerge from the report, and they are issues that need fairly urgent resolution. Among these is how and to what degree should a more proactive, some would say more bellicose, stance be developed both in the military and private arenas; the need for much greater international cooperation; introducing a more solid security architecture to the internet; and establishing cyber-confidence building measures as an easier alternative to any global treaty, or at least as a gapfiller until a treaty is agreed. The second part of this report are 21 country stress tests, complemented by findings from the global survey the SDA conducted in the autumn of 2011 among 250 top cyber-security specialists in 35 countries. They included government ministers, staff at international organisations, leading academics, think-tankers and IT specialists, and their views diverged widely on how to improve international cooperation in cyberspace, which over half of them now consider a global common like the sea or space.

Details: Brussels, Belgium: Security & Defence Agenda, 2012. 108p.

Source: Internet Resource: Accessed February 14, 2012 at: http://www.securitydefenceagenda.org/Portals/14/Documents/Publications/SDA_Cyber_report_FINAL.pdf

Year: 2012

Country: International

URL: http://www.securitydefenceagenda.org/Portals/14/Documents/Publications/SDA_Cyber_report_FINAL.pdf

Shelf Number: 124133

Keywords:
Computer Crimes
Cyber-Security
Cybercrime
Internet Crimes

Author: Wilshusen, Gregory C.

Title: Cybersecurity: Challenges in Securing the Modernized Electricity Grid

Summary: The electric power industry is increasingly incorporating information technology (IT) systems and networks into its existing infrastructure as part of nationwide efforts—commonly referred to as the “smart grid”—aimed at improving reliability and efficiency and facilitating the use of alternative energy sources such as wind and solar. Smart grid technologies include metering infrastructure (“smart meters”) that enable two-way communication between customers and electricity utilities, smart components that provide system operators with detailed data on the conditions of transmission and distribution systems, and advanced methods for controlling equipment. The use of these systems can bring a number of benefits, such as fewer and shorter outages, lower electricity rates, and an improved ability to respond to attacks on the electric grid. However, this increased reliance on IT systems and networks also exposes the grid to cybersecurity vulnerabilities, which can be exploited by attackers. Moreover, for nearly a decade, GAO has identified the protection of systems supporting our nation’s critical infrastructure—which include the electric grid—as a governmentwide high-risk area. GAO is providing a statement describing (1) cyber threats facing cyber-reliant critical infrastructures and (2) key challenges to securing smart grid systems and networks. In preparing this statement, GAO relied on its previously published work in this area.

Details: Washington, DC: United States Government Accountability Office (GAO), 2012. 19p.

Source: GAO-12-507T: Internet Resource: Accessed March 11, 2012 at http://www.gao.gov/assets/590/588913.pdf

Year: 2012

Country: United States

URL: http://www.gao.gov/assets/590/588913.pdf

Shelf Number: 124441

Keywords:
Computer Crimes
Cybercrime
Cybersecurity (U.S.)
Electrical Power

Author: Gendarmerie Nationale

Title: Prospective Analysis on Trends in Cybercrime from 2011 to 2020

Summary: Cybercrime evolves and grows over time, as new information and communication technologies (ICT) are introduced. Everyone involved in the fight against cybercrime need to understand it in order to anticipate their actions. Twenty-two experts contributed to a prospective study on the decade from 2011 to 2020, based on an iterative process of electronic consultations, using the Delphi method and an open-ended questionnaire based on an ad hoc model. Their combined analyses made it possible to form a consensus on the trends and changes affecting cybercrime between now and 2020, through a discussion of the threats, attacks, authors, victims, and measures designed to keep information, government services, business and individual security and to provide a national defence in order to protect basic services, critical systems, and vital infrastructures. The dissemination of the results of the study is intended to encourage discussion on the strategies and resources to be implemented by decision-makers. For this purpose, it was presented during the 4th Upper Rhine Forum on Cyberthreats FRC2011, held at ENA (Ecole Nationale d’Administration) in Strasbourg, France, on 9th November 2011, on the topic "Cyberthreats at the horizon 2020", organized by the Région de Gendarmerie d'Alsace and the reserve officers (RC) of the Gendarmerie Nationale.

Details: Santa Clara, CA: McAfee, 2011. 54p.

Source: Internet Resource: Accessed September 11, 2012 at: http://www.mcafee.com/us/resources/white-papers/wp-trends-in-cybercrime-2011-2020.pdf

Year: 2011

Country: International

URL: http://www.mcafee.com/us/resources/white-papers/wp-trends-in-cybercrime-2011-2020.pdf

Shelf Number: 126295

Keywords:
Computer Crimes
Cybercrime
Internet Crimes

Author: King, Chris

Title: Spotlight On: Malicious Insiders and Organized Crime Activity

Summary: The term organized crime brings up images of mafia dons, dimly lit rooms, and bank heists. The reality today is more nuanced; especially as organized crime groups have moved their activities online. This article focuses on a cross-section of CERT’s insider threat data, incidents consisting of 2 or more individuals involved in a crime. What we found is that insiders involved in organized crime caused more damage (approximately $3M per crime) and bypassed protections by involving multiple individuals in the crime. As organized crime has made its way online, it has become a significant source of fraud and embezzlement. Several recent news articles have raised awareness of this threat. The online crimes are often committed by individuals inside the organization who are attempting to bypass increasingly sophisticated fraud prevention controls. Analysis of multiple cases of insiders and organized crime has shown that the incidents fall into two primary categories: insiders either formed their own groups to bypass controls, or were recruited by established organized crime groups for a particular task in the commission of a crime.

Details: Pittsburgh, PA: Carnegie Mellon University, Software Engineering Institute, 2012. 20p.

Source: Internet Resource: Accessed September 27, 2012 at: www.cert.org/archive/pdf/12tn001.pdf

Year: 2012

Country: United States

URL:

Shelf Number: 126469

Keywords:
Cybercrime
Embezzlement
Fraud
Insider Threats
Organized Crime

Author: Cummings, Adam

Title: Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector

Summary: This report describes a new insider threat study funded by the U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) in collaboration with the U.S. Secret Service (USSS) and the CERT Insider Threat Center, part of Carnegie Mellon University's Software Engineering Institute. Researchers extracted technical and behavioral patterns from 67 insider and 13 external fraud cases; all 80 cases occurred between 2005 and the present. Using this information, we developed insights and risk indicators of malicious insider activity within the banking and finance sector. This information is intended to help private industry, government, and law enforcement more effectively prevent, deter, detect, investigate, and manage insider threats in this sector.

Details: Pittsburgh, PA: Carnegie Mellon University, Software Engineering Institute, 2012. 76p.

Source: Internet Resource: Accessed September 27, 2012 at: http://www.sei.cmu.edu/library/abstracts/reports/12sr004.cfm

Year: 2012

Country: United States

URL: http://www.sei.cmu.edu/library/abstracts/reports/12sr004.cfm

Shelf Number: 126470

Keywords:
Cybercrime
Financial Fraud
Insider Threats

Author: Randazzo, Marisa Reddy

Title: Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector

Summary: Current and former employees, contractors, and other organizational “insiders” pose a substantial threat by virtue of their knowledge of and access to their employers’ systems and/or databases and their ability to bypass existing physical and electronic security measures through legitimate means. Previous efforts to study insider incidents have focused on convenience samples and narrow areas of industry and have not examined the incidents from both behavioral and technical perspectives simultaneously. These gaps in the literature have made it difficult for organizations to develop a comprehensive understanding of the insider threat and address the issue from an approach that draws on human resources, corporate security, and information security perspectives. The Secret Service National Threat Assessment Center and the CERT Coordination Center of Carnegie Mellon University’s Software Engineering Institute joined efforts to conduct a unique study of insider incidents, the Insider Threat Study (ITS), examining actual cases identified through public reporting or as a computer fraud case investigated by the Secret Service. Each case was analyzed from a behavioral and a technical perspective to identify behaviors and communications in which the insiders engaged—both online and offline—prior to and including the insiders’ harmful activities. Section 1 of this report presents an overview of the ITS, including its background, scope, and study methods. Section 2 reports the findings and implications specific to research conducted on insider threat cases in the banking and finance sector.

Details: Pittsburgh, PA: Carnegie Mellon University, Software Engineering Institute, 2005. 36p.

Source: Internet Resource: Accessed October 7, 2012 at http://www.sei.cmu.edu/reports/04tr021.pdf

Year: 2005

Country: United States

URL: http://www.sei.cmu.edu/reports/04tr021.pdf

Shelf Number: 126569

Keywords:
Corporate Crime
Cybercrime
Financial Fraud
Insider Threats
Risk Management

Author: Broadhurst, Roderic

Title: Crime in Cyberspace: Offenders and the Role of Organized Crime Groups

Summary: This working paper summarizes what is currently known about cybercrime offenders and groups. The paper briefly outlines definition and scope of cybercrime, the theoretical and empirical challenges in addressing what is known about cyber offenders, and the likely role of organized crime groups (OCG). The paper gives examples of known cases that illustrate individual and group behaviour, profiles typical offenders, including online child exploitation offenders, and describes methods and techniques commonly used to identify crimeware and help trace offenders.

Details: Canberra: Australian National University, 2013. 35p.

Source: Internet Resource: Working Paper: Accessed February 15, 2013 at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2211842

Year: 2013

Country: International

URL: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2211842

Shelf Number: 127628

Keywords:
Cybercrime
Internet Crime
Online Child Sex Offenders
Organized Crime

Author: Green, Lelia

Title: Risks and Safety for Australian Children on the Internet: Full findings from the AU Kids Online survey of 9-16 year olds and their parents

Summary: This report presents initial findings from an Australian survey of children and their parents designed to provide a unique insight into the balance of opportunities and risks experienced by these children as a result of their internet use. A random stratified sample of 400 9-16 year olds who use the internet, and one of their parents/carers, was interviewed between November 2010 and February 2011. The ‘AU’ survey was conducted in parallel with a 25 nation survey carried out by EU Kids Online (see Annex 1) and funded by the EC’s Safer Internet Programme. The questionnaire was designed by the EU Kids Online network, coordinated by the London School of Economics and Political Science. Ipsos MORI and its international affiliates conducted the research in all 26 countries. In what follows, AU findings are compared with those from 25 other countries, all of which are European nations, although not all of which are members of the European Union. The results of this overarching European-level research in 25 nations, with 25,142 families each represented by a child aged 9-16, and the parent who knows most about the child’s internet use, are reported in Livingstone, S., Haddon, L., Görzig, A., and Ólafsson, K. (2011). Risks and safety on the internet: The perspective of European children. Full findings. LSE, London: EU Kids Online. See www.eukidsonline.net. Where reference is made in this report to EU Kids Online, or to ‘in Europe’, this entails reference to the findings based on the 25,142 children involved in the EU Kids Online research, not to European children as a whole, nor to the children of the European Union. The 25 nations involved in the EU Kids Online research are Austria (AT), Belgium (BE), Bulgaria (BG), Cyprus (CY), Czech Republic (CZ), Denmark (DK), Estonia (EE), Finland (FI), France (FR), Germany (DE), Greece (EL), Hungary (HU), Italy (IT), Ireland (IE), Lithuania (LT), Netherlands (NL), Norway (NO), Poland (PO), Portugal (PT), Romania (RO), Slovenia (SI), Spain (ES), Sweden (SE), Turkey (TU), and the United Kingdom (UK).

Details: Kelvin Grove QLD, Australia: ARC Centre of Excellence for Creative Industries and Innovation, 2011. 75p.

Source: Internet Resource: Accessed March 30, 2013 at: http://cultural-science.org/journal/index.php/culturalscience/article/viewFile/49/129

Year: 2011

Country: Australia

URL: http://cultural-science.org/journal/index.php/culturalscience/article/viewFile/49/129

Shelf Number: 128170

Keywords:
Computer Safety
Cyberbullying
Cybercrime
Internet Crimes
Internet Safety
Online Safety (Australia)
Online Victimization

Author: Klimburg, Alexander, ed.

Title: National Cyber Security Framework Manual

Summary: As stated in the Strategic Concept for the Defence and Security of the Members of the North Atlantic Treaty Organisation of November 2010, NATO Member States have recognised that malicious cyber activities ‘can reach a threshold that threatens national and Euro-Atlantic prosperity, security and stability’.1 In order to assure the security of NATO’s territory and populations, the Alliance has committed to continue fulfilling its essential core tasks, inter alia, to deter and to defend against emerging security challenges, such as cyber threats.2 The revised NATO Policy on Cyber Defence of 8 June 2011 focuses NATO on the protection of its own communication and information systems in order to perform the Alliance’s core tasks of collective defence and crisis management.3 However, as cyber threats transcend State borders and organisational boundaries, the policy also stresses the need for cooperation of the Alliance with NATO partner countries, private sector and academia.4 NATO Member States reinforced the importance of international cooperation by stating in the Chicago Summit Declaration of May 2012 t hat ‘[t]o address the cyber security threats and to improve our common security, we are committed to engage with relevant partner countries on a case-by-case basis and with international organisations [...] in order to increase concrete cooperation.’5 Against this background, it is of paramount importance to increase the level of protection against cyber threats and to steadily improve the abilities to appropriately address cyber threats by Allies and NATO’s partner countries. The ‘National Cyber Security Framework Manual’ addresses national cyber security stakeholders in NATO Member States or NATO partner countries, including leaders, legislators, regulators and Internet Service Providers. It will serve as a guide to develop, improve or confirm national policies, laws and regulations, decisionmaking processes and other aspects relevant to national cyber security. Hence, this Manual will support NATO’s goal of enhancing the ‘common security’ with regard to ‘cyber security threats’, as expressed by the Allies in the aforementioned Chicago Summit Declaration. The implementation, maintenance and improvement of national cyber security comprises a range of elements. These can address strategic documents of political nature, laws, regulations, organisational and administrative measures, such as communication and crisis management procedures within a State, but also purely technical protection measures. Furthermore, awareness raising, training, education, exercises and international cooperation are important features of national cyber security. Thus, the aspects to be considered reach from the strategic through the administrative or operational to the tactical level. This Manual addresses all of those levels in the various sections, shows different possibilities of approaches to national cyber security, and highlights good practices within national cyber security strategies and techniques. This approach is based on the reasoning that States have different features and prerequisites with regard to their legal framework, historical and political contexts, governmental structure, organisational structures, crisis management processes, and mentality. Therefore, this Manual cannot provide a ‘blueprint’ which would be feasible and useful for all States, but rather shows diverse aspects and possibilities to be considered in the course of drafting a national cyber security strategy. Due to its rather academic approach – although being of practical use – and the incorporation of military aspects, the Manual differs from publications with a similar goal and target audience.

Details: Tallinn, Estonia: NATO Cooperative Cyber Defence Centre of Excellence, 2012. 253p.

Source: Internet Resource: Accessed April 5, 2013 at: http://www.ccdcoe.org/publications/books/NationalCyberSecurityFrameworkManual.pdf

Year: 2012

Country: International

URL: http://www.ccdcoe.org/publications/books/NationalCyberSecurityFrameworkManual.pdf

Shelf Number: 128289

Keywords:
Cybercrime
Cybersecurity
Internet Crime
Terrorism

Author: Bronk, Christopher

Title: Risk-Intelligent Governance in the Age of Cyberthreats

Summary: Cybersecurity is an issue of foremost interest for policymakers in the world's government, corporations, nongovermental organizations, academic institutions, and other associations. However, remedy for the myriad cyberthreats and vulnerabilities continues to elude technologists and policymakers alike. In this paper, we consider the concept of cyberrisk intelligence, a general concept of understanding the varied phenomena that impact an organization's capacity to secure its digital communitions and resources from eavesdropping, theft, or attack. We also consider the deeper economics of information held and transmitted in digital form and how those economics may alter thinking on risk modeling. Finally, we offer guidance on how organizations and entire sectors of business activity may want to alter their thinking on cybersecurity issues beyond a technological framing to include an informational perspective aligned with business activities.

Details: Houston, TX: Rice University, James A. Baker III Institute for Public Policy, 2013. 16p.

Source: Internet Resource: Risk Intelligence Series
Issue No. 23: Accessed May 2, 2013 at: http://bakerinstitute.org/publications/ITP-pub-RiskIntelligentGovernance-042613.pdf

Year: 2013

Country: International

URL: http://bakerinstitute.org/publications/ITP-pub-RiskIntelligentGovernance-042613.pdf

Shelf Number: 128600

Keywords:
Cybercrime
Cybersecurity
Risk Assessment

Author: Collins, Matthew L.

Title: Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations

Summary: This is the sixth entry in the Spotlight On series published by the CERT®Insider Threat Center. Each entry focuses on a specific area of threat to organizations from their current or former employees, contractors, or business partners and presents analysis based on hundreds of actual insider threat cases cataloged in the CERT insider threat database. This entry in the series focuses on insiders who stole intellectual property (IP), such as source code, scientific formulas, engineering drawings, strategic plans, or proposals, from their organizations to benefit a foreign entity. This technical note defines IP and insider theft of IP, explains the criteria used to select cases for this examination, gives a snapshot of the insiders involved in these cases, and summarizes some of the cases themselves. Finally, it provides recommendations for mitigating the risk of similar incidents of insider threat.

Details: Pittsburgh, PA: Carnegie Mellon University, Software Engineering Institute, 2013. 18p.

Source: Internet Resource: TECHNICAL NOTE
CMU/SEI-2013-TN-009; Accessed May 28, 2013 at: http://www.sei.cmu.edu/reports/13tn009.pdf

Year: 2013

Country: United States

URL: http://www.sei.cmu.edu/reports/13tn009.pdf

Shelf Number: 128834

Keywords:
Cybercrime
Cybersecurity
Espionage
Information Security
Insider Threat
Intellectual Property
Internet Crimes

Author: Schjolberg, Judge Stein

Title: Peace and Justice in Cyberspace. Potential new global legal mechanisms against global cyberattacks and other global cybercrimes

Summary: In the prospect of an international criminal court lies the promise of universal justice. Without an international court or tribunal for dealing with the most serious cybercrimes of global concern, many serious cyberattacks will go unpunished. The most serious global cyberattacks in the recent year, have revealed that almost nobody is investigated and prosecuted, and nobody has been sentenced for those acts. Such acts need to be included in a global treaty or a set of treaties, and investigated and prosecuted before an international criminal court or tribunal. Cyberspace, as the fifth common space, after land, sea, air and outer space, is in great need for coordination, cooperation and legal measures among all nations. It is necessary to make the international community aware of the need for a global response to the urgent and increasing cyberthreats. Peace, justice and security in cyberspace should be protected by international law through a treaty or a set of treaties under the United Nations. The progressive developments of global cyberattacks, such as massive and coordinated attacks against critical information infrastructures of sovereign States, must necessitate an urgent response for a global treaty.

Details: A Background Paper for EastWest Institute (EWI) Worldwide Cybersecurity Summit Special Interest Seminar: Harmonizing of Legal Frameworks for Cyberspace New Delhi, India October 30-31, 2012. 40p.

Source: Internet Resource: Background Paper: Accessed June 1, 2013 at: http://cybersummit2012.com/sites/cybersummit2012.com/files/EWICybersecuritySummit.pdf

Year: 2012

Country: International

URL: http://cybersummit2012.com/sites/cybersummit2012.com/files/EWICybersecuritySummit.pdf

Shelf Number: 128910

Keywords:
Cyber Security
Cybercrime
Internet Crime

Author: Jennings, Peter

Title: The Emerging Agenda for Cybersecurity

Summary: Cybersecurity is rapidly emerging as a high-priority policy challenge for the Australian Government. This rise reflects growing international concern about the impact of malicious cyberactivity. Notwithstanding recent government policy announcements, this paper, authored by Peter Jennings and Tobias Feakin, argues that significantly more needs to be done to ensure that Australia has the right policies in place to manage cybersecurity risk. The paper discusses the organisational problems that have slowed Australia’s work to develop a simple but effective cyber policy, and contrasts our experience with steps taken by our closest allies, the US and UK. It recommends things the government should do to develop a clear policy framework. Much of this work will need to be done quickly after the 2013 federal election so that Australia can play an influential role in shaping a global approach to cybersecurity.

Details: Barton, ACT: Australian Strategic Policy Institute, 2013. 16p.

Source: Internet Resource: Special Report: Accessed August 6, 2013 at: http://www.aspi.org.au/publications/publication_details.aspx?ContentID=369&pubtype=-1

Year: 2013

Country: Australia

URL: http://www.aspi.org.au/publications/publication_details.aspx?ContentID=369&pubtype=-1

Shelf Number: 129553

Keywords:
Cybercrime
Cybersecurity (Australia)
Internet Crime

Author: Center for Strategic and International Studies

Title: The Economic Impact of Cybercrime and Cyber Espionage

Summary: Is cybercrime, cyber espionage, and other malicious cyber activities what some call “the greatest transfer of wealth in human history,” or is it what others say is a “rounding error in a fourteen trillion dollar economy?” The wide range of existing estimates of the annual loss—from a few billion dollars to hundreds of billions—reflects several difficulties. Companies conceal their losses and some are not aware of what has been taken. Intellectual property is hard to value. Some estimates relied on surveys, which provide very imprecise results unless carefully constructed. One common problem with cybersecurity surveys is that those who answer the questions “self-select,” introducing a possible source of distortion into the results. Given the data collection problems, loss estimates are based on assumptions about scale and effect— change the assumption and you get very different results. These problems leave many estimates open to question. In this initial report we start by asking what we should count in estimating losses from cybercrime and cyber espionage. We can break malicious cyber activity into six parts: • The loss of intellectual property and business confidential information • Cybercrime, which costs the world hundreds of millions of dollars every year • The loss of sensitive business information, including possible stock market manipulation • Opportunity costs, including service and employment disruptions, and reduced trust for online activities • The additional cost of securing networks, insurance, and recovery from cyber attacks • Reputational damage to the hacked company Put these together and the cost of cybercrime and cyber espionage to the global economy is probably measured in the hundreds of billions of dollars. To put this in perspective, the World Bank says that global GDP was about $70 trillion in 2011. A $400 billion loss—the high end of the range of probable costs—would be a fraction of a percent of global income. But this begs several important questions about the full benefit to the acquirers and the damage to the victims from the cumulative effect of cybercrime and cyber espionage.

Details: Santa Clara, CA: McAfee, 2013. 20p.

Source: Internet Resource: Accessed August 6, 2013 at: http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf

Year: 2013

Country: International

URL: http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf

Shelf Number: 129556

Keywords:
Costs of Crime
Cybercrime
Cybersecurity
Espionage
Internet Crime

Author: Ponemon Institute

Title: 2012 Cost of Cyber Crime Study: United States

Summary: This year's study is based on a representative sample of 56 organizations in various industry sectors. While our research focused on organizations located in the United States, many are multinational corporations. Cyber attacks generally refer to criminal activity conducted via the Internet. These attacks can include stealing an organization's intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country's critical national infrastructure. Consistent with the previous two studies, the loss or misuse of information is the most significant consequence of a cyber attack. Based on these findings, organizations need to be more vigilant in protecting their most sensitive and confidential information. Key takeaways from this research include: - Cyber crimes continue to be costly. We found that the average annualized cost of cyber crime for 56 organizations in our study is $8.9 million per year, with a range of $1.4 million to $46 million. In 2011, the average annualized cost was $8.4 million. This represents an increase in cost of 6 percent or $500,000 from the results of our cyber cost study published last year. - Cyber attacks have become common occurrences. The companies in our study experienced 102 successful attacks per week and 1.8 successful attacks per company per week. This represents an increase of 42 percent from last year's successful attack experience. Last year's study reported 72 successful attacks on average per week. - The most costly cyber crimes are those caused by denial of service, malicious insiders and web-based attacks. Mitigation of such attacks requires enabling technologies such as SIEM, intrusion prevention systems, application security testing and enterprise governance, risk management and compliance (GRC) solutions. The purpose of this benchmark research is to quantify the economic impact of cyber attacks and observe cost trends over time. We believe a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.

Details: Traverse City, MI: Ponemon Institute, 2012. 30p.

Source: Internet Resource: Accessed March 15, 2014 at: http://www.ponemon.org/local/upload/file/2012_US_Cost_of_Cyber_Crime_Study_FINAL6%20.pdf

Year: 2012

Country: United States

URL: http://www.ponemon.org/local/upload/file/2012_US_Cost_of_Cyber_Crime_Study_FINAL6%20.pdf

Shelf Number: 131925

Keywords:
Costs of Crime
Crime Statistics
Cybercrime
Internet Crime

Author: Samani, Raj

Title: Digital Laundry: An analysis of online currencies, and their use in cybercrime

Summary: The European Central Bank (ECB) points out notable differences between virtual currency and electronic money schemes. Electronic money uses a traditional unit of currency and is regulated; virtual currencies are unregulated and use an invented currency. Virtual currencies offer a number of benefits to customers: They are reliable, relatively instant, and anonymous. Even when privacy issues have been raised with particular currencies (notably Bitcoin), the market has responded with extensions to provide greater anonymity. Market response is an important point because regardless of law enforcement actions against Liberty Reserve and e-gold, criminals quickly identify new platforms to launder their funds. As a platform grows in popularity, so too will attacks and subsequent law enforcement actions. We saw this recently with Liberty Reserve and e-gold, and the recent cyberattacks against Bitcoin. Increasing popularity also raises the attention of law enforcement officials. Despite such platforms establishing their operations in countries considered as "tax havens," its operators are still subject to investigation, and possibly arrest. This concern recently led to the Russian Foreign Ministry warning its citizens who suspect they may be arrested to avoid countries with extradition treaties with the United States. The warning cited the arrest of Liberty Reserve's founder as an example. Although money laundering and cyberattacks are the focus of this paper, electronic currencies also act as the main method of payment for illicit products such as drugs, as well as for other products and services that enable cybercrime. We discussed products and services in Cybercrime Exposed: Cybercrime-as-a-Service; we'll look at drugs in this paper when we discuss the Silk Road market. The Silk Road is the best known online drug market but it is only the tip of the iceberg, as there are numerous such marketplaces. Regardless of the level of scrutiny by regulators and law enforcement, criminals will continue to migrate activities to alternate platforms. They have done this with Liberty Reserve and e-gold, to name two examples; simply shutting down the leading platform will not solve the problem.

Details: Santa Clara, CA: McAfee, 2013. 17p.

Source: Internet Resource: Accessed May 10, 2014 at: http://www.mcafee.com/us/resources/white-papers/wp-digital-laundry.pdf

Year: 2013

Country: International

URL:

Shelf Number: 132315

Keywords:
Cybercrime
Digital Crime
Financial Crime
Money Laundering
Online Crime

Author: Christin, Nicolas

Title: Traveling the Silk Road: A measurement analysis of a large anonymous online marketplace

Summary: We perform a comprehensive measurement analysis of Silk Road, an anonymous, international online marketplace that operates as a Tor hidden service and uses Bitcoin as its exchange currency. We gather and analyze data over eight months between the end of 2011 and 2012, including daily crawls of the marketplace for nearly six months in 2012. We obtain a detailed picture of the type of goods sold on Silk Road, and of the revenues made both by sellers and Silk Road operators. Through examining over 24,400 separate items sold on the site, we show that Silk Road is overwhelmingly used as a market for controlled substances and narcotics, and that most items sold are available for less than three weeks. The majority of sellers disappears within roughly three months of their arrival, but a core of 112 sellers has been present throughout our measurement interval. We evaluate the total revenue made by all sellers, from public listings, to slightly over USD 1.2 million per month; this corresponds to about USD 92,000 per month in commissions for the Silk Road operators. We further show that the marketplace has been operating steadily, with daily sales and number of sellers overall increasing over our measurement interval. We discuss economic and policy implications of our analysis and results, including ethical considerations for future research in this area.

Details: Pittsburgh, PA: Carnegie Mellon University, CyLab, 2012. 26p.

Source: Internet Resource: Accessed June 4, 2014 at http://www.andrew.cmu.edu/user/nicolasc/publications/TR-CMU-CyLab-12-018.pdf

Year: 2012

Country: International

URL: http://www.andrew.cmu.edu/user/nicolasc/publications/TR-CMU-CyLab-12-018.pdf

Shelf Number: 132408

Keywords:
Black Markets
Cybercrime
Online Transactions

Author: Center for Strategic and International Studies

Title: Net Losses: Estimating the Global Cost of Cybercrime. Economic Impact of Cybercrime II

Summary: Putting a number on the cost of cybercrime and cyber-espionage is the headline, but the dollar figure begs important questions about the damage to the victims from the cumulative effect of losses in cyberspace. The cost of cybercrime includes the effect of hundreds of millions of people having their personal information stolen-incidents in the last year include more than 40 million people in the US, 54 million in Turkey, 20 million in Korea, 16 million in Germany, and more than 20 million in China. One estimate puts the total at more than 800 million individual records in 2013. This alone could cost as much as $160 billion per year. Criminals still have difficulty turning stolen data into financial gain, but the constant stream of news contributes to a growing sense that cybercrime is out of control. For developed countries, cybercrime has serious implications for employment. The effect of cybercrime is to shift employment away from jobs that create the most value. Even small changes in GDP can affect employment. In the United States alone, studies of how employment varies with export growth suggest that the losses from cybercrime could cost as many as 200,000 American jobs, roughly a third of 1% decrease in employment for the US. Using European Union data, which found that 16.7 workers were employed per million Euros in exports to the rest of the world,6 Europe could lose as many as 150,000 jobs due to cybercrime (adjusting for national differences in IP-intensive jobs), or about 0.6% of the total unemployed. These are not always a "net" loss if workers displaced by cyberespionage find other jobs, but if these jobs do not pay as well or better. If lost jobs are in manufacturing (and "the main engine for job creation") or other high-paying sectors, the effect of cybercrime is to shift workers from high-paying to low-paying jobs or unemployment. While translating cybercrime losses directly into job losses is not easy, the employment effect cannot be ignored. The most important cost of cybercrime, however, comes from its damage to company performance and to national economies. Cybercrime damages trade, competitiveness, innovation, and global economic growth. What cybercrime means for the world is: - The cost of cybercrime will continue to increase as more business functions move online and as more companies and consumers around the world connect to the Internet. - Losses from the theft of intellectual property will also increase as acquiring countries improve their ability to make use of it to manufacture competing goods. - Cybercrime is a tax on innovation and slows the pace of global innovation by reducing the rate of return to innovators and investors. - Governments need to begin serious, systematic effort to collect and publish data on cybercrime to help countries and companies make better choices about risk and policy.

Details: Santa Clara, CA: Intel Security, McAffee, 2016. 24p.

Source: Internet Resource: Accessed June 18, 2014 at: http://www.mcafee.com/hk/resources/reports/rp-economic-impact-cybercrime2.pdf

Year: 2014

Country: International

URL: http://www.mcafee.com/hk/resources/reports/rp-economic-impact-cybercrime2.pdf

Shelf Number: 132501

Keywords:
Computer Crime
Costs of Crime
Crimes Against Businesses
Cybercrime
Economics of Crime
Employment
Espionage
Jobs

Author: Hartwig, Robert P.

Title: Cyber Risks: The Growing Threat

Summary: Amid a rising number of high profile mega data breaches-most recently at eBay, Target and Neiman Marcus-government is stepping up its scrutiny of cyber security. This is leading to increased calls for legislation and regulation, placing the burden on companies to demonstrate that the information provided by customers and clients is properly safeguarded online. Despite the fact that cyber risks and cyber security are widely acknowledged to be a serious threat, many companies today still do not purchase cyber risk insurance. However, this is changing. Recent legal developments underscore the fact that reliance on traditional insurance policies is not enough, as companies face growing liabilities in this fast-evolving area. Specialist cyber insurance policies have been developed by insurers to help businesses and individuals protect themselves from the cyber threat. Market intelligence suggests that the types of specialized cyber coverage being offered by insurers are expanding in response to this fast-growing market need. There is also growing evidence that in the wake of the Target data breach and other high profile breaches, the number of policies is increasing, and that insurance has a key role to play as companies and individuals look to better manage and reduce their potential financial losses from cyber risks in future.

Details: Insurance Information Institute, 2014. 27p.

Source: Internet Resource: White Paper: Accessed July 23, 2014 at: http://www.iii.org/sites/default/files/docs/pdf/paper_cyberrisk_2014.pdf

Year: 2014

Country: United States

URL: http://www.iii.org/sites/default/files/docs/pdf/paper_cyberrisk_2014.pdf

Shelf Number: 132740

Keywords:
Computer Crime
Cyber Security
Cybercrime
Identity Theft
Internet Crime

Author: Berg, Chris

Title: A social problem, not a technological problem: Bullying, cyberbullying and public policy

Summary: Bullying among children is a significant and serious issue. In recent years, the phenomenon described as "cyberbullying" has received a large amount of social, political, and academic attention. The Commonwealth government has announced that it is seeking legislative change to deal with cyberbullying. The government plans to institute a Children's e-Safety Commissioner with power to takedown harmful content directed at children from the social media sites. The Children's e-Safety Commissioner is a serious threat to freedom of speech. The purpose of this paper is to outline the scope of the cyberbullying problem, the conceptual framework within it must be understood, and develop principles by which policymakers can address the cyberbullying problem. Without understanding the cyberbullying phenomenon it is impossible to devise effective policy that will not have unintended consequences and threaten basic liberties like freedom of speech. Unfortunately it is not clear that the government has clearly understood the causes, consequences, and characteristics of cyberbullying. This paper argues that cyberbullying is a subset of bullying. It is bullying by electronic means. It is not a problem of a different kind from bullying in an offline environment

Details: Melbourne: Institute of Public Affairs, 2014. 31p.

