Transaction Search Form: please type in any of the fields below.
Date: April 29, 2024 Mon
Time: 8:55 pm
Time: 8:55 pm
Results for internet crime
67 results foundAuthor: International Fund for Animal Welfare Title: Killing with Keystrokes 2.0: IFAW's investigation into the European online ivory trade Summary: Killing with Keystrokes 2.0: IFAW's investigation into the European online ivory trade surveyed websites in the UK, France, Germany, Portugal, Spain and Germany, and found a thriving in trade in ivory items the legality of most of which is questionable. In just two weeks, our survey found more than 660 items with a total advertising value of almost €650,000.00 across a variety of European websites. A shocking 98 per cent of adverts failed to comply with website policies or provide evidence of legality. Details: Yarmouth Port, MA: International Fund for Animal Welfare, 2011. 11p. Source: Internet Resource: Accessed August 22, 2012 at http://www.ifaw.org/sites/default/files/FINAL%20Killing%20with%20Keystrokes%202.0%20report%202011.pdf Year: 2011 Country: International URL: http://www.ifaw.org/sites/default/files/FINAL%20Killing%20with%20Keystrokes%202.0%20report%202011.pdf Shelf Number: 126100 Keywords: Endangered SpeciesIllegal TradeIllegal Wildlife TradeInternet CrimeIvory TradeWildlife Trade, Elephants |
Author: Levy, Nathaniel Title: Bullying in a Networked Era: A Literature Review Summary: "Bullying in a Networked Era: A Literature Review", by Nathaniel Levy, Sandra Cortesi, Urs Gasser, Edward Crowley, Meredith Beaton, June Casey, and Caroline Nolan, presents an aggregation and summary of recent academic literature on youth bullying and seeks to make scholarly work on this important topic more broadly accessible to a concerned public audience, including parents, caregivers, educators, and practitioners. The document is guided by two questions: “What is bullying?” and “What can be done about bullying?” and focuses on the online and offline contexts in which bullying occurs. Although the medium or means through which bullying takes place influence bullying dynamics, as previous research demonstrates, online and offline bullying are more similar than different. This dynamic is especially true as a result of the increasing convergence of technologies. Looking broadly at the commonalities as well as the differences between offline and online phenomena fosters greater understanding of the overall system of which each is a part and highlights both the off- and online experiences of young people – whose involvement is not typically limited to one end of the spectrum. Details: Cambridge, MA: The Berkman Center for Internet & Society at Harvard University, 2012. 62p. Source: Kinder & Braver World Project: Research Series, Research Publication No. 2012-17: Internet Resource: Accessed September 23, 2012 at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2146877 Year: 2012 Country: United States URL: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2146877 Shelf Number: 126406 Keywords: BullyingCyberbullyingCybercrimesInternet Crime |
Author: British Retail Consortium Title: Future Online Security: Tackling eCrime and Fraud Summary: The growth of e-commerce and corresponding opportunities for increasing fraudulent behaviour should not be underestimated. Retailers need to be sure that as they seek to expand their businesses via e-commerce the customers they attract will be well protected. Retailers invest significant resources in protecting their customers. But too often, the current law enforcement response to eCrime and fraud is inadequate. The BRC is calling for a dedicated national unit tasked to investigate and respond to the increasing levels of eCrime. Engagement between the private sector and law enforcement agencies should be focused on finding the most effective way to achieve a better response to eCrime and fraud. The focus must be on finding ways in which the public and private sectors can work more effectively together to reduce the level of offending and to raise consumer confidence. The value of internet retailing in 2009 was £18.5 billion. The value for 2010 to date (January to the end of October 2010) was £17 billion. This was a 21 per cent increase when compared to the same period in 2009. The BRC has undertaken this study to ensure that this important growth area of the economy is adequately policed and protected. Details: London: British Retail Consortium, 2010. 16p. Source: Internet Resource: Accessed October 14, 2012 at http://www.brc.org.uk/trct/downloads/Future%20Online%20Security.pdf Year: 2010 Country: United Kingdom URL: http://www.brc.org.uk/trct/downloads/Future%20Online%20Security.pdf Shelf Number: 126699 Keywords: Computer CrimesComputer FraudCybercrimesInternet Crime |
Author: Broadhurst, Roderic Title: Crime in Cyberspace: Offenders and the Role of Organized Crime Groups Summary: This working paper summarizes what is currently known about cybercrime offenders and groups. The paper briefly outlines definition and scope of cybercrime, the theoretical and empirical challenges in addressing what is known about cyber offenders, and the likely role of organized crime groups (OCG). The paper gives examples of known cases that illustrate individual and group behaviour, profiles typical offenders, including online child exploitation offenders, and describes methods and techniques commonly used to identify crimeware and help trace offenders. Details: Canberra: Australian National University, 2013. 35p. Source: Internet Resource: Working Paper: Accessed February 15, 2013 at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2211842 Year: 2013 Country: International URL: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2211842 Shelf Number: 127628 Keywords: CybercrimeInternet CrimeOnline Child Sex OffendersOrganized Crime |
Author: Muggah, Robert Title: A Fine Balance: Mapping Cyber (in)Security in Latin America Summary: This Strategic Paper examines the character and dynamics of cyber-crime and the ways in which it is being addressed in Latin America. A particular focus is on what might be described as “new criminality” emerging in cyberspace – organized criminal hacking, identity theft, advanced credit card fraud and online child exploitation. The Paper draws on a review of the public and grey literature from more than thirty countries and interviews with dozens of experts across the sub-continent to shed light on the present cyber-security and cyber-defence architecture being erected in Latin America. Overall, it finds that Latin America exhibits a heterogeneous landscape when it comes to cyber-crime. And while all countries have witnessed a surge in cyber-crime, threats and responses tend to be clustered in specific countries, such as Argentina, Brazil, Chile, Colombia, Cost Rica, the Dominican Republic and Mexico, where online populations and internet penetration rates are highest. This Strategic Paper finds that: • Latin American governments are only beginning to adopt laws, institutions and countermeasures to combat online criminality: At a regional level these efforts are being coordinated through the Organization of American States (OAS) and include harmonizing national legislation and adopting the Comprehensive Inter-American Strategy to Combat Threats to Cyber-Security; • Latin American country responses to cyber-crime are increasingly aligned: Most Latin American states are pursuing a 4-pillar strategy that