Source: Internet Resource: Accessed August 12, 2014 at: http://www.ipa.org.au/portal/uploads/submission_V6.pdf

Year: 2014

Country: Australia

URL: http://www.ipa.org.au/portal/uploads/submission_V6.pdf

Shelf Number: 133004

Keywords:
Computer Crimes
Cyber-bullying (Australia)
Cybercrime
Social Media

Author: Katz, Ilan

Title: Research on youth exposure to, and management of, cyberbullying incidents in Australia

Summary: The Social Policy Research Centre was commissioned by the Australia Government, as part of its commitment to Enhance Online Safety for Children External Links icon , to investigate youth exposure to cyberbullying and how it is being managed. The report was developed in collaboration with National Children's and Youth Law Centre, the University of South Australia, the Young and Well Cooperative Research Centre, and the University of Western Sydney. The research shows that each year, one in five young Australians aged 8-17 are victims of cyberbullying. This behaviour is most prominent in children aged 10-15 years, with prevalence decreasing for 16-17 year-olds. The estimated number of children and young people who were victims of cyberbullying last year was approximately 463,000, with around 365,000 in the 10-15 age group. The report also notes that the prevalence of cyberbullying has 'rapidly increased' since it first emerged as a behaviour. The report indicates that the most appropriate way of addressing cyberbullying is to introduce a series of responses including restorative approaches, educating young people about the consequences of cyberbullying, and requiring social networking sites to take down offensive material. The findings are presented in three parts. Please click on the links below for the separate sections or see the synthesis report for the collated findings. Part A: The estimated prevalence of cyberbullying incidents involving Australian minors, based on a review of existing published research including how such incidents are currently being dealt with. Part B: The estimated prevalence of cyberbullying incidents involving Australian minors that are reported to police, community legal advice bodies and other related organisations, the nature of these incidents, and how such incidents are currently being dealt with. Part C: An evidence-based assessment to determine, if a new, simplified cyberbullying offence or a new civil enforcement regime were introduced, how such an offence or regime could be implemented, in conjunction with the existing criminal offences, to have the greatest material deterrent effect. Appendix A: Literature review - International responses to youth cyberbullying and current Australian legal context Appendix B: Findings of research with adult stakeholders Appendix C: Findings of research with youth Appendix D: Supplementary data and analysis

Details: Sydney: Social Policy Research Centre, UNSW Australia, 2014. 8 parts

Source: Internet Resource: Accessed August 14, 2014 at: https://www.sprc.unsw.edu.au/research/projects/cyberbullying/

Year: 2014

Country: Australia

URL: https://www.sprc.unsw.edu.au/research/projects/cyberbullying/

Shelf Number: 133046

Keywords:
Bullying
Computer Crime
Cyberbullying (Australia)
Cybercrime
Internet Crime
Juvenile Offenders
Online Communications
Online Safety
Social Networks

Author: Diallo, Ismaila

Title: A profile of crime markets in Dakar

Summary: Several criminal markets - ranging from drug trafficking to human trafficking, piracy and counterfeiting, trafficking of pharmaceuticals, cybercrime and money laundering - can be found in Dakar, Senegal. This paper profiles those criminal markets currently active in the city and its suburbs, analyzing their structures, operations and transnational dimensions. The expansion of these criminal markets is a matter of considerable concern for West Africa's economic and social development. In every case, 'regardless of the criminal market... the common denominator is always exploitation for profit. This exploitation ultimately affects the entire country: its people and institutions; its' economic prosperity; and its social fabric'.

Details: Pretoria: Institute for Security Studies, 2014. 12p.

Source: Internet Resource: ISS Paper 264: Accessed August 14, 2014 at: http://www.issafrica.org/uploads/Paper264.pdf

Year: 2014

Country: South Africa

URL: http://www.issafrica.org/uploads/Paper264.pdf

Shelf Number: 133050

Keywords:
Counterfeit Medicines
Criminal Networks (South Africa)
Cybercrime
Drug Trafficking
Human Trafficking
Money Laundering
Organized Crime
Pirates/Piracy

Author: Lawrenson, Tim

Title: Cyberattacks -The Significance of the Threat and the Resulting Impact on Strategic Security

Summary: Cyberspace is now so intrinsic to a modern state's economy that it is vital to protect it as part of that state's national security. However certain features of cyberspace make it an increasingly attractive attack domain. Despite some rather hysterical press headlines, this analysis shows that cybercrime is the principal threat, rather than cyberterror or cyberwarfare; albeit the growing scale of state-sponsored cybercrime is a concern because it carries an inherent risk of escalation into cyber (or conventional) warfare. A comprehensive, layered cyber-security strategy is needed to overcome some of the more problematic attractions of cyberspace as an attack domain. This strategy must improve actual system security as well as enhancing people's confidence in the resilience of the cyber-enabled world.

Details: London: Royal College of Defence Studies, 2011. 31p.

Source: Internet Resource: Thesis: Seaford House Paper 2010/11: Accessed August 22, 2014 at: http://www.da.mod.uk/colleges/rcds/publications/seaford-house-papers/2011-seaford-house-papers/shp11lawrenson.pdf/view

Year: 2011

Country: International

URL: http://www.da.mod.uk/colleges/rcds/publications/seaford-house-papers/2011-seaford-house-papers/shp11lawrenson.pdf/view

Shelf Number: 131353

Keywords:
Computer Security
Cyber Security
Cybercrime
Internet Crimes

Author: Great Britain. National Crime Agency

Title: National Strategic Assessment of Serious and Organised Crime 2014

Summary: If there is a single cross-cutting issue that has changed the landscape for serious and organised crime and our response against it, it is the growth in scale and speed of internet communication technologies. The online streaming of real-time child sexual exploitation and abuse is a growing threat. Cyber techniques have proliferated and are used ever more extensively by wider serious and organised crime groups to commit 'traditional' crimes (see Section 1: Cross-cutting issues for cyber-enabled crime). As more government services go online, including tax collection, there is an increasing risk of online attacks and fraud against the public sector. Large scale attacks on public as well as private online services erode consumer confidence, which affects the UK's social and economic well-being and reduces the attractiveness of the UK as a place to do business. 84% of all cases of identity fraud are delivered by the internet. The pace of development of deployable criminal tools is such that we anticipate an increase in the targeted compromise of UK networked systems, more ransom-ware attacks and distributed denial of service (DDOS) attacks against business-critical systems. Corruption is another key cross-cutting issue, the impact of which is disproportionate to the level and frequency at which it occurs, with serious ramifications in terms of confidence towards the public and private sectors and in undermining trust in government. Proceeds of corruption and bribery amounting to millions of pounds from some international politically exposed persons (PEPs) have been laundered through UK financial systems including banks and investment property. The scale of the laundering of criminal proceeds, despite the UK's leading role in developing international standards to tackle it, is a strategic threat to the UK's economy and reputation. Some of the same financial transfer systems used by serious and organised criminals in the UK are also used by terrorist groups both domestically and overseas. The UK and its dependent territories are believed to have been the destination for billions of pounds of European criminal proceeds. We assess that the supply of heroin from Afghanistan, amphetamine processing/production in the UK and the supply of new psychoactive substances are all likely to increase, and that the supply of cocaine from South America is likely to remain at a high rate. The impact of the illegal drugs trade in the countries where they are sourced and those through which they are trafficked can be significant and undermines states and government structures. In some cases it has the potential to damage UK strategic partnerships. Human trafficking is widely recognised as a significant global problem. Work to scope the extent of criminality behind the trafficking of human beings continues in order to improve the understanding of modern slavery. We assess that irregular migrants already in the UK will continue to provide a pool of people that serious and organised criminals can exploit by selling them forged or counterfeit documents to support fraudulent applications for leave to remain in the UK. We also assess that criminal exploitation of the legitimate supply of firearms to the UK marketplace will increase. There is also a concern that weapons, whether from illegal or legitimate sources, might find their way into the hands of extremists. All of the most serious crime threats are transnational. Commodities of all types - including, for example, trafficked people destined for modern slavery, intangibles targeted in fraud and cyber crime - either come from or transit through often unstable countries. Corruption in these countries both feeds off the proceeds of the crime and contributes in turn to instability. The criminal exploitation of corrupt and unstable governments or countries can directly threaten UK national security.

Details: London: National Crime Agency, 2014. 28p.

Source: Internet Resource: Accessed September 29, 2014 at: http://www.nationalcrimeagency.gov.uk/publications/207-nca-strategic-assessment-of-serious-and-organised-crime/file

Year: 2014

Country: United Kingdom

URL: http://www.nationalcrimeagency.gov.uk/publications/207-nca-strategic-assessment-of-serious-and-organised-crime/file

Shelf Number: 133466

Keywords:
Child Sexual Exploitation
Cybercrime
Drug Trafficking
Human Trafficking
Illegal Drugs
Illegal Guns
National Security
Online Victimization
Organized Crime (U.K.)
Violent Crime

Author: Ponemon Institute

Title: The Impact of Cybercrime on Business. Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil

Summary: Cyber criminals today are increasingly leveraging malware, bots and other forms of sophisticated threats to attack organizations for various reasons, including financial gain, business disruption or political agendas. In many cases, cybercriminals often target multiple sites and organizations to increase the likelihood of an attack's initial success and viral spread. With new variants of malware being generated on a daily basis, many companies struggle to fight these threats separately and the majority of attacks are often left undetected or unreported. In addition, cybercriminals are no longer isolated amateurs. They belong to well-structured organizations with money, motivation and goals, often employing highly skilled hackers that execute targeted attacks. Such organizations can deploy considerable threat intelligence, time and resources in order to execute attacks that can cost cybercrime victims significant amounts of money. Unfortunately, this trend is only growing more complex as businesses experience a surge in Web 2.0 use, mobile computing and the cloud, creating more channels of communication and vulnerable entry points into the network. Conducted by Ponemon Institute and sponsored by Check Point Software Technologies, we are pleased to present the findings of The Impact of Cybercrime on Business. The purpose of the study is to better understand the likelihood, frequency and magnitude targeted threats have on organizations across all company sizes and industries, and to understand how IT practitioners are addressing the risk for future remediation and precautions. In this study we surveyed 2,618 highly experienced business leaders and IT security practitioners located in the United States, United Kingdom, Germany, Hong Kong and Brazil. Respondents were asked to focus on five of the most prevalent types of attacks: botnets, Advanced Persistent Threats (APTs), denial of service (DoS) attacks, viruses, worms and trojans and social engineering attacks to evaluate what impact they have on businesses, including their level of risk, motivations, types of information compromised and cost. As the study will show, there are significant differences in practices and perceptions among IT practitioners in all five countries.

Details: Traverse City, MI: Ponemon Institute, 2012. 21p.

Source: Internet Resource: Accessed November 12, 2014 at: http://www.ponemon.org/local/upload/file/Impact_of_Cybercrime_on_Business_FINAL.pdf

Year: 2012

Country: International

URL: http://www.ponemon.org/local/upload/file/Impact_of_Cybercrime_on_Business_FINAL.pdf

Shelf Number: 134061

Keywords:
Computer Crimes
Crimes Against Businesses
Cybercrime
Cybersecurity
Internet Crimes

Author: Saifudeen, Omer Ali

Title: The Cyber Extremism Orbital Pathways Model

Summary: The starting premise of this study is that internet-based communications possess unique characteristics that warrant the need to have a discrete pathway model to explain online radicalisation. This online radicalisation pathway model would especially apply to the growing communities of young netizens whose socio-psychological makeup is shaping a "new normal" in the way we exchange information and interact. The proposed Cyber Extremism Orbital Pathways Model (CEOP) describes how online cognitive radicalisation can move towards real-world violent extremism. The model also elucidates the multitude of competing forces in cyberspace that promote or impede such radicalization and what this means for online counter-radicalisation strategies. The CEOP model is based on inferences made from content and discourse analysis of extremist narratives on the internet and current studies about internet-based communications. The research took into account distinctive factors that made internet-based messaging more persuasive and this includes the effects of crowdsourcing. Finally, the CEOP model suggests how the same persuasive communication strategies used on the internet by extremists can be conversely used to counter online radicalisation.

Details: Singapore: S. Rajaratnam School of International Studies, 2014. 32p.

Source: Internet Resource: RSIS Working Paper No. 283: Accessed November 20, 2014 at: http://www.rsis.edu.sg/wp-content/uploads/2014/11/WP283.pdf

Year: 2014

Country: International

URL: http://www.rsis.edu.sg/wp-content/uploads/2014/11/WP283.pdf

Shelf Number: 134170

Keywords:
Cybercrime
Extremism
Extremist Groups
Internet
Radical Groups
Radicalization

Author: International Fund for Animal Welfare

Title: Wanted -- Dead or Alive: Exposing Online Wildlife Trade

Summary: IFAW has shared key results from its reports with national enforcement agencies in order that they might assess whether to investigate if traders have sold items in breach of the law. It is not possible to measure the scale of illegal online wildlife trade based on IFAW investigations alone. This requires law enforcement agencies to record and publish wildlife cybercrime prosecutions as well as the number of incidents or intelligence logs that relate to this issue. Sadly IFAW's investigations are taking place at a time when wildlife poaching levels are alarmingly high with reports of more than 100,000 elephants killed for their ivory in just three years1 and a recent increase in the number of large ivory seizures. The illegal trade in ivory, wildlife and wildlife parts and products is not only a threat to the conservation of species, but also to national and global security as well as to social and economic development in the countries in which it occurs. The illegal wildlife trade generates an estimated US $19 billion per year. It ranks fourth on the list of the most lucrative global illegal activities closely behind drugs, counterfeiting and human trafficking. Meanwhile, cybercrime is a growing area of concern, as was highlighted in the United Kingdom's Home Office Select Committee report of 2013 on e-crime, which states: "We live in a world where terms like 'cybercrime' no longer belong in the realm of science fiction. Modern devices such as smart phones and tablets have brought the internet not only to our fingertips but to our bedsides, our pockets and to our children. And yet there is strong evidence that access to such technology, with all its opportunities and benefits, can put businesses and families at increasing risk of exploitation and internet-based crime (e-crime)." It was in this context of high levels of poaching and the increasing threat of cybercrime that IFAW investigated the trade in endangered wildlife taking place on 280 online marketplaces in 16 countries during a six week period in 2014. Investigators found a total of 33,006 endangered wildlife and wildlife parts and products from species listed on the Convention of International Trade in Endangered Species of Wild Fauna and Flora (CITES) Appendix I and II available for sale in 9,482 advertisements, estimated to be worth at least US $10,708,137. Of the advertisements, 54 per cent were for live animals while 46 per cent were for animal parts and products. Ivory, reptiles and birds were the most widely traded items, with ivory and suspected ivory featuring in almost one-third of all advertisements and reptiles accounting for one-quarter of the items found for sale. IFAW investigators submitted 1,192 intelligence files to law enforcers, which equates to almost 13 per cent of the advertisements. While it was not possible to determine the legality of each item provided to law enforcers based on the information available to the investigators, IFAW shared this information with enforcers because it believes that it could inform or be used as the grounds for future police or customs criminal investigations. At a time when poaching of endangered wildlife has reached unprecedented levels, the widespread availability of the internet has transformed some traditional criminal activity to the extent that law-breaking takes place on an extraordinary scale. IFAW believes it is essential that governments, policy makers, law enforcers and online marketplaces do not ignore online wildlife crime in their battle for justice. Governments must ensure they have robust laws in place that specifically tackle the unique challenges of wildlife cybercrime supported by sufficient enforcement capacity, while online marketplaces must commit to strong policies that are effectively implemented to prevent their platforms being abused by wildlife criminals. Lastly consumers must be made aware of the devastating cost of wildlife crime

Details: London: IFAW, 2014. 62p.

Source: Internet Resource: Accessed January 30, 2015: http://www.ifaw.org/sites/default/files/IFAW-Wanted-Dead-or-Alive-Exposing-Online-Wildlife-Trade-2014.pdf

Year: 2014

Country: International

URL: http://www.ifaw.org/sites/default/files/IFAW-Wanted-Dead-or-Alive-Exposing-Online-Wildlife-Trade-2014.pdf

Shelf Number: 134495

Keywords:
Animal Poaching
CITES
Cybercrime
Illegal Wildlife Trade
Ivory
Wildlife Crime (International)

Author: Panda Security

Title: The Cyber-Crime Black Market: Uncovered

Summary: Many of us in the team at Panda Security spend a lot of time traveling and attending all types of events: from specialized IT industry fairs and congresses, to those aimed at businesses, end-users, etc. Yet even though it is becoming more common to hear about the arrest of hackers that steal information and profit from it in many different ways, there are still many members of the public, not necessarily dedicated to IT security, who ask us: "Why would anyone want to steal information from me? I don't have anything of interest..." Another factor to bear in mind is that today's profit-oriented malware is designed to steal data surreptitiously, so the first indication that you have been a victim is when you get your bank or Paypal account statement. Moreover, there is a general perception that this problem only affects home users, and that businesses are immune. The result of our research, as you will read below, shows that this is not the case: Today nobody - neither home users nor businesses- is safe from confidential data theft (and the consequent fraud). This is despite the increased effort in recent years to improve awareness and education in IT security, initiated by governmental agencies in many countries, and of course, thanks to the security industry as a whole, along with other institutions, organizations, media, blogs, etc., who have been assisting with the task for some time now. Although we don't have precise data, we believe that this nefarious business has expanded with the economic crisis. Previously it was in no way easy to locate sites or individuals dedicated to this type of business, yet now it's relatively simple to come across these types of offers on underground forums.

Details: Madrid: Panda Security, 2011. 44p.

Source: Internet Resource: Accessed February 18, 2015 at: http://www.wgains.com/Assets/Attachments/The-Cyber-Crime-Black-Market.pdf

Year: 2011

Country: International

URL: http://www.wgains.com/Assets/Attachments/The-Cyber-Crime-Black-Market.pdf

Shelf Number: 134636

Keywords:
Computer Crime
Computer Security
Cyber Security
Cybercrime
Internet Crime
Internet Security

Author: Alazab, Mamoun

Title: Spam and Criminal Activity

Summary: The Internet is a decentralized structure that offers speedy communication, has a global reach but also provides anonymity, a characteristic invaluable for committing illegal activities. In parallel with the spread of the Internet, cybercrime has rapidly evolved but attacks via email (spam) remain one of the major vectors for the dissemination of malware and many predicate forms of cybercrime. Spam as 'social engineering' is probably the most popular means for spreading and injecting malware on computers and other digital devices. Unlike cybercrime that targets 'low volume-high value' victims such as banks but often requires advanced hacking capability, spam enables malware to reach 'high volume low value' targets, which are less likely to have effective anti-virus or other countermeasures in place. A typical example is the spreading of malicious emails, containing content that entices the recipient to click on a URL link to a malicious web site or download a malicious attachment. Deceptions achieved through the 'social engineering' of email messages are relatively well understood but less is known about advanced methods like 'spear phishing,' and whether different forms of social engineering are related to different types of malware and crime. Understanding the nature of spam activity, and the threat posed by malicious spam emails, especially the prevalence, frequency, duration and severity of these common forms of cybercrime is the key to prevention. Our research examines spam email attachments and URLs to profile and predict the types of spam that represent serious potential sources of malware infection. We describe the nature and trends in spam borne malware from our cross-disciplinary analysis of data. We argue that because the focus of IT security on perimeter-protection is becoming increasingly ineffective, there is a need to refocus crime prevention activities on the modus operandi of offenders. This research used real world' data sets provided by the Australian Communication and Media Authority (ACMA) spam intelligence dataset (SID). We processed 13,450,555 million spam emails: of the 492,978 found with attachments 21.4% were malicious, and of the 6,230,274 that contained a URL, 22.3% of the web links were malicious.

Details: Canberra: Regulatory Institutions Network, Australian National University, 2014. 30p.

Source: Internet Resource: RegNet Research Paper No. 2014/44: Accessed February 18, 2015 at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2467423##

Year: 2014

Country: International

URL: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2467423##

Shelf Number: 134637

Keywords:
Computer Crimes
Cybercrime
Internet Crimes

Author: British Retail Consortium

Title: BRC Retail Crime Survey 2014

Summary: The Annual BRC Retail Crime Survey provides valuable evidence about the impact of crime on UK retailers. A broad range of retailers participate in the survey, from large multiples to smaller retailers, representing around half of the retail sector by turnover. Key findings - There were an estimated 3m offences against UK retailers in 2013-14, directly adding $603m to retailers' costs. - Although the volume of shop theft offences declined by 4 per cent, the average value of each incident increased from $177 to $241, which was the highest average value recorded for a decade. This trend is thought to be in part a consequence of retailers being targeted by more organised, sophisticated criminal activity. - Fraud increased by 12 per cent in 2013-14 and accounts for 37 per cent of the total cost of retail crime. Retailers warned that they expect fraud to pose the single most significant threat to their business over the next two years. - Retailers reported that cyber attacks pose a critical threat to their business. - There were 32 incidents of violence and abuse per 1,000 employees in 2013-14.

Details: London: BRC, 2015. 36p.

Source: Internet Resource: Accessed March 12, 2015 at: http://www.sbrcentre.co.uk/images/site_images/14591_BRC_Retail_Crime_Survey_2014.pdf

Year: 2015

Country: United Kingdom

URL: http://www.sbrcentre.co.uk/images/site_images/14591_BRC_Retail_Crime_Survey_2014.pdf

Shelf Number: 134909

Keywords:
Crime Statistics
Crimes Against Businesses
Cybercrime
Retail Crime (U.K.)
Theft

Author: Financial Industry Regulatory Authority

Title: Report on Cybersecurity Practices

Summary: Like many organizations in the financial services and other sectors, broker-dealers (firms) are the target of cyberattacks. The frequency and sophistication of these attacks is increasing and individual broker-dealers, and the industry as a whole, must make responding to these threats a high priority. This report is intended to assist firms in that effort. Based on FINRA's 2014 targeted examination of firms and other related initiatives, the report presents FINRA's latest work in this critical area. Given the rapidly evolving nature and pervasiveness of cyberattacks, it is unlikely to be our last. A variety of factors are driving firms' exposure to cybersecurity threats. The interplay between advances in technology, changes in firms' business models, and changes in how firms and their customers use technology create vulnerabilities in firms' information technology systems. For example, firms' Web-based activities can create opportunities for attackers to disrupt or gain access to firm and customer information. Similarly, employees and customers are using mobile devices to access information at broker-dealers that create a variety of new avenues for attack. The landscape of threat actors includes cybercriminals whose objective may be to steal money or information for commercial gain, nation states that may acquire information to advance national objectives, and hacktivists whose objectives may be to disrupt and embarrass an entity. Attackers, and the tools available to them, are increasingly sophisticated. Insiders, too, can pose significant threats. This report presents an approach to cybersecurity grounded in risk management to address these threats. It identifies principles and effective practices for firms to consider, while recognizing that there is no one-size-fits-all approach to cybersecurity. Key points in the report include: 00 A sound governance framework with strong leadership is essential. Numerous firms made the point that board- and senior-level engagement on cybersecurity issues is critical to the success of firms' cybersecurity programs. 00 Risk assessments serve as foundational tools for firms to understand the cybersecurity risks they face acrosacross the range of the firm's activities and assets-no matter the firm's size or business model. 00 Technical controls, a central component in a firm's cybersecurity program, are highly contingent on firms' individual situations. Because the number of potential control measures is large and situation dependent, FINRA discusses only a few representative controls here. Nonetheless, at a more general level, a defense-in-depth strategy can provide an effective approach to conceptualize control implementation. 00 Firms should develop, implement and test incident response plans. Key elements of such plans include containment and mitigation, eradication and recovery, investigation, notification and making customers whole. 00 Broker-dealers typically use vendors for services that provide the vendor with access to sensitive firm or client information or access to firm systems. Firms should manage cybersecurity risk exposures that arise from these relationships by exercising strong due diligence across the lifecycle of their vendor relationships. 00 A well-trained staff is an important defense against cyberattacks. Even well-intentioned staff can become inadvertent vectors for successful cyberattacks through, for example, the unintentional downloading of malware. Effective training helps reduce the likelihood that such attacks will be successful. 00 Firms should take advantage of intelligence-sharing opportunities to protect themselves from cyber threats. FINRA believes there are significant opportunities for broker-dealers to engage in collaborative self defense through such sharing.

Details: Washington, DC: FINRA, 2015. 46p.

Source: Internet Resource: Accessed March 18, 2015 at: https://www.finra.org/sites/default/files/p602363%20Report%20on%20Cybersecurity%20Practices_0.pdf

Year: 2015

Country: International

URL: https://www.finra.org/sites/default/files/p602363%20Report%20on%20Cybersecurity%20Practices_0.pdf

Shelf Number: 134961

Keywords:
Computer Security
Cybercrime
Cybersecurity
Financial Crimes
Internet Crime
Risk Assessment

Author: Przyswa, Eric

Title: Counterfeit Medicines and Criminal Organisations

Summary: Counterfeit Medicines are a major threat that is spreading dangerously across the globe and the International Institute of Research Against Counterfeit Medicines (IRACM) has decided to present a study report to decipher the relationship between organized crime and medicine counterfeiting. Today, every country, every person can come into contact with counterfeit medicines. The risk of taking counterfeit medicines "involuntarily" is increased exponentially for any potential patient of the "global village". This risk can become a real danger to individual lives, but also a global threat to public health. The IRACM wishes to alert the public by publishing this report to raise awareness among governments and citizens and help consumer-patients to make careful choices, whether on the internet or at markets in developing countries where drugs are sold on stalls at lower prices. The purpose of such a report is a hot topic as medicine counterfeiting issues have escalated to worrying heights with the growth of international trade and the Internet. This problem now generates major public health issues on an international scale. As for criminal organizations, they are often perceived simplistically in public debate and this research on this new subject seeks to attempt to characterize the structures that exist. The study focuses not only on Western countries but also on Russian and especially Chinese aspects, often regarded as strategic. This novel research report includes the best international academic sources and seeks to identify the logic behind the most significant criminal strategies rather than provide a hypothetical exhaustive list of organizations involved in such illegal trafficking. Many criminal organizations Based on our research, it is clear that criminal organizations are involved in medicine counterfeiting and three types of organization can be identified: Small-sized organizations (two to five people) often created by opportunistic individuals motivated by short-term gains. These organizations offer specific products at attractive prices. Medium-sized transnational organizations whose criminal profile varies: these may be structures stemming from organized crime (Wuppertal case1), opportunistic businessmen using sophisticated techniques to manage their organization (Arnaud B. case2) or people more directly connected to the pharmaceutical industry (Gillespie case). Large-scale and transnational organizations as seen in two significant cases: - The RxNorth case involving a Canadian distributor which, in parallel with its business, organized a complex system to import counterfeit medicines made in China into the United States, transiting them through Hong Kong, the Middle East, the UK and the Bahamas. - Another, even more complex example: a so-called "Jordanian-Syrian" network created in 2003 during the U.S. invasion of Iraq and which, through a succession of opportunities, evolved into multiple subnetworks in the region (Jordan, Palestinian territories, Egypt, Syria), then moved to the West with a counterfeit cancer drug whose network transited through several countries (Egypt, Turkey, Switzerland, Great Britain) before finally reaching the U.S. market. This case, which has received little media coverage, is thought to be the largest criminal network of medicine counterfeiting still active. Chinese organized crime has a very strategic role and it is important to distinguish Chinese criminal cases involving the Western market (the case of Kevin Xu, a businessman who specialized in exports), from cases mostly involving the local market where the criminals often have connections to the healthcare sector. Lastly, there are foreign structures that create local companies that serve to build transnational networks based in this leading region for the manufacture of counterfeit medicines. On the Internet there are two types of criminal structures. The first category includes opportunistic online networks set up on an ad hoc basis by being grafted onto "real" trade with the end consumer in the distribution phase. The second category of organizations is dedicated exclusively to online distribution with globalized affiliation techniques and aggressive advertising on search engines or through spam. The most significant case of a cybercrime organization in recent years involves the Russian Glavmed and SpamIt affiliation programs. The affiliates of these two networks benefited from "prefabricated" online pharmacies and a dozen SpamIt affiliates earned over $1 million in commission on their website. Vast criminal organizations Generally speaking, certain analytical limitations in deciphering these organizations have been identified and differentiate our analyses from most sources on the subject. Despite the proven involvement of Italian criminal organizations in the counterfeiting of luxury goods and the healthcare sector, their presence in the organization of counterfeit medicine trafficking is difficult to prove. However, the report raises the theoretical possibility of the Mafia's involvement in certain strategic locations such as harbours. As for the Chinese Triads, analysing their involvement has proven to be difficult, as research in mainland China is complex. In short, we must be cautious regarding the presence of traditional criminal organizations in our field of study. The involvement of terrorist organizations is also difficult to prove, despite many reports seeking to document money laundering linked to counterfeit medicine trafficking. But the explanations given are often related to broader geopolitical issues, raising doubts over the objectivity of such analyses (Hezbollah for example). However, the involvement of the IRA in the organization of a vast counterfeit veterinary drug trafficking network in the early 90s between Northern Ireland and Florida has been clearly proven. In sum, the report identifies these criminal organizations and their activities and characterizes them in several ways: - Fragmented crime through better access to illegal activities. The "massification" of printing, production and distribution techniques has clearly facilitated such developments. - Criminal organizations often operate based on a "structural holes" approach, seeking to maximize the systemic flaws in the supply chain or on a broader scale (free trade zones, tax havens, servers hosted in "protected" areas, etc.). - On a large scale, these organizations are characterized by a hybrid network structure, where licit operators can cooperate with illicit ones or be directly involved in such criminal trafficking. - In terms of timelines, it is important to distinguish between organizations likely to generate a major risk over a relatively short period of time, and that need to be dismantled as quickly as possible, and large hybrid organizations whose total elimination can take years. - To our knowledge, there are no sustainable large-scale transnational criminal organizations that combine trafficking on the Internet and trafficking in the "real" world. - Paradoxically, networks on the Internet often seem to have a more structured and consistent organization than organizations involved in medicine counterfeiting in the "real" world, which are more difficult to observe. - The counterfeit medicines distributed are no longer limited to "convenience" drugs but also include major diabetes and cancer treatments.

Details: Paris: Institut de Recherche Anti-Contrefacon de Medicaments, 2013. 129p.

Source: Internet Resource: Accessed April 9, 2015 at: http://www.iracm.com/wp-content/uploads/2014/02/Contrefacon-de-Medicaments-et-Organisations-Criminelles-EN.pdf

Year: 2013

Country: International

URL: http://www.iracm.com/wp-content/uploads/2014/02/Contrefacon-de-Medicaments-et-Organisations-Criminelles-EN.pdf

Shelf Number: 135203

Keywords:
Counterfeit Goods
Counterfeit Medicines
Cybercrime
Illegal Goods
Organized Crime
Pharmaceuticals

Author: Chertoff, Michael

Title: The Impact of the Dark Web on Internet Governance and Cyber Security

Summary: With the Internet Corporation for Assigned Names and Numbers' contract with the United States Department of Commerce due to expire in 2015, the international debate on Internet governance has been re-ignited. However, much of the debate has been over aspects of privacy and security on the visible Web and there has not been much consideration of the governance of the "deep Web" and the "dark Web." The term deep Web is used to denote a class of content on the Internet that, for various technical reasons, is not indexed by search engines. The dark Web is a part of the deep Web that has been intentionally hidden and is inaccessible through standard Web browsers. A relatively known source for content that resides on the dark Web is found in the Tor network. Tor, and other similar networks, enables users to traverse the Web in near-complete anonymity by encrypting data packets and sending them through several network nodes, called onion routers. Like any technology, from pencils to cellphones, anonymity can be used for both good and bad. Users who fear economic or political retribution for their actions turn to the dark Web for protection. But there are also those who take advantage of this online anonymity to use the dark Web for illegal activities such as controlled substance trading, illegal financial transactions, identity theft and so on. Considering that the dark Web differs from the visible Web, it is important to develop tools that can effectively monitor it. Limited monitoring can be achieved today by mapping the hidden services directory, customer data monitoring, social site monitoring, hidden service monitoring and semantic analysis. The deep Web has the potential to host an increasingly high number of malicious services and activities. The global multi-stakeholder community needs to consider its impact while discussing the future of Internet governance.

Details: Waterloo, ON: London: Centre for International Governance Innovation and the Royal Institute for International Affairs, 2015. 18p.

Source: Internet Resource: Paper Series: No. 6: Accessed April 15, 2015 at: https://www.cigionline.org/sites/default/files/gcig_paper_no6.pdf

Year: 2015

Country: International

URL: https://www.cigionline.org/sites/default/files/gcig_paper_no6.pdf

Shelf Number: 135233

Keywords:
Computer Crimes
Cybercrime
Cybersecurity
Dark Web
Internet Crime

Author: Koops, Bert-Jaap

Title: Cyberspace, the cloud, and cross-border criminal investigation. Cyberspace, the cloud, and cross-border criminal investigation

Summary: With the rise of cloud computing (using scalable computing resources as a service via the Internet), computer data are increasingly stored remotely - 'in the cloud' - instead of on users' devices. Due to the distributed, dynamic, and redundant nature of cloud storage, a particular file can often be stored in multiple places simultaneously, while it may not be stored in any single place in its entirety. For speed-optimisation reasons, data may be stored in the server park closest to the user's normal location. Cloud computing can involve multiple providers in different layered constellations and data can be encrypted. The cloud thus has significant implications for criminal investigation, particularly in cases where digital evidence is sought. Local search and seizure by the police will yield less and less evidence as users use cloud services such as webmail and remote data storage. This reinforces existing challenges of cyber-investigation, which not only requires swift evidence-gathering due to the vulnerability of data loss, but also powers to gain access to data remotely. One particular challenge in cyber-investigation is that such remote evidence-gathering powers will quickly extend beyond national borders. Under the rules of international law, states must then resort to traditional procedures of mutual legal assistance. This is, broadly speaking, a challenging process in cyber-investigations. In addition to organisational limitations, such as lack of capacity or priority-setting, and some legal limitations, such as double criminality, mutual assistance procedures are viewed by those conducting on-line investigations as cumbersome or ineffective for seeking digital evidence. Despite efforts to streamline and facilitate mutual legal assistance in cyber-investigation, the procedures remain inadequate in situations in which there is a need for expeditious data gathering, or where (cyber)criminals move data around with high frequency, and also where the location of the data cannot, or only through time-consuming efforts, be identified, which may often be the case in cloud computing situations. Where mutual legal assistance procedures do not work sufficiently, the question arises whether and under what conditions cross-border investigations are allowed, which is relevant not only for cybercrimes but for all crimes where perpetrators communicate via email or smartphone apps or use cloud storage services. Although a number of efforts have been aimed at trying to move forward in the field of cross-border cyber-investigation, these efforts have not yet resulted in any tangible improvement. A key reason for this is that territorially-based national sovereignty forms the basis of the international order and as a result, international law is strict in prohibiting investigative activities on foreign territory without the consent of the state concerned. The situation is thus one of stalemate: cyber-investigation officials wish to move forward in cross-border investigation but cannot do so because of the current limitations of international law and because the specific challenges of cyber-investigation have so far not induced states to create new international rules in this area that put strict interpretations of sovereignty aside. It is against this background of a 21st-century cloud computing paradigm meeting with 20th-century-based procedures for mutual legal assistance in criminal matters that the central problem of this study takes shape. This report aims to advance the debate on cross-border cyber-investigation by combining the fields of cyber-investigation and international law. The central question addressed in this study is what limits and what possibilities exist within international law for cross-border cyber-investigations by law enforcement authorities. The focus is on cloud storage services, but the analysis applies more generally to Internet investigations, in particular in the form of remote searches and the contacting of foreign service providers to request data. In particular, the report focuses on questions of the legality of cross-border access to data under international law in terms of the core principles of territorial integrity and non-interference in domestic affairs rather than on questions of human rights. The research for this report is based on desk research of international and supranational law and policy and academic literature in the fields of cyber-investigation and of international law, and on an international expert meeting with twenty experts in criminal law, cybercrime, Internet, and international law.

Details: Tilburg, NETH: TILT - Tilburg Institute for Law, Technology and Society, 2014. 101p.

Source: Internet Resource: Accessed April 20, 2015 at: http://english.wodc.nl/onderzoeksdatabase/2326-de-gevolgen-van-cloudcomputing-voor-de-opsporing-en-vervolging.aspx?cp=45&cs=6796

Year: 2014

Country: International

URL: http://english.wodc.nl/onderzoeksdatabase/2326-de-gevolgen-van-cloudcomputing-voor-de-opsporing-en-vervolging.aspx?cp=45&cs=6796

Shelf Number: 135266

Keywords:
Cloud Computing
Computer Crimes
Cybercrime
Internet Crimes
Police Investigations

Author: Jeffray, Calum

Title: Underground Web: The Cybercrime Challenge.

Summary: The two papers in this Special Report examine the central role that cybercrime plays in modern society and how technological developments create new opportunities for criminals to exploit. Calum Jeffray's paper, Caught in the net: the law enforcement response to international cybercrime, surveys the strategic cybercrime landscape and illustrates that, despite calls for law enforcement to 'do more' to prevent and investigate cybercrime, the agencies involved are often hampered in acting due to jurisdictional issues or the complexity of the investigations. Tobias Feakin's paper, Cryptomarkets - illicit goods in the darknet, examines the emergence of the 'darknet', where trading in illicit goods and services in online black markets has become increasingly commonplace and exacerbates the problems that law enforcement already faces - tracing and prosecuting illegal activities online.

Details: Barton, ACT: AUS: Australian Strategic Policy Institute, International Cyber Policy Centre, 2015. 16p.

Source: Internet Resource: Special Report: Accessed May 4, 2015 at: https://www.aspi.org.au/publications/underground-web-the-cybercrime-challenge/SR77_Underground_web_cybercrime.pdf

Year: 2015

Country: International

URL: https://www.aspi.org.au/publications/underground-web-the-cybercrime-challenge/SR77_Underground_web_cybercrime.pdf

Shelf Number: 135504

Keywords:
Black Markets
Cyber Security
Cybercrime
Illegal Trading
Illicit Goods
Internet Crimes

Author: U.S. Department of Education

Title: Student Reports of Bullying and Cyber-Bullying: Results From the 2013 School Crime Supplement to the National Crime Victimization Survey

Summary: This document reports data from the 2013 School Crime Supplement (SCS) of the National Crime Victimization Survey (NCVS).1 The Web Tables show the extent to which students with different personal characteristics report bullying and cyber-bullying. Estimates include responses by student characteristics: student sex, race/ethnicity, grade, and household income. The U.S. Census Bureau (Census) appended additional data from the 2010-11 Common Core of Data (CCD) and the 2011-12 Private School Universe Survey (PSS) to generate tables showing the extent to which bullying and cyber-bullying are reported by students in schools with different characteristics.2 School characteristics examined are region; sector (public or private); locale; level; enrollment size; student-to-full-time-equivalent (FTE) teacher ratio; percentage of combined American Indian/Alaska Native, Asian/Native Hawaiian/Other Pacific Islander, Black/African American, Hispanic/Latino, and students of two or more races; and percentage of students eligible for free or reduced-priced lunch. The SCS data tables show the relationship between bullying and cyber-bullying victimization and other crime-related variables, such as reported presence of gangs, guns, drugs, and alcohol, and hate-related graffiti at school; selected school security measures; student criminal victimization; and personal fear, avoidance behaviors, fighting, and weapon carrying at school. The tables appear in four sections. Section 1 is an overview table, showing the number and percentage of students ages 12 through 18 who reported being bullied at school and cyber-bullied anywhere, by type of bullying or cyber-bullying (table 1.1). Section 2 displays estimates for where in school bullying occurred, the percentage distribution of the frequency, and the type of bullying reported by students ages 12 through 18, by selected student and school characteristics (tables 2.1-2.6). Section 3 provides estimates for the percentage distribution of the frequency and the type of cyber-bullying reported by students ages 12 through 18, by selected student and school characteristics (tables 3.1-3.4). Section 4 displays the percentages of students bullied at school or cyber-bullied anywhere by student reports of unfavorable school conditions; selected school security measures; criminal victimization at school; and personal fear, avoidance behaviors, fighting, and weapon carrying at school (tables 4.1-4.4).

Details: Washington, DC: U.S. Department of Education, 2015. 53p.

Source: Internet Resource: Accessed May 13, 2015 at: http://nces.ed.gov/pubs2015/2015056.pdf

Year: 2015

Country: United States

URL: http://nces.ed.gov/pubs2015/2015056.pdf

Shelf Number: 135553

Keywords:
Bullying
Cyberbullying
Cybercrime
School Bullying
School Crimes
School Victimization

Author: Australia. Attorney-General's Department

Title: Improving the Measurement of Identity Crime and Misuse in Australia: Recommendations from the National Identity Crime and Misuse Measurement Framework Project

Summary: Traditional identity crime methodologies are continually being adapted to evolving technologies such as mobile devices, social media and cloud computing. This provides criminals with improved capabilities and opportunities to steal or manipulate personal and financial data, and can increase the number of potential victims of identity crime. On 21 October 2014, the Minister for Justice, the Hon Michael Keenan MP, released a report from the National Identity Crime and Misuse Measurement Framework pilot. The report was developed by the Attorney-General's Department and brought together available data from over 50 different Commonwealth, state and territory agencies as well as the private sector. The report found that identity crime is one of the most common crime types in Australia, affecting between 750 000 to 900 000 people each year, with an estimated annual cost of at least $1.6 billion. This project marks one of the first attempts by any government worldwide to systematically measure the incidents and impacts of identity crime. Identity crime has become one of the fastest growing and most common crimes affecting Australians each year - more people report being a victim of identity crime than assault, robbery, motor vehicle theft or household break-ins. In addition to the key findings of the project, a companion report has been developed containing recommendations for improving the quality and availability of data for measuring identity crime. These recommendations are primarily focussed on the systems of government agencies - reflecting the scope of the initial pilot exercise - but also recognise the need to further engage the private sector as a critical source of information and insights into the nature of identity crime and its impacts. The National Identity Crime and Misuse Measurement Framework report includes the results of community survey on identity crime that was commissioned by the Attorney-General's Department. This survey was conducted by the Australian Institute of Criminology (AIC) in 2013 and found that 9.4 per cent of 5000 respondents reported having their personal information stolen or misused in the previous 12 months, with 21 per cent reporting they were a victim at some point in their life. Of those reporting misuse in the previous 12 months, five per cent lost money as a result, at an average of just over $4000 per incident. As incidents may be underreported, the true extent of identity crime victimisation is likely to be much higher.

Details: Barton, ACT: Attorney-General's Department, 2014. 23p.

Source: Internet Resource: Accessed May 16, 2015 at: http://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Documents/ImprovingMeasurementIdentityCrimeAndMisuseInAustralia.pdf

Year: 2014

Country: Australia

URL: http://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Documents/ImprovingMeasurementIdentityCrimeAndMisuseInAustralia.pdf

Shelf Number: 135441

Keywords:
Computer Crimes
Crime Statistics
Crimes Against Businesses
Cybercrime
Identity Theft

Author: Australia. Attorney-General's Department

Title: Identity crime and misuse in Australia: Key findings from the National Identity Crime and Misuse Measurement Framework Pilot

Summary: Efforts to combat identity crime require a reliable evidence base that quantifies the complete nature and extent of the problem. In Australia and also internationally, there are limited sources of comprehensive, reliable data about identity crime and its consequences. To address this gap in knowledge, the Council of Australian Governments (COAG) agreed in 2012 that work should be undertaken to develop a national measurement framework for identity crime to better inform efforts to implement the National Identity Security Strategy (NISS). This report presents the key findings from a pilot data collection exercise that was undertaken as part of the project established to develop this measurement framework. Key finding: Each year around 4 to 5% of Australians (around 750,000 to 937,000 people) experience identity crime resulting in a financial loss. However, the true extent of identity crime is likely to be unknown, as a considerable proportion of incidents go unreported. The Australian Institute of Criminology conducted a 5,000-person online community survey (the AIC Survey) in 2013 as part of this pilot. They found that 9.4 percent of respondents reported having their personal information stolen or misused in the previous 12 months, with five percent reporting that they suffered financial losses as a result (Smith & Hutchings 2014). Identity crime is likely under-reported by both individual victims and organisations. For example, recent research has shown that only 50 percent of credit card fraud victims and 66 percent of identity theft victims reported the incident to a formal institution, such as law enforcement or a financial institution (ABS 2012). Key finding: Compared with other personal and theft-related crimes (i.e. assault, robbery, break-ins and motor vehicle theft), identity crime is one of the most prevalent crime types affecting Australians each year. Key finding: The price of fraudulent identity credentials suggests they are relatively cheap and easy to obtain. This is reflected in the variety of ways that these credentials are used to commit identity fraud. Information on data breaches (many of which go unreported) also suggests that the personal information needed to create fraudulent identity documents is also available to those willing to seek it out. Key finding: State and territory police detect up to an estimated 30,000 identity crimes each year, with around 24,000 offences proven guilty in a court of law. As identity crimes are often recorded under other related offences such as fraud, the actual number of identity crimes is likely much higher. Key finding: The majority of identity victims lose relatively small amounts of money (up to $1,000), although in some cases losses can run to hundreds of thousands of dollars. A significant proportion of victims also experience demands on their time or other adverse impacts to their mental or physical health, reputations or general wellbeing. Key finding: Only a small proportion of victims of identity crime report the incident to relevant organisations. Court-issued victims' certificates appear significantly underutilised as a mechanism to assist victims in recovering from the consequences of identity crime. Key finding: There are an increasing number of identity credentials that can be verified through the Document Verification Service (DVS), as well as a growing demand for the service amongst government and private sector organisations. Key finding: The estimated economic impact of identity crime in Australia is likely to exceed $1.6 billion per year. In light of the limited data available and the underreporting of identity crime, by both individuals and organisations, this is likely to be a conservative estimate. Key finding: Aside from underreporting, the single biggest limitation on efforts to measure identity crime is the lack of standardisation between organisations over definitions and how incidents are recorded.

Details: Barton, ACT: Attorney-General's Department, 2014. 92p.

Source: Internet Resource: Accessed May 16, 2015 at: http://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Documents/IdentityCrimeAndMisuseInAustralia.pdf

Year: 2014

Country: Australia

URL: http://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Documents/IdentityCrimeAndMisuseInAustralia.pdf

Shelf Number: 135442

Keywords:
Computer Crimes
Credit Card Fraut
Crime Statistics
Crimes Against Businesses
Cybercrime
Financial crimes
Identity Theft

Author: Gu, Lion

Title: The Mobile Cybercriminal Underground Market in China

Summary: The mobile Web is significantly changing the world. More and more people are replacing their PCs with various mobile devices for both work and entertainment. This change in consumer behavior is affecting the cybercriminal underground economy, causing a so-called "mobile underground" to emerge. This research paper provides a brief overview of some basic underground activities in the mobile space in China. It describes some of the available mobile underground products and services with their respective prices. Note that the products and services and related information featured in this paper were obtained from various sites and QQ chats.

Details: Irving, TX: Trend Micro, 2014. 17p.

Source: Internet Resource: Cybercriminal Underground Economy Series: Accessed May 15, 2015 at: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-mobile-cybercriminal-underground-market-in-china.pdf

Year: 2014

Country: China

URL: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-mobile-cybercriminal-underground-market-in-china.pdf

Shelf Number: 135688

Keywords:
Computer Crime
Cybercrime
Internet Crime
Underground Economy

Author: Goncharov, Max

Title: Russian Underground 101

Summary: This research paper intends to provide a brief summary of the cybercriminal underground and shed light on the basic types of hacker activity in Russia. The bulk of the information in this paper was based on data gathered from online forums and services used by Russian cybercriminals. We also relied on articles written by hackers on their activities, the computer threats they create, and the kind of information they post on forums' shopping sites. Online fraud has long since moved from being a mere hobby to a means for cybercriminals to earn a living. This paper examines what is being sold on the most popular cybercrime forums like antichat.ru, xeka.ru, and cardingcc.com; which items are in demand; and what services professional fraudsters offer. The fraudsters consider the Internet a playing field. It has many vulnerable sites and a great deal of unprotected data. While "protected" data do exist, the places they are stored in can still be hacked. Some cybercriminals shared their experience in hacking; generating traffic; and writing code for Trojans, exploits, and other malware via online articles. This paper discusses fundamental concepts that Russian hackers follow and the information they share with their peers. It also examines prices charged for various types of services, along with how prevalent the given services are in advertisements. The primary features of each type of activity and examples of associated service offerings are discussed as well. Each section of this paper focuses on a specific type of criminal activity, good, or service in the Russian underground market.

Details: Irving, TX: Trend Micro, 2012. 29p.

Source: Internet Resource: Accessed May 16, 2015 at: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf

Year: 2012

Country: Russia

URL: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf

Shelf Number: 135689

Keywords:
Computer Crime
Cybercrime
Fraud
Internet Crime
Underground Economy
Underground Markets

Author: Goncharov, Max

Title: Russian Underground Revisited

Summary: In 2012, we published "Russian Underground 101," which provided a brief summary of the cybercriminal underground and shed light on the basic types of hacker activity in the region. This year, we revisited the Russian cybercriminal underground market to update the information we provided then. As in the 2012 paper, the bulk of the information in this paper was based on data gathered from online forums and services used by cybercriminals in the region. We also relied on articles written by hackers on their activities, the computer threats they create, and the kind of information they post on forums' shopping sites. It also discusses fundamental concepts that hackers follow and the information they share with their peers and compares product and service prices from 2011 to 2013. Primary features of each product or service and examples are also provided. This paper is divided into five main sections - introduction, what characterizes the Russian underground market unique, products, services, and cybercriminal ware offerings in the market. This section discusses how we gathered data, normalized prices, and classified an offering as either a product or a service to answer questions we received when we published the 2012 paper. The second section characterizes the Russian underground market. It differentiates the region's underground market from others. The third and fourth sections, meanwhile, provide detailed descriptions of the most common products and services, respectively, offered in the Russian underground market. The last section provides pricing information on the products and services sold in the market. The cybercriminal underground economy, much like any other type of business economy, experiences pricing highs and lows, depending on demand and supply. In the Russian cybercriminal underground market's case, the huge demand for credit card credentials drives prices up. Then again, incidents such as the massive breaches involving popular retailers a few months ago, which increased the supply of such credentials, drive prices down. Unlike legitimate businesspeople, however, cybercriminals need to keep their identities secret and, as much as possible, hide all traces of their "business" transactions. Factors like this make real-time transactions almost impossible to do in the underground market. That said, business dealings in cybercriminal underground markets are much slower than in the legitimate business world. Even though the prices of most products and services sold in the Russian underground market have been decreasing, that does not mean that business is not doing well for cybercriminals. It can even mean that the market is growing, as we see more and more product and service offerings as time passes. Cybercriminals, like legitimate businesspeople, are also automating processes, resulting in lower product and service prices. Of course, "boutique" products and services remain expensive because these involve specialized knowledge and skills to develop that only a few bad guys have. What we all need to keep in mind is that as long as profit can be made, cybercriminals will continue to offer products and services that can make life easier for themselves and their peers. And as long as customers exist, the cybercriminal underground will thrive. As users and potential victims, we all need to keep an eye out for the latest misdeeds to stay safe from all kinds of digital threats.

Details: Irving, TX: Trend Micro, 2014. 25p.

Source: Internet Resource: Cybercriminal Underground Economy Series: Accessed May 16, 2015 at: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-revisited.pdf

Year: 2014

Country: Russia

URL: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-revisited.pdf

Shelf Number: 135690

Keywords:
Computer Crime
Cybercrime
Fraud
Internet Crime
Underground Economy
Underground Markets

Author: Gu, Lion

Title: The Chinese Underground in 2013

Summary: Places in the Internet where cybercriminals converge to sell and buy different products and services exist. Instead of creating their own attack tools from scratch, they can instead purchase what they need from peers who offer competitive prices. Like any other market, the laws of supply and demand dictate prices and feature offerings. But what's more interesting to note is that recently, prices have been going down. Over the years, we have been keeping tabs on major developments in the cybercriminal underground in an effort to stay true to our mission - to make the world safe for the exchange of digital information. Constant monitoring of cybercriminal activities for years has allowed us to gather intelligence to characterize the more advanced markets we have seen so far and to come up with comprehensive lists of offerings in them. The barriers to launching cybercrime have decreased. Toolkits are becoming more available and cheaper; some are even offered free of charge. Prices are lower and features are richer. Underground forums are thriving worldwide, particularly in Russia, China, and Brazil. These have become popular means to sell products and services to cybercriminals in the said countries. Cybercriminals are also making use of the Deep Web to sell products and services outside the indexed or searchable World Wide Web, making their online "shops" harder for law enforcement to find and take down. All of these developments mean that the computing public is at risk of being victimized more than ever and must completely reconsider how big a part security should play in their everyday computing behaviors. We have been continuously monitoring the Chinese underground market since 2011. And by the end of 2013, we have seen more than 1.4 million instant chat messages related to activities in the market from QQ Groups alone. This research paper reviews these millions of messages, along with trends observed and product and service price updates seen in the Chinese underground market throughout 2013.

Details: Irving, TX: Trend Micro, 2014. 21p.

Source: Internet Resource: Cybercriminal Underground Economy Series: Accessed May 16, 2015 at: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-chinese-underground-in-2013.pdf

Year: 2014

Country: China

URL: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-chinese-underground-in-2013.pdf

Shelf Number: 135691

Keywords:
Computer Crime
Cybercrime
Fraud
Internet Crime
Underground Economy
Underground Markets

Author: Merces, Fernando

Title: The Brazilian Underground: A Market for Cybercriminal Wannabes?

Summary: The Cybercriminal Underground Economy Series (CUES) has established that there is a booming underground market where cybercriminals can buy and sell products and services they use for their activities. This thriving market has provided attackers with the tools and knowledge needed to break barriers and launch cybercrime attacks. Very much like any other market, the laws of supply and demand dictate prices of the products and services being offered. The availability of materials used to inflict harm has increased: toolkits are more visible and their prices are getting cheaper. Interestingly enough, as the prices went lower, the features grew richer. In our continuing effort to closely observe booming underground markets scattered in different countries across the globe, this Trend Micro research paper closely looks at the continuing maturity of the Brazilian underground despite the lack of development in available tools and tactics. Similar to other cybercriminal underground markets like those that exist in China and Russia, the Brazilian underground possesses unique characteristics such as the use of popular social media platforms to commit fraud instead of hiding in the deep recesses of the Web with tools that ordinary users normally don't have access to. Cybercrooks in Brazil make use of popular mediums such as social networks like Facebook, YouTube, Twitter, Skype, and WhatsApp, as these have turned out to be effective venues. Notably, the underground scene in Brazil also has players that market number generators and checkers or testers for more than just credit cards. They offer tools created for attacks against products and services exclusive in Brazil while also offering training services for cybercriminal wannabes. The Underground Market Scene: Product Offerings: Banking Trojans: Brazil has been known for banking Trojans created by Brazilians to target banking customers in the country. Various Trojan-based techniques are being used to steal user credentials from bolware, including domain name system poisoning, fake browser windows, malicious browser extensions, and malicious proxies. Business application account credentials: Confidential data is of utmost value in Brazil, as in any underground market. In their cybercriminal underground market, credentials for popular business application services provided by Unitfour and Serasa Experian are being sold. Unitfour's online marketing service, InTouch, has the capability to keep and access potential or existing customers' personal information, which made it a target for cybercrooks. Such is the case with Serasa Experia, where plenty of information are used and sold for nefarious purposes. Online service account credential checkers: These are essentially tools used to validate account numbers for online services which they obtain by getting log in information from phishing campaigns. Phishing pages: In Brazil, creating phishing pages is simple-cybercriminals copy everything on the legitimate pages they wish to phish and change the destination the data collected goes to, such as a free webmail account that they own. This is how victims are redirected from legitimate websites without noticing it. Phone number lists: Phone number lists per town or city are usually offered by cybercriminals who sell spamming software and hardware. A mobile phone number list for a small town can be bought as well as home phone number lists used in phone-based scams. The list above is by no means comprehensive.

Details: Irving, TX: Trend Micro, 2014.

Source: Internet Resource: Cybercriminal Underground Economy Series: Accessed May 16, 2015 at: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-brazilian-underground-market.pdf

Year: 2014

Country: Brazil

URL: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-brazilian-underground-market.pdf

Shelf Number: 135692

Keywords:
Computer Crime
Cybercrime
Fraud
Internet Crime
Underground Economy
Underground Markets

Author: Australian Crime Commission

Title: Organised Crime in Australia 2015

Summary: The Organised Crime in Australia 2015 report provides the most comprehensive contemporary profile of serious and organised crime in Australia. The report provides the context in which organised crime operates in Australia and gives an overview of each of the key illicit markets and the activities which fundamentally enable serious and organised crime. The report provides government, industry and the public with information they need to better respond to the threat of organised crime, now and into the future. Organised Crime in Australia is an unclassified version of the Australian Crime Commission's Organised Crime Threat Assessment (OCTA) which is part of the Picture of Criminality in Australia suite of products. The OCTA is a classified assessment of the level of risk posed by various organised crime threats, categorised by activity, market and enabler.

Details: Canberra: ACC, 2015. 87p.

Source: Internet Resource: Accessed May 23, 2015 at: https://www.crimecommission.gov.au/sites/default/files/FINAL-ACC-OCA2015-180515.pdf

Year: 2015

Country: Australia

URL: https://www.crimecommission.gov.au/sites/default/files/FINAL-ACC-OCA2015-180515.pdf

Shelf Number: 135763

Keywords:
Cybercrime
Identity Theft
Illicit Markets
Organized Crime

Author: Tjong Tjin Tai, Eric

Title: Duties of care and diligence against cybercrime

Summary: - The present report is an exploratory investigation of whether contributory parties other than criminals and private individuals may have legal duties to help combat cybercrime. The scope is limited to four jurisdictions (The Netherlands, U.S.A., Brazil, and Czech Republic) and three specific topics of cybercrime: security of hardware and software, ransomware, and DDoS attacks. The focus is on a legal analysis, preceded by a brief factual description, and closing with tentative suggestions for improvement. - The causes and incidence of the three topics of cybercrime discussed in this research are tied up with global networks of communication, whereby purely local national government intervention may be insufficient to effectively fight cybercrime. In the relevant literature it is generally suggested that public-private partnerships would be required for combating cybercrime. - The approach of duties of care and diligence is a regulatory mechanism in which the focus is on private action with public encouragement. It relies on fostering practices that develop their own implicit standards and culture. - Specific parties such as Internet Service Providers (ISPs), software vendors, and businesses that are the victim of cybercrime are, in principle, well positioned to take actions against cybercrime. Albeit significant effort is taken by many companies, these efforts as a whole do not appear to have sufficient effect. The existing standards for action appear to be insufficiently specific. In addition, particular companies within these categories may do less than is possible, due to several causes. - ISPs in general have no legal duty to act to take preventive actions against cybercrime. They are generally exempt from liability as long as they remain passive to the content they transmit. Voluntary action by ISPs is to some extent discouraged by legal principles such as the rights to privacy and freedom of expression and the principle of net neutrality. The Netherlands has relatively detailed administrative rules regarding ISPs, compared to other jurisdictions. - Software vendors may have a limited duty to provide secure software, but their actual liability is insignificant as the result of limitation clauses. An exception is Brazil, which does have a form of product liability for software. Vendors have economic disincentives (a premium on being first to market with new functionality, and lack of user discrimination towards software security) against spending more effort for increasing software security. There is no administrative supervision for the software sector in general. - Businesses have, to some extent, a legal duty to prevent security breaches and unavailability of service through DDoS attacks. Customers have limited remedies to businesses that breach their obligations. Further action by businesses may find obstacles in a lack of security awareness or sense of urgency, limits to perceived benefits of additional security efforts, and lack of expertise.

Details: Tilberg, NETH: Tilburg University, 2015. 208p.

Source: Internet Resource: Accessed July 13, 2015 at: https://www.gccs2015.com/sites/default/files/documents/Bijlage%202%20-%20Duties%20of%20care%20and%20diligence%20against%20cybercrime%20(1).pdf

Year: 2015

Country: International

URL: https://www.gccs2015.com/sites/default/files/documents/Bijlage%202%20-%20Duties%20of%20care%20and%20diligence%20against%20cybercrime%20(1).pdf

Shelf Number: 136014

Keywords:
Cyber Security
Cybercrime
Internet Crime
Internet Security

Author: PriceWaterhouseCoopers

Title: Economic Crime: A threat to business globally

Summary: It comes as no surprise to learn that economic crime - such as fraud, IP infringement, corruption, cybercrime, or accounting fraud - continues to be a major concern for organisations of all sizes, across all regions and in virtually every sector. But, as our 2014 Global Economic Crime Survey reveals, the real story is not so much that economic crime stubbornly persists. The real story is that economic crime is threatening your business processes, eroding the integrity of your employees, and tarnishing your reputation. Which is why this year's report, one of the broadest and most comprehensive economic crime surveys we have ever conducted - with over 5,000 global respondents - is focused not only on breaking down the facts, figures, trends and regions, but also on analysing how and where it may be affecting you. So you can address the issue from both a preventive and strategic perspective. We invite you to explore the rich trove of data, trends and analysis of economic crime uncovered by our 2014 Global Economic Crime Survey - and contact us to learn more

Details: s.l.: PWC, 2015. 57p.

Source: Internet Resource: Accessed July 15, 2015 at: http://www.pwc.com/gx/en/economic-crime-survey/downloads.jhtml

Year: 2015

Country: International

URL: http://www.pwc.com/gx/en/economic-crime-survey/downloads.jhtml

Shelf Number: 136069

Keywords:
Cybercrime
Economic Crimes
Financial Crimes
Fraud

Author: Grant Thornton

Title: Illicit Trade: An Irish and Global Challenge

Summary: The growing threat of illicit trade and intellectual property crime is a real issue for the international community. This report focuses on the challenges currently facing both the Irish and international community across a number of different areas. Ultimately this report puts forth a number of key recommendations to help address these challenges. The specific focus has been on the areas of intellectual property crime, cybercrime, money laundering and retail.

Details: Dublin: Retail Ireland, 2015. 74p.

Source: Internet Resource: Accessed August 25, 2015 at: http://lovemovies.ie/wp-content/uploads/2014/04/Grant-Thornton-Illicit-Trade-Report-2014.pdf

Year: 2014

Country: Ireland

URL: http://lovemovies.ie/wp-content/uploads/2014/04/Grant-Thornton-Illicit-Trade-Report-2014.pdf

Shelf Number: 136579

Keywords:
Contraband
Costs of Crime
Crime Against Businesses
Cybercrime
Financial Crimes
Illegal Manufacturing
Illicit Trade
Intellectual Property Theft
Money Laundering
Organized Crime (Ireland)
Retail Crime

Author: Australia. Auditor General

Title: Cyber Attacks: Securing Agencies' ICT Systems

Summary: 1. Governments, businesses and individuals increasingly rely on information and communications technology (ICT) in their day-to-day activities, with rapid advances continuing to be made in how people and organisations communicate, interact and transact business through ICT and the Internet. In the government sector, ICT is used to deliver services, store and process information, and enable communications, with a consequent need to protect the privacy, security and integrity of information maintained on government systems. 2. Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion. In the government sector, the Australian Signals Directorate (ASD) has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 were considered serious enough to warrant a Cyber Security Operations Centre response. 3. The protection of Australian Government systems and information from unauthorised access and use is a key responsibility of agencies, having regard to their business operations and specific risks. In the context of a national government, those risks can range from threats to national security through to the disclosure of sensitive personal information. Unauthorised access through electronic means, also known as cyber intrusions, can result from the actions of outside individuals or organisations. Individuals operating from within government may also misuse information which they are authorised to access, or may inappropriately access and use government information holdings. 4. For some years, the Australian Government has established both an overarching protective security policy framework, and promulgated specific ICT risk mitigation strategies and related controls, to inform the ICT security posture6 of agencies. In 2013, the Government mandated elements of the framework, in response to the rapid escalation, intensity and sophistication of cyber crime and other cyber security threats.

Details: Canberra: Australian National Audit Office, 2014. 132p.

Source: Internet Resource: Audit Report No. 50 2013-14: Accessed September 5, 2015 at: http://www.anao.gov.au/~/media/Files/Audit%20Reports/2013%202014/Audit%20Report%2050/AuditReport_2013-2014_50.pdf

Year: 2014

Country: Australia

URL: http://www.anao.gov.au/~/media/Files/Audit%20Reports/2013%202014/Audit%20Report%2050/AuditReport_2013-2014_50.pdf

Shelf Number: 136699

Keywords:
Cyber Security
Cybercrime
Internet Crimes
Internet Security
National Security

Author: Broadband Commission for Digital Development

Title: Cyber Violence against Women and Girls: A world-wide wake-up call

Summary: Violence Against Women and Girls (VAWG) is already a problem of pandemic proportion; research shows that one in three women will experience some form of violence in her lifetime. Now, the new problem of cyber crime could significantly increase this staggering number, as our research suggests that 73% of women have already been exposed to or have experienced some form of online violence. With social networks still in their relative infancy, this is a problem that urgently needs to be addressed if the Net is to remain an open and empowering space for all. - The sheer volume of cyber VAWG has severe social and economic implications for women's status on the Internet. Threats of rape, death, and stalking put a premium on women's emotional bandwidth, take-up time and financial resources including legal fees, online protection services, and missed wages. Cyber VAWG can have a profoundly chilling effect on free speech and advocacy. - Women aged 18 to 24 are at a heightened risk of being exposed to every kind of cyber VAWG; they are uniquely likely to experience stalking and sexual harassment, while also not escaping the high rates of other types of harassment common to young people in general, like physical threats. - In the EU-28, 18 per cent of women have experienced a form of serious Internet violence at ages as young as 15. This corresponds to about 9 million women. - Complacency and failure to address and solve cyber VAWG could significantly impede the uptake of broadband by women everywhere; without action, an unprecedented surge of 21st century violence could run rampant if steps are not urgently taken to rein in the forms of online violence that are escalating unchecked.

Details: Geneva, SWIT: The Commission, 2015. 70p.

Source: Internet Resource: Accessed September 30, 2015 at: http://www.broadbandcommission.org/Documents/reports/bb-wg-gender-report2015.pdf

Year: 2015

Country: International

URL: http://www.broadbandcommission.org/Documents/reports/bb-wg-gender-report2015.pdf

Shelf Number: 136923

Keywords:
Computer Crime
Cybercrime
Internet Crime
Online Victimization
Violence Against Women, Girls

Author: McFarland, Charles

Title: The Hidden Data Economy: The Marketplace for Stolen Digital Information

Summary: Data is the "oil" of the digital economy. The commercial market for personal data is booming, with large databases of subscriber information driving up the enormous valuations of those companies that own it, even though many have yet to turn a profit. As the commercial value of personal data grows, cybercriminals have long since built an economy selling stolen data to anybody with a computer browser and the means to pay. In the 2013 McAfee Labs report Cybercrime Exposed: Cybercrime-as-a-Service, we demonstrated how current tools, products, and services can allow anyone to become a cybercriminal, regardless of technical ability. We followed up with the report Digital Laundry: An analysis of online currencies, and their use in cybercrime, which explained virtual currencies in detail and how they are used to convert stolen data into cash. By the time Digital Laundry was published in 2013, the publicity following the law enforcement action against the Silk Road let the world know that illegal products could easily be acquired online. Such actions have demonstrated just how much traditional crime has evolved with the help of the cyber world. Cybercrime Exposed and Digital Laundry focused on tools that aid an attack. This report will attempt to answer the question: What happens after a successful breach?

Details: Santa Clara, CA: Intel Security/McAfee, 2015. 19p.