includes: (i) the adoption of relevant legal frameworks; (ii) the creation of specialized law enforcement agencies; (iii) the formation of Computer Security Incident Response Teams (CSIRTs); and (iv) the establishment of specialized units within the executive branch of government; • Latin America´s civil society plays a major – if under-valued – role in cyber-security governance: Due to the decentralized character of the internet and overlapping forms of horizontal collaboration, civil society is in some cases far ahead of governments in assessing cyber-threats and formulating responses. Internationally, a number of non-governmental entities actually control systemic features of the worldwide web such as the attribution of domain names; and • Notwithstanding its comparative strengths and real exposure to cyber-threats, the private sector is less engaged in promoting and engaging in cyber-security across Latin America: Many larger corporations in the banking and services sectors are non-transparent about the scale of the threats they are facing. Owing to their desire to avoid loss in market share, they typically adopt low-key, periodic, and restricted actions. By contrast, companies involved in information technology manufacturing and services markets are more involved in supporting digital platforms designed to raise awareness. The Strategic Paper proceeds in several sections. The first section considers the conceptual gap which frustrates coherent approaches to addressing cyber-crime. While few experts dispute the risks presented by new forms of online criminality, there are no accepted definitions of cyber-crime, making it difficult to harmonize legislation and pursue investigations requiring transnational cooperation. Section two reviews the scale and dimensions of cyber-crime in Latin America, focusing primarily on the so-called new criminality. The third section provides a general review of regional approaches to containing cyber-crime, including legal conventions, guidelines and emerging practices, while Section four examines the operational responses of governments, private sector and non-governmental organizations. The final section offers some concluding reflections on future research directions. Details: Rio de Janeiro: Igarape Institute and The SecDev Foundation, 2012. 24p. Source: Internet Resource: Strategic Paper 2: Accessed March 20, 2013 at: http://igarape.org.br/wp-content/themes/igarape_v2/pdf/Strategic_Paper_02_23maio_WEB.pdf Year: 2012 Country: Central America URL: http://igarape.org.br/wp-content/themes/igarape_v2/pdf/Strategic_Paper_02_23maio_WEB.pdf Shelf Number: 128047 Keywords: Computer CrimesCyber SecurityCybercrime (Latin America)Internet Crime |
Author: Klimburg, Alexander, ed. Title: National Cyber Security Framework Manual Summary: As stated in the Strategic Concept for the Defence and Security of the Members of the North Atlantic Treaty Organisation of November 2010, NATO Member States have recognised that malicious cyber activities ‘can reach a threshold that threatens national and Euro-Atlantic prosperity, security and stability’.1 In order to assure the security of NATO’s territory and populations, the Alliance has committed to continue fulfilling its essential core tasks, inter alia, to deter and to defend against emerging security challenges, such as cyber threats.2 The revised NATO Policy on Cyber Defence of 8 June 2011 focuses NATO on the protection of its own communication and information systems in order to perform the Alliance’s core tasks of collective defence and crisis management.3 However, as cyber threats transcend State borders and organisational boundaries, the policy also stresses the need for cooperation of the Alliance with NATO partner countries, private sector and academia.4 NATO Member States reinforced the importance of international cooperation by stating in the Chicago Summit Declaration of May 2012 t hat ‘[t]o address the cyber security threats and to improve our common security, we are committed to engage with relevant partner countries on a case-by-case basis and with international organisations [...] in order to increase concrete cooperation.’5 Against this background, it is of paramount importance to increase the level of protection against cyber threats and to steadily improve the abilities to appropriately address cyber threats by Allies and NATO’s partner countries. The ‘National Cyber Security Framework Manual’ addresses national cyber security stakeholders in NATO Member States or NATO partner countries, including leaders, legislators, regulators and Internet Service Providers. It will serve as a guide to develop, improve or confirm national policies, laws and regulations, decisionmaking processes and other aspects relevant to national cyber security. Hence, this Manual will support NATO’s goal of enhancing the ‘common security’ with regard to ‘cyber security threats’, as expressed by the Allies in the aforementioned Chicago Summit Declaration. The implementation, maintenance and improvement of national cyber security comprises a range of elements. These can address strategic documents of political nature, laws, regulations, organisational and administrative measures, such as communication and crisis management procedures within a State, but also purely technical protection measures. Furthermore, awareness raising, training, education, exercises and international cooperation are important features of national cyber security. Thus, the aspects to be considered reach from the strategic through the administrative or operational to the tactical level. This Manual addresses all of those levels in the various sections, shows different possibilities of approaches to national cyber security, and highlights good practices within national cyber security strategies and techniques. This approach is based on the reasoning that States have different features and prerequisites with regard to their legal framework, historical and political contexts, governmental structure, organisational structures, crisis management processes, and mentality. Therefore, this Manual cannot provide a ‘blueprint’ which would be feasible and useful for all States, but rather shows diverse aspects and possibilities to be considered in the course of drafting a national cyber security strategy. Due to its rather academic approach – although being of practical use – and the incorporation of military aspects, the Manual differs from publications with a similar goal and target audience. Details: Tallinn, Estonia: NATO Cooperative Cyber Defence Centre of Excellence, 2012. 253p. Source: Internet Resource: Accessed April 5, 2013 at: http://www.ccdcoe.org/publications/books/NationalCyberSecurityFrameworkManual.pdf Year: 2012 Country: International URL: http://www.ccdcoe.org/publications/books/NationalCyberSecurityFrameworkManual.pdf Shelf Number: 128289 Keywords: CybercrimeCybersecurityInternet CrimeTerrorism |