Source: Internet Resource: Accessed November 6, 2015 at: http://www.mcafee.com/us/resources/reports/rp-hidden-data-economy.pdf

Year: 2015

Country: International

URL: http://www.mcafee.com/us/resources/reports/rp-hidden-data-economy.pdf

Shelf Number: 137217

Keywords:
Computer Crimes
Computer Security
Cybercrime

Author: Trend Micro

Title: Ascending the Ranks. The Brazilian Cybercriminal Underground in 2015

Summary: The fastest route to cybercriminal superstardom can be found in Latin America, particularly in Brazil. Any criminal aspirant can gain overnight notoriety with just a little bit of moxie and the right tools and training, which come in abundance in the country's untamed underground. This past year, we observed an influx of new players in the scene. Most of them are young and bold individuals with no regard for the law. Unlike their foreign counterparts, they do not rely so much on the Deep Web for transactions. They exhibit blatant disregard for the law by the way they use the Surface Web, particularly popular social media sites like Facebook and other public forums and apps. Using online aliases on these sites, they make names for themselves, flagrantly showing off all the spoils of their own mini operations. Although they share what they know to peers, they mostly work independently, trying to outdo the competition and ascend the ranks to become the top players in their chosen fields. Online banking is their biggest target; this makes banking malware and respective how-to tutorials prevalent. This trend remains consistent with what we reported two years ago. But since then, new offerings have also sprouted, including localized ransomware and personally identifiable information (PII)-querying services. Illegal goods that were only peddled in Brazil's backstreets have likewise crossed over to the underground. Anyone can now purchase counterfeit money and fake diplomas online. The brazenness of cybercriminal operations should come as no surprise. Brazilian law enforcement agencies already have a lot on their plate; budding criminals online are only additions to their list of challenges. Although they have started investing in the fight against this growing problem, will their efforts be enough to at least slow down its pace.

Details: Irving/Las Colinas, TX: Trend Micro, 2015. 320.

Source: Internet Resource: TrendLabs Research Paper: Accessed February 1, 2016 at: https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-ascending-the-ranks.pdf

Year: 2015

Country: Brazil

URL: https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-ascending-the-ranks.pdf

Shelf Number: 137721

Keywords:
Bank Fraud
Counterfeiting
Cybercrime
Online Victimization
Social Media

Author: European Commission. Directorate-General for Migration and Home Affairs

Title: Europeans' Attitudes Towards Security

Summary: Overall perception of security - Around 90% of people say that their immediate neighbourhood and their city, town or village are safe places to live. - Around 80% say that their own country and the EU are secure places to live. - Respect for fundamental rights and freedoms is thought to have the most positive impact on one's personal sense of security - 42% of respondents say this. Perceived threats and challenges - Terrorism is seen as the EU's most important security challenge, with half of all respondents describing it as important. - However, the level of concern varies considerably from country to country: 62% of people in Malta, but only 22% in Latvia, think terrorism is an important challenge. - Since 2011, the proportion of people identifying terrorism and religious extremism as important challenges has increased substantially. Fewer people now think that economic and financial crises are the most important challenge to security. - 65% of people think that terrorism is a very important internal security challenge for the EU, and 92% think it is important. - Over two-thirds of people think that the threat of terrorism is likely to increase over the next three years, with over half also saying that cybercrime and organised crime will increase. - Over eight out of ten respondents think that extremist ideologies, war and political instability, and poverty and social exclusion, are potential sources of threats to EU security. - Only seven out of ten people see climate change and pollution as a potential source of security threats. Responses to address security challenges - The police and the judicial system are seen as being chiefly responsible for ensuring the security of citizens: around nine out of ten respondents say this. - The police are seen as the organisation with the biggest role in ensuring the security of citizens in all but five Member States, where the judicial system is listed first. - Over half of the respondents think the police are doing enough to fight terrorism and drug trafficking, but less than half say enough is being done to fight other crimes. - A majority of respondents think that citizens' rights and freedoms have been restricted for reasons related to fighting terrorism and crime. - People are generally positive about the impact of new technologies, but a quarter think they will have a negative impact on the security of citizens.

Details: Luxembourg: The Commission, 2015. 108p.

Source: Internet Resource: http://ec.europa.eu/public_opinion/archives/ebs/ebs_432_en.pdf

Year: 2015

Country: Europe

URL: http://ec.europa.eu/public_opinion/archives/ebs/ebs_432_en.pdf

Shelf Number: 137809

Keywords:
Cybercrime
Extremist Groups
Organized Crime
Police Effectiveness
Public Safety
Security
Terrorism

Author: European Commission. Directorate-General for Home Affairs

Title: Cyber Security

Summary: This report brings together the results of the Special Eurobarometer public opinion survey on "Cyber security" in the 28 European Union countries. Cybercrime is a borderless problem, consisting of criminal acts that are committed online by using electronic communications networks and information systems, including crimes specific to the Internet, online fraud and forgery, and illegal online content. Whilst the value of the cybercriminal economy as a whole is not precisely known, the losses are thought to represent billions of euros per year. The scale of the problem is itself a threat to law enforcement response capability - with more than 150,000 viruses and other types of malicious code in circulation and a million people victims of cybercrime every day. Given the development of cybercrime in recent years, the European Commission has designed a coordinated policy in close co-operation with European Union (EU) Member States and the other EU institutions. EU legislative actions contributing to the fight against cybercrime address issues such as attacks against information systems, online offensive material and child pornography, online privacy, and online fraud and counterfeiting. The aim of this survey is to understand EU citizens' experiences and perceptions of cyber security issues. The survey examines the nature and frequency of Internet usage; their awareness and experience of cybercrime; and the level of concern that they feel about this type of crime. The findings from this survey update a previous survey which was carried out in May-June 2013 (Special Eurobarometer 404). The 2014 survey repeats most of the questions asked in 2013 in order to provide insight into the evolution of knowledge, behaviour and attitudes towards cyber security in the European Union.

Details: Luxembourg: European Commission, 2015. 171p.

Source: Internet Resource: Special Eurobarometer 423: Accessed February 8, 2016 at: http://ec.europa.eu/public_opinion/archives/ebs/ebs_423_en.pdf

Year: 2015

Country: Europe

URL: http://ec.europa.eu/public_opinion/archives/ebs/ebs_423_en.pdf

Shelf Number: 137810

Keywords:
Computer Crime
Cyber Security
Cybercrime
Internet Crime
Internet Safety
Online Victimization

Author: Great Britain. Home Office. Research, Information and Communications Unit

Title: Serious and Organised Crime Protection: Public Interventions Model

Summary: The public interventions model maps people's vulnerability to financial and cyber crime. The research identifies: - who is at risk from cyber, fraud and financial crime - what makes them vulnerable - how government, law enforcement and cross-sector partners can better protect them from becoming victims

Details: London: Home Office, 2016. 74p.

Source: Internet Resource: Accessed February 24, 2016 at: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/502960/Gov.uk_Serious_Organised_Crime_deck_vF.pdf

Year: 2016

Country: United Kingdom

URL: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/502960/Gov.uk_Serious_Organised_Crime_deck_vF.pdf

Shelf Number: 137949

Keywords:
Cybercrime
Financial Crimes
Fraud
Internet Crimes
Online Victimization
Organized Crime
Serious Crime

Author: Jardine, Eric

Title: The Dark Web Dilemma: Tor, Anonymity and Online Policing

Summary: Online anonymity-granting systems such as The Onion Router (Tor) network can be used for both good and ill. The Dark Web is possible only because of online anonymity. The Dark Web poses a dilemma. Illegal markets, trolls and online child abuse rings proliferate due to the technology of Tor and other similar systems. However, the anonymity provided by such systems gives cover for people in repressive regimes that need the protection of technology in order to surf the Web, access censored content and otherwise exercise their genuine right to free expression. In other words, Tor is basically a neutral tool that can be used for either good or ill. Whether the technology is worth it depends upon the net effect. Unfortunately, the costs and benefits of a system like Tor are not evenly distributed globally. The ills tend to cluster in liberal countries, while the benefits tend to cluster most in repressive regimes. Shuttering anonymity networks is not a viable long-term solution, as it will probably prove ineffective and will be costly to those people that genuinely benefit from these systems. Rather than being a solely technological problem, this paper argues that the issue posed by the Dark Web, enabled by anonymity-granting technologies, is a social one. Just as peace and order are maintained in our offline lives through judicious policing, the same principle should apply online. The networks of the Dark Web need to be more actively policed, especially in liberal democratic countries. Online policing, as shown by the take down of illegal marketplaces such as Silk Road and child pedophilia rings, is actually possible, and both as effective and as expedient as offline policing. More movement in the direction of judicious online policing can minimize the socially damaging costs of anonymity-granting technologies, while still allowing the benefits of such systems. It is not the ideal solution, but it is likely the best that can be done.

Details: London: Global Commission on Internet Governance, 2015. 24p.

Source: Internet Resource: Paper Series: No. 21: Accessed March 16, 2016 at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2667711

Year: 2015

Country: International

URL: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2667711

Shelf Number: 138263

Keywords:
Cyber Security
Cybercrime
Dark Web
Online Crime
Silk Road

Author: Lievens, Eva

Title: Bullying and Sexting in Social Networks from a Legal Perspective: Between Enforcement and Empowerment

Summary: The availability and use of social networking sites creates both opportunities and risks for their young users. This paper evaluates the applicability of the current legal framework to (cyber)bullying and sexting, two types of behaviour that are increasingly occurring between peers in the social networking environment. The analysis includes a mapping of applicable provisions at the European and national level, an analysis of the Terms of Service of two social networking providers and an overview and assessment of self-regulatory initiatives that have been taken by the industry in this area. The ultimate goal is to identify a number of elements for a comprehensive strategy to ensure that risks of (cyber)bullying and sexting are dealt with in a manner that empowers young users.

Details: Ghent: KU Leuven - Interdisciplinary Centre for Law and ICT (ICRI); Ghent University - Faculty of Law, 2012. 23p.

Source: Internet Resource: ICRI Working Paper 7/2012: Accessed March 21, 2016 at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2088166

Year: 2012

Country: Europe

URL: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2088166

Shelf Number: 138355

Keywords:
Bullying
Cybercrime
Online Victimization
Sexting
Social Networks

Author: PriceWaterhouseCoopers

Title: Adjusting the Lens on Economic Crime: preparation brings opportunity back into focus

Summary: More than a third of organisations have experienced economic crime in the past 24 months, as reported by over 6,000 respondents to PwC's Global Economic Crime Survey 2016. This year's results show that the incidence of economic crime has come down, for the first time since the global financial crisis of 2008-9 (albeit marginally by 1%).​ At first glance, this could be evidence of a return on the investments in the preventative measures which organisations have been making over the past few years. But as we look at the data more closely, it is possible that this small decrease is actually masking a worrying trend: that economic crime is changing significantly, but that detection and controls programmes are not keeping up with the pace of change. What's more, the financial cost of each fraud is on the rise.​ This year's report illustrates how economic crime has evolved over the last two years, morphing into different forms depending on industrial sector and region.​ Despite this evolving threat, we have seen a decrease in the detection of criminal activity by methods within management's control, with detection through corporate controls down by 7%. What's more, one in five organisations (22%) have not carried out a single fraud risk assessment in the last 24 months. When looked at in the context of the findings in PwC's 19th Annual Global CEO Survey - where two-thirds of chief executives agreed that there are more threats to the growth of their company than ever before (a sharp increase, compared to 59% in 2015) - this points to a potentially worrying trend: that too much is being left to chance. In fact, our findings indicate that one in ten economic crimes are discovered by accident.​

Details: s.l.: PriceWaterhouseCoopers, 2016. 56p.

Source: Internet Resource: Global Economic Crime Survey 2016: Accessed March 29, 2016 at: http://www.pwc.com/gx/en/economic-crime-survey/pdf/GlobalEconomicCrimeSurvey2016.pdf

Year: 2016

Country: International

URL: http://www.pwc.com/gx/en/economic-crime-survey/pdf/GlobalEconomicCrimeSurvey2016.pdf

Shelf Number: 138456

Keywords:
Cybercrime
Economic Crimes
Financial Crimes
Fraud

Author: Queensland Organised Crime Commission of Inquiry

Title: Report

Summary: The Commission commenced on 1 May 2015, by Commissions of Inquiry Order (No. 1) 2015, to make inquiry into the extent and nature of organised crime in Queensland and its economic and societal impacts. The otherwise very broad nature of such an inquiry was somewhat narrowed by the Terms of Reference within the Order in Council, which focused the Commission on four key areas: - the major illicit drug and/or precursor markets - online child sex offending, including the child exploitation material market - financial crimes, primarily investment/financial market fraud and financial data theft - the relationship between organised crime and corruption in Queensland. The Commission was also required to investigate the extent to which organised crime groups use various enabling mechanisms or services: in particular, money laundering, cyber and technology-enabled crime, identity crime, professional facilitators, violence and extortion. In carrying out the Inquiry, the Commission was to examine the adequacy and appropriateness of current responses to organised crime by law enforcement, intelligence, and prosecution agencies, as well as the adequacy of legislation and of the resources available to such agencies. The six-month timeframe given for the Inquiry was limited, given the areas required to be examined.

Details: Sydney: The Commission, 2015. 578p.

Source: Internet Resource: Accessed March 30, 2016 at: https://www.organisedcrimeinquiry.qld.gov.au/__data/assets/pdf_file/0017/935/QOCCI15287-ORGANISED-CRIME-INQUIRY_Final_Report.pdf

Year: 2015

Country: Australia

URL: https://www.organisedcrimeinquiry.qld.gov.au/__data/assets/pdf_file/0017/935/QOCCI15287-ORGANISED-CRIME-INQUIRY_Final_Report.pdf

Shelf Number: 138491

Keywords:
Child Sexual Exploitation
Corruption
Cybercrime
Drug Markets
Drug Trafficking
Financial Crimes
Identity Theft
Money Laundering
Motorcycle Gangs
Organized Crime

Author: Carrera, Sergio

Title: The Cost of Non-Europe in the Area of Organised Crime and Corruption: Annex I - Organised Crime

Summary: This Research Paper examines the costs of non-Europe in the field of organised crime. It provides an interdisciplinary analysis of the main legal/ethical, socio-political and economic costs and benefits of the EU in policies on organised crime. It offers an in-depth examination of the transformative contribution that the EU has made, in terms of investigation, prosecution and efficiency, to trans-border operational activities and the protection of its citizens' rights. Finally, it seeks to answer the questions of what are the costs and benefits of European cooperation and what forms of cooperation would bring more European added value.

Details: Brussels: European Parliamentary Research Service, 2016. 177p.

Source: Internet Resource: Accessed March 30, 2016 at: http://www.europarl.europa.eu/RegData/etudes/STUD/2016/579318/EPRS_STU(2016)579318_EN.pdf

Year: 2016

Country: Europe

URL: http://www.europarl.europa.eu/RegData/etudes/STUD/2016/579318/EPRS_STU(2016)579318_EN.pdf

Shelf Number: 138492

Keywords:
Costs of Crime
Counterfeiting
Cybercrime
Drug Trafficking
Economic Crimes
Environmental Crime
Human trafficking
Organized Crime
Weapons Trafficking

Author: Adams, Samantha

Title: The governance of cybersecurity: A comparative quick scan of approaches in Canada, Estonia, Germany, the Netherlands and the UK

Summary: Society's increased dependency on networked technologies and infrastructures in nearly all sectors poses a new challenge to governments and other actors to ensure the sustainability and security of all things 'cyber'. Cybersecurity is a particularly complex field, where multiple public and private actors must work together, often across state borders, not only to address current weaknesses, but also to anticipate and prevent or pre-empt a number of different kinds of threats. This report examines how public policy and regulatory measures are used to organise such processes in five countries: Canada, Estonia, Germany, the Netherlands and the UK.

Details: Tilburg, NETH: Tilburg University, Tilburg Institute for Law, Technology, and Society, 2015. 167p.

Source: Internet Resource: Accessed March 30, 2016 at: https://pure.uvt.nl/ws/files/8719741/TILT_Cybersecurity_Report_Final.pdf

Year: 2015

Country: International

URL: https://pure.uvt.nl/ws/files/8719741/TILT_Cybersecurity_Report_Final.pdf

Shelf Number: 138497

Keywords:
Computer Crime
Cybercrime
Cybersecurity
Internet Crime

Author: McAfee

Title: McAfee Labs Threats Report

Summary: Our McAfee Labs 2016 Threats Predictions Report, published in late November, has been widely read and quoted in the media. Some of the most interesting media coverage comes from The Wall Street Journal, Good Morning America, Silicon Valley Business Journal, and CXO Today. The report includes both near- and long-term views of our cyber security future. And now, as winter's storms have passed, we have published the McAfee Labs Threats Report: March 2016. In this quarterly threats report, we highlight two Key Topics: Intel Security interviewed almost 500 security professionals to understand their views and expectations about the sharing of cyber threat intelligence. We learned that awareness is very high and that 97% of those who share cyber threat intelligence see value in it. We explore how the Adwind Java-based backdoor Trojan attacks systems through increasingly clever spam campaigns, leading to a rapid increase in the number of Adwind .jar file submissions to McAfee Labs. These two Key Topics are followed by our usual set of quarterly threat statistics.

Details: Santa Clara, CA: McAfee Labs, 2016. 46p.

Source: Internet Resource: Accessed March 31, 2016 at: http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf

Year: 2015

Country: International

URL: http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf

Shelf Number: 138504

Keywords:
Computer Crime
Computer Security
Cybercrime
Cybersecurity
Internet Crime

Author: Great Britain. House of Commons. Defence Committee

Title: Deterrence in the twenty-first century

Summary: This inquiry is the fourth of a series which have evolved from our inquiry Towards the next Defence and Security Review. These cover a number of significant strands which the Committee believe would benefit from further Defence Committee consideration. The context in which deterrence must operate has changed in recent years with the diminution in some former threats and the emergence of new ones, but in its widest sense the concept of deterrence remains as important as ever. The Committee will examine: The concept of deterrence Definitions Where deterrence sits in the continuum stretching from influence to intervention The climate in which deterrence must operate and how it has changed The targets of deterrence Is every threat potentially deterrable? The different levels of deterrence, when each might be appropriate, and the likely efficacy of each nuclear deterrence deterrence though conventional forces the link between the two The significance of Ballistic Missile Deterrence deterrence by protection of potential targets The cyber dimension The importance of credibility The sufficiency of the means The sufficiency of the will and of the ways in which it is expressed Communication of the message, including to the target How the UK Armed Forces currently contribute to deterrence and how this contribution can be improved How deterrence can be expected to change in future

Details: London: The Stationery Office Limited, 2014. 2 vols.

Source: Internet Resource: HC 1066: Accessed April 2, 2016 at: http://www.publications.parliament.uk/pa/cm201314/cmselect/fence/1066/1066.pdf

Year: 2014

Country: United Kingdom

URL: http://www.publications.parliament.uk/pa/cm201314/cmselect/fence/1066/1066.pdf

Shelf Number: 138612

Keywords:
Counter-Terrorism
Cybercrime
Terrorism

Author: Cirlig, Carmen-Cristina

Title: EU-US cooperation on justice and home affairs - an overview

Summary: The United States is the key partner of the European Union in the area of justice and home affairs (JHA), including in the fight against terrorism. While formal cooperation on JHA issues between the US and the EU goes back to the 1995 New Transatlantic Agenda, it is since 2001 in particular that cooperation has intensified. Today, and for the period up until 2020, the key areas of transatlantic efforts in the JHA field are personal data protection, counter-terrorism and countering violent extremism, migration and border controls, tracing of firearms and explosives, money laundering and terrorism financing, cybercrime, drugs and information exchange. Regular dialogues at all levels, extensive operational cooperation and a series of legal agreements demonstrate the development of the transatlantic partnership on JHA. Assessments state that cooperation on law enforcement and counter-terrorism has led to hundreds of successful joint operations each year, and many foiled terrorist plots. Nevertheless, important challenges remain, in particular in light of the revelations of US mass surveillance activities and the resultant growth in EU concerns about US standards for data privacy. The European Parliament is making use of its extended powers in the JHA field, by urging a high level of data protection as well as effective and non-discriminatory means of redress for EU citizens in the US over improper use of their personal data.

Details: Strasbourg: European Parliamentary Research Service, 2016. 12p.

Source: Internet Resource: Briefing: Accessed April 8, 2016 at: http://www.europarl.europa.eu/RegData/etudes/BRIE/2016/580892/EPRS_BRI(2016)580892_EN.pdf

Year: 2016

Country: Europe

URL: http://www.europarl.europa.eu/RegData/etudes/BRIE/2016/580892/EPRS_BRI(2016)580892_EN.pdf

Shelf Number: 138606

Keywords:
Border Security
Counter-Terrorism
Cybercrime
Data Protection
Drug Trafficking
Extremist Groups
Information Sharing
Money Laundering
Partnerships
Terrorism
Violent Extremism

Author: Australian Government

Title: Australia's Cyber Security Strategy: Enabling innovation, growth and prosperity

Summary: Strong cyber security is a fundamental element of our growth and prosperity in a global economy. It is also vital for our national security. It requires partnership involving governments, the private sector and the community. Being connected is now essential, creating new opportunities for innovation and growth for all Australians. To be competitive, businesses need to be online. But this also brings risks. Australia is increasingly a target for cybercrime and espionage. All of us- governments, businesses and individuals- need to work together to build resilience to cyber security threats and to make the most of opportunities online. To grow, Australia needs to innovate and further diversify its economy-to access new markets and new forms of wealth creation. We must embrace disruptive technologies; those that have the potential to fundamentally change traditional business models and the way people live and work. They will open up new possibilities for agile businesses in ways as yet unimagined. But the potential of digital technologies depends on the extent to which we can trust the internet and cyberspace. Getting cyber security right will mean we capture more of the opportunities the connected world offers. It will also make Australia a preferred place to do business. This in turn will boost our national prosperity. We can also expand our cyber security businesses and export capability. Australia's cyber security is built on a solid foundation. Our past investment has been strong. Recent Government initiatives such as the Australian Cyber Security Centre have lifted Government capabilities to a new level. Many of our larger businesses, particularly banks and telecommunications companies, have strong cyber security capabilities. Our future work will build on this platform.

Details: Canberra: Office of the Prime Minister, 2016. 76p.

Source: Internet Resource: Accessed April 26, 2016 at: https://cybersecuritystrategy.dpmc.gov.au/assets/img/PMC-Cyber-Strategy.pdf

Year: 2016

Country: Australia

URL: https://cybersecuritystrategy.dpmc.gov.au/assets/img/PMC-Cyber-Strategy.pdf

Shelf Number: 138819

Keywords:
Cyber Security
Cybercrime
Internet Crime
National Security

Author: Verizon

Title: 2016 Data Breach Investigations Report

Summary: Our ninth Data Breach Investigations Report (DBIR) pulls together incident data from 67 contributors around the world to reveal the biggest IT security risks you'll face. This year's dataset is made up of over 100,000 incidents, of which 3,141 were confirmed data breaches. Of these, 64,199 incidents and 2,260 breaches comprise the finalized dataset that was used in the analysis and figures throughout the report. We address the reasons for culling the dataset in Victim Demographics and provide additional details when we discuss motives in Breach Trends. Of course, we would never suggest that every last security event of 2015 is in this report. We acknowledge sample bias, and provide information about our methodology as well as links to resources that we encourage you to look into to help collect and analyze incident data within your own organization, in Appendix E.

Details: New York?: Verizon, 2016. 85p.

Source: Internet Resource: Accessed May 4, 2016 at: http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

Year: 2016

Country: International

URL: http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

Shelf Number: 138913

Keywords:
Cyber Security
Cybercrime
Financial Crimes

Author: Australian Competition and Consumer Commission

Title: Targeting Scams: Report of the ACCC on scams activity 2015

Summary: The Australian Competition and Consumer Commission's (ACCC) seventh annual report on scams activity in Australia highlights the significant financial loss and emotional harm incurred by the Australian community as a result of scams. In 2015 the ACCC received over 105 000 scam reports, 14 000 more than in 2014. Reported monetary losses also grew by 4 per cent, to almost $85 million. For this year's report the ACCC has also reviewed data from other jurisdictions that receive reports or detect scams to gain a clearer picture of the significance of losses caused by scam activity in Australia. Reports to the Australian Cybercrime Online Reporting Network (ACORN) revealed losses of over $127 million1. Additionally, various scam disruption programs, operated by the ACCC and other agencies, also detect Australians sending funds to high risk jurisdictions. A combined estimate of losses to this unreported scam activity is $17.1 million. Combining Scamwatch and ACORN data with losses detected through scam disruption work, total scam losses exceed $229 million. This report seeks to explore the nature of scam losses and identify some emerging trends. It focuses on data reported to Scamwatch and statistics provided in the report are in respect of that data unless specifically stated otherwise. By far the most concerning trend in the ACCC's Scamwatch data related to investment scams, which overtook dating and romance scams as the category with the largest financial losses reported by Australians in the last year. Losses to investment scams almost doubled, from $12.5 million to $24.4 million with six people reporting individual losses of $1 million or more. Additionally, ACORN data shows reported losses to investment scams of almost $17 million. This brings total reported losses to more than $41 million and this still does not include those that do not report or may have reported to another organisation. It is not hard to see why many Australians are losing large sums of money in these scams given how difficult they are to identify. These more sophisticated scams often involve scammers who use accurate technical jargon in carefully crafted cold calling scripts and accompany this with glossy brochures backed up by professional-looking websites. Even astute investors have been known to fall victim to these more calculated scams. Losses reported to Scamwatch from dating and romance scams have reduced by more than $5 million (18.5 per cent) to $22.7 million, and are the second highest category in 2015. Together with investment scams, they account for 56 per cent of scam losses reported to Scamwatch in the past year. A further $14.8 million was reported to ACORN. When you add in the $17.1 million identified through disruption initiatives, this brings the total for relationships scams to over $54 million. While investment and dating scams caused the most losses in 2015, the most commonly reported scams to the ACCC have been phishing scams, reclaim scams and upfront payment/advanced fee scams. Over 15 000 reports of phishing scams have been received, resulting in a total reported loss of $363 270. While the number of reports we received are spread across all age groups, it is middle aged and older Australians who are reporting the highest losses. The ACCC has taken a closer look at the risk that scam activity poses to older Australians in this report.

Details: Canberra: ACCC, 2016. 81p.

Source: Internet Resource: Accessed May 19, 2016 at: http://apo.org.au/files/Resource/targeting_scams_-_report_of_the_accc_on_scam_activity_2015.pdf

Year: 2016

Country: Australia

URL: http://apo.org.au/files/Resource/targeting_scams_-_report_of_the_accc_on_scam_activity_2015.pdf

Shelf Number: 139103

Keywords:
Consumer Protection and Fraud
Crimes Against Business
Cybercrime
Financial Crimes
Fraud
Scams

Author: EY

Title: Fraud and corruption -- Driving away talent? Asia-Pacific Fraud Survey 2015

Summary: Given the ongoing war for talent in Asia-Pacific (APAC), our APAC Fraud Survey 2015 reveals a compelling new reason for executives and boards to revisit their fraud, bribery and corruption risk mitigation strategies. To date, the incentives to get compliance right have centered on minimizing financial losses, reducing the management time required to investigate and remediate issues, and preventing the reputational damage caused by corruption. But with a vast majority of our more than 1,500 respondents rating ethical practices as important - and nearly 80% saying they would be unwilling to work for organizations involved in bribery and corruption - there's a new imperative to manage fraud, bribery and corruption risks effectively. Failing to do so could see promising talent avoid working for organizations and cause the best employees to jump ship, leading to higher attrition rates and expensive recruitment campaigns. In markets where it's already difficult to recruit and retain staff, the consequences could be catastrophic. As this survey discusses, to avoid putting their valued talent and growth strategies at risk, APAC companies will need a holistic fraud prevention and detection framework - backed by strong leadership, with up-to-date and well-enforced internal controls, policies and procedures. Organizations also need to improve the way they handle whistleblower hotline complaints, with far fewer respondents willing to use a hotline when compared to our 2013 survey. Our 2015 survey also concludes that the answer to increasing regulatory enforcement and stretched in-house compliance teams lies in leveraging big data through forensic data analytics (FDA), as well as involving the entire C-suite in preparing for a possible cybercrime incident.

Details: s.l.: EY, 2015. 28p.

Source: Internet Resource: Accessed May 23, 2016 at: http://www.ey.com/Publication/vwLUAssets/ey-apac-fraud-survey-2015/$FILE/ey-apac-fraud-survey-2015.pdf

Year: 2015

Country: Asia

URL: http://www.ey.com/Publication/vwLUAssets/ey-apac-fraud-survey-2015/$FILE/ey-apac-fraud-survey-2015.pdf

Shelf Number: 139139

Keywords:
Bribes
Crimes Against Business
Cybercrime
Financial Crimes
Fraud and Corruption

Author: Rosemont, Hugo

Title: Public-Private Security Cooperation: From Cyber to Financial Crime

Summary: Over the past two years, there has been considerable focus in the UK on developing a strategic and tactical partnership between the public and private sectors in order to achieve a step-change in the country's response to financial crime. Speaking at RUSI in June 2014, Theresa May, the then home secretary, emphasised the importance of the partnership between private sector companies and law enforcement to tackling financial crime, preventing money laundering and recovering the proceeds of crime. The result: the formation of the Financial Sector Forum and the creation of the Joint Money Laundering Intelligence Taskforce (JMLIT), a public-private partnership dedicated to collaboration in order to enhance the national response to financial crime. While this nascent effort appears to be gaining traction, and the JMLIT is being moved to a permanent footing, it is certainly not the first such initiative to be established. This paper from RUSI's Centre for Financial Crime and Security Studies considers lessons that can be learnt from the establishment of previous public-private partnerships, in particular the Cyber-security Information Sharing Partnership (CiSP). The author stresses the importance of establishing measurable objectives that are co-designed and agreed upon from the outset. Too often such partnerships, established in good faith and with undoubted commitment, fade as the initial enthusiasm wanes, staff are reassigned, and those contributing time and resources question the value of their commitment. As the UK's JMLIT emerges from its pilot phase, the longevity of this initiative will be challenged as its initial momentum fades. It is therefore critical that the JMLIT draws on the experience of other, similarly important public-private sector security partnerships in order to anticipate and address the challenges it might face as it matures.

Details: London: Royal United Services Institute for Defence and Security Studies, 2016. 33p.

Source: Internet Resource: RUSI Occasional paper: Accessed September 2, 2016 at: https://rusi.org/sites/default/files/op_201608_rosemont_public-private_security_cooperation1.pdf

Year: 2016

Country: United Kingdom

URL: https://rusi.org/sites/default/files/op_201608_rosemont_public-private_security_cooperation1.pdf

Shelf Number: 140119

Keywords:
Cybercrime
Financial Crime
Money Laundering
Partnerships
Private Security
Security

Author: European Parliament. Directorate-General for Internal Policies. Policy Department C: Citizzen's Rights and Constitutional Affairs

Title: Cyberbullying Among Young People

Summary: his study provides an overview of the extent, scope and forms of cyberbullying in the EU taking into account the age and gender of victims and perpetrators as well as the medium used. Commissioned by the Policy Department for Citizens' Rights and Constitutional Affairs at the request of the LIBE Committee, the study illustrates the legal and policy measures on cyberbullying adopted at EU and international levels and delineates the EU role in this area. An analysis of legislation and policies aimed at preventing and fighting this phenomenon across the 28 EU Member States is also presented. The study outlines the variety of definitions of cyberbullying across EU Member States and the similarities and differences between cyberbullying, traditional bullying and cyber aggression. Moreover, it presents successful practices on how to prevent and combat cyberbullying in nine selected EU Member States and puts forward recommendations for improving the response at EU and Member State levels.

Details: Brussels: European Parliament, 2016. 196p.

Source: Internet Resource: Accessed September 7, 2016 at: http://www.europarl.europa.eu/RegData/etudes/STUD/2016/571367/IPOL_STU(2016)571367_EN.pdf

Year: 2016

Country: Europe

URL: http://www.europarl.europa.eu/RegData/etudes/STUD/2016/571367/IPOL_STU(2016)571367_EN.pdf

Shelf Number: 147855

Keywords:
Bullying
Computer Crimes
Cyberbullying
Cybercrime
Internet Crimes

Author: Ponemon Institute

Title: 2016 Cost of Data Breach Study: Global Analysis

Summary: IBM and Ponemon Institute are pleased to release the 2016 Cost of Data Breach Study: Global Analysis. According to our research, the average total cost of a data breach for the 383 companies participating in this research increased from $3.79 to $4 million . The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158 in this year's study. In addition to cost data, our global study looks at the likelihood of a company having one or more data breach occurrences in the next 24 months. We estimate a 26 percent probability of a material data breach involving 10,000 lost or stolen records. According to this year's findings, organizations in Brazil and South Africa are most likely to have a material data breach involving 10,000 or more records. In contrast, organizations in Germany and Australia are least likely to experience a material data breach. In this year's study, 383 companies located in the following 12 countries participated: United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the Arabian region (United Arab Emirates and Saudi Arabia), Canada and, for the first time, South Africa. All participating organizations experienced a data breach ranging from approximately 3,000 to slightly more than 101,500 compromised records . We define a compromised record as one that identifies the individual whose information has been lost or stolen in a data breach. Seven global megatrends in the cost of data breach research Over the many years studying the data breach experience of 2,013 organizations in every industry, the research has revealed the following seven megatrends. 1. Since first conducting this research, the cost of a data breach has not fluctuated significantly. This suggests that it is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies. 2. The biggest financial consequence to organizations that experienced a data breach is lost business. Following a data breach, organizations need to take steps to retain customers' trust to reduce the long-term financial impact. 3. Most data breaches continue to be caused by criminal and malicious attacks. These breaches also take the most time to detect and contain. As a result, they have the highest cost per record. 4. Organizations recognize that the longer it takes to detect and contain a data breach the more costly it becomes to resolve. Over the years, detection and escalation costs in our research have increased. This suggests investments are being made in technologies and in-house expertise to reduce the time to detect and contain. 5. Regulated industries, such as healthcare and financial services, have the most costly data breaches because of fines and the higher than average rate of lost business and customers. 6. Improvements in data governance programs will reduce the cost of data breach. Incident response plans, appointment of a CISO, employee training and awareness programs and a business continuity management strategy continue to result in cost savings. 7. Investments in certain data loss prevention controls and activities such as encryption and endpoint security solutions are important for preventing data breaches. This year's study revealed a reduction in the cost when companies participated in threat sharing and deployed data loss prevention technologies.