Author: Australia. Parliament. Joint Select Committee on Cyber-Safety Title: Cybersafety for Seniors: A Worthwhile Journey. Second Interim Report Summary: Cyber technology has developed dramatically in the last 20 years and the internet and other new communications technologies have infiltrated lives in ways which would not have been imagined only a few years ago. Australians are now communicating with government, business, family and friends, as well as shopping and banking, online. While many senior Australians may have been reluctant to venture into the cyber world initially, seniors are now the fastest growing online user group in the country. Anyone who uses the internet is vulnerable to cyber security threats but the Committee found that seniors are particularly vulnerable for several reasons. Additionally, seniors are attractive targets for criminals because many seniors own substantial assets and have access to life savings and their superannuation. In many cases, seniors are looking for opportunities to invest their money, so they might be receptive to scams and fraudulent investment opportunities. The Committee spoke to seniors who have enthusiastically embraced the internet and other communications technology, and who act safely online. However, the Committee also received a lot of evidence showing that there are many senior Australians who either are not using the internet at all, or are using it with caution, because they are afraid of becoming involved in cyber security issues. Additionally, many are now too embarrassed to admit to family and others that they have no knowledge of the internet and no idea how they would go about ‘getting online’. For these seniors, education and training will be their key to becoming cyber savvy and cyber safe. Paradoxically, it is often the seniors who could most benefit from being online in their own home—that is, the geographically isolated or those who are housebound through disability or for other reasons—who have been left behind and are not yet online. Many of these seniors are hesitant to venture into the cyber world, if indeed they even knew how to do so. The Committee found that there is a lot of help available for seniors who want to go online, particularly in the more populated parts of the country. Many seniors’ groups, public libraries and government departments around the nation are helping seniors start the journey towards being cyber savvy. Some seniors’ clubs are teaching computing with a cybersafety component and some also teach dedicated cybersafety courses. The Universities of the Third Age are experiencing very high demand for their computer courses. Public libraries around the nation are doing an impressive job of helping seniors to safely use email, smartphones, social networking and to access government sites and services. Over 2,000 Broadband for Seniors kiosks are located around the nation offering free internet access and training for seniors. The Committee has made 13 recommendations in this unanimous report which should help improve cybersafety for senior Australians. Details: Canberra: Australian Parliament, 2013. 194p. Source: Internet Resource: Accessed April 25, 2013 at: http://apo.org.au/research/cybersafety-seniors-worthwhile-journey Year: 2013 Country: Australia URL: http://apo.org.au/research/cybersafety-seniors-worthwhile-journey Shelf Number: 128436 Keywords: Computer CrimeCubercrime (Australia)CybersecurityInternet Crime |
Author: Levin, Avner Title: International Comparison of Cyber Crime Summary: This report compares Canada’s international partners and several other countries on measures related to cyber-crime. The main findings are as follows: Countries distinguish in their policy and strategy documents between cyber-crimes, which are the domain of law enforcement agencies, and cyber-attacks which are increasingly the domain of the military. Canada’s international partners have turned their focus from the prevention of cyber- crime to the protection of critical national infrastructure from cyber-attacks. In order to cooperate effectively with its allies Canada must also focus on the protection of critical national infrastructure. However, the risk of this focus is the loss of cooperation with non-traditional allies, such as Russia and China, on the prevention of cyber-crimes. European countries and the US allow for warrant-less access to electronic information in order to prevent both cyber-crime and cyber-attacks. Other countries do not acknowledge this possibility publicly. The need for, and practice of, warrant-less lawful access or warrant-less lawful intercept is moot in Canada, given recent policy decisions to abandon such legislation. Countries have not attempted the creation of a ‘Nav-Canada’ type of agency (private-sector, not-for profit) to implement their cyber-security strategies. Agencies to combat cyber-crime or cyber-attacks are typically created as an organizational part of the existing law enforcement or military structure. Details: Ted Rogers School of Management, Ryerson University, 2013. 51p. Source: Internet Resource: Accessed May 4, 2013 at: http://www.ryerson.ca/tedrogersschool/privacy/documents/Ryerson_International_Comparison_ofCyber_Crime_-March2013.pdf Year: 2013 Country: Canada URL: http://www.ryerson.ca/tedrogersschool/privacy/documents/Ryerson_International_Comparison_ofCyber_Crime_-March2013.pdf Shelf Number: 128664 Keywords: Computer CrimeCybercrime (Canada, International)Internet Crime |
Author: Schjolberg, Judge Stein Title: Peace and Justice in Cyberspace. Potential new global legal mechanisms against global cyberattacks and other global cybercrimes Summary: In the prospect of an international criminal court lies the promise of universal justice. Without an international court or tribunal for dealing with the most serious cybercrimes of global concern, many serious cyberattacks will go unpunished. The most serious global cyberattacks in the recent year, have revealed that almost nobody is investigated and prosecuted, and nobody has been sentenced for those acts. Such acts need to be included in a global treaty or a set of treaties, and investigated and prosecuted before an international criminal court or tribunal. Cyberspace, as the fifth common space, after land, sea, air and outer space, is in great need for coordination, cooperation and legal measures among all nations. It is necessary to make the international community aware of the need for a global response to the urgent and increasing cyberthreats. Peace, justice and security in cyberspace should be protected by international law through a treaty or a set of treaties under the United Nations. The progressive developments of global cyberattacks, such as massive and coordinated attacks against critical information infrastructures of sovereign States, must necessitate an urgent response for a global treaty. Details: A Background Paper for EastWest Institute (EWI) Worldwide Cybersecurity Summit Special Interest Seminar: Harmonizing of Legal Frameworks for Cyberspace New Delhi, India October 30-31, 2012. 40p. Source: Internet Resource: Background Paper: Accessed June 1, 2013 at: http://cybersummit2012.com/sites/cybersummit2012.com/files/EWICybersecuritySummit.pdf Year: 2012 Country: International URL: http://cybersummit2012.com/sites/cybersummit2012.com/files/EWICybersecuritySummit.pdf Shelf Number: 128910 Keywords: Cyber SecurityCybercrimeInternet Crime |