Details: Traverse City, MI: Ponemon Institute, 2016. 32p.

Source: Internet Resource: Accessed September 7, 2016 at: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03094WWEN

Year: 2016

Country: International

URL: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03094WWEN

Shelf Number: 140233

Keywords:
Computer Crimes
Crimes Against Businesses
Cyber Security
Cybercrime

Author: Zhilla, Fabian

Title: Organised crime risk assessment in Albania: Executive summary

Summary: This study focuses on the organised crime activities in Albania, as well as those conducted by Albanian criminal networks in the region and beyond. The study analyses organised crime activities such as trafficking in persons, illicit drugs and arms, smuggling of migrants, extortion, contract killings, organised cybercrime and money laundering. In some cases, so as to be able to clearly identify them, comparisons were made between various criminal activities and groups, despite the difficulties encountered with resources and the method applied. Various sources are used (both primary and secondary), including national official reports, and European and international agencies fighting organised crime. In addition, 44 interviews were conducted with experts that have a direct or indirect relation with the fight against organised crime, for instance, serious crime judges, prosecutors, lawyers, investigative journalists, civil society representatives and experts of organised cyber-crime. The total duration of recorded interviews is 24 hours and 12 minutes. Our findings and the opinions of the interviewees suggest that the elements that have stimulated organised crime in the country are of a social, economic and political nature: - Transition from a totalitarian regime with a stringent policy on crime, to a fragile democracy with weak and unconsolidated institutions, and staff without sufficient education and/or experience; - Chaotic situation post-1997 with the collapse of the pyramid schemes; - Institutions that are subject to reform, with staff turnover due to changes in government; - Lack of institutional independence, and endemic corruption in the police and law-enforcement agencies; - Albania's favourable geographical position - with drug-producing and supplier countries such as Afghanistan and Turkey in the East, and high-consumption countries in the West; - International nature of organised crime and the impact of globalisation; - Lack of political stability in the country for more than two decades; - Weak economy with high levels of unemployment and insufficient earnings per capita (one of the lowest in the continent); - Dismantling of social structures, adversely affecting the family as the nucleus; - Continuous immigration waves, importing experiences and criminal connections obtained abroad; - Support from members of the Albanian diaspora; - Conflicts in the region, with 'golden opportunities' to obtain money from the trafficking of arms, smuggling activities, etc; - Use of technology and advanced communication tools

Details: Tirana, Albania: Open Society Foundation for Albania, 2016. 16p.

Source: Internet Resource: Accessed September 22, 2016 at: https://www.osfa.al/sites/default/files/press_permbledhje_english_0.pdf

Year: 2016

Country: Albania

URL: https://www.osfa.al/sites/default/files/press_permbledhje_english_0.pdf

Shelf Number: 140410

Keywords:
Cybercrime
Drug Trafficking
Extortion
Human Trafficking
Money Laundering
Organized Crime

Author: Europol

Title: Internet Organised Crime Threat Assessment. IOCTA 2016

Summary: The 2016 Internet Organised Crime Threat Assessment (IOCTA) is a law enforcement-centric threat assessment intended to inform priority setting for the EMPACT Operational Action Plans in the three sub-priority areas of cybercrime (cyber attacks, child sexual exploitation online and payment fraud). The IOCTA also seeks to inform decision-makers at strategic, policy and tactical levels on how to fight cybercrime more effectively and to better protect online society against cyber threats. The 2016 IOCTA provides a view from the trenches, drawing primarily on the experiences of law enforcement within the EU Member States to highlight the threats visibly impacting on industry and private citizens within the EU. The IOCTA is a forward-looking assessment presenting analyses of future risks and emerging threats, providing recommendations to align and strengthen the joint efforts of EU law enforcement and its partners in preventing and fighting cybercrime.

Details: The Hague: European Police Office, 2016. 72p.

Source: Internet Resource: Accessed October 6, 2016 at: https://www.europol.europa.eu/content/internet-organised-crime-threat-assessment-iocta-2016

Year: 2016

Country: Europe

URL: https://www.europol.europa.eu/content/internet-organised-crime-threat-assessment-iocta-2016

Shelf Number: 147825

Keywords:
Child Sexual Exploitation
Cybercrime
Organized Crime
Payment Fraud

Author: Ponemon Institute

Title: Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations

Summary: Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations sponsored by Varonis, was conducted to determine the security gaps within organizations that can lead to data breaches and security incidents such as ransomware. The study surveyed a total of 3,027 employees in US and European organizations (United Kingdom, Germany and France), including 1,371 individuals (hereafter referred to as end users) who work in such areas as sales, finance and accounting, corporate IT, and business operations, and 1,656 individuals who work in IT and IT security (hereafter referred to as IT). This report includes Key Findings, Conclusions, Methods, and an Appendix with detailed survey questions and results.

Details: Traverse City, MI: Ponemon Institute, 2016. 26p.

Source: Internet Resource: Accessed October 12, 2016 at: https://info.varonis.com/hubfs/docs/research_reports/Varonis_Ponemon_2016_Report.pdf

Year: 2016

Country: International

URL: https://info.varonis.com/hubfs/docs/research_reports/Varonis_Ponemon_2016_Report.pdf

Shelf Number: 147899

Keywords:
Computer Security
Crimes Against Businesses
Cybercrime
Data Breaches
Data Security

Author: Nakao, Keisuke

Title: Transnational Policing: Preemption and Deterrence against Elusive Perpetrators

Summary: Why does a state directly police certain kinds of transnational perpetrators by itself while indirectly policing other kinds through their host government? To address this question, we develop a formal model, where Defender chooses either to police Perpetrators or to make Proxy do so. According to our theory, the delegation of policing can enhance its effectiveness in light of Proxy's three advantages: (a) Proxy can convince Perpetrators of punishments more credibly than Defender (communicative advantage); (b) Proxy is more likely to identify Perpetrators and detect what they hold dear (informational advantage); (c) Proxy can cripple and punish Perpetrators more effectively (offensive advantage). On the other hand, the delegation may cause inefficiency if Defender has limited information about Proxy's choice or cost of policing. Depending on the relative size between these advantages and disadvantages, one of the following four forms of policing may emerge: (i) Defender polices Perpetrators on her own (e.g., Somali counter-piracy operations); (ii) Defender induces Proxy to police Perpetrators (U.S. War on Drugs in Colombia and Mexico); (iii) Defender and Proxy together police Perpetrators (Operation Inherent Resolve); (iv) two or more Defender-Proxy states police Perpetrators in each's own domain (Interpol, Budapest Convention).

Details: Unpublished paper, 2016. 32p.

Source: Internet Resource: Accessed October 17, 2016 at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2808474

Year: 2016

Country: International

URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2808474

Shelf Number: 144872

Keywords:
Cybercrime
Deterrence
Intellectual Piracy
Terrorism

Author: Europol

Title: IOCTA 2016: Internet Organised Crime Threat Assessment

Summary: The 2016 Internet Organised Crime Threat Assessment (IOCTA) is a law enforcement-centric threat assessment intended to inform priority setting for the EMPACT Operational Action Plans in the three sub-priority areas of cybercrime (cyber attacks, child sexual exploitation online and payment fraud). The IOCTA also seeks to inform decision-makers at strategic, policy and tactical levels on how to fight cybercrime more effectively and to better protect online society against cyber threats. The 2016 IOCTA provides a view from the trenches, drawing primarily on the experiences of law enforcement within the EU Member States to highlight the threats visibly impacting on industry and private citizens within the EU. The IOCTA is a forward-looking assessment presenting analyses of future risks and emerging threats, providing recommendations to align and strengthen the joint efforts of EU law enforcement and its partners in preventing and fighting cybercrime.

Details: Paris: EUROPOL, 2016. 72p.

Source: Internet Resource: Accessed November 22, 2016 at: https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2016

Year: 2016

Country: Europe

URL: https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2016

Shelf Number: 147314

Keywords:
Computer Crimes
Cybercrime
Internet Crimes
Organized Crime

Author: Alazab, Mamoun

Title: Spam and criminal activity

Summary: The rapid growth of the internet is transforming how we engage and communicate. It also creates new opportunities for fraud and data theft. One way cybercriminals exploit the vulnerabilities of new technologies and potential victims is the use of deceptive emails on a massive scale. In a sample of more than 13 million emails identified as spam, more than 100,000 contained malicious attachments; nearly 1.4 million contained malicious web links. If opened, these attachments and links could infect the recipients' devices with software that allows cybercriminals to remotely access them. This paper describes how crime groups increasingly adopt novel approaches to cybercrime. Increased law enforcement capacity, the cultivation of high-level coordination between industry, government and police, and the further development of machine learning techniques should be at the forefront of government initiatives in this area.

Details: Canberra: Australian Institute of Criminology, 2016. 20p.

Source: Internet Resource: Trends & issues in crime and criminal justice, no. 526: Accessed December 5, 2016 at: http://aic.gov.au/media_library/publications/tandi_pdf/tandi526.pdf

Year: 2016

Country: Australia

URL: http://aic.gov.au/media_library/publications/tandi_pdf/tandi526.pdf

Shelf Number: 147867

Keywords:
Computer Crimes
Cybercrime
Internet Crimes
Online Victimization
Spam

Author: Australia. Attorney-General's Department

Title: Identity crime and misuse in Australia 2016

Summary: This is the third in a series of reports that seek to analyse the nature and extent of identity crime and misuse in Australia. These reports compile data from Commonwealth, state and territory agencies, as well as the private sector and other non-government sources. The Attorney-General’s Department leads the development of these reports as a key initiative of the National Identity Security Strategy. Cost of identity crime The annual cost of identity crime in Australia is $2.2b. This includes the direct and indirect losses incurred by government agencies and individuals; and the cost of identity crimes recorded by police. The costs of preventing and responding to identity crime are estimated to be a further $390m, bringing the total economic impact of identity crime in Australia to approximately $2.6b per year. These figures represent a revised estimate of the cost of identity crime in Australia to $2.2b compared to the estimate of $2b from the 2013–14 report. This is due to better availability of data and is not necessarily an indicator of change over the intervening time.

Details: Canberra: Attorney-General's Department, 2016. 91p.

Source: Internet Resource: Accessed December 6, 2016 at: https://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Documents/Identity-crime-and-misuse-in-Australia-2016.pdf

Year: 2016

Country: Australia

URL: https://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Documents/Identity-crime-and-misuse-in-Australia-2016.pdf

Shelf Number: 147922

Keywords:
Computer Crimes
Costs of Crime
Cybercrime
Financial Crimes
Fraud
Identity Theft

Author: Collins, Brian

Title: Cyber Trust and Crime Prevention: A Synthesis of the State-of-the-Art Science Reviews

Summary: This report provides a synthesis of theoretical and empirical work in the sciences and social sciences that indicates the drivers, opportunities, threats, and barriers to the future evolution of cyberspace and the feasibility of crime prevention measures. It is based on 10 state-of-the-art science reviews commissioned by the Foresight Project. Each of the papers highlights the current state of knowledge in selected areas as well as gaps in the evidence base needed to address issues of cyber trust and crime prevention in the future. Complexity and System Behaviour The analysis in this report shows that the whole of cyberspace is subject to unpredictable and emergent system behaviour. This gives rise to considerable uncertainty about future developments and this is especially at the interfaces between the components of the system. This review of developments in cyberspace technologies and the social system demonstrates that there will be new opportunities for crime and that strategies to minimise these will involve numerous choices. The solutions for improving cyber trust and crime prevention in a pervasive computing environment will differ from those in use today. New paradigms for cyberspace security, privacy protection, risk assessment and crime prevention will be needed, together with a stronger cross-disciplinary research effort.

Details: London: Home Office, 2004. 101p.

Source: Internet Resource: Accessed February 4, 2017 at: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/299219/04-1147-cyber-trust-reviews.pdf

Year: 2004

Country: United Kingdom

URL: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/299219/04-1147-cyber-trust-reviews.pdf

Shelf Number: 145875

Keywords:
Computer Crime
Computer Security
Crime Prevention
Cybercrime

Author: U.S. Federal Communications Commission

Title: Cybersecurity Risk Reduction

Summary: Cybersecurity is a top priority for the Commission. The rapid growth of network-connected consumer devices creates particular cybersecurity challenges. The Commission's oversight of our country's privately owned and managed communications networks is an important component of the larger effort to protect critical communications infrastructure and the American public from malicious cyber actors. The Commission is uniquely situated to comprehensively address this issue given its authority over the use of radio spectrum as well as the connections to, and interconnections between, commercial networks, which touch virtually every aspect of our economy. Other agencies have also begun looking at network-connected devices and the security implications they bring in certain industry segments. The Commission's rules include obligations for Internet Service Providers (ISPs) to take measures to protect their networks from harmful interconnected devices. These rules make clear that providers not only have the latitude to take actions to protect consumers from harm, but have the responsibility to do so. Reasonable network management must include practices to ensure network security and integrity, including by "addressing traffic harmful to the network," such as denial of service attacks. The Public Safety and Homeland Security’s (PSHSB or Bureau) cybersecurity initiatives build upon FCC rules that have, for decades, effectively evolved to balance security, privacy, and innovation within the telecommunications market. The U.S. telecommunications market leads the world as a consequence of this light touch, but surgical, approach. Commission staff actively work with stakeholders to address cyber challenges presented by today's end-to-end Internet environment. This environment is vastly different and more challenging than the legacy telecommunications security environment that preceded it. Today insecure devices, connected through wireless networks, have shut down service to millions of customers by attacking critical control utilities neither licensed nor directly regulated by the Commission. These attacks highlight that security vulnerabilities inherent in devices attached to networks now can have large-scale impacts. As the end-to-end Internet user experience continues to expand and diversify, the Commission's ability to reduce cyber risk for individuals and businesses will continue to be taxed. But shifting this risk oversight responsibility to a non-regulatory body would not be good policy. It would be resource intensive and ultimately drive dramatic federal costs and still most certainly fail to address the risk for over 30,000 communications service providers and their vendor base. The Commission must address these cyber challenges to protect consumers using telecommunications networks. Cyber risk crosses corporate and national boundaries, making it imperative that private sector leadership in the communications sector step up its responsibility and accountability for cyber risk reduction. In this vein, the Commission has worked closely with its Federal Advisory Committees (FAC), as well as with its federal partners and other stakeholders, to foster standards and best practices for cyber risk reduction. The Commission worked with the other regulatory agencies to create a forum whereby agency principals share best regulatory practices and coordinate our approaches for reducing cybersecurity risk. A rich body of recommendations, including voluntary best practices, is the result. Industry implementation of these practices must be part of any effort to reduce cybersecurity risk. The Commission, however cannot rely solely on organic market incentives to reduce cyber risk in the communications sector. As private actors, ISPs operate in economic environments that pressure against investments that do not directly contribute to profit. Protective actions taken by one ISP can be undermined by the failure of other ISPs to take similar actions. This weakens the incentive of all ISPs to invest in such protections. Cyber-accountability therefore requires a combination of market-based incentives and appropriate regulatory oversight where the market does not, or cannot, do the job effectively. PSHSB has developed a portfolio of programs to address cybersecurity risk in the telecommunications sector in a responsible manner. These initiatives include collaborative efforts with key Internet stakeholder groups; increased interagency cooperation; and regulatory solutions to address residual risks that are unlikely to be addressed by market forces alone. This white paper describes the risk reduction portfolio of the current Commission and suggests actions that would continue to affirmatively reduce cyber risk in a manner that incents competition, protects consumers, and reduces significant national security risks.

Details: Washington, dC: Federal Communications Commission, 2017. 56p.

Source: Internet Resource: Accessed February 11, 2017 at: http://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0118/DOC-343096A1.pdf

Year: 2017

Country: United States

URL: http://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0118/DOC-343096A1.pdf

Shelf Number: 145022

Keywords:
Cybercrime
Cybersecurity
Internet Crime
Internet Security
Supply Chains
Telecommunications

Author: Bulanova-Hristova, Gerganga, ed.

Title: Cyber-OC-Scope and Manifestations in Selected EU Member States

Summary: The threats arising from different types of cybercrime are real and constantly evolving, as the internet with its anonymity and borderless reach provides new opportunities for physical and virtual criminal activities. We can see complex cybercriminal networks connecting subgroups and also single individuals that are active on, through and against the internet. At the same time there are also 'offline' criminal organisations using the internet to facilitate their activities and to increase their profit. Even so-called 'traditional' organised crime groups are widening their criminal portfolios by committing cybercrime. By constantly evolving online opportunities, their acts of 'traditional crimes' become even more far-reaching and damaging, thus benefiting the criminal organisation. It is not only the involvement of organised crime in cybercrime that is dangerous, but also cybercrime committed in an organised manner. Cyber-OC represents the convergence of these two phenomena. Despite the huge threat arising from its cumulative character, Cyber-OC is frequently underestimated and differently defined even by law enforcement authorities.

Details: Wiesbaden: Bundeskriminalamt, 2016. 298p.

Source: Internet Resource: Accessed February 16, 2017 at: http://eucpn.org/sites/default/files/content/download/files/52._cyber-oc_-_scope_and_manifestations_in_selected_eu_member_states.pdf

Year: 2016

Country: Europe

URL: http://eucpn.org/sites/default/files/content/download/files/52._cyber-oc_-_scope_and_manifestations_in_selected_eu_member_states.pdf

Shelf Number: 141043

Keywords:
Computer Crime
Computer Security
Cybercrime
Organized Crime

Author: Jaitman, Laura

Title: The Costs of Crime and Violence: New Evidence and Insights in Latin America and the Caribbean

Summary: This publication is the first to provide a comprehensive, systematic, and rigorous analysis of the costs of crime in Latin America and the Caribbean. The main challenges in the region are addressed: the social cost of homicides, private and public spending on security, the penitentiary crisis, violence against women, organized crime, and cybercrime. The volume estimates that the direct cost of crime for 17 LAC countries in 2010-2014 is, on average, 3.5 percent of the region's GDP, twice as much as in the developed world. It also provides a detailed analysis of the costs of crime in Brazil by state, as well as an examination of the geographical distribution and drivers of crime in the most dangerous subregions: the Northern Triangle in Central America and the Caribbean. The situation in terms of violence against women and cybercrime is assessed: the region is lagging behind to confront these new and old crimes.

Details: Washington, DC: Inter-American Development Bank, 2017. 129p.

Source: Internet Resource: Accessed February 23, 2017 at: https://publications.iadb.org/bitstream/handle/11319/8133/The-Costs-of-Crime-and-Violence-New-Evidence-and-Insights-in-Latin-America-and-the-Caribbean.pdf?sequence=7

Year: 2017

Country: Latin America

URL: https://publications.iadb.org/bitstream/handle/11319/8133/The-Costs-of-Crime-and-Violence-New-Evidence-and-Insights-in-Latin-America-and-the-Caribbean.pdf?sequence=7

Shelf Number: 141203

Keywords:
Costs of Crime
Costs of Criminal Justice
Cybercrime
Economics of Crime
Homicides
Organized Crime
Prisons
Violence Against Women
Violent Crime

Author: Muggah, Robert

Title: Securing the Border: Brazil's

Summary: Brazil is at a crossroads in the fight against transnational organized crime. For one, Brazil is claiming a wider involvement in the international peace and security agenda and pursuing priorities overseas. At the same time, the country is adopting what might be described as a "South American first" approach to dealing with narco-trafficking, arms smuggling, money laundering and cybercrime. It consists of investing in subregional institutions and discrete bilateral agreements in its near abroad. This more localized approach is contributing to the consolidation of Brazilian state institutions in its hinterland. But what direction will Brazil take in the coming decade? This Strategic Paper offers an overview of the scope and scale of organized crime in Latin America and Brazil more specifically. It critically reviews Brazil's normative and institutional responses – both regional and national – and considers likely future security postures.

Details: Rio de Janeiro: Igarapé Institute, 2013. 29p.

Source: Internet Resource: Strategic Paper 5: Accessed March 4, 2017 at: https://igarape.org.br/wp-content/uploads/2013/05/AE-05_EN_Securing-the-border.pdf

Year: 2013

Country: Brazil

URL: https://igarape.org.br/wp-content/uploads/2013/05/AE-05_EN_Securing-the-border.pdf

Shelf Number: 146410

Keywords:
Arms Smuggling
Border Security
Cybercrime
Drug Trafficking
Money Laundering
Organized Crime

Author: Diniz, Gustavo

Title: Deconstructing Cyber Security in Brazil: Threats and Responses

Summary: Brazil is doubling down on its cyber-security architecture while simultaneously consolidating its emerging power status. Although organized crime is one of the major threats to Brazilian cyberspace, resources are focused instead on military solutions better suited to the exceptional case of warfare. There is less emphasis on expanding law enforcement capabilities to identify and respond to cyber-crime and related digital malfeasance. Due to the absence of a unified government position on the issue or reliable data, Brazil has evolved an imbalanced approach to cyber-security. If Brazil is to re-balance its approach, it needs to fill knowledge gaps. At a minimum, policy makers require a better understanding of the strategies, tactics and resources of hackers and cyber-crime groups, the ways in which traditional crime is migrating online and the implications of new surveillance technologies. The government should also encourage a broad debate with a clear communications strategy about the requirements of cyber-security and what forms this might take. More critical reflection on the form and content of measured and efficient strategies to engage cyber threats is also needed. Improved coordination between state police forces to better anticipate and respond to cyber-crime is essential. If Brazil is to build a robust and effective cyber-security strategy, an informed debate must begin immediately.

Details: Rio de Janeiro: Instituto Igarapé , 2014. 35p.

Source: Internet Resource: Strategic Paper 11: Accessed March 4, 2017 at: https://igarape.org.br/wp-content/uploads/2014/11/Strategic-Paper-11-Cyber2.pdf

Year: 2014

Country: Brazil

URL: https://igarape.org.br/wp-content/uploads/2014/11/Strategic-Paper-11-Cyber2.pdf

Shelf Number: 141328

Keywords:
Computer Crime
Cyber Security
Cybercrime
Internet Crime
Surveillance Technology

Author: United Nations Special Representative of the Secretary-General on Violence Against Children

Title: Ending the Torment: Tackling Bullying from the Schoolyard to Cyberspace

Summary: This publication seeks to bring together key elements of the rich global expertise on the issue of bullying in order to share information, ideas and examples of best practice with all those who are interested in tackling such a scourge. It offers a complement to the United Nations Secretary-General's Study on Violence against Children and will hopefully provide further impetus to the drive by countries throughout the world to understand and better prevent the bullying of children and young people in all its ugly manifestations. As on all issues that affect children, it is essential that their ideas and views are sought and heard. The perceptions, experience and recommendations of children are of fundamental importance in tackling any issue of concern to them and their ideas are an important part of this publication. Their views and perspectives feature particularly in the chapter on UNICEF's U-Report. The U-Report is an electronic platform that reaches two million children, the majority in Africa, seeking their views and offering them an opportunity to widely share their experiences. But we also hear their voices in articles from other authors. The key themes of this publication focus on the areas that need to be developed and strengthened in order to prevent bullying and to effectively mitigate its harm. Providing information on, and raising awareness of, the insidious and damaging nature of bullying, as well as providing guidance on coping with its negative impacts are an important part of addressing the issue: so too are efforts to enable children to take action themselves to combat the problem. Their empowerment must be at the heart of any holistic approach to bullying. Chapter 1 of this publication therefore looks at these issues and draws on expertise from different perspectives and regions. From Greece, George Moschos looks at respecting children's rights and promoting a participatory culture of peace and respect in schools. Maria Luisa Sotomayor brings us the responses from the U-Report and considers new approaches to participation and the use of ICTs. And finally, Anne Lindboe and Anders Cameron, from Norway, consider the role of independent human rights institutions in preventing and responding to violence and in particular bullying. In Chapter 2, the publication moves into a consideration of legislation and public policies with the first article by Brian O'Neill, from Ireland, examining a national multi-facetted approach to the prevention of bullying and cyberbullying. The second article, by Eric Debarbieux, considers the school climate in Europe, and France in particular, and looks at the ways in which changing perceptions can lead to a change in public policies. Kirrily Pells, Maria Jose, Ogando Portela and Patricia Espinoza draw on evidence from a number of countries to understand the structural drivers of bullying: these include poverty and inequity. Christophe Cornu and Yongfeng Liu look at the importance of an inclusive and equitable education for all learners in an environment free from discrimination and violence based on sexual orientation and gender identity/ expression and how this can be supported by governments. And finally, Bernard Gerbaka and Fares BouMitri introduce a new topic with a look at the role of the medical community in addressing bullying. Chapter 3 looks at the essential field of school interventions. In this section Dan Olweus, a pioneer in the field and creator of the Olweus Bullying Prevention Program, and Susan Limber, consider the building blocks for an effective bullying prevention and response model. Then Sanna Herkama and Christina Salmivalli look at the success of the KiVa anti-bullying programme in Finland, which uses a whole-school approach. Julie Swanson and Katharina Anton-Erxleben, from the USA, give an important and strong gender perspective on bullying and school-related gender-based violence. And finally in this section Ersilia Menesini and Annalaura Nocenti look at tailoring different prevention approaches to the national context in Italy. Chapter 4 examines the importance of data, without which we cannot understand or assess the extent of the problem. Dominic Richardson and Chii Fen Hiu lead off this section with a review of existing data and a look at what is needed to develop a solid response on prevention. This is followed by an article in which Sonia Livingstone, Mariya Stoilova and Anthony Kelly examine the evidence for the claim that new media bring new problems, arguing in conclusion that bullying and cyberbullying are inextricably linked in complex and challenging ways. Patrick Burton takes a look at data on bullying and cyberbullying in southern Africa, while Michael Dunne, Thu Ba Pham, Ha Hai Thi Le and Jiandong Sun, consider the impact of bullying and severe educational stress and the challenges faced in East Asian schools. Maha Almuneef presents a review of bullying in the Arab region, suggesting future policy development directions, and finally in this section, Robertas Povilaitis analyses experiences of projects in Lithuania while the International Child Helpline presents interesting case studies and data. The contributors to this publication represent all regions, their expertise ranges across a number of different fields, and their research examines different aspects of bullying and cyberbullying. Further information on the authors is included later in the publication. This publication has sought to identify issues to which we should be giving greater visibility and prominence, new facets of the problem that should be shared, concerns that should addressed, and examples of good practices that can stimulate and boost action by governments, policy makers, teachers and children themselves in the fight against bullying.

Details: New York: Office of the Special Representative of the Secretary-General on Violence against Children, 2016. 174p.

Source: Internet Resource: Accessed April 14, 2017 at: http://srsg.violenceagainstchildren.org/sites/default/files/2016/End%20bullying/bullyingreport.pdf

Year: 2016

Country: International

URL: http://srsg.violenceagainstchildren.org/sites/default/files/2016/End%20bullying/bullyingreport.pdf

Shelf Number: 144904

Keywords:
Bullying
Child Protection
Cyberbullying
Cybercrime
Online Bullying
School Bullying
Violence Against Children

Author: National Crime Agency (UK)

Title: Pathways Into Cyber Crime

Summary: The report, which is based on debriefs with offenders and those on the fringes of criminality, explores why young people assessed as unlikely to commit more traditional crimes get involved in cyber crime. The report emphasises that financial gain is not necessarily a priority for young offenders. Instead, the sense of accomplishment at completing a challenge, and proving oneself to peers in order to increase online reputations are the main motivations for those involved in cyber criminality. During his debrief, Subject 7, who was jailed for Computer Misuse Act and fraud offences, told officers, "..it made me popular, I enjoyed the feeling... I looked up to those users with the best reputations". The report identifies that some offenders begin by participating in gaming cheat websites and 'modding' (game modification) forums before progressing to criminal hacking forums. The assessment notes that off-the-shelf tools such as DDOS-for-hire services and Remote Access Trojans (RATs) are available with step by step tutorials at little to no cost to the user, making the skills barrier for entry into cyber crime lower than it has ever been. It also highlights that whilst there is no socio-demographic bias, with people across the country from different backgrounds among offenders, the average age of cyber criminals is significantly younger than other crime types. In 2015, the average age of suspects in NCA cyber crime investigations was 17 years old, compared to 37 in NCA drugs cases and 39 in NCA economic crime cases. Subject 1, a member of a hacking collective who sold DDoS tools and Botnet services, told officers that a warning from law enforcement would have made him stop his activities. The report also identifies education and opportunities to use skills positively as helpful in steering potential offenders towards a future career in cyber security.

Details: London: NCA, 2017. 18p.

Source: Internet Resource: Accessed April 28, 2017 at: http://www.nationalcrimeagency.gov.uk/publications/791-pathways-into-cyber-crime/f

Year: 2017

Country: United Kingdom

URL: http://www.nationalcrimeagency.gov.uk/publications/791-pathways-into-cyber-crime/f

Shelf Number: 145184

Keywords:
Computer Crimes
Computer Hacking
Cybercrime
Cybersecurity
Internet Crimes
Social Media

Author: Biancotti, Claudia

Title: Cyber attacks: Preliminary evidence from the Bank of Italy's business surveys

Summary: This paper presents preliminary evidence on cyber risk in the Italian private sector based on the Bank of Italy's annual surveys of Italian industrial and service firms. The information collected, albeit only covering the incidence of cyber attacks and some aspects of security governance, is the first of its kind for Italy. The results are striking: even though a mere 1.5 per cent of businesses do not deploy any cyber-security measures, 30.3 per cent - corresponding to 35.6 per cent of total employees - report at least some damage from a cyber attack between September 2015 and September 2016. Once data are corrected to account for unwillingness to report or inability to detect attacks on the part of some respondents, these figures climb to 45.2 and 56 per cent respectively, with large, high-tech and internationally exposed businesses faring worse than average. The economy-wide risk level is likely to be higher still; the financial sector, healthcare, education and social care are excluded from the sample, but they are known from other sources to be particularly appealing to attackers.

Details: Rome: Bank of Italy, 2017. 32p.

Source: Internet Resource: Occasional Paper, no. 373: Accessed May 10, 2017 at: https://www.bancaditalia.it/pubblicazioni/qef/2017-0373/QEF_373.pdf?language_id=1

Year: 2017

Country: Italy

URL: https://www.bancaditalia.it/pubblicazioni/qef/2017-0373/QEF_373.pdf?language_id=1

Shelf Number: 145393

Keywords:
Computer Crimes
Computer Security
Crime Against Businesses
Cyber Security
Cybercrime

Author: Tavares, Cynthia

Title: Money laundering in Europe Report of work carried out by Eurostat and DG Home Affairs

Summary: Statistics on crime and criminal justice represent one of the newest areas of Eurostat's activities. The collection of data on this subject from the Member States began in response to the mandate issued by the European Council in the Hague Programme in 2004: ... the European Council welcomes the initiative of the Commission to establish European instruments for collecting, analysing and comparing information on crime and victimisation and their respective trends in Member States, using national statistics and other sources of information as agreed indicators. Eurostat should be tasked with the definition of such data and its collection from the Member States1. In response to this challenge, Eurostat has established contact with the organisations principally responsible for crime statistics in each of the European Union Member States. These organisations have contributed substantially to the development of an international collection of crime statistics within the framework of the European Statistical System. Eurostat wishes to thank the colleagues concerned in these organisations for their co-operation in this field. The progress made to date may be followed on the Eurostat website and in successive issues of the series Statistics in Focus. It has always been evident that comparable information on 'traditional' types of crime such as theft and assault would be easier to obtain than in so-called 'new areas' such as for example cybercrime, human trafficking, fraud and corruption. For such types of offence (which are often associated with the concept 'organised crime') the absence of an international framework of methods and definitions has necessitated a far more intensive process of conceptual development. This process has been undertaken in active collaboration with the Member States and according to the strategy set out in the Action Plan adopted by the Commission to implement the Hague Programme. The present publication represents the first fruits of this process. The specific crime of money-laundering is among the priority areas identified in the Action Plan and data has been collected by Eurostat from the Member States in several stages, followed each time by a careful analysis of the figures received and subsequent adjustment of the methodology. The contribution to this process of the Commission's Directorate-General for Home Affairs is gratefully acknowledged. It is recognised that the current state of the results does not entirely comply with the stringent requirements of the European Statistics Code of Practice. Further development is planned to improve data quality in future collections. Nevertheless the political demand for this information is such that it seems opportune to make it available at this stage in the form of a Eurostat Working Paper. This implies that suitable caution should be exercised in interpreting the figures, and that the methodological notes and caveats provided should be rigorously taken into account in all subsequent analysis.

Details: Luxembourg: Publications Office of the European Union, 2010. 92p.

Source: Internet Resource: Accessed May 10, 2017 at: http://ec.europa.eu/eurostat/documents/3888793/5846749/KS-RA-10-003-EN.PDF/d6540680-3944-4c22-9b8b-8109ec0b6d92?version=1.0

Year: 2010

Country: Europe

URL: http://ec.europa.eu/eurostat/documents/3888793/5846749/KS-RA-10-003-EN.PDF/d6540680-3944-4c22-9b8b-8109ec0b6d92?version=1.0

Shelf Number: 145400

Keywords:
Crime Statistics
Cybercrime
Financial Crimes
Money Laundering
Organized Crime

Author: Aning, Kwesi

Title: Getting Smart and Scaling Up: The Impact of Organized Crime on Governance in Developing Countries. A Case Study of Ghana

Summary: his case study presents findings of field research on the impact of organized crime on governance and development in Ghana. The objective is not to paint a negative picture of Ghana, but rather to highlight core structural weaknesses that enable organized crime to flourish largely uncontested, placing significant, albeit not immediately obvious, pressure on the democratic and development gains made over the past two decades. The case study is divided into five sections. Section I begins with an overview of the political context in Ghana, with specific reference to the emergence of democratic politics and the nature of the political economy in the post-independence era. It reviews trends in Ghana's economic development and governance since 1992, and examines the nature of formal and informal institutions and prevalent norms of behaviour. Section II examines the nature and scope of organized crime in Ghana, namely drug trafficking, money laundering, illegal mining, electronic waste dumping, cybercrime, human trafficking, and small arms trafficking and manufacturing. Section III focuses on the impact of organized crime on governance and development, while Section IV suggests some initial recommendations.

Details: New York: Center on International Cooperation, New York University, 2013. 38p.

Source: Internet Resource: Accessed June 14, 2017 at: https://www.gov.uk/dfid-research-outputs/getting-smart-and-scaling-up-the-impact-of-organized-crime-on-governance-in-developing-countries-a-case-study-of-ghana

Year: 2013

Country: Ghana

URL: https://www.gov.uk/dfid-research-outputs/getting-smart-and-scaling-up-the-impact-of-organized-crime-on-governance-in-developing-countries-a-case-study-of-ghana

Shelf Number: 146138

Keywords:
Cybercrime
Drug Trafficking
Human Trafficking
Illegal Mining
Organized Crime

Author: Great Britain. National Audit Office

Title: Online Fraud

Summary: Growth in the use of the internet and advances in digital technologies mean that citizens and businesses can now do more online. For the UK, this means there are opportunities for greater innovation and economic growth, but also more opportunities for online crime. While traditional crimes such as vehicle offences and house burglary have declined substantially in recent years, fraud, more than half of which is committed online, is becoming more common and is a growing threat. Online criminals can target thousands of victims at the same time from anywhere in the world and so are hard to trace and prosecute. Online fraud can harm citizens financially and emotionally and harm businesses' finances and reputations. The true cost of online fraud is unknown, but is likely to be billions of pounds. One estimate was that individuals lost around L10 billion and the private sector around L144 billion to fraud in 2016. In the year ending 30 September 2016, the Office for National Statistics (ONS) estimated that there were 1.9 million estimated incidents of cyber-related fraud in England and Wales, or 16% of all estimated crime incidents. Online fraud includes criminals accessing citizens' and businesses' bank accounts, using their plastic card details, or tricking them into transferring money. The Home Office (the Department) is responsible for preventing and reducing crime, including online fraud. Many other bodies also play a role including the police, banks, the National Fraud Intelligence Bureau (NFIB), which records fraud offences and shares information with police forces, and Action Fraud, the national reporting centre for fraud. In 2016, the Department set up the Joint Fraud Taskforce to improve collaboration between government, industry and law enforcement in tackling online fraud. In the same year, the government published its National Cyber Security Strategy to 2021, which includes the government's plans for tackling cyber crime, including cyber-enabled fraud and data theft. Scope of this report This report focuses on the Department, which is responsible for preventing and reducing online fraud. We have examined how the Department works with other bodies to tackle the crime. We have not evaluated whether the Department is achieving value for money in tackling online fraud as the true scale of online fraud and the overall cost to the government is not known. In this report we sometimes refer just to fraud as often the government and other bodies, as well as data sources, do not distinguish between online and offline fraud. We have examined: - the nature and scale of the current threat (Part One); - how the Department and others have responded to the threat (Part Two); and - the challenges and opportunities the Department and others face in reducing and preventing online fraud (Part Three). The report does not cover fiscal fraud, such as benefit fraud, committed against the government. This was covered in a National Audit Office report in 2016. In addition, this report does not cover the major international cyber attack which occurred in May 2017 when we were finalising this report. The incident affected the NHS and other organisations in the UK and shows the serious risk and challenges that cyber crime presents to the UK government as well as citizens and businesses.

Details: London: NAO, 2017. 50p.

Source: Internet Resource: https://www.nao.org.uk/wp-content/uploads/2017/06/Online-Fraud.pdf

Year: 2017

Country: United Kingdom

URL: https://www.nao.org.uk/wp-content/uploads/2017/06/Online-Fraud.pdf

Shelf Number: 146594

Keywords:
Computer Crimes
Cybercrime
Fraud
Internet Crimes
Online Fraud
Online Victimization

Author: McAfee

Title: Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity

Summary: Cybercriminals have the advantage. This has been true since the internet was commercialized 20 years ago. The incentives for cybercrime have made it a big business and a dynamic marketplace. Defenders are hard pressed to keep up. Misaligned incentives explain much of this - both within organizations and between attackers and defenders in cyberspace. Misaligned incentives between attackers and defenders mean that the decentralized market in which cybercriminals operate makes them adapt and innovate faster and more efficiently than defenders, whose incentives are shaped by bureaucracies and top-down decision making. Some of the advantage cybercriminals have over defenders is due to technology - we now all know that the internet was never designed to be secure. Some is due to policy. There are countries that tolerate, shelter, and maybe even encourage cybercrime. Governments and companies know they are at a disadvantage, but they are playing catch-up. Managing the risk posed by cyberthreats has become a priority, but the best criminals still seem able to stay ahead, even as companies allocate more resources to cybersecurity. This does not mean cybercrime will always win. It does mean that companies and governments will need to rethink how they measure, reward and incentivize defense. Markets send signals by creating prices and rewards, creating incentives for action. The cybercrime market is efficient, and the incentives for cybercriminals are clear and compelling. The same is not true for defenders. Criminals flourish in this market, but most defenders work in bureaucracies. In most companies, cybersecurity is the responsibility of a diverse range of groups and individuals using different (and sometimes conflicting) metrics for success. Incentives are not only misaligned between attackers and defenders, but within companies. To examine this misalignment of incentives, we conducted a survey of 800 respondents from companies ranging in size from 500 employees to more than 5,000 across five major industry sectors, including finance, healthcare, and the public sector. Our survey targeted respondents with executive level responsibility for cybersecurity, as well as operators that have technical and implementation responsibilities for cybersecurity. The results provide insight into how each group views cyber risk in making decisions about an organization's cyber-risk management strategy. Better calibrating the misaligned incentives we uncovered may yield a more coherent and effective cybersecurity posture for companies worldwide.

Details: Santa Clara, CA: McAfee Security, Center for Strategic and International Studies, 2017. 34p.

Source: Internet Resource: Accessed August 7, 2017 at: https://www.mcafee.com/us/resources/reports/rp-misaligned-tilting-playing-field.pdf

Year: 2017

Country: International

URL: https://www.mcafee.com/us/resources/reports/rp-misaligned-tilting-playing-field.pdf

Shelf Number: 146755

Keywords:
Computer Crime
Cybercrime
Cybersecurity
Internet Crime

Author: Hakmeh, Joyce

Title: Cybercrime and the Digital Economy in the GCC Countries

Summary: Online activity and the use of digital technology have grown rapidly in the Gulf Cooperation Council (GCC) states. Albeit with certain variations between countries, this has helped to boost prospects for a 'digital transformation' in which states and cities in the region could become international hubs for digital services. Such a shift offers a significant opportunity in the context of policy agendas to diversify the region's hydrocarbon-dependent economies. At the same time, however, digital growth has increased the GCC's vulnerability to cybercrime. While the incidence, spread and effects of cybercrime in the region are difficult to measure precisely, a number of trends and figures suggest that cybercrime is growing rapidly and that the region has become a magnet for such crime. The rise in cybercrime has occurred in spite of heavy investment by GCC states in cyber protection, and the adoption of various measures including legislation. Cybercrime threatens growth of the digital economy. It shakes trust in the foundations of digital commerce, and in the 'smart infrastructure' of interconnected devices, adaptive systems and other digital technologies which governments in the region are developing - and which they aspire to expand. A number of factors suggest that the incidence, scale and impact of cybercrime are likely to increase further in the future. The first is the prospect of rapid growth in the digital economy, reflecting the prominence of digital strategies in the plans of GCC governments. A second factor is the high speed of technology adoption, which makes it hard for policy to keep pace with rising cybercrime and evolving criminal methods. A third factor is the expected convergence of technologies as the 'Internet of Things' (IoT) expands and develops, potentially creating new risk exposures via huge numbers of networked devices. In short, the GCC region will likely find itself both continuing to grapple with the existing challenges of cybercrime and facing ever-evolving risks as a result of ongoing technological innovation. Cybercrime is pervasive and cannot be completely eradicated. However, governments can limit its impact by creating a resilient overall economy and robust institutions, and by investing in deterrent capacity. Legislative frameworks play an intrinsic role in this process. In this context, it is important to consider whether existing GCC countermeasures - including legislation - are fit for purpose, or whether an overhaul is needed. This research paper offers an overall picture of the state of the digital economy in the GCC, and of progress to date in the region's attempted digital transformation. It also seeks, in particular, to highlight shared regional cybercrime challenges and their impact. The paper surveys the extent and effectiveness of existing measures - including legal instruments - for countering cybercrime, and proposes improvements to the policy regime and areas for potential intergovernmental cooperation. Although the focus is mainly on the GCC in aggregate, the paper also takes into account variations between the six countries in terms of digital development, the prevalence of cybercrime, and the nature and extent of countermeasures available.

Details: London: Chatham House, 2017. 20p.

Source: Internet Resource: Accessed August 7, 2017 at: https://www.chathamhouse.org/sites/files/chathamhouse/publications/research/2017-06-30-cybercrime-digital-economy-gcc-hakmeh.pdf

Year: 2017

Country: United Kingdom

URL: https://www.chathamhouse.org/sites/files/chathamhouse/publications/research/2017-06-30-cybercrime-digital-economy-gcc-hakmeh.pdf

Shelf Number: 146772

Keywords:
Computer Crimes
Cybercrime
Cybersecurity
Internet Crimes

Author: Parraguez Kobek, Luisa

Title: The State of Cybersecurity in Mexico: An Overview

Summary: The cost of cybercrime incidents in the world has gone from US$3 trillion in early 2015 to a projected US$6 trillion by 2021. Luis Almagro, the Secretary General of the OAS, acknowledged that information and communication technologies (ICTs) and its multiple uses continue to evolve at a rapid pace in the region and countries are highly vulnerable to potentially devastating cyberattacks. Mexico's economy and geostrategic location is an attractive target for illicit cyber activities. On the one hand, it is enjoying considerable Foreign Direct Investment (FDI) and a solid GDP growth and on the other, it is still relatively vulnerable in cybersecurity and cyber defense. Mexico ranks as the second country in Latin America with the most cyberattacks, with a 40% growth in the number of attacks between 2013 and 2014, and approximately 10 million victims in 2014. Cybersecurity, sustainability and resilience are not only necessary for Mexico's safekeeping but they are also important factors in its social and economic development. Mexico needs to engage with its national, regional and international partners to combine resources, multi-stakeholder initiatives and facilitate information sharing to ensure its security in cyberspace.

Details: Washington, DC: Wilson Center, Mexico Institute, 2017. 23p.

Source: Internet Resource: Accessed September 11, 2017 at: https://www.wilsoncenter.org/sites/default/files/cybersecurity_in_mexico_an_overview.pdf

Year: 2017

Country: Mexico

URL: https://www.wilsoncenter.org/sites/default/files/cybersecurity_in_mexico_an_overview.pdf

Shelf Number: 147207

Keywords:
Computer Crimes
Costs of Crime
Cybercrime
Cybersecurity
Internet Crimes

Author: Great Britain. HM Government

Title: National Cyber Security Strategy 2016-2021

Summary: The National Cyber Security Strategy 2016 to 2021 sets out the government's plan to make Britain secure and resilient in cyberspace. The UK is one of the world's leading digital nations. Much of our prosperity now depends on our ability to secure our technology, data and networks from the many threats we face. Yet cyber attacks are growing more frequent, sophisticated and damaging when they succeed. So we are taking decisive action to protect both our economy and the privacy of UK citizens. Our National Cyber Security Strategy sets out our plan to make Britain confident, capable and resilient in a fast-moving digital world. Over the lifetime of this five-year strategy, we will invest L1.9 billion in defending our systems and infrastructure, deterring our adversaries, and developing a wholesociety capability - from the biggest companies to the individual citizen. From the most basic cyber hygiene, to the most sophisticated deterrence, we need a comprehensive response. We will focus on raising the cost of mounting an attack against anyone in the UK, both through stronger defences and better cyber skills. This is no longer just an issue for the IT department but for the whole workforce. Cyber skills need to reach into every profession. The new National Cyber Security Centre will provide a hub of world-class, user-friendly expertise for businesses and individuals, as well as rapid response to major incidents. Government has a clear leadership role, but we will also foster a wider commercial ecosystem, recognising where industry can innovate faster than us. This includes a drive to get the best young minds into cyber security. The cyber threat impacts the whole of our society, so we want to make very clear that everyone has a part to play in our national response. It's why this strategy is an unprecedented exercise in transparency. We can no longer afford to have this discussion behind closed doors. Ultimately, this is a threat that cannot be completely eliminated. Digital technology works because it is open, and that openness brings with it risk. What we can do is reduce the threat to a level that ensures we remain at the vanguard of the digital revolution. This strategy sets out how.

Details: London: HM Government, 2017. 80p.

Source: Internet Resource: Accessed September 13, 2017 at: https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021

Year: 2017

Country: United Kingdom

URL: https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021

Shelf Number: 147232

Keywords:
Computer Crime
Cybercrime
Cybersecurity
Internet Crimes
National Security

Author: U.S. National Institute of Justice

Title: Sharing Ideas & Resources to Keep Our Nation's Schools Safe! Volume IV

Summary: Apps. Databases. Tiplines. Videos. Educational campaigns. Throughout the United States, schools, law enforcement agencies and communities keep on coming together, continuing to create innovative and groundbreaking solutions to the persistent problems of violence, bullying, security breaches, gang tensions and social media abuse. The National Institute of Justice (NIJ) and the Justice Technology Information Center (JTIC), part of the National Law Enforcement and Corrections Technology Center (NLECTC) System, bring you more of these solutions in this fourth volume of Sharing Ideas and Resources to Keep Our Nation's Schools Safe. We want you to know about the people who are searching for, and finding, positive ways to address these problems. We want to tell you about the technologies and strategies that are working across the country, and we want to hear from you about what's going on in your area. In addition to the success stories that fill the three previous volumes in this series, we continually post new ones on SchoolSafetyInfo.org, the JTIC website dedicated to school safety news, information and technology. In addition to downloadable files of Volumes I, II and III, our site includes links to a wide range of resources and materials produced at the federal, state and association levels, and provides access to school safety-related publications and videos from NIJ and the NLECTC System. You can also learn about School Safe - JTIC's Security and Safety Assessment App for Schools, and obtain instructions on how to download it. In this fourth volume, you will read about an educational video on cybersafety produced by a concerned law enforcement officer in Georgia; new approaches to training implemented by the Indiana State Police and the campus police at the University of Massachusetts-Amherst; a free campus safety app developed by a team of students at the University of Michigan; an educational campaign produced by high school students in Connecticut; and a number of other school-community-law enforcement collaborative projects.

Details: Washington, DC: National Law Enforcement and Corrections Technology Center, 2016. 104p.

Source: Internet Resource: Accessed September 19, 2017 at: https://justnet.org/pdf/00-Sharing%20Resources_Vol4_FINAL_508_06282016.pdf

Year: 2016

Country: United States

URL: https://justnet.org/pdf/00-Sharing%20Resources_Vol4_FINAL_508_06282016.pdf

Shelf Number: 147395

Keywords:
Cybercrime
Cybersecurity
School Bullying
School Crime
School Resource Officers
School Safety
School Security
School Violence

Author: Global Initiative Against Transnational Organized Crime

Title: Transnational Organized Crime and the Impact on the Private Sector: The Hidden Battalions

Summary: his paper is based on a detailed review of the scale and nature of organised crime's infiltration of the private sector. These findings are a 'call to arms' for the international private and public sectors to transform their co-operation and teamwork. We have adopted a practical definition of organized crime as that which is carried out by a group of people, suspected of serious criminal offences, over a prolonged period, motivated by profit or power. In our analysis of six major private sector industries, six specific forms of organised crime stood out as either having material impact on the private sector, or using the private sector as facilitators. Money laundering is the process of making dirty money look clean. One estimate puts it at 2% of global GDP - c.$1.5 trillion. Money-laundering is an 'enabling crime', facilitating organized crime (as well as terrorism) with social and economic costs. Asset misappropriation refers to stealing from businesses. For example, cargo thefts cost as much as $30 billion in losses each year worldwide. Counterfeiting and contraband, whilst thought of as being a consumer goods crime, is rife in a broad range of sectors, in particular technology products and pharmaceuticals, to devastating effect. It is estimated by OECD at $461billion, or 2.5% of world trade. Fraud and extortion remain strongly present in the financial, construction and real estate industries. In construction extortion could account for of 20-30 per cent of lost project value. Human trafficking. High volume, low skilled labour enterprises such as construction and building, have the highest penetration of trafficking incidence in the private sector. Cyber Crime. Hacking attacks cost the average American firm $15.4 million per year over. In 2015 68,000 URLs containing child sexual exploitation and abuse (CSEA) images were hosted online on 1,991 domains. The reputational impact means major tech companies apply significant collaborative resources to weeding out criminal, terrorist and CSEA activity. Finding#1: The Scale and Impact of Crime in the Private Sector is Truly Staggering. A conservative estimate of the value of organized crime was $3.6-$4.8 trillion, in 2015/2016, 7% of global GDP. The broader impact of organized crime is difficult to assess as it is multi-dimensional, and shared across the private, public sector, and society itself. The impact on the private sector only - in terms of revenue loss - is estimated at c$130 billion. The Institute of Economics and Peace (IEP) calculated the financial cost of terrorism at over $52 billion in 2014. A conservative estimate of total transnational organized crime is $870 billion a year. This is more than six times the amount of official development assistance and close to 7% of the world's exports of merchandise Finding #2 Private sectors are either facilitators or targets. Crimes are either done 'to' private sector organisations, or 'through' them. Sectors are either the targets of fraud or asset theft themselves, particularly in construction, consumer goods ($460 billion counterfeit goods), and financial card fraud, or they facilitate crime unwittingly, through use of technology networks by fraudsters to target victims, e.g. the real estate sector laundering dirty funds or the transport industry moving illicit goods. Regulation varies between the 'victim' and 'enabling' industries. Laws are in place to criminalise the use of the private sector for technology or money laundering crime. The victim industries, however, often are reliant on existing laws around theft, or copyright infringement, which are not tailored to the activities of TOC groups and tend to have lower penalties for infringement. Finding #3 Organized crime's impact on the private sector is growing not shrinking. Counterfeit goods have risen from $250 billion to $461 billion in the last 8 years. Asset theft in the transport and logistics theft rose by over 90% 2015 to 2016. There is a sense that regulation is not working: money laundering seizures equated to 0.2% of all laundered funds in one study; and after the dark web's Silk Road was taken down, many sites sprung up to take on and indeed grow the trade. Finding #4 Direct impact of Crime Disproportionately felt in the global south. Sweatshops flourish in South Asia; trafficking of labour and sex workers originates predominantly in Africa, Asia and Eastern Europe; corruption in natural resources damages production in Africa and the Caucasus; technology fraud is driven from eastern and southern Europe, West Africa and the Middle East. Whereas in developed economies counterfeit drugs may comprise less than 0.2 percent of the market developing markets are often beset by 30% fakes, as a UNODC report showed for anti-malarial drugs in Africa. Globalization is increasing the 'attack surface' for TOC groups. The abuse of the often weaker regulatory regimes in the Global South by TOC groups further increases the risk for the private sector operating in these areas. Finding #5 Responses re confrontational rather than collaborative. There are very few examples of successful public and private sector co-operation against TOC groups. Private sector organisations complain that communication with the law enforcement sector is one-way and that the regulatory reporting burden, designed to combat crime, can act as a deterrent to co-operation. Tangible results have been seen when industries take the lead on disrupting the work of TOC groups, such as TAPA the Transported Asset Protection Association

Details: Geneva, SWIT: The Global Initiative, 2017. 84p.

Source: Internet Resource: accessed December 7, 2017 at: http://globalinitiative.net/wp-content/uploads/2017/12/gitoc_tocprivatesector_web-1.pdf

Year: 2017

Country: International

URL: http://globalinitiative.net/wp-content/uploads/2017/12/gitoc_tocprivatesector_web-1.pdf

Shelf Number: 148755

Keywords:
Cargo Theft
Contraband
Counterfeit Goods
Cybercrime
Extortion
Human Trafficking
Illicit Trade
Money Laundering
Organized Crime
Private Sector
Stolen Property
Theft of Goods

Author: Great Britain. Home Office. Science Advisory Council

Title: Understanding the costs of cyber crime: A report of key findings from the Costs of Cyber Crime Working Group

Summary: The Home Office today published the findings that came out of the 'Costs of Cyber Crime Working Group' that ran from 2014-2016. The group, attended by techUK, was composed following a commitment in the 2013 Serious and Organised Crime Strategy that aimed to improve the quality of data that is used when estimating the cost of cyber-crime incidents. The report is intended to help take the research community closer towards achieving better estimates of the costs of cyber-crime as part of future studies. The report sets out the framework that will now be used for estimating costs and also makes a number of recommendations on the design of future research into the costs of cyber-crime, including: - Calling for researchers designing future costs of cyber-crime to approach their research design in a systematic fashion using the framework in the report; identify gaps in the costs of cyber-crime framework and tailor research questions so that they can fill these specific gaps - That future studies should further investigate the costs and profits to offenders of engaging in cyber-crime - That future studies investigate the financial impact of cyberattacks on a businesses' reputation - That future research consider how to estimate the monetary cost of the fear of cyber crime

Details: London: Home Office, 2018. 82p.

Source: Internet Resource: Research Report 96: Accessed January 18, 2018 at: http://www.techuk.org/insights/news/item/12135-home-office-publishes-understanding-the-costs-of-cyber-crime-report

Year: 2018

Country: United Kingdom

URL: http://www.techuk.org/insights/news/item/12135-home-office-publishes-understanding-the-costs-of-cyber-crime-report

Shelf Number: 148868

Keywords:
Computer Crime
Costs of Crime
Cybercrime
Internet Crime

Author: Kroll

Title: Global Fraud & Risk Report: Forging New Paths in Times of Uncertainty. 10th Annual Edition

Summary: Businesses saw a significant rise in fraud and risk incidents during 2016. Although companies have taken significant strides toward building resiliency, more is needed. We have expanded the scope of this year's Report - it's now the annual Kroll Fraud & Risk Report, breaking out specific cyber and security threats to better reflect the growing challenges that our clients are facing around the world. The 2017/2018 Kroll Global Fraud & Risk Report, based on a survey commissioned by Kroll and carried out by Forrester Consulting, shares the experiences of executives worldwide. As in prior years, the Kroll Report includes detailed analyses for fraud-, cyber-, and security-related incidents by major industries and by regions We believe you will find the knowledge and insight contained in this year's Kroll Report to be valuable in your organization's efforts to anticipate, detect, mitigate, and respond to current and emerging risks. Key survey findings include: All-time high incidence levels. Businesses reported all-time high levels of fraud (84%), cyber (86%), and security (70%) incidents. Information increasingly targeted. For the first time in the Kroll Report's 10-year history, information theft, loss, or attack was the most prevalent type of fraud experienced (29%). Greater concerns over potential risk exposure. More than ever, executives say their companies are vulnerable to fraud, cyber, and security risks.

Details: Kroll, 2018. 47p.

Source: Internet Resource: accessed February 6, 2018 at: http://www.hippogriff.tech/docs/Kroll%20Global%20Fraud%20Risk%20Report%202017-18.pdf

Year: 2018

Country: International

URL: http://www.hippogriff.tech/docs/Kroll%20Global%20Fraud%20Risk%20Report%202017-18.pdf

Shelf Number: 149011

Keywords:
Crimes Against Business
Cybercrime
Fraud

Author: London Assembly. Police and Crime Committee

Title: Tightening the net: The Metropolitan Police Service's response to online theft and fraud

Summary: The internet is changing the nature of crime -- The internet has revolutionised the way that we live our lives. But it has also changed the way that criminals operate: increasingly, there is a cyberdimension to almost all types of crime. Our investigation focused on how the internet has enabled criminals to commit acquisitive crimes - those that involve taking goods or money from a victim - in different ways. We found that, while crimes such as burglary are falling, a whole new collection of online crimes have emerged. One crime in particular has been transformed by the internet: fraud. Around 70 per cent of frauds are now "cyber-enabled" and the internet provides an opportunity for fraudsters to expand their activities on a huge scale. Unlike in the past, fraudsters can target large numbers of victims, often at next to no cost. The types of online scams are wide-ranging. Cyber-criminals tailor frauds to the individual; as one expert told us, we are all at risk. We do not know enough about the perpetrators of online crime. What is clear is that cyber-criminals do not fit into a typical mould. Organised crime groups are responsible for an element of online crime in London. But - in addition to these groups - many local, known criminals have expanded their day-to-day criminal activities into London's cyberspace. Computer literacy is no barrier to becoming a cyber-criminal - in fact, you need no more skill than to be able to log on. This, combined with a lower personal risk of being caught, makes online crime appealing to another, perhaps less expected, group of perpetrators: those new to crime. Committing crime using the internet offers anonymity - many would not commit a similar crime if it involved face-to-face contact with the victim. Like the perpetrators of online crime, its victims no longer fit into a typical group or category. Our research found that victims came from different ethnic groups, social grades and areas of London. We also found that becoming a victim of an online crime can be just as distressing as if it were a traditional crime, even when there has been no financial loss. Even the mere thought that someone had impersonated or tricked them can cause a great deal of stress for the victim. A greater understanding and sensitivity to victims' experiences will be an essential part of the police's response to online crime. We do not know the extent of online theft and fraud Crime statistics should help us to measure the extent - and the trend - of online crime. The Office for National Statistics (ONS) uses two headline measures for trends in total crime over time: police-recorded crime and the Crime Survey for England and Wales. Both sets of data tell a similar story crime in England and Wales has fallen sharply in the last decade. But both measures contain flaws, not least that they are failing to capture a range of crimes committed using the internet. Many online crimes will not appear in police-recorded statistics because often victims choose not to report crimes to the police in the first place. This may be because victims feel embarrassed at being tricked by a fraudster or that there is little the police can do to catch the perpetrator. Due to the hidden nature of many online frauds, often victims cannot report the offence immediately because they are unaware that it has been committed against them in the first place. The Crime Survey for England and Wales is not capturing trends in online crime either. It has failed to keep up as the public's experience of victimisation has evolved: the survey does not currently ask respondents about a range of crimes committed using the internet and excludes many crimes, such as fraud, from its headline results. The effect of this omission on the overall level of crime that the survey measures is significant. In light of the current limitations with both police-recorded crime and the Crime Survey, we commissioned our own victimisation survey to better understand the extent of online crime in London. Our findings paint an alarming picture of the balance between old and new crimes. Among the 1,004 Londoners we surveyed, we found that a higher proportion had been a victim of an online crime than of a more traditional form of property crime. Perceptions differ too: higher proportions of respondents felt online crimes have increased in recent years relative to traditional crimes. And respondents were also more worried about online crimes than they were traditional crimes. The police should reflect on our results as it develops its approach to online crime. The police service has been slow to respond to the emergence of online crime The police are behind the curve when it comes to tackling online crime. The research base for policing the cyber-threat is not as well developed as in other areas of policing and, in some cases, there is a lack of appetite among police forces and officers to tackle offences such as cyber-fraud, often not seen as exciting crimes to investigate. In order to improve the police service's response, the Government changed the system for reporting fraud. Action Fraud - the UK's national reporting centre for fraud and internet crime - has had a number of successes, such as improving the level of crime reporting and the ways in which positive outcomes are sought for victims. But, while the new system represents an improvement on that which preceded it, one problem stands out: there is still a need to raise awareness among the public - and even among parts of the police - about Action Fraud. To increase reporting of crime in London, the Mayor, MOPAC and the Met should all work with the City of London Police to help to raise awareness about online crime and the role of Action Fraud. Better co-operation between the police and other organisations is needed as well. The police service has claimed that banks and others do not routinely report offences because they do not wish to reveal how vulnerable they are. Some have argued that these and other organisations should be encouraged or even compelled to share fraud data with law enforcement agencies. MOPAC and the Met have started to take the problem seriously The Mayor's Office for Policing and Crime (MOPAC) recognises that online crime is a significant problem in London. So far, MOPAC's approach has focused mainly on online crimes against businesses. This is important: some small businesses are particularly vulnerable. But MOPAC must not let the Met lose focus on individual victims of online crime. And, to help the Met to avoid viewing cyber-crime in isolation, all MOPAC's future strategies should directly address pertinent internet risks, something missing in its recently published Hate Crime Reduction Strategy for London. Like MOPAC, the Met is also aware of the difficulty in tackling online crime. It has created a new Fraud and Linked Crime Online (FALCON) command, with substantially increased resources, to reduce the harm caused by fraud and cyber-criminals in London. Given the potential scale of online crime, FALCON must make choices to meet this objective and secure the best value for money from its resources. Since many online crimes do not align with policing, national or international boundaries, enforcing the law can be difficult. As the FALCON command matures, it needs to develop its methods for disrupting criminals and preventing crimes from happening in the first place. It must also build a workforce with the right balance between police officers and civilian staff: piling in loads of uniformed officers is not the way to deal with online fraud. One of the reasons that many victims of online crime do not report the offence to the police is that they do not think the police will do anything about it. In order to show that they are taking online crime seriously, MOPAC and the Met need to demonstrate that they are making a difference. Measuring the level of online victimisation through prevalence surveys is perhaps the most effective way of doing that. We ask that MOPAC collects data in its future surveys and publishes the results on a regular basis. The Met faces challenges in the future The Met's decision to establish a new command to tackle fraud and online crime clearly demonstrates that it is taking these threats seriously. But this approach is not without risks. We are concerned that the FALCON command might become siloed from the rest of the Met. Given that that there is increasingly a cyber-dimension to almost all crimes, the Met needs to ensure that all of its officers and staff are as comfortable policing London's cyberspace as they are London's streets; it must not be left to specialists alone. Both inside and outside of the FALCON command, the Met needs to determine what skills and training its workforce needs to tackle the challenge of online crime. Aside from formal training, we heard that the Xbox and PlayStation generation of police officers are already well prepared to fight online crime. The Met should tap into this resource which is already among its ranks.

Details: London: The Assembly, 2015. 58p.

Source: Internet Resource: Accessed February 8, 2018 at: https://www.london.gov.uk/sites/default/files/Tightening%20the%20net_0.pdf

Year: 2015

Country: United Kingdom

URL: https://www.london.gov.uk/sites/default/files/Tightening%20the%20net_0.pdf

Shelf Number: 149034

Keywords:
Acquisitive Crimes
Computer Crime
Cybercrime
Fraud
Internet Crime
Online Victimization
Property Crime
Theft

Author: Ponemon Institute

Title: 2017 Cost of Cybercrime Study: Insights on the Security investment that Make a Difference

Summary: With cyber attacks on the rise, successful breaches per company each year has risen more than 27 percent, from an average of 102 to 130. Ransomware attacks alone have doubled in frequency, from 13 percent to 27 percent, with incidents like WannaCry and Petya affecting thousands of targets and disrupting public services and large corporations across the world. One of the most significant data breaches in recent years has been the successful theft of 143 million customer records from Equifax- a consumer credit reporting agency-a cyber crime with devastating consequences due to the type of personally identifiable information stolen and knock-on effect on the credit markets. Information theft of this type remains the most expensive consequence of a cyber crime. Among the organizations we studied, information loss represents the largest cost component with a rise from 35 percent in 2015 to 43 percent in 2017. It is this threat landscape that demands organizations reexamine their investment priorities to keep pace with these more sophisticated and highly motivated attacks. To better understand the effectiveness of investment decisions, we analyzed nine security technologies across two dimensions: the percentage spending level between them and their value in terms of cost-savings to the business. The findings illustrate that many organizations may be spending too much on the wrong technologies. Five of the nine security technologies had a negative value gap where the percentage spending level is higher than the relative value to the business. Of the remaining four technologies, three had a significant positive value gap and one was in balance. So, while maintaining the status quo on advanced identity and access governance, the opportunity exists to evaluate potential over-spend in areas which have a negative value gap and rebalance these funds by investing in the breakthrough innovations which deliver positive value. Following on from the first Cost of Cyber Crime1 report launched in the United States eight years ago, this study, undertaken by the Ponemon Institute and jointly developed by Accenture, evaluated the responses of 2,182 interviews from 254 companies in seven countries-Australia, France, Germany, Italy, Japan, United Kingdom and the United States. We aimed to quantify the economic impact of cyber attacks and observe cost trends over time to offer some practical guidance on how organizations can stay ahead of growing cyber threats.

Details: s.l.: Accenture, 2017. 56p.

Source: Internet Resource: https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf

Year: 2017

Country: United States

URL: https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf

Shelf Number: 149125

Keywords:
Costs of Crime
Crime Against Businesses
Crime Statistics
Cyber Security
Cybercrime
Internet Crime

Author: PriceWaterhouseCoopers

Title: PwC's Global Economic Crime Survey 2018: UK findings. Pulling fraud out of the shadows

Summary: The UK findings from PwC's 2018 Global Economic Crime Survey (GECS) confirm that fraud is continuing to run at high levels, with respondents' experiences showing a shift towards technology-enabled crime, bribery and procurement fraud. This is despite the overall level of UK businesses experiencing fraud falling from 55% in 2016 to 50% in 2018. This ongoing increase underlines the need for organisations to take new approaches to tackling fraud. Our survey showed that cybercrime is the most commonly experienced fraud (overtaking asset theft as the top fraud for the first time), 49% of UK victims compared to 31% globally. While the majority of organisations are using technology to monitor or detect fraud in some way, the overall percentage of frauds detected by technology has decreased since 2016. Survey indicates that the UK is lagging behind much of the rest of the world in harnessing technology to prevent and detect fraud. This year we use the UK results from GECS to explore three key themes: How do you make the best choices around preventing and detecting fraud? How can you focus your resources and use technology more effectively? What do the results say about UK businesses' approach to bribery and corruption?

Details: London: PWC - UK, 2018. 18p.