Author: Tendulkar, Rohini Title: Cyber-crime, Securities Markets and Systemic Risk Summary: The soundness, efficiency and stability of securities markets relies on the quality of information provided; the integrity of people and service provision; the effectiveness of regulation; and increasingly the robustness of supporting technological infrastructure. Yet, there is limited public, targeted and in-depth study into how one of the more prominent technology-based risks: cyber-crime could and is impacting securities markets. Cyber-crime can be understood as an attack on the confidentiality, integrity and accessibility of an entity’s online/computer presence or networks – and information contained within. The Evolving Nature of Cyber-Crime In recent years, cyber-crime has become increasingly sophisticated, making it difficult to combat, detect and mitigate. The rise of a relatively new class of cyber-attack is especially troubling. This new class is referred to as an ‘Advanced Persistent Threat’ (APT).1 The costs of cyber-crime to society so far may already be substantial. Some studies cite figures as high as $388 billion2 or $ 1 trillion3. While these high numbers are contentious due to lack of reliability when it comes to reporting direct and indirect costs, a growing number of high-profile cyber-attacks, high financial losses incurred, and other real-world manifestations suggest a potential for widespread impact. A focus on the world’s exchanges To gather unique insights into the cyber-crime threat from a securities market perspective, the IOSCO Research Department, jointly with the World Federation of Exchanges Office, conducted a cyber-crime survey (hereafter the WFE/IOSCO survey) to some of our core financial market infrastructures - the world’s exchanges.4 This survey is intended as part of a series of surveys exploring perspectives and experiences with cyber-crime across different groups of securities market actors, financial institutions and regulators. In this first survey, a vast majority of respondents agree that cyber-crime in securities markets can be considered a potentially systemic risk (89%). The following factors shed light on why: Size, complexity and incentive structure Cyber-crime is already targeting a number of exchanges. Over half of exchanges surveyed report experiencing a cyber-attack in the last year (53%). Attacks tend to be disruptive in nature (rather than aiming for immediate financial gain). The most common forms of attack reported in the survey are Denial of Service attacks and malicious code (viruses). These categories of attack were also reported as the most disruptive. Financial theft did not feature in any of the responses. This suggests a shift in motive for cyber-crime in securities markets, away from financial gain and towards more destabilizing aims. It also distinguishes cyber-crime in securities markets from traditional crimes against the financial sector e.g. fraud, theft. Potential effect on market integrity and efficiency; infiltration of non-substitutable and/or interconnected services The instances of attacks against exchanges means that cyber-crime is already targeting securities markets’ core infrastructures and providers of essential (and non-substitutable services). At this stage, these cyber-attacks have not impacted core systems or market integrity and efficiency. However, some exchanges surveyed suggest that a large-scale, successful attack may have the potential to do so. Level of transparency and awareness Transparency in the form of information sharing is occurring widely. 70% of exchanges surveyed note that they share information with authorities, overseers or regulators. However, most of these arrangements are national in nature. There is also a high level of awareness of the threat across exchanges surveyed. Around 93% of exchanges surveyed report that cyber-threats are discussed and understood by senior management and almost 90% report having in place internal plans and documentation addressing cyber-crime. Level of cyber-security and cyber-resilience All exchanges surveyed appear to have in place myriad proactive and reactive defence and preventative measures (see Annex B) and report that cyber-attacks are generally detected immediately. Annual cyber-crime training for general (non-IT) staff is also a staple amongst the majority of respondent exchanges. However, a small but significant number of exchanges surveyed recognize that 100% security is illusionary, with around a quarter recognizing that current preventative and disaster recovery measures may not be able to stand up against a large-scale and coordinated attack. Around half of exchanges surveyed report having two separate groups for handling physical and cyber threats. Separation of the two teams could lead to challenges in engaging with cyber-physical threats, however these challenges may be easily overcome (if not already) through efficient and on-going coordination between the two groups. Further information around the level of coordination between these two groups could shed light on this point. Around 22% of exchanges surveyed report having cyber-crime insurance or something similar. This is mainly due to lack of availability or insufficient coverage of available insurance. Effectiveness of regulation A number of respondents expressed doubt over the effectiveness of current regulation in deterring cyber-criminals from damaging markets, since the global nature of the crime makes it difficult to identify and prosecute them. Only 59% of exchanges surveyed report sanctions regimes being in place for cyber-crime, in their jurisdiction. Of these, only half (55%) suggest that current sanction regimes are effective in deterring cyber-criminals. Engaging with the risk In terms of the future role of securities market regulators in engaging with cyber-crime in securities markets, the following activities were highlighted most frequently by exchanges surveyed: Updating/implementing regulation and standards (in collaboration with other authorities); Identifying and providing guidance on best practice, principles and/or frameworks; Building, partaking in and promoting information sharing networks; Acting as a repository of knowledge for securities market participants to tap into (e.g. keep up to date with trends, house technical expertise to answer industry questions, collect and record cases, identify biggest risks). Many of the exchanges surveyed underline a need for further policy but assert that any efforts in this space should: avoid being prescriptive; maintain flexibility to adapt to changing risks; concentrate on information sharing; effective regulations/legislation; providing guidance and principles; and not interfere with an institution’s own tailored internal measures or policy. Details: Paris: International Organisation of Securities Commissions or the World Federation of Exchanges. 2013. 59p. Source: Internet Resource: Staff Working Paper: [SWP1/2013]: Accessed July 18, 2013 at: http://www.world-exchanges.org/files/statistics/pdf/IOSCO_WFE_Cyber-crime%20report_Final_16July.pdf Year: 2013 Country: International URL: http://www.world-exchanges.org/files/statistics/pdf/IOSCO_WFE_Cyber-crime%20report_Final_16July.pdf Shelf Number: 129445 Keywords: Computer CrimeCybercrime (International)Financial CrimesInternet CrimeSecurities Markets |
Author: Jennings, Peter Title: The Emerging Agenda for Cybersecurity Summary: Cybersecurity is rapidly emerging as a high-priority policy challenge for the Australian Government. This rise reflects growing international concern about the impact of malicious cyberactivity. Notwithstanding recent government policy announcements, this paper, authored by Peter Jennings and Tobias Feakin, argues that significantly more needs to be done to ensure that Australia has the right policies in place to manage cybersecurity risk. The paper discusses the organisational problems that have slowed Australia’s work to develop a simple but effective cyber policy, and contrasts our experience with steps taken by our closest allies, the US and UK. It recommends things the government should do to develop a clear policy framework. Much of this work will need to be done quickly after the 2013 federal election so that Australia can play an influential role in shaping a global approach to cybersecurity. Details: Barton, ACT: Australian Strategic Policy Institute, 2013. 16p. Source: Internet Resource: Special Report: Accessed August 6, 2013 at: http://www.aspi.org.au/publications/publication_details.aspx?ContentID=369&pubtype=-1 Year: 2013 Country: Australia URL: http://www.aspi.org.au/publications/publication_details.aspx?ContentID=369&pubtype=-1 Shelf Number: 129553 Keywords: CybercrimeCybersecurity (Australia)Internet Crime |
Author: Center for Strategic and International Studies Title: The Economic Impact of Cybercrime and Cyber Espionage Summary: Is cybercrime, cyber espionage, and other malicious cyber activities what some call “the greatest transfer of wealth in human history,” or is it what others say is a “rounding error in a fourteen trillion dollar economy?” The wide range of existing estimates of the annual loss—from a few billion dollars to hundreds of billions—reflects several difficulties. Companies conceal their losses and some are not aware of what has been taken. Intellectual property is hard to value. Some estimates relied on surveys, which provide very imprecise results unless carefully constructed. One common problem with cybersecurity surveys is that those who answer the questions “self-select,” introducing a possible source of distortion into the results. Given the data collection problems, loss estimates are based on assumptions about scale and effect— change the assumption and you get very different results. These problems leave many estimates open to question. In this initial report we start by asking what we should count in estimating losses from cybercrime and cyber espionage. We can break malicious cyber activity into six parts: • The loss of intellectual property and business confidential information • Cybercrime, which costs the world hundreds of millions of dollars every year • The loss of sensitive business information, including possible stock market manipulation • Opportunity costs, including service and employment disruptions, and reduced trust for online activities • The additional cost of securing networks, insurance, and recovery from cyber attacks • Reputational damage to the hacked company Put these together and the cost of cybercrime and cyber espionage to the global economy is probably measured in the hundreds of billions of dollars. To put this in perspective, the World Bank says that global GDP was about $70 trillion in 2011. A $400 billion loss—the high end of the range of probable costs—would be a fraction of a percent of global income. But this begs several important questions about the full benefit to the acquirers and the damage to the victims from the cumulative effect of cybercrime and cyber espionage. Details: Santa Clara, CA: McAfee, 2013. 20p. Source: Internet Resource: Accessed August 6, 2013 at: http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf Year: 2013 Country: International URL: http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf Shelf Number: 129556 Keywords: Costs of CrimeCybercrimeCybersecurityEspionageInternet Crime |
Author: Great Britain. House of Commons. Home Affairs Committee Title: E-crime: Fifth Report of Session 2013-14 Summary: 1. We live in a world where terms like "Cyber crime" no longer belong in the realm of science fiction. Modern devices such as smart phones and tablets have brought the internet not only to our fingertips but to our bedsides, our pockets and to our children. And yet there is strong evidence that access to such technology, with all its opportunities and benefits, can put our businesses and our families at increasing risk of exploitation and internet-based crime (E-crime). 2. Identity theft, industrial espionage, credit card fraud, phishing, child exploitation - criminals use the internet as a means to commit a wide range of crimes. Perpetrators range from lone hackers, activist groups, Nation States sponsoring industrial espionage and organised criminal gangs. Victims include individuals who fall prey to scams and password theft to multinational companies such as, famously Sony. The financial details of 23,000 users of Sony Online Entertainment were stolen when its networks were breached by hackers in March 2011. The cost of the clean-up was reportedly $172m and the events caused a 9 % share price drop. 3. The internet has also been used to great effect by criminals to trade their cyber wares. Investigators have uncovered sophisticated black market operations such as DarkMarket and ShadowCrew who use the internet to trade cloned credit card data and bank account details, hire botnets (infected networks of computers) and deliver hacking tutorials. Although difficulties in establishing precise figures about the rate and the cost of cyber crime are acknowledged there is general agreement on its rapidly growing scale. Norton have calculated its global cost to be $388bn dollars a year in terms of financial losses and time lost. This is significantly more than the combined annual value of $288bn of the global black market trade in heroin, cocaine and marijuana. 4. UK governments have had a centralised approach to cyber crime and wider cyber threats since the launch of the UK's first Cyber Security Strategy in June 2009 and the corresponding National Cyber Security Programme (NCSP) launched in November 2011. In the course of this inquiry we have looked specifically at the Home Office's remit under its much heralded Cyber Security Strategy. Details: London: The Stationery Office Limited, 2013. 165p. Source: Internet Resource: Accessed August 8, 2013 at: http://www.publications.parliament.uk/pa/cm201314/cmselect/cmhaff/70/70.pdf Year: 2013 Country: United Kingdom URL: http://www.publications.parliament.uk/pa/cm201314/cmselect/cmhaff/70/70.pdf Shelf Number: 129591 Keywords: Computer CrimeCybercrime (U.K.)Internet CrimeTechnology and Crime |
Author: Negroponte, John D. Title: Defending an Open, Global, Secure, and Resilient Internet Summary: Over the course of the last four decades, the Internet has developed from an obscure government science experiment to one of the cornerstones of modern life. It has transformed commerce, created social and cultural networks with global reach, and become a surprisingly powerful vehicle for political organization and protest alike. And it has achieved all of this despite—or perhaps because of—its decentralized character. Throughout its public history, the Internet has been built and overseen by an international group of technical experts and government and user representatives committed to maintaining an open and unfettered global network. This vision, however, and the Internet to which it gave rise, is under threat from a number of directions. States are erecting barriers to the free flow of information to and through their countries. Even Western governments do not always agree on common content standards—the United States, for example, is more accepting of neo-Nazi content or Holocaust denial than are France or Germany. Other countries’ efforts to control the Internet have gone far beyond limiting hate speech or pornography. Iran, China, Saudi