Source: Internet Resource: Accessed march 8, 2018 at: https://www.pwc.co.uk/forensic-services/assets/gecs/global-economic-crime-survey-2018-uk-findings.pdf

Year: 2018

Country: United Kingdom

URL: https://www.pwc.co.uk/forensic-services/assets/gecs/global-economic-crime-survey-2018-uk-findings.pdf

Shelf Number: 149395

Keywords:
Crime Statistics
Crimes Against Businesses
Cybercrime
Economic Crimes
Financial Crimes
Fraud and Corruption

Author: Christin, Nicolas

Title: An EU-focused analysis of drug supply on the AlphaBay marketplace

Summary: Online anonymous marketplaces are a relatively recent technological development that enables sellers and buyers to transact online with far stronger anonymity guarantees than on traditional electronic commerce platforms. This has led certain individuals to engage in transactions of illicit or illegal goods. The AlphaBay marketplace, which was in operation between December 2014 and July 2017, reportedly became the leading marketplace during that time. In this report, we present an analysis of sales on AlphaBay, with a focus on drug supply coming from the European Union. Keeping in mind the limitations inherent to such data collection, we found that, for the period and the marketplaces considered: - AlphaBay did become a very large marketplace, with daily sales overall exceeding 600,000 euros at its peak in early 2017. By itself, it grossed at least as much revenue over 2014-2017 as all other marketplaces combined between 2011-2015. - EU-based suppliers represent approximately a quarter of all drug sales; this is down from 46% for marketplaces previously studied in the 2011-2015 interval. - EU-originating drugs primarily came from Germany, the Netherlands, and the United Kingdom. - Cannabis, cocaine and other stimulants altogether represented a majority of all EU-based drug sales. - Supply of New Psychoactive Substances (NPS) remained very modest with revenues below EUR 2,500 per day at market peak. - Marketplace vendors primarily catered in the retail space, but there was evidence of larger (bulk-level) sales. Volume-based discounting tended to occur, albeit at relatively modest levels. - Half of the vendors specialized in one type of drug; and half of the drug sellers tended to stick to a given weight echelon. - Save for the decreasing share of European sales, most of the trends observed in this report confirm what we had previously found for other marketplaces in the 2011-2015 interval. In other words, the ecosystem, as a whole, appears relatively stable over time.

Details: Lisbon: European Monitoring Centre for Drugs and Drug Addiction (EMCDDA), 2017. 34p.

Source: Internet Resource: Accessed April 16, 2018 at: http://www.emcdda.europa.eu/system/files/attachments/6622/AlphaBay-final-paper.pdf

Year: 2017

Country: Europe

URL: http://www.emcdda.europa.eu/system/files/attachments/6622/AlphaBay-final-paper.pdf

Shelf Number: 149803

Keywords:
Black Markets
Computer Crime
Cybercrime
Darknet
Drug Markets
Electronic Commerce
Online Transactions

Author: Christin, Nicolas

Title: An EU-focused analysis of drug supply on the online anonymous marketplace ecosystem

Summary: Online anonymous marketplaces are a relatively recent technological development that enables sellers and buyers to transact online with far stronger anonymity guarantees than on traditional electronic commerce platforms. This has led certain individuals to engage in transactions of illicit or illegal goods. This reports presents an analysis of the online anonymous marketplace data collected by Soska and Christin [13] over late 2011-early 2015. In this report, we focus on drug supply coming from the European Union. Keeping in mind the limitations inherent to such data collection, we found that, for the period and the marketplaces considered: EU-based suppliers represented a significant share of all drug revenue-approximately 46% of all drug sales. EU-originating drugs primarily came from Germany, the Netherlands, and the United Kingdom. Cocaine and other stimulants altogether represented a majority of all EU-based drug sales. Supply of New Psychoactive Substances (NPS) was heavily concentrated in the United Kingdom, and remained very modest with revenues in the order of EUR 3,000 per day at market peak. Marketplace vendors primarily catered in the retail space, but there was evidence of larger (bulk-level) sales. Volume-based discounting tended to occur, albeit at relatively modest levels. Half of the vendors specialized in one type of drug; and half of the drug sellers tended to stick to a given weight echelon.

Details: Lisbon: European Monitoring Centre for Drugs and Drug Addiction (EMCDDA), 2017. 25p.

Source: Internet Resource: Accessed April 16, 2018 at: http://www.emcdda.europa.eu/system/files/attachments/6624/EU-focused-analysis-of-drug-supply-on-the-anomymous-online-marketplace.pdf

Year: 2017

Country: Europe

URL: http://www.emcdda.europa.eu/system/files/attachments/6624/EU-focused-analysis-of-drug-supply-on-the-anomymous-online-marketplace.pdf

Shelf Number: 149804

Keywords:
Black Markets
Computer Crime
Cybercrime
Darknet
Drug Markets
Electronic Commerce
Online Transactions

Author: International Fund for Animal Welfare

Title: Out of Africa: Byting Down on Wildlife Cybercrime

Summary: The International Fund for Animal Welfare (IFAW) has been researching the threat that online wildlife trade poses to endangered species since 2004. During that time, our research in over 25 countries around the globe has revealed the vast scale of trade in wildlife and their parts and products on the world's largest marketplace, the Internet - a market that is open for business 24 hours a day, 365 days a year. Whilst legal trade exists in respect of many species of wildlife, online platforms can provide easy opportunities for criminal activities. Trade over the Internet is often largely unregulated and anonymous, often with little to no monitoring or enforcement action being taken against wildlife cybercriminals. In addition, cyber-related criminal investigations are complicated by jurisdictional issues, with perpetrators in different geographical locations and laws differing from country to country. This poses a serious threat to the survival of some of the world's most iconic species and the welfare of individual animals. This report outlines the results of new IFAW research in seven different countries in Africa, exploring the availability of wild animals and their products in an area of the world with a rapid growth in access to the Internet. This research is part of a broader project to address wildlife cybercrime in Africa, funded by the US government's Department of State's Bureau of International Narcotics and Law Enforcement Affairs (INL). The wider project included researching trade in elephant, rhino and tiger products over the 'Darknet'; providing training on investigating wildlife cybercrime to enforcers in South Africa and Kenya; ensuring policy makers addressed the threat of wildlife cybercrime through adopting Decision 17.92 entitled Combatting Wildlife Cybercrime at the CoP17 of the Convention on International Trade in Endangered Species of Wild Fauna and Flora (CITES) in Johannesburg 2016; carrying out a review of legislation as it pertains to wildlife cybercrime; and providing training to online technology companies to assist with the effective implementation of their policies. Research focused on online marketplaces and social media platforms utilised by traders stating they were based in Ethiopia, Ivory Coast, Kenya, Nigeria, South Africa, Tanzania and Uganda. In most cases, this meant focusing on trading platforms based in those specific countries, but researchers also identified traders stating they were based in South Africa using international Alibaba and eBay sites.

Details: Washington, DC: IFAW, 2017. 32p.

Source: Internet Resource: Accessed April 20, 2018 at: https://s3.amazonaws.com/ifaw-pantheon/sites/default/files/legacy/(Pixelated%20Webversion)SAInvestigationReport_lores.pdf

Year: 2017

Country: Africa

URL: https://s3.amazonaws.com/ifaw-pantheon/sites/default/files/legacy/(Pixelated%20Webversion)SAInvestigationReport_lores.pdf

Shelf Number: 149865

Keywords:
Computer Crime
Cybercrime
Illegal Wildlife Trade
Internet Crime
Wildlife Crime

Author: Big Brother Watch

Title: Cyber attacks in local authorities: How the quest for big data is threatening cyber security

Summary: Local authorities are holding ever-expanding troves of personal information about citizens. Under the banner of data-driven government, they are seeking to actively gather more information about people. So-called 'smart cities' are armed with sensors and cameras that amass data about citizens, introducing a new level of everyday surveillance in the UK. This accumulation of big data evokes not only concerns about ethics, rights and violations of privacy, but also about how equipped councils are to protect citizens' sensitive data. The number of serious cyber attacks is forecasted to significantly rise in the near future, making cyber security risks a clear priority. But is cyber security being appropriately prioritized by local authorities, or is more data collection the main focus of their digital strategies? Based on Freedom of Information requests, Big Brother Watch found that UK local authorities have experienced in excess of 98 million cyber attacks over 5 years. This means that there are at least 37 attempted breaches of UK local authorities every minute. In addition, at least 1 in 4 councils experienced a cyber security incident - that is, an actual security breach - between 2013 - 2017. While some councils have taken measures to face the ever growing threat from cyber attacks, especially the areas of staff training and reporting of successful cyber attacks need urgent attention. In 2015, Big Brother Watch exposed how local authorities commit 4 data breaches a day, predominantly caused by human error. 1 Surprisingly, our current investigation reveals that little action has been taken to increase staff awareness and education in these matters. We found that 75% of local authorities do not provide mandatory training in cyber security awareness for staff and 16% do not provide any training at all. Considering that the majority of successful cyber attacks start with phishing emails aimed at unwitting staff, 2 negligence in staff training is very concerning and only indicative of the low priority afforded to cyber security issues. Our findings further reveal that 25 local authorities experienced losses or breaches of data in the past five years as a result of cyber security incidents. Yet, 56% of councils who failed to protect data from cyber security threats did not even report the incidents. Big Brother Watch urges local authorities to review their policies with a view to mitigating the risks of cyber security incidents that threaten the security of citizens' invaluable data. 1. Local authorities must appropriately prioritize their cyber security. Instead of investing in surveillance technologies, councils should invest resources on the development of cyber security strategies and the training of staff. 2. Cyber security incidents should be consistently reported. Local authorities need to establish a simple protocol that allows them to report incidents to the right authorities, whether the police, Information Commissioner's Office or the National Cyber Security Centre. This would ensure that threats are dealt with appropriately and that authorities' propensity to attacks is monitored. Furthermore, local authorities should utilise the National Cyber Security Centre's definitions of cyber attacks and cyber security incidents to ensure consistent reporting. 3. All staff should receive mandatory training in cyber security. Cyber attacks are not only designed to breach computer systems, but also to exploit humans who are often the weakest cyber security link. The ability to identify threats must not be reserved to ICT specialists but spread throughout the staff body. With large and ever-increasing volumes of data at stake, all local authority staff should have basic cyber security awareness.

Details: London: Big Brother Watch, 2018. 66p.

Source: Internet Resource: Accessed May 3, 2018 at: https://bigbrotherwatch.org.uk/wp-content/uploads/2018/02/Cyber-attacks-in-local-authorities.pdf

Year: 2018

Country: United Kingdom

URL: https://bigbrotherwatch.org.uk/wp-content/uploads/2018/02/Cyber-attacks-in-local-authorities.pdf

Shelf Number: 150032

Keywords:
Computer Crimes
Cybercrime
Cybersecurity
Internet Crime

Author: Children's Society

Title: Safety Net: Cyberbullying's impact on young people's mental health: Inquiry report

Summary: Key findings Under-age use of social media is commonplace - Despite most major social media companies - including Facebook, Twitter, Snapchat, YouTube and Instagram - specifying that users must be 13 years old to have an account, we found that 61% of young people had a first account at age 12 or under. Children and young people are using social media for longer periods and using multiple profiles - Our survey indicated that nearly half (44%) of children and young people spend more than three hours per day on social media, whilst almost 1 in 10 (9%) reported always using social media overnight between midnight and 6am. There is a connection between intensive social media use and mental ill health - Thirty eight percent of young people reported that social media has a negative impact on how they feel about themselves, compared to 23% who reported that it has a positive impact. This was exacerbated for girls, with 46% of girls stating that social media had a negative impact on their self-esteem. Cyberbullying - a new form of bullying - Although our inquiry found that offline bullying remains the most common form of bullying, it is clear that cyberbullying is distinct and potent, particularly due to its potential to be relentless. Children and young people are particularly vulnerable to the effects of cyberbullying - Children and young people who are currently experiencing a mental health problem are more than three times more likely to have been bullied online in the last year. The steps being taken by social media companies in response to cyberbullying are inconsistent and inadequate - Throughout the course of the inquiry, we heard a number of examples from social media companies about positive initiatives they have established to respond to abusive content online, such as cyberbullying, as well as promoting the mental health of their users. Young people concluded that social media companies' current responses to cyberbullying are inadequate - There is an appetite among young people for greater interventions to disrupt cyberbullying, with 83% of young people saying that social media companies should do more to tackle cyberbullying on their platforms. There is a perceived lack of consequences for those who engage in bullying behaviour - Young people told the inquiry that they feel as though the onus is on the person who is experiencing cyberbullying to act. They spoke of a perceived lack of consequences for those who engage in bullying behaviour online, in a way there is not in the offline world. Social media companies need to do more to promote positive mental health and well-being - Young people overwhelmingly told the inquiry that they wanted social media companies to do more to promote positive mental health and interactions on their platforms. - Eighty two percent of young people thought social media companies should do more to promote mental health.

Details: London: Children's Society, 2018. 72p.

Source: Internet Resource: Accessed May 7, 2018 at: https://www.childrenssociety.org.uk/sites/default/files/social-media-cyberbullying-inquiry-full-report_0.pdf

Year: 2018

Country: United Kingdom

URL: https://www.childrenssociety.org.uk/sites/default/files/social-media-cyberbullying-inquiry-full-report_0.pdf

Shelf Number: 150089

Keywords:
Child Protection
Computer Crimes
Cyberbullying
Cybercrime
Cybersecurity
Internet Crimes
Online Victimization
Social Media

Author: Saalman, Lora, ed.

Title: Integrating Cybersecurity and Critical Infrastructure: National, Regional and International Approaches

Summary: There seems to be a consensus that cyberattacks resulting in damage to critical infrastructure, such as hospitals and power grids, are a common threat. However, there is a great deal of disagreement on how to define the parameters of and escalation within this arena. In this volume, six experts from industry, government, academia and the legal sector delve deeper into several key target areas of cybersecurity and critical infrastructure-namely system integrity, the role of the private sector and legal frameworks. Their essays provide a baseline for understanding how these issues are unfolding at the national level in Japan, at the regional level in Europe and at the international level under the United Nations. Contents 1. Introduction 2. System integrity and the national level 3. Private sector and the regional level 4. Legal frameworks and the international level 5. Conclusions

Details: Solna, Sweden: Stockholm International Peace Research Institute, 2018, 58p.

Source: Internet Resource: Accessed May 7, 2018 at: https://www.sipri.org/sites/default/files/2018-04/integrating_cybersecurity_0.pdf

Year: 2018

Country: International

URL: https://www.sipri.org/sites/default/files/2018-04/integrating_cybersecurity_0.pdf

Shelf Number: 150091

Keywords:
Critical Infrastructure
Cybercrime
Cybersecurity
National Security

Author: Finlay, Brian D.

Title: Public Threats, Private Solutions: Meeting Nonproliferation Challenges with the Force of the Market

Summary: The rapid pace and geographic breadth of technology innovation; the rapidity and volume of international trade; globalized business practices from outsourcing to offshoring and supply-chaining; the atomization of government interests and bureaucratic organization; and the inherent inability of governments to act at the speed of 21st-century commerce: these are but a few factors negatively influencing our ability to manage the lengthening global proliferation supply chain. The net result has been the global diffusion of the "means of production" of weapons of mass destruction (WMD) at the very moment that the traditional instruments of control are being challenged by downward budgetary pressures in government, complex cost-benefit calculations by political leaders, and a rapid evolution of the nature and modalities of the proliferation threat. These realities necessitate the advent of new approaches that better match and ultimately defeat emerging avenues for proliferation threats. Governments can no longer be solitary nonproliferation activists. The end of the last millennium brought with it a host of challenges that transcend national borders and institutional and conceptual boundaries: 9/11 and the rise of non-state actors, global disease pandemics, economic crises, and climate change. Globalization has clearly yielded a more uncertain and potentially dangerous world. A rapid increase in the movement of goods and people around the world has fueled a concomitant rise in illicit trade and a surge in profits to global gray and black markets. In 2012 the United Nations (UN) Secretary General's report noted that while over 500 million maritime containers move around the world every year, accounting for 90 percent of international trade, only 2 percent of these containers are physically inspected for contraband on an annual basis. In 2009, the UN Office on Drugs and Crime (UNODC) estimated that transnational organized crime generates $870 billion a year, an amount equal to 1.5 percent of the global gross domestic product and six times the amount of official development assistance. More recent estimates put this number even higher, at closer to $3 trillion annually. Cybercrime, for which private industry bears most of the cost, is also surging. Cyber activities have increased by 26 percent since 2012, and reportedly now cost victims $11.56 million per year. And successive reports by the UN Sanctions Committees on North Korea and Iran demonstrate the widespread exploitation of private industry as both a witting and unwitting facilitator of proliferation. For security analysts, the conclusion is clear: globalization has made the world a far less safe and predicable place. Yet these grand challenges resulting from globalization have also yielded heretofore unimagined technological, economic, and development opportunities in virtually every corner of the globe. For instance, thanks in large measure to globalization, extreme poverty has declined significantly over the last two decades. In 1990, nearly half of the population in the developing world lived on less than $1.25 a day. Today, that proportion has dropped to just 14 percent - the largest mass migration from poverty in human history. For most of the planet's population, globalization and technology diffusion are rightly celebrated as truly life-changing - and in many cases life-saving - phenomena.

Details: Washington, DC: Stimson Center, 2016. 40p.

Source: Internet Resource: Accessed May 10, 2018 at: https://www.stimson.org/sites/default/files/file-attachments/public-threats-private-solutions.pdf

Year: 2016

Country: International

URL: https://www.stimson.org/sites/default/files/file-attachments/public-threats-private-solutions.pdf

Shelf Number: 150134

Keywords:
Black Markets
Cybercrime
Cybersecurity
Illicit Trade
Organized Crime
Security
Supply Chains

Author: Birkeland, Jane

Title: Extremist Use of Social Media: Balancing Privacy and National Cybersecurity

Summary: Social media is used by extremists, terrorists, activists, and ordinary people. The complexity of tackling extremist use of social media lies in balancing the privacy of civilians and US national security interests. Currently, there is a lack of comprehensive policy across industry and government to effectively manage extremist usage-providing a unique dilemma in dealing with extremist use patterns for online recruiting and communication efforts, while maintaining privacy and security for ordinary citizens. We have sought to propose solutions to this dilemma through research of the following aspects of social media usage: - Recruitment and communication efforts between extremists and citizens - Private industry's efforts to balance between online security and privacy - Existing constitutional rights, government policies, and organizations relevant to addressing extremist use of social media - Civil society's role in keeping the government accountable for citizen rights in relation to cybersecurity-related policies Through our research, we found an overall lack of coordination and communication between industry and government, which creates grey areas in current policy and law. The following recommendations have been made to effectively address extremist use of social media: - Civil Society Interaction o Sponsor ad-campaigns that seek to raise awareness of extremist contact via social media and how to approach and report such situations o Begin the education of children and young adults, focusing on internet safety and online extremism o Create an official summit that includes industry and civil society to enhance cybersecurity discourse. - Industry Interaction o Take into account what industry has already implemented when creating new policy o Maintain that the removal of extremist accounts stays in the hands of industry o Allow the legal collection of necessary information by the government and law enforcement if the person(s) in question present a clear and present danger In this report, we will outline extremist use patterns of social media and explore the balance of civilian privacy with national security. We will then address existing government responses to extremist use patterns and end with civil society's role in keeping government accountable to the people it serves. We will lastly demonstrate that the afore summarized recommendations are the best way to effectively address extremist use patterns of social media for fundraising and communication efforts.

Details: Seattle: Henry M. Jackson School of International Studies, University of Washington, 2017. 100p.

Source: Internet Resource: Task Force Report 2017: Accessed May 10, 2018 at: https://jsis.washington.edu/wordpress/wp-content/uploads/2017/12/Task-Force-B-Report_2017_Beyer.pdf

Year: 2017

Country: United States

URL: https://jsis.washington.edu/wordpress/wp-content/uploads/2017/12/Task-Force-B-Report_2017_Beyer.pdf

Shelf Number: 150141

Keywords:
Cybercrime
Cybersecurity
Extremists
National Security
Social Media
Terrorists

Author: Romanosky, Sasha

Title: Law Enforcement Cyber Center: Final Technical Report

Summary: Cybercrime and cyber threats place many demands on law enforcement agencies, ranging from investigating cyber incidents to securing their own information systems. In addition, law enforcement agencies are required to collect and handle the constantly increasing volume of digital evidence. The Bureau of Justice Assistance established the Law Enforcement Cyber Center (LECC) in October 2014 to help state and local law enforcement better combat cybercrime. The LECC, which completed in September 2017, was tasked to serve as an online portal and a clearinghouse of information, directing users to existing resources developed and managed by subject-matter experts, professional organizations, and government agencies. The LECC was managed by a consortium of organizations led by the RAND Corporation as the main grantee. Partner organizations in the LECC team were the International Association of Chiefs of Police and the Police Executive Research Forum. Although doing so was not formally part of the LECC grant, the project team also collaborated with the National White Collar Crime Center, a nonprofit organization. This technical report provides an account of LECC activities since its inception in October 2014 to its completion in September 2017. Key Findings The LECC Met Its Objectives and Completed All Its Planned Tasks The LECC project team set up the LECC website, identified training and training needs for various stakeholders, contributed to better links among crime units, enhanced prevention education, and developed technical assistance materials for relevant audiences. The project team also organized the LECC Justice Executive Cyber Roundtable, which provided a unique forum to bring together police chiefs, prosecutors, and judges to address the fight against cybercrime. The Metrics Employed by the Project Team Demonstrated the Usefulness of the Type of Services Provided by the LECC As the LECC web traffic data demonstrate, the content provided on the LECC website was successful in attracting traffic to the website. The volume of traffic visiting the website grew over time, suggesting that it is possible to attract new users as well as retain existing visitors by providing a continuously updated set of relevant information. The presentation of the LECC and its website at various meetings, fora, and conferences received interest and enthusiasm, indicating a perceived need for such a resource among various stakeholders. The LECC's resources were also designed to foster greater links among crime units; for example, the LECC team compiled a list of regional capabilities relevant for combatting cybercrime, such as forensics labs or training facilities. The LECC team developed a report on the implementation of the Utah Model of cybercrime prevention, summarizing lessons and best practices from the implementation of a new cybercrime unit in Utah. Recommendation Future endeavors to assist state and local law enforcement and prosecutors with cybercrime prevention, investigation, and prosecution should continue to broker the exchange of knowledge within and across law enforcement stakeholder groups.

Details: Santa Monica, CA: RAND, 2017. 48p.

Source: Internet Resource: Accessed May 25, 2018 at: https://www.rand.org/content/dam/rand/pubs/research_reports/RR2300/RR2320/RAND_RR2320.pdf

Year: 2017

Country: United States

URL: https://www.rand.org/content/dam/rand/pubs/research_reports/RR2300/RR2320/RAND_RR2320.pdf

Shelf Number: 150370

Keywords:
Computer Crime
Costs of Crime
Crime Prevention
Criminal Investigation
Cybercrime
Internet Crime

Author: Great Britain. National Crime Agency

Title: National Strategic Assessment of Serious and Organised Crime 2018

Summary: The 2018 National Strategic Assessment (NSA) draws intelligence from UK law enforcement, government departments, the intelligence community and the private and voluntary sectors. The assessment provides evidence that the scale and complexity of organised crime continues to grow despite notable operational successes - reinforcing the findings from the National Security Capability Review, recently published by the National Security Advisor. https://www.gov.uk/government/publications/national-security-capability-review-nscr The NSA highlights overlaps and links between all threat types. It also emphasises that criminals are abusing technology and the impact of globalisation to adapt their methods of committing crime. They operate as part of groups, networks and as individuals. For the purposes of assessment we group the threats in three areas:- Vulnerability - including child sexual exploitation and abuse (CSEA), modern slavery and human trafficking (MSHT) and organised immigration crime (OIC); Prosperity - including cybercrime, money laundering and other economic crime, and; Commodity - including the illicit trade in firearms and drugs. Observations from the 2018 assessment include: - We assess that the scale of modern slavery and human trafficking in the UK is continually and gradually increasing, while a growing proportion of potential victims are claiming they have been exploited before arriving in the UK. This is likely to reflect the developing risks in transit countries, principally in North Africa. - There has been an upward trend in criminal firearms discharges, with the majority of weapons not having been previously used. This indicates a fluid illicit supply from UK and overseas sources - Money laundering potentially running to hundreds of billions of pounds impacts the UK annually, with a significant threat being posed by the criminal exploitation of accounting and legal professionals involved with trust and company provision. - The UK is a prime destination for corrupt foreign Politically Exposed Persons to launder the proceeds of corruption, particularly those from Russia, Nigeria and Pakistan. - UK cyber crime continues to rise in scale and complexity but under-reporting of data breaches continues to erode our ability to make robust assessments of the scale and cost of network intrusions.

Details: London: National Crime Agency, 2018. 58p.

Source: Internet Resource: Accessed June 15, 2018 at: http://www.nationalcrimeagency.gov.uk/publications/905-national-strategic-assessment-for-soc-2018/file

Year: 2018

Country: United Kingdom

URL: http://www.nationalcrimeagency.gov.uk/publications/905-national-strategic-assessment-for-soc-2018/file

Shelf Number: 150560

Keywords:
Child Sexual Exploitation
Cybercrime
cybercrime
Drug Trafficking
Human Trafficking
Illegal Drugs
Illegal Guns
Illegal Migrants
Money Laundering
National Security
Online Victimization
Organized Crime (U.K.)
Violent Crime

Author: Botterman, Maarten

Title: Cyber Trust and Crime Prevention: Gaining Insight from Three Different Futures

Summary: In March 2003, the Foresight Directorate in the Office of Science and Technology, Department of Trade and Industry (hereafter referred to as Foresight), launched the Cyber Trust and Crime Prevention (CTCP) project to explore the implications of future information technologies for effective interaction and trust between people and machines in areas such as identity and authenticity, surveillance, system robustness, security and information assurance. The project produced state-of-the-art reviews of relevant areas of science and technology and developed visions of the future in order to understand better what policies to adopt today. Particular attention was directed to the identification of technological, societal, and individual drivers of future developments and signposts to track these developments. This was done in order that policies would be based upon the opportunities, threats and barriers in the areas of establishing cyber trust and preventing crime. Throughout its activities, Foresight CTCP has been working towards the establishment of a network of scientists, business people and policy-makers who can act on the findings of the project in order to influence the future. In October 2003, Foresight CTCP asked RAND Europe to assist the project by 'developing scenarios and system maps to engage stakeholders in a proactive and focused way with the implications of new technologies for cyber trust and crime prevention'. This mission included requests for both methodological contributions in the form of tools not yet included in the larger CTCP project and substantive contributions in the form of the content of scenarios and their employment. In response, RAND Europe developed three scenarios based upon the identified major drivers of future developments. In addition, RAND Europe designed and conducted a seminar game to employ these scenarios. These three scenarios were used to conduct three runs of a seminar game - one for each scenario organised by Foresight CTCP, which took place between the end of January and the middle of February 2004; each run involved a different set of participants drawn from the diverse set of stakeholders concerned with cyber trust and crime prevention. Beyond the seminar game, the scenarios have been used in other components of the overarching Foresight CTCP project. This report documents the methodological and substantive contributions of RAND Europe to the Foresight CTCP effort. Chapter 2 begins with an overview of the orientation employed by RAND Europe to approach the construction and use of scenarios for CTCP. Then we describe how we chose which scenarios to construct and how we built them. The three scenarios are presented in Chapter 2 in abstract form; their elaborated versions as provided to the seminar game participants is provided in Annex 2. We then describe the considerations used in selecting the participants for the seminar game. The design of the game itself is described by presenting the tasks that the participants were asked to do. Chapter 3 presents the results of the seminar game. Our underlying orientation is based upon the premise that the full value of the gaming exercise comes from the use of three runs of the game which each use a different scenario, and it is this orientation that guides how we present the results. First, we present the analysis of how participants viewed the strengths, weaknesses, opportunities and threats (SWOT) of the scenarios - orientated by issue addressed across scenarios, rather than by scenario. Then we describe how we used the hindsight arising from the SWOT analysis to transform each scenario in order to benefit from that hindsight. This, necessarily, is done separately for each scenario. Finally, we present the analysis of how six signal societal applications of information technology would fare in the (revised) scenarios, again looking across rather than within scenarios. Chapter 3 is necessarily a condensation of a rich set of deliberations by the participants. Finally, Chapter 4 presents our strategic observations and recommendations for Foresight CTCP, both methodological, in terms of future use of the scenario and seminar gaming framework developed, and substantive in terms of technological, individual, societal and governance aspects of the information society. Following the main body of the report, annexes present the full text of the scenarios, results of the gaming runs and additional information about the modelling underpinning the scenario design and construction.

Details: London: Foresight Directorate, Office of Science and Technology, 2004. 116p.

Source: Internet Resource: Accessed July 12, 2018 at: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/299218/04-1140-cyber-trust-insight.pdf

Year: 2004

Country: United Kingdom

URL: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/299218/04-1140-cyber-trust-insight.pdf

Shelf Number: 150841

Keywords:
Computer Crime
Computer Security
Crime Prevention
Cybercrime

Author: Wingard, James R.

Title: Catch Me If You Can: Legal Challenges to illicit wildlife trafficking over the internet

Summary: Although illicit internet trade falls into the larger universe of cybercrime, it is better described as a cyber-enabled crime - in other words, a traditional crime that uses new technologies with the traditional part being the illegal capture of wildlife and the associated physical forms of trade. In addition to the many legal and enforcement challenges associated with conventional wildlife crimes, internet-based illegal wildlife trade (IWT) poses another set of problems for officials, forcing them to operate in a trans-jurisdictional, virtual space that they, and the law, are largely unprepared to manage. On the practical side, they face substantial difficulties merely distinguishing legal from illegal trade, including: - knowing which species are involved and which countries' laws apply to the activity in question (e.g. advertising, sale and purchase, arrangement of logistics); - determining trade quantities and making decisions on whether to invest resources in the pursuit of crimes; and - knowing which specific legal basis may apply to the species being traded. In terms of their legal authorities and practices, officials also confront further problems, in that they may have no specific power to carry out covert investigations; no, or limited, access to cybercrime units; and no, or limited, experience with cybercrime laws and digital forensics to conduct necessary investigations. Concerning the legal frameworks directed at illicit wildlife trade, they face: - criminal and related laws that do not adequately address all parts of the digital trade chain by expressly criminalizing the advertising of illicit wildlife trade or related offences; - differing investigative authorities between jurisdictions that compromise transnational enforcement efforts; and - inconsistent regulation of and limitations to subject matter and personal jurisdiction that create 'digital safe havens' and prevent prosecutions. Taken as a whole, the overall ability of enforcement authorities to adequately identify, investigate and prosecute the advertising of illicit wildlife on the internet is severely compromised. Key efforts to improve this situation have been included in the conclusion and recommendations to this brief.

Details: Geneva, SWIT: Global Initiative Against Transnational Organized Crime, 2018. 31p.

Source: Internet Resource: Accessed August 23, 2018 at: http://globalinitiative.net/wp-content/uploads/2018/07/Wingard-and-Pascual-Digital-Dangers-Catch-me-if-you-can-July-2018.pdf

Year: 2018

Country: International

URL: http://globalinitiative.net/wp-content/uploads/2018/07/Wingard-and-Pascual-Digital-Dangers-Catch-me-if-you-can-July-2018.pdf

Shelf Number: 151245

Keywords:
Computer Crime
Cybercrime
Illegal Wildlife Trade
Illicit Trade
Internet Crime
Trafficking in Wildlife
Wildlife Crime
Wildlife Trafficking

Author: Haysom, Simone

Title: Digitally Enhanced Responses: New Horizons for Combating On-line Illegal Wildlife Trade

Summary: During the first decade of the 2000s, conservation NGOs began to identify the internet as a unique enabler of the illegal trade in wildlife. As the quote above illustrates, the internet has been seen as a virtual marketplace with unparalleled and expansive ability to advertise to consumers in any part of the world, at any time of day. As such, it can not only reach existing buyers of wildlife products, but also create whole new markets. The internet was also seen as a platform that allowed sellers and buyers alike greater powers to hide their identity and evade detection from law enforcement, in part by facilitating private communication between suppliers, dealers, traders and consumers. In the intervening period, internet access has grown enormously and social-media platforms, with billions of users worldwide, have become incredibly powerful tools for communication. At the same time, the threat that the illegal wildlife trade (IWT) poses to endangered species has grown apace. In the same way that the illegal drugs market, as well as the trade in guns and people, has adapted to the opportunities offered by digital platforms, this shift has also manifested in the way the illicit wildlife trade has taken advantage of online marketing opportunities. This brief sets out to describe how our understanding of the problems posed by the online IWT, and our responses to it, have evolved. It measures the progress made in exposing the threat posed by the adoption of digital platforms by traders in endangered wildlife and raises questions about what we have not yet been able to understand, and why we need to. It looks at trends in the phenomenon and suggests what they mean for the next generation of efforts to address this issue. Lastly, it describes the most pressing issues on the online IWT agenda, and explains how the Global Initiative's new project, Digital Dangers: Disrupting Online IWT, aims to contribute to tackling the problem.

Details: Geneva, Switzerland: The Global Initiative Against Transnational Organized Crime, 2018. 18p.