Arabia, Russia, and others have considered building national computer networks that would tightly control or even sever connections to the global Internet. State and nonstate actors, moreover, now regularly attack the websites and internal systems of businesses. Most of these attacks are for theft—cost estimates of intellectual property losses range as high as $500 billion per year. Other activities are related to sabotage or espionage. Hacking and defacing websites or social media feeds is a frequently used tool of political competition, while destructive programs such as Stuxnet are becoming increasingly sophisticated. Such activities can be expected to become more commonplace as critical systems become more interconnected and financial and technical barriers to entry for cyber activities fall further. A balkanized Internet beset by hostile cyber-related activities raises a host of questions and problems for the U.S. government, American corporations, and American citizens. The Council on Foreign Relations launched this Task Force to define the scope of this rapidly developing issue and to help shape the norms, rules, and laws that should govern the Internet. The Task Force recommends that the United States develop a digital policy framework based on four pillars. First, it calls on the U.S. government to share leadership with like-minded actors, including governments, private companies, and NGOs, to develop a global security framework based on a common set of principles and practices. Next, the Task Force recommends that all future trade agreements between the United States and its trading partners contain a goal of fostering the free flow of information and data across national borders while protecting intellectual property and individual privacy. Third, the Task Force urges the U.S. government to define and actively promote a vision of Internet governance that involves emerging Internet powers and expands and strengthens governance processes that include representatives of governments, private industry, and civil society. Finally, the report recommends that U.S.-based industry work rapidly to establish an industry-led approach to counter current and future cyberattacks. The United States needs to act proactively on these fronts, lest it risk ceding the initiative to countries whose interests differ significantly from its own. The Task Force further argues for greater public debate in the United States about cyber capabilities as instruments of national security. Some forty countries, including the United States, either have or are seeking cyber weapons. Greater public scrutiny and discussion will, among other things, help define the conditions under which cyber weapons might be used—conditions which should likely be highly limited in scope and subject to substantial oversight. Details: New York: Council on Foreign Relations, 2013. 125p. Source: Internet Resource: Independent Task Force Report No. 70: Accessed August 19, 2013 at: http://www.cfr.org/cybersecurity/defending-open-global-secure-resilient-internet/p30836 Year: 2013 Country: United States URL: http://www.cfr.org/cybersecurity/defending-open-global-secure-resilient-internet/p30836 Shelf Number: 129640 Keywords: Cyber SecurityCybercrime (U.S.)Internet Crime |
Author: Ponemon Institute LLC Title: Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Summary: With the increasing cost and volume of data breaches, cyber security is quickly moving from being considered by business leaders as a purely technical issue to a larger business risk. This shift has spurred increased interest in cyber insurance to mitigate the cost of these issues. In a new study sponsored by Experian® Data Breach Resolution, Ponemon Institute surveyed risk management professionals across multiple sectors that have considered or adopted cyber insurance. Based on responses, many understand that security is a clear and present risk. Indeed a majority of companies now rank cyber security risks as greater than natural disasters and other major business risks. Details: Ponemon Institute, 2013. 25p. Source: Internet Resource: Accessed August 19, 2013 at: http://www.experian.com/innovation/business-resources/ponemon-study-managing-cyber-security-as-business-risk.jsp?ecd_dbres_cyber_insurance_study_ponemon_referral Year: 2013 Country: International URL: http://www.experian.com/innovation/business-resources/ponemon-study-managing-cyber-security-as-business-risk.jsp?ecd_dbres_cyber_insurance_study_ponemon_referral Shelf Number: 129646 Keywords: Crimes Against BusinessesCyber-SecurityCybercrime (International)Internet CrimeRisk Management |
Author: United Nations Office on Drugs and Crime Title: Comprehensive Study on Cybercrime Summary: In 2011, at least 2.3 billion people, the equivalent of more than one third of the world's total population, had access to the internet. Over 60 per cent of all internet users are in developing countries, with 45 per cent of all internet users below the age of 25 years. By the year 2017, it is estimated that mobile broadband subscriptions will approach 70 per cent of the world's total population. By the year 2020, the number of networked devices (the 'internet of things') will outnumber people by six to one, transforming current conceptions of the internet. In the hyper-connected world of tomorrow, it will become hard to imagine a 'computer crime', and perhaps any crime, that does not involve electronic evidence linked with internet protocol (IP) connectivity. 'Definitions' of cybercrime mostly depend upon the purpose of using the term. A limited number of acts against the confidentiality, integrity and availability of computer data or systems represent the core of cybercrime. Beyond this, however, computer-related acts for personal or financial gain or harm, including forms of identity-related crime, and computer content-related acts (all of which fall within a wider meaning of the term 'cybercrime') do not lend themselves easily to efforts to arrive at legal definitions of the aggregate term. Certain definitions are required for the core of cybercrime acts. However, a 'definition' of cybercrime is not as relevant for other purposes, such as defining the scope of specialized investigative and international cooperation powers, which are better focused on electronic evidence for any crime, rather than a broad, artificial 'cybercrime' construct. In many countries, the explosion in global connectivity has come at a time of economic and demographic transformations, with rising income disparities, tightened private sector spending, and reduced financial liquidity. At the global level, law enforcement respondents to the study perceive increasing levels of cybercrime, as both individuals and organized criminal groups exploit new criminal opportunities, driven by profit and personal gain. Upwards of 80 percent of cybercrime acts are estimated to originate in some form of organized activity, with cybercrime black markets established on a cycle of malware creation, computer infection, botnet management, harvesting of personal and financial data, data sale, and 'cashing out' of financial information. Cybercrime perpetrators no longer require complex skills or techniques. In the developing country context in particular, subcultures of young men engaged in computer-related many of whom begin involvement in cybercrime in late teenage years. Globally, cybercrime acts show a broad distribution across financial-driven acts, and computer-content related acts, as well as acts against the confidentiality, integrity and accessibility of computer systems. Perceptions of relative risk and threat vary, however, between Governments and private sector enterprises. Currently, police-recorded crime statistics do not represent a sound basis for cross-national comparisons, although such statistics are often important for policy making at the national level. Two-thirds of countries view their systems of police statistics as insufficient for recording cybercrime. Police-recorded cybercrime rates are associated with levels of country development and specialized police capacity, rather than underlying crime rates. Victimization surveys represent a more sound basis for comparison. These demonstrate that individual cybercrime victimization is significantly higher than for 'conventional' crime forms. Victimization rates for online credit card fraud, identity theft, responding to a phishing attempt, and experiencing unauthorized access to an email account, vary between 1 and 17 per cent of the online population for 21 countries across the world, compared with typical burglary, robbery and car theft rates of under 5 per cent for these same countries. Cybercrime victimization rates are higher in countries with lower levels of development, highlighting a need to strengthen prevention efforts in these countries. Private sector enterprises in Europe report similar victimization rates - between 2 and 16 per cent - for acts such as data breach due to intrusion or phishing. Criminal tools of choice for these crimes, such as botnets, have global reach. More than one million unique IP addresses globally functioned as botnet command and control servers in 2011. Internet content also represented a significant concern for Governments. Material targeted for removal includes child pornography and hate speech, but also content related to defamation and government criticism, raising human rights law concerns in some cases. Almost 24 per cent of total global internet traffic is estimated to infringe copyright, with downloads of shared peer-to-peer (P2P) material particularly high in countries in Africa, South America, and Western and South Asia. Details: Vienna: UNODC, 2013. 320p. Source: Internet Resource: Draft: Accessed November 7, 2013 at: http://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf Year: 2013 Country: International URL: http://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf Shelf Number: 131602 Keywords: Computer CrimeCybercrime (International)Financial CrimesInternet Crime |
Author: Ponemon Institute Title: 2012 Cost of Cyber Crime Study: United States Summary: This year's study is based on a representative sample of 56 organizations in various industry sectors. While our research focused on organizations located in the United States, many are multinational corporations. Cyber attacks generally refer to criminal activity conducted via the Internet. These attacks can include stealing an organization's intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country's critical national infrastructure. Consistent with the previous two studies, the loss or misuse of information is the most significant consequence of a cyber attack. Based on these findings, organizations need to be more vigilant in protecting their most sensitive and confidential information. Key takeaways from this research include: - Cyber crimes continue to be costly. We found that the average annualized cost of cyber crime for 56 organizations in our study is $8.9 million per year, with a range of $1.4 million to $46 million. In 2011, the average annualized cost was $8.4 million. This represents an increase in cost of 6 percent or $500,000 from the results of our cyber cost study published last year. - Cyber attacks have become common occurrences. The companies in our study experienced 102 successful attacks per week and 1.8 successful attacks per company per week. This represents an increase of 42 percent from last year's successful attack experience. Last year's study reported 72 successful attacks on average per week. - The most costly cyber crimes are those caused by denial of service, malicious insiders and web-based attacks. Mitigation of such attacks requires enabling technologies such as SIEM, intrusion prevention systems, application security testing and enterprise governance, risk management and compliance (GRC) solutions. The purpose of this benchmark research is to quantify the economic impact of cyber attacks and observe cost trends over time. We believe a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack. Details: Traverse City, MI: Ponemon Institute, 2012. 30p. Source: Internet Resource: Accessed March 15, 2014 at: http://www.ponemon.org/local/upload/file/2012_US_Cost_of_Cyber_Crime_Study_FINAL6%20.pdf Year: 2012 Country: United States URL: http://www.ponemon.org/local/upload/file/2012_US_Cost_of_Cyber_Crime_Study_FINAL6%20.pdf Shelf Number: 131925 Keywords: Costs of CrimeCrime StatisticsCybercrimeInternet Crime |
Author: Ablon, Lillian Title: Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar Summary: Markets are good because they facilitate economic efficiency, but when that efficiency facilitates criminal activity, such "black markets" can be deemed harmful. Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets in both the tools (e.g., exploit kits) and the take (e.g., credit card information). As with most things, intent is what can make something criminal or legitimate, and there are cases where goods or services can be used for altruistic or malicious purposes (e.g., bulletproof hosting and zero-day vulnerabilities). This report describes the fundamental characteristics of these markets and how they have grown into their current state in order to give insight into how their existence can harm the information security environment. Understanding the current and predicted landscape for these markets lays the groundwork for follow-on exploration of options that could minimize the potentially harmful influence these markets impart. This report assumes the reader has a basic understanding of the cyber, criminal, and economic domains, but includes a glossary to supplement any gaps. This report should be of interest to cybersecurity, information security, and law enforcement communities. It was sponsored by Juniper Networks as part of a multiphase study on the future security environment. Details: Santa Monica, CA: RAND, 2014. 83p. Source: Internet Resource: Accessed April 19, 2014 at: https://www.rand.org/content/dam/rand/pubs/research_reports/RR600/RR610/RAND_RR610.pdf Year: 2014 Country: International URL: https://www.rand.org/content/dam/rand/pubs/research_reports/RR600/RR610/RAND_RR610.pdf Shelf Number: 132082 Keywords: Black MarketsComputer CrimesCybercrimesCybersecurityHackersIllegal MarketsInternet Crime |