Source: Internet Resource: Accessed September 8, 2018 at: http://globalinitiative.net/digitally-enhanced-responses/

Year: 2018

Country: International

URL: http://globalinitiative.net/wp-content/uploads/2018/06/TGIATOC-Digital-Responses-Report-WEB.pdf

Shelf Number: 151440

Keywords:
Cybercrime
Endangered Species
Environmental Crimes
Illegal Wildlife Trade

Author: TRAFFIC

Title: System Error, Reboot Required: Review of On-line Ivory Trade in Japan

Summary: KEY POINTS: In June and July 2018, TRAFFIC conducted an extended survey of online elephant ivory trade in Japan to track changes in trade and compliance patterns since 2017, particularly in response to: 1) voluntary ivory bans on major platforms, Rakuten-Ichiba, Rakuma and Mercari in 2017; and 2) new domestic regulations introduced in June 2018. - Yahoo Japan now remains the single most important provider of online platforms for both BtoC (Business to Customer) sales (Yahoo Shopping) and auction trade (Yahoo Auction), which includes CtoC (Customer to Customer) trade. The scale of ivory sales on Yahoo Shopping appeared to be similar to that found in 2017. The total estimated value of ivory transactions on Yahoo Auction over a four-week period was JPY37.8 million (USD340,626), 16% less than estimated in 2017 over a similar time period. - Shops selling ivory were no longer identified on Rakuten-Ichiba. The ivory ban on Mecari and Rakuma has also significantly reduced the number of easily identifiable CtoC advertisements (e.g. 98% reduction on Mercari). However, cryptic advertisements, use of code words, and rapid turnover in ivory products were detected, indicating persistent trade amongst anonymous CtoC users. - A small number of shops/users selling ivory products were also identified on other online shopping malls, an auction site, and public spaces of major social networking sites (SNS) (Facebook, Twitter, and Instagram where advertising ivory is supposed to be prohibited internationally). - Compliance with the new domestic regulations by ivory businesses varied across platforms and independent websites. The proportion of unregistered businesses ranged from zero percent on independent hanko shop websites and Yahoo Shopping to twenty-six percent for businesses advertising to purchase ivory online. Non-compliance with the requirement to display business registration was relatively high overall, ranging from twenty-two percent to fifty-two percent. Furthermore, discerning whether the legal requirement applies to the many anonymous sellers on auction, CtoC and SNS platforms presented a serious challenge. - The widespread lack of proof of legal origin persists due to the absence of regulations for products except whole tusks (e.g. on Yahoo Auction just 35 tusks were traded over four weeks as opposed to 4,414 worked products), and illegal trade in tusks without registration cards was still observed on Yahoo Auction (2 out of 35 tusks, six percent). Use of voluntary product certification was sparse amongst online retailers and nearly non-existent on other platforms. - TRAFFIC recommends the government urgently introduce measures that effectively ban unregulated CtoC trade online; that e-commerce companies, especially those hosting unregulated CtoC trade such as Yahoo Auction, introduce a voluntary ban on ivory products and collaborate with industry and NGO partners in the Global Coalition to End Wildlife Trafficking Online.

Details: Tokyo, Japan: TRAFFIC, 2018. 17p.

Source: Internet Resource: Accessed September 23, 2018 at: https://www.traffic.org/site/assets/files/11112/system_error-_reboot_required.pdf

Year: 2018

Country: Japan

URL: https://www.traffic.org/publications/reports/system-error-reboot-required-review-of-online-ivory-trade-in-japan/

Shelf Number: 151584

Keywords:
Cybercrime
Environmental Crime
Illicit Ivory Trade
Illicit Wildlife Products
Illicit Wildlife Trade
Wildlife Crime

Author: Europol

Title: Internet Organised Crime Threat Assessment: 2018

Summary: For the fifth year in a row, Europol has produced the Internet Organised Crime Threat Assessment (IOCTA). The aim of this Assessment is to provide a comprehensive overview of the current, as well as anticipated future threats and trends of crimes conducted and/or facilitated online. While current events demonstrate how cybercrime continues to evolve, this year's IOCTA shows us how law enforcement has to battle both innovative as well as persistent forms of cybercrime. Many areas of the report therefore build upon previous editions, which emphasises the longevity of the many facets of cybercrime. It is also a testimony to an established cybercrime business model, where there is no need to change a successful modus operandi. The report also highlights the many challenges associated with the fight against cybercrime, both from a law enforcement and, where applicable, a private sector perspective.

Details: The Hague: European Union Agency for Law Enforcement Cooperation, 2018. 72p.

Source: Internet Resource: Accessed September 25, 2018 at: https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2018

Year: 2018

Country: Europe

URL: https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2018

Shelf Number: 151662

Keywords:
Computer Crimes
Cybercrime
Internet Crimes
Organized Crime

Author: Dion-Schwarz, Cynthia

Title: Olympic-Caliber Cybersecurity: Lessons for Safeguarding the 2020 Games and Other Major Events

Summary: This report profiles the cybersecurity threat landscape faced by Japan as the host nation of the 2020 Summer Games and 2020 Paralympic Games of the XXXII Olympiad. The overarching objective of the study was to produce a threat actor typology, based on a risk assessment of the Tokyo 2020 threat landscape. Synthesizing multiple sources of primary and secondary data, the study team developed a visualization of the threat landscape that provides an at-a-glance overview to guide Olympic security planners, computer emergency response teams, and policy- and decisionmakers as they prioritize and address cybersecurity threats. The risk assessment also considered the motivation, sophistication, and propensity of threat actors to collude with one another. This research could be valuable to a wide variety of stakeholders and will be of particular interest to stakeholders involved in planning and ensuring the security of the Tokyo 2020 Games. The research also serves as a reference to inform ongoing policy debates on cybersecurity preparations for mega-events and as a basis for future research.

Details: Santa Monica, CA: RAND, 2018. 97p.

Source: Internet Resource: Accessed October 5, 2018 at: https://www.rand.org/content/dam/rand/pubs/research_reports/RR2300/RR2395/RAND_RR2395.pdf

Year: 2018

Country: International

URL: https://www.rand.org/content/dam/rand/pubs/research_reports/RR2300/RR2395/RAND_RR2395.pdf

Shelf Number: 152841

Keywords:
Cybercrime
Cybersecurity
Olympic Games
Risk Assessment
Sporting Events

Author: Rademaker, Michel

Title: Dutch Investments in ICT and Cybersecurity: Putting it in Perspective

Summary: Digitalization has taken a predominant role in our everyday lives. The advent of networked technology has spurred innovation, cultivated knowledge, encouraged free expression, and increased our economic prosperity. The digital economy today permeates through different domains of the world economy, ranging from sectors such as banking and retail, to education and healthcare. The opportunities offered by the digital revolution and new technologies are regarded as the single most important drivers of innovation, competitiveness, and consequently, economic growth. The Netherlands considers itself one of the leading ICT countries, promotes itself as 'a safe place to do business' and aspires to be the digital gateway of Europe. But are we investing enough to match these ambitions and manage the risks? In the advisory report presented to Dutch Prime Minister Rutte, Herna Verhagen, CEO of PostNL, urges the Dutch government, companies, and households to invest 10% of their annual ICT budget in cybersecurity. In her analysis, Verhagen presents a compelling overview of the current cyber threats, challenges and opportunities, and sets an ambitious goal, but does not provide any measureable benchmarks for the 10% norm, nor any insight into the current state of Dutch cybersecurity investments. This report will first estimate the current and prospective size of the Dutch digital economy and the ICT sector, and later analyze how much the latter contributes to the national economy. Next, we provide a holistic overview of the current level of public and private investments in cybersecurity, followed by an analysis estimating the Dutch cybersecurity market by comparing different studies. Finally, the report gives an overview of the current state of affairs of awareness, education, and scientific research pertaining to cybersecurity in the Netherlands. In the conclusion, we present the most important findings and assess how advanced the Netherlands is compared to the recently proposed norm that suggest governments, businesses and citizens alike should invest 10% of their ICT budget in cybersecurity.

Details: The Hague, Netherlands: Centre for Strategic Studies, 2016. 47p.

Source: Internet Resource: Accessed January 20, 2019 at: https://www.thehaguesecuritydelta.com/media/com_hsd/report/123/document/HCSS-Dutch-Investments-in-ICT.pdf

Year: 2016

Country: Netherlands

URL: https://hcss.nl/report/dutch-investments-ict-and-cybersecurity

Shelf Number: 154275

Keywords:
Cyber Threats
Cybercrime
Digital Economy
Digitalization
ICT
Technology

Author: Kruisbergen, Edwin W.

Title: De digitalisering van georgansieerde criminaliteit

Summary: Justitiele verkenningen (Judicial explorations) is published six times a year by the Research and Documentation Centre of the Dutch Ministry of Security and Justice in cooperation with Boom juridisch. Each issue focuses on a central theme related to judicial policy. The section Summaries contains abstracts of the internationally most relevant articles of each issue. The central theme of this issue (no. 5, 2018) is The digitalization of organized crime. The effect of the internet on the structure of organized cybercrime. Findings from an international empirical study Geralda Odinot, Christianne de Poot and Maite Verhoeven Worldwide, the digitalization of society is proceeding rapidly and this brings new forms of crime. The threats arising from different types of cybercrime are real and constantly evolving, as the internet with its anonymity and borderless reach, provides new opportunities for criminal activities. This article describes some results from an international empirical study aimed to gather more insight on the link between cybercrime and organized crime as well as on the question whether cybercrime is organized. It shows how cybercriminals cooperate with each other and what this organization structure looks like. Criminal money flows and IT. On innovative modi operandi, old certainties, and new bottlenecks Edwin Kruisbergen, Rutger Leukfeldt, Edward Kleemans and Robby Roks In this article we analyze how organized crime offenders use IT to handle their money flows. How and to what extent do offenders use IT-facilitated possibilities, such as bitcoin, to launder their money? The empirical data consist of thirty large-scale police investigations. These thirty cases are part of the Organized Crime Monitor, an ongoing research project into the nature of organized crime in the Netherlands. One of the most striking findings is the fact that cash is still king - even for online drug dealers who get paid in digital currencies. Summaries 119 Organized child pornography networks on the Dark Web Madeleine van der Bruggen The emergence of Dark Web child pornography forums and their availability to large offender communities has enabled a professional form of child pornography distribution as well as an increased exchange of criminal and social capital. Offenders have access to a new platform in which strong ties and long-lasting relationships with co-offenders are formed. Moreover they could be classified as organized crime, because child pornography Dark Web forums are characterized by a hierarchical order, a clear role division and illegal power structures that regulate the illegal activities. The implications from a law enforcement as well as from scientific perspective are discussed. The non-human (f)actor in cybercrime. Cybercriminal networks seen from a cyborg crime perspective Wytske van der Wagen and Frank Bernaards Botnets, banking malware and other high-tech crimes are increasingly analyzed by criminological scholars. Their distributed and automated nature poses however various theoretical challenges. This article presents an alternative approach, denoted as the 'cyborg crime' perspective, which adopts a more hybrid view of networks and also assigns an active role to technology. The value of this approach is demonstrated by reflecting on findings from earlier empirical work that analyzes conversations between cybercriminals involved in botnets and related activities. The research shows that technological nodes can take an important position in the organizational structure of cybercriminal networks and do not merely have a functional role. Viewing technology as an actor within a criminal network might offer new criminological insights in both the composition of these networks and how to disrupt them. Out of the shadow. Opportunities for researchers in studying dark markets Thijmen Verburgh, Eefje Smits and Rolf van Wegberg In this article the authors present the lessons learned from previous research efforts into dark markets. First the important features of dark markets are discussed, i.e. anonymity and trust, as well as the question how data on dark markets can be collected. Next, the authors illustrate 120 Justitiele verkenningen, jrg. 44, nr. 5, 2018 how this data can be used to study the phenomenon of dark markets itself as well as the impact of police interventions on dark markets. Befriending a criminal suspect on Facebook. Undercover powers on the Internet Jan-Jaap Oerlemans This article investigates which online undercover investigative methods are applied in practice and how they fit in the Dutch legal framework. In particular, the three special investigative powers of a pseudo purchase, systematic information gathering and infiltration are examined. Investigative powers cannot be applied unilaterally (across state borders). When law enforcement officials cannot reasonably determine the location of the suspect, the online unilateral application of undercover investigative powers is allowed. However, there is still a risk that diplomatic tensions arise with the involved state. States should agree in treaties under which circumstances cross-border online undercover operations are allowed. New investigative powers and the right to privacy. An analysis of the Dutch Cybercrime III Act Bart Custers In 2018 the Dutch parliament accepted new cybercrime legislation (the Cybercrime III Act) that creates several new online criminal offences and gives law enforcement agencies new investigative powers on the Internet. This article describes the background of Dutch cybercrime legislation and the contents of the Cybercrime III Act. The newly introduced cybercrimes are discussed as well as the new investigative competences. Particularly the legitimacy and the necessity of the investigative power of the police to hack computer systems of suspects may significantly interfere with the right to privacy.

Details: The Hague: Netherlands Ministry of Justice, 2018. 120p.

Source: Internet Resource: Accessed January 24, 2019 at: https://www.researchgate.net/publication/325966795_Georganiseerde_criminaliteit_en_ICT_-_Rapportage_in_het_kader_van_de_vijfde_ronde_van_de_Monitor_Georganiseerde_Criminaliteit/related

Year: 2018

Country: Netherlands

URL: https://www.researchgate.net/publication/325966795_Georganiseerde_criminaliteit_en_ICT_-_Rapportage_in_het_kader_van_de_vijfde_ronde_van_de_Monitor_Georganiseerde_Criminaliteit/related

Shelf Number: 154396

Keywords:
Child Pornography
Cybercrime
Dark Networks
Internet Crimes
Organized Crime
Undercover Investigations

Author: Maxim, Donald

Title: Online Child Exploitation Material - Trends and Emerging Issues: Research Report of the Australian National University Cybercrime Observatory with the input of the Office of the Children's eSafety Commissioner

Summary: This report by the ANU Cybercrime Observatory provides an overview of three important areas for Child Exploitation Material (CEM): - The relationship between online and offline offending; - Horizon scanning - identifying emerging areas of CEM development; and - Current regulatory, educational and collaborative approaches to combatting CEM Each section provides an overview of the issue and further analysis of other key areas identified during the research phase. At the conclusion of each section, a brief annotated bibliography is available to provide insight into which sources may be useful for further investigation. Information for this report was derived from many and varied sources including but not limited to government agencies (national and international), non-governmental organisations, academic articles, law enforcement agencies, blogs, tech websites, product sites, online news articles and surveys. While investigating each area, the research team worked within the scope of online CEM and aimed to provide a substantial overview for each section by addressing some of the key points or emerging trends. However during the research phase several areas that were not initially considered for the report were later identified as key areas of development for online CEM (e.g. Virtual Reality and Applications). Accordingly these topics were also included in the report. The relationship between online and offline sexual offending is highly controversial and complex. It is clear that research is lacking in this area and current research presents insufficient evidence for establishing a causal relationship between online and offline offending. Apart from addressing some of the methodological limitations of research in this area, this section of the report also addresses how the internet or technological advances (e.g. Virtual Reality) may assist in the desistance of offending or exacerbate motivations to commit real life offenses. The second section presents several emerging issues in online CEM and aims to provide a brief but comprehensive insight into how these areas are developing. The various topics include live streaming, applications, online gaming, user-generated content, Darknet, hacking, phishing, emerging technology and Virtual Reality (VR). Some of these concepts are quite traditional (e.g. user-generated content) however it is the development of 'cyber' and 'technology', which frames them as emerging issues. Other topics (e.g. live streaming or VR) present new, unique challenges to combatting online CEM. Some topics include snapshots of current cases such as the Pokemon Go trend, the Australian schools online pornography website, and interactive VR brothels and their implications for CEM. The final section discusses trends and effectiveness of current regulatory, educational, and collaborative approaches to CEM. Regulatory methods include ISP and social media regulation, parental control tools, and the potential for app regulation is also briefly mentioned. Key educational approaches include online safety guides and training courses. Collaborative prevention measures include hotlines, the National Centre for Missing and Exploited Children (NCMEC), Child Rescue Coalition, and the Virtual Global Taskforce (VGT). While these CEM prevention methods have made notable differences in detection and removal of CEM the effectiveness of education of the public, generation of reports, self-reporting, and tracking of child predators remains empirically untested. Technology is continually evolving and it is difficult to predict or evaluate emerging issues. The research team found it challenging to identify substantial information that can be verified by current research. This was particularly the case when analysing cutting edge or new technology as well as evaluating the effectiveness of current prevention approaches. This report aims to provide a reference point for further analysis and research on the topics addressed. Challenges associated with the cyber sphere and the 'Internet of Everything' do not remain static. The degree of facilitation (e.g. Virtual Private Networks, digital currency) and convergence associated with online CEM are continuously evolving in step with changes in technology. The rapid rate of change is the key challenge for the development of effective prevention strategies. This was demonstrated while our research was underway. Innovation, usually an adaptation of existing software or technology that was not initially present was later identified as a key developing area in online CEM (e.g. Virtual Reality and software applications). The Pokemon Go craze, which quickly attracted malware and grooming is a good example of the misuse of a popular apps. The velocity and variety of new and emerging risks with potential impact on online CEM will require, as a priority, the means to monitor these developments. The increase and rapid distribution of user-generated content is especially concerning. One aspect, consensually shared or 'stolen' sexualized images has given rise to 'sextortion', which can be propagated with the development of 'apps' that can inadvertently enhance and facilitate online CEM. Equally concerning are the implications of Virtual Reality (VR). VR in combination with teledildonics (or 'cyberdildonics' products designed to realise remote sex) enables potential offenders to live out any of their sexual fantasies. The VR trend may motivate offenders to seek on-line or off-line victims. The effects of VR on the conduct of pedophiles remain unclear. We don't know whether VR will placate desires or erode social inhibitions. However, VR is likely to encourage some criminals to enhance their experience by incorporating live streaming of child sex abuse with the tactile experiences promised by such technologies. The prevention of online CEM depends entirely on knowing present and emerging risks. Effective counter-measures include deep web surveillance of CEM innovators, and the development of early warning systems, for example, SNS 'swarm' warning flags.

Details: Canberra: Australian National University, Cybercrime Observatory, 2016. 105p.

Source: Internet Resource: Accessed March 14, 2019 at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2861644

Year: 2016

Country: International

URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2861644

Shelf Number: 154957

Keywords:
Child Grooming
Child Pornography
Child Sexual Abuse
Child Sexual Exploitation
Cybercrime
Internet Crimes
Online Victimization
Pornography
Sex Offending
Sextortion

Author: Trend Micro

Title: Cyber-Telecom Crime Report 2019

Summary: Telecommunications or telecom has been part of the evolution of modern society. It is seminal in the operation of businesses and has become a major industry itself. Deeply integrated even in day-to-day activities, it is an aspect of modern technology that is treated as a constant. However, the reality of its own threats and vulnerabilities exists. Given how critical telecom is, its threat landscape should be explored and understood as telecom technology continues to thrive. This paper is written to serve as a guide of sorts to help stakeholders in the industry navigate the telecom threat landscape. As such, we begin by giving an overview of how telecom fraud or crimes translate to monetary gains for criminals. Then we go through key concepts of the telecom infrastructure, including the history of telecom threats. With the basics set, the meat of our discussion falls on several threats that we enumerated and divided into two kinds: infrastructure attacks and network-based telecom frauds. Lastly, we include case studies of noteworthy telecom frauds to demonstrate how these attacks play out in real-world situations. In the end, we conclude how collaboration, cooperation, and sharing of information among all stakeholders will allow telecom security to evolve at the same speed as telecom technology itself.

Details: Trend Micro Research, 2019. 57p.

Source: Internet Resource: Accessed March 21, 2019 at: https://www.europol.europa.eu/publications-documents/cyber-telecom-crime-report-2019

Year: 2019

Country: Europe

URL: https://www.europol.europa.eu/publications-documents/cyber-telecom-crime-report-2019

Shelf Number: 155095

Keywords:
Consumer Fraud
Cybercrime
Online Fraud
Telecommunications

Author: Ackerman, Gary

Title: On the Horizon: Security Challenges at the Nexus of State and Non-State Actors and Emerging/Disruptive Technologies

Summary: Innovation and new technologies have many positive attributes and provide significant improvement to humanity, much that is likely unforeseen at the time of initial discovery. The unpredictability of the technology trajectories can lead to significant negative consequences. This white paper aims to discuss the massive leaps in innovation and understand what this means for national security. The articles are briefly summarized below. In Chapter 1, entitled "Third Offset Implications for Homeland Security: Tranquility or Turbulence," Robert McCreight states that the overall future trajectory of modern technologies hinges on a fairly imperfect and periodically naive grasp of dual-use science and technology and what it portends for our planet and its inhabitants. He goes on to say that one immediate concern is to determine not only how it is affecting our current way of life, geopolitics, the economy, social stability, governance, security, and the ordinary functions and determinants of the natural world around us, but also weigh the downstream consequences of technology growth, diversity, and convergence on all of those things ten to twenty years on. If advanced dual-use technologies hold the potential for a vast array of unanticipated threats in the next few years, we will need effective doctrine, strategy, and deterrence measures. He asks a key question: How to begin to establish criteria which guarantees that humans retain ultimate control, management, and direction of advanced dual-use technologies and thereby thwart untoward and dangerous outcomes arising from their mix of expected and unexpected outcomes. He advances five possible criteria for wrestling with the emergence of ADUCT (advanced dual-use convergent technologies) in a manner that sketches out an approach for the short term and allows flexibility for modifications and improvements along the way over the next decade. Gina Ligon and Michael Logan in Chapter 2, "Malevolent Innovation: Novelty and Effectiveness in Terror Attacks," state that terrorism provides a model context for examining creativity, as the need for survival and innovation pervades these destructive and malevolent groups. Despite this, creativity and innovation remain underdeveloped concepts in terrorism research. One reason for this is the limited empirical data about this phenomenon, making it unclear which tenets of creativity research hold versus which do not translate in the domain of terrorism. The present effort overcomes this by examining the dimensions of malevolent innovation in a large sample of terrorist attacks. To anticipate adversary threats, it is critical that we examine all of the possible combinations of VEO innovation developed in the past. This particular effort can provide planners with exemplars of the highest levels of VEO innovation across a large dataset of violent extremist organizations, providing a comprehensive look at what is possible and what should be prevented. Don Rassler in Chapter 3 "Back to the Future: The Islamic State, Drones, and Future Threats" states that the Islamic State is an irony of sorts, as while the organization looks to, is inspired by, and seeks to recreate the past certain aspects of the group's behavior also provide a window into conflicts of the future. A key case study in this regard is the Islamic State's drone program, and specifically how the group "overcame technical and cost asymmetries," and creatively developed a novel and scalable drone-based weapons system "constructed from commercial components that challenged - at least for a period of time - states' ability to respond." He goes on to state that the Islamic State's drone accomplishments speak to, and have a number of important implications regarding, the character and style of future threats that are either constructed around or that significantly leverage dual-use commercial technologies. He concludes by stating to stay ahead of the issue, and to better prepare for a future that will almost certainly be typified by the proliferation of other hybrid threats that leverage and/or repurpose commercial systems in dangerous ways, the United States should identify the pathways and methods that allowed the Islamic State to acquire and scale its fleet of quad-copter drones in the first place, and trace the evolution of functional threat streams. Bennett Clifford in Chapter 4, "Exploring Pro-Islamic State Instructional Material on Telegram," makes several key observations: - English-speaking supporters of the Islamic State (ISIS) use the messaging application Telegram to distribute a range of information, including instructional material - manuals and guides designed to aid operatives with step-by-step procedures for providing assistance to the group. - Channel administrators distribute whichever manuals they believe can be of aid to aspiring operatives, regardless of its ideological background. - Telegram's internal file-sharing features and lax approach to content moderation allow channel administrators to create repositories of instructional information within Telegram channels. - While attack-planning manuals available on Telegram channels understandably pose a large concern for counter-terrorism authorities, operational security and cyber-security manuals are also frequently distributed, relatively easy to implement, and help operatives successfully conduct activities in support of terrorist groups while minimizing the risk of detection or apprehension. In Chapter 5 entitled "Examining the Present and Future Role of Cybercrime-as-a-Service in Terror and Extremism," Thomas Holt makes the case that the rise of online illicit markets that enable the sale of cybercrime tools and stolen personal information have made it possible for individuals to engage in technically sophisticated forms of crime regardless of level of computer skill. Ideological and terror groups over the last decade have expressed an interest in cyber-attacks as a means to cause harm, though it is not clear how much ability they have to perform such attacks. As a result, cybercrime markets may engender their attacks, though it is not clear how often this may occur, or what conditions would lead to their use. He provides recommendations for policy and research to disrupt cybercrime markets and improve our knowledge of ideologically-motivated cyber-attackers generally. - Cybercrime markets generate millions of dollars in revenue and enable non-technical actors to perform sophisticated attacks. - They may provide a point of entry for ideologically-motivated extremists and terrorists to engage in cyber-attacks. - These markets can be disrupted through traditional law enforcement investigations, and may also be affected through other extra-legal efforts such as Sybil attacks. - Research is needed on the radicalization process of ideologically-motivated actors who engage in cyber-attacks, and how this differs from those who have engaged in physical attacks. Rebecca Earnhardt and Gary Ackerman in Chapter 6 entitled "Modelling Terrorist Technology Transfer," make the point that while technology transfer occurs as a part of routine life, the topic remains relatively understudied in the terrorism literature. As terrorists engage in increasingly lethal and technologically sophisticated attacks, the concern surrounding terrorists acquiring cutting-edge weaponry and related technologies is accumulating. They go on to describe the Terrorist Technology Transfer (T3) project which provides a first cut at addressing this critical operational gap in knowledge through the exploration of extant technology transfer literature, construction of the first iteration of the T3 Model, and illustrative application of the model to an emerging technological threat. They conclude by stating the T3 project indicates the promise of having not only research, but also operational and policy impacts. It raises the possibility of providing government stakeholders, including intelligence, law enforcement, military, and policy agencies with a variety of insights and operational tools In Chapter 7, "Hacking the Human Body: The Cyber-Bio Convergence," Rebecca Earnhardt makes the point that the increasing convergence between the fields of biosecurity and cybersecurity may result in consequences that analysts have yet considered. Biotechnology use and expertise expansion beyond practitioners have stoked concerns about a wide range of traditional biosecurity issues including shielding the outputs from advanced gene editing systems or protecting university lab data storage systems. As biotechnology advances, including digitization and automation of systems that were once localized and only accessible to those directly involved on related research, biosecurity and cybersecurity fields continue to intersect. She concludes by stating a fully-fledged research project would explore the cyber security risk factors that are cited commonly as key vulnerabilities, and filter these cyber security risk factors through an adversary technology adoption decision making and motivational analysis. In Chapter 8 entitled "Evolving Human and Machine Interdependence in Conflict: Advantages, Risks, and Conundrums," R. E. Burnett makes several key points: - Emerging science and technology will continue to disrupt customary characteristics of political and kinetic conflicts among states and non-state actors. - The increasing complex interdependence between humans and machines is one area for particular examination. - We cannot reliably predict whether or not human roles will rapidly give way to a more dominant robotic style of war, so we must prepare for a variety of futures, per the Scharre/Horowitz autonomy typologies. - Humans involved with machines that operate at vastly greater speeds and volumes of data will further create problems of cognitive demand for the human soldier that need to be examined. - We must investigate this not only in terms of technical performance, but also from a more holistic perspective, to include the social, political, and psychological dimensions of the soldier and of the citizen.

Details: Washington, DC: U.S. Department of Homeland Security2019. 67p.

Source: Internet Resource: A Strategic Multilayer Assessment (SMA) Periodic Publication: Accessed May 4, 2019 at: https://nsiteam.com/social/wp-content/uploads/2019/04/DoD_DHS-On-the-Horizon-White-Paper-_FINAL.pdf

Year: 2019

Country: United States

URL: https://nsiteam.com/social/wp-content/uploads/2019/04/DoD_DHS-On-the-Horizon-White-Paper-_FINAL.pdf

Shelf Number: 155659

Keywords:
Biosecurity
Cybercrime
Cybersecurity
Drones
Emerging Technologies
Extremism
Homeland Security
Radicalism
Terrorism
Violent Extremism

Author: Walker, Summer

Title: Fragmented But Far-Reaching: The UN System's mandate and response to organized crime

Summary: From peace operations to how to better manage forests and food supply chains, the United Nations (UN) is engaged in the fight against organized crime and efforts to mitigate its impact within the ambit of the UN's wider goals: peace and security, human rights and sustainable development. Mandates relating to key crime types are often allocated to one or more agencies or departments across the UN System, but, as always, mandates evolve, and information about these mandates and the relevant programmes and activities carried out by agencies can be fragmented, scattered and duplicatory. For some emerging or resurging forms of crime, mandates allocated decades ago have required a far more comprehensive set of responses in their contemporary forms. To better understand the UN's overall mandate for addressing organized crime, the Global Initiative conducted a desk review of the UN's entities and agencies to identify their mandates and working agendas for organized crime, specifically in relation to the UN's work on six crime types that have had major impacts on broader UN goals, including the UN Sustainable Development Goals (SDGs). This paper is a companion piece to an interactive online tool, which displays the organized-crime agendas within the UN System. The tool's purpose is to provide a better understanding of the UN's counter-crime work and serve as a basis for discussion about how organized crime challenges, which are now far-reaching and serious, could be more effectively met and how UN System resources can be used more coherently. The mandate for addressing organized crime extends across the UN System in a way that is expansive, exhaustive and certainly under-appreciated. A review by the Global Initiative has identified a working agenda for 79 out of the UN's 102 entities, bodies and agencies, or nearly 77 per cent. The research (see Figure 1) found that 37 per cent of these entities address human trafficking, and 33 per cent work on illicit drugs. Environmental crime was third, with 28 per cent of entities addressing related issues. Cybercrime and financial crime both saw 22 out of the 102 entities addressing the issue (21 per cent), and arms trafficking is worked on by 21 entities, yet this understanding of arms trafficking does not include illicit chemical and nuclear material trafficking. This paper examines the implications this has for the UN System given such a widely dispersed mandate. Organized crime is a cross-cutting threat to the goals of many different sectors, in all three core areas of the UN's work: peace and security, human rights and development. Previous analysis conducted by the Global Initiative found that organized crime affects a high proportion of the SDGs. An additional Global Initiative review of UN Security Council (UNSC) resolutions in 2018 found that 22 of the 54 resolutions (40 per cent) referred to a form of organized crime, showing a significant recognition of the problem on the international security agenda. Given the diverse nature of organized-crime threats, it is possible to argue that perhaps it is only right that the requirement to respond to organized crime is distributed across the UN System so widely. But without a coherent strategy underpinning this wide mandate, responses to organized crime across the system can be fragmented, and opportunities to achieve synergies and learn lessons from responses are not maximized, or perhaps not realized at all. Organized crime is a challenge that rises and falls on the global policy priority list. The diversity of illicit markets and the fact the harm caused by organized crime tends to be more corrosive in nature than sensational mean that it is often overlooked or downgraded on the priority list. However, over the past two decades, there have been certain points when the threat of a specific form of organized crime became so compelling that it demanded an urgent response from the international community and the UN System. These flashpoints in the debate - for example, during the piracy crisis in the Gulf of Aden in 2011/12 (see page 3), or the demand for a response to human smuggling and trafficking in 2016/17 - have regrettably shone a light on the UN System's shortcomings rather than draw attention to the efficacy of the world's global governance mechanism to respond to shared, transnational threats that require collective response. Many efforts have been made to create better UN System coherence, but with the global scale and impact of organized crime on the rise, the need to recognize its corrosive impact on major UN objectives should be an imperative for the following reasons: - Organized crime is a leading cause of violence and homicide globally. - Criminal interests and corruption in natural-resource sectors are leading drivers of deforestation and unsustainable natural-resource extraction. - Organized crime has a destructive impact on governance, anti-corruption, economic development and trade, and environmental protection efforts. - Serious rights violations to individuals are caused by organized crime, such as the interlinking phenomena of modern slavery, forced labour, human trafficking and aggravated smuggling. It is very clear when looking at the spread of activity across the system that the issue is not solely a law-enforcement problem. Threats posed by criminal groups are wide-ranging: they impact good governance, breed corruption and weaken development agendas. A holistic view of the issues aligned with increased coherence would help shrink the learning curve on the pervasive impact of organized crime on international security, development and human rights.

Details: Geneva: Global Initiative Against Transnational Organized Crime, 2019. 28p.

Source: Internet Resource: Accessed June 24, 2019 at: https://globalinitiative.net/wp-content/uploads/2019/06/gitoc_un_june_19.pdf

Year: 2019

Country: International

URL: https://globalinitiative.net/wp-content/uploads/2019/06/gitoc_un_june_19.pdf

Shelf Number: 156607

Keywords:
Arms Trafficking
Cybercrime
Environmental Crime
Financial Crime
Human Rights
Human Trafficking
Illicit Drugs
Modern Slavery
Organized Crime
Transnational Organized Crime
United Nations

Author: Petrie, Elizabeth M.

Title: Sharing Insider Threat Indicators: Examining the Potential Use of Swift's Messaging Platform to Combat Cyber Fraud

Summary: Cyber actors are operating under a shared services model giving them access to infrastructure, tools, targets and the ability to monetise their exploits. As a result, organisations across industries must enhance communication channels to share threat information in order to pre-empt cyber fraud schemes. This requires both an ability to identify the patterns of behaviour that indicate cyber fraud activity is occurring and a platform for communicating potential threat information. The report "Sharing Insider Threat Indicators: Leveraging SWIFT's Messaging Platform to Combat Cyber Fraud" focuses on identifying the patterns of behaviour typically indicative of efforts by criminals to use insiders to cash out on fraudulent activity. The objective of this research is to explore the potential for organisations to use an existing telecommunication platform, such as SWIFT, to communicate cyber fraud threat information by establishing indicators of cashout behaviour, which could warn of cyber fraud activity.

Details: London: Swift Institute, 2017. 33p.

Source: Internet Resource: Accessed June 27, 2019 at: https://swiftinstitute.org/wp-content/uploads/2017/10/SIWP_2016-003_Insider_Cashout_Citi_American_University_final.pdf

Year: 2017

Country: International

URL: https://swiftinstitute.org/research/sharing-threat-indicators-of-cyber-fraud-via-intelligence-information-reports/

Shelf Number: 156723

Keywords:
Cyber Fraud
Cyber Security
Cybercrime
Financial Crime
Telecommunications