Author: Libicki, Martin C. Title: Hackers Wanted: An Examination of the Cybersecurity Labor Market Summary: There is a general perception that there is a shortage of cybersecurity professionals within the United States, and a particular shortage of these professionals within the federal government, working on national security as well as intelligence. Shortages of this nature complicate securing the nation's networks and may leave the United States ill-prepared to carry out conflict in cyberspace. RAND examined the current status of the labor market for cybersecurity professionals - with an emphasis on their being employed to defend the United States. This effort was in three parts: first, a review of the literature; second, interviews with managers and educators of cybersecurity professionals, supplemented by reportage; and third, an examination of the economic literature about labor markets. RAND also disaggregated the broad definition of "cybersecurity professionals" to unearth skills differentiation as relevant to this study. In general, we support the use of market forces (and preexisting government programs) to address the strong demand for cybersecurity professionals in the longer run. Increases in educational opportunities and compensation packages will draw more workers into the profession over time. Cybersecurity professionals take time to reach their potential; drastic steps taken today to increase their quantity and quality would not bear fruit for another five to ten years. By then, the current concern over cybersecurity could easily abate, driven by new technology and more secure architectures. Pushing too many people into the profession now could leave an overabundance of highly trained and narrowly skilled individuals who could better be serving national needs in other vocations. Details: Santa Monica, CA: RAND, 2014. 106p. Source: Internet Resource: Accessed July 3, 2014 at: http://www.rand.org/pubs/research_reports/RR430.html Year: 2014 Country: International URL: http://www.rand.org/pubs/research_reports/RR430.html Shelf Number: 132617 Keywords: Computer CrimeCyberattacksCybercrime (U.S.)CybersecurityInternet CrimeNational SecurityTerrorism |
Author: Hartwig, Robert P. Title: Cyber Risks: The Growing Threat Summary: Amid a rising number of high profile mega data breaches-most recently at eBay, Target and Neiman Marcus-government is stepping up its scrutiny of cyber security. This is leading to increased calls for legislation and regulation, placing the burden on companies to demonstrate that the information provided by customers and clients is properly safeguarded online. Despite the fact that cyber risks and cyber security are widely acknowledged to be a serious threat, many companies today still do not purchase cyber risk insurance. However, this is changing. Recent legal developments underscore the fact that reliance on traditional insurance policies is not enough, as companies face growing liabilities in this fast-evolving area. Specialist cyber insurance policies have been developed by insurers to help businesses and individuals protect themselves from the cyber threat. Market intelligence suggests that the types of specialized cyber coverage being offered by insurers are expanding in response to this fast-growing market need. There is also growing evidence that in the wake of the Target data breach and other high profile breaches, the number of policies is increasing, and that insurance has a key role to play as companies and individuals look to better manage and reduce their potential financial losses from cyber risks in future. Details: Insurance Information Institute, 2014. 27p. Source: Internet Resource: White Paper: Accessed July 23, 2014 at: http://www.iii.org/sites/default/files/docs/pdf/paper_cyberrisk_2014.pdf Year: 2014 Country: United States URL: http://www.iii.org/sites/default/files/docs/pdf/paper_cyberrisk_2014.pdf Shelf Number: 132740 Keywords: Computer CrimeCyber SecurityCybercrimeIdentity TheftInternet Crime |
Author: Katz, Ilan Title: Research on youth exposure to, and management of, cyberbullying incidents in Australia Summary: The Social Policy Research Centre was commissioned by the Australia Government, as part of its commitment to Enhance Online Safety for Children External Links icon , to investigate youth exposure to cyberbullying and how it is being managed. The report was developed in collaboration with National Children's and Youth Law Centre, the University of South Australia, the Young and Well Cooperative Research Centre, and the University of Western Sydney. The research shows that each year, one in five young Australians aged 8-17 are victims of cyberbullying. This behaviour is most prominent in children aged 10-15 years, with prevalence decreasing for 16-17 year-olds. The estimated number of children and young people who were victims of cyberbullying last year was approximately 463,000, with around 365,000 in the 10-15 age group. The report also notes that the prevalence of cyberbullying has 'rapidly increased' since it first emerged as a behaviour. The report indicates that the most appropriate way of addressing cyberbullying is to introduce a series of responses including restorative approaches, educating young people about the consequences of cyberbullying, and requiring social networking sites to take down offensive material. The findings are presented in three parts. Please click on the links below for the separate sections or see the synthesis report for the collated findings. Part A: The estimated prevalence of cyberbullying incidents involving Australian minors, based on a review of existing published research including how such incidents are currently being dealt with. Part B: The estimated prevalence of cyberbullying incidents involving Australian minors that are reported to police, community legal advice bodies and other related organisations, the nature of these incidents, and how such incidents are currently being dealt with. Part C: An evidence-based assessment to determine, if a new, simplified cyberbullying offence or a new civil enforcement regime were introduced, how such an offence or regime could be implemented, in conjunction with the existing criminal offences, to have the greatest material deterrent effect. Appendix A: Literature review - International responses to youth cyberbullying and current Australian legal context Appendix B: Findings of research with adult stakeholders Appendix C: Findings of research with youth Appendix D: Supplementary data and analysis Details: Sydney: Social Policy Research Centre, UNSW Australia, 2014. 8 parts Source: Internet Resource: Accessed August 14, 2014 at: https://www.sprc.unsw.edu.au/research/projects/cyberbullying/ Year: 2014 Country: Australia URL: https://www.sprc.unsw.edu.au/research/projects/cyberbullying/ Shelf Number: 133046 Keywords: BullyingComputer CrimeCyberbullying (Australia)CybercrimeInternet CrimeJuvenile OffendersOnline CommunicationsOnline SafetySocial Networks |
Author: Helsper, Ellen J. Title: Country Classification: Opportunities, Risks, Harm and Parental Mediation Summary: This report updates and deepens the understanding of cross-national differences among the countries surveyed in EU Kids Online. Where the previous classification was based simply on the percentage of children in each country who used the internet daily, and who had encountered one or more risks, this report examines the range and type of online opportunities, risks and harm experienced by the children in each country. It also takes into account the ways in which parents mediate or regulate their children's internet use in each country. Clusters of countries are most clearly distinguished in terms of sexual content risks. Children who are bullied or who give away personal data are uniformly distributed across the countries. Using these and many other factors, the report identifies four country clusters overall: unprotected networkers, protected by restrictions, semi supported risky gamers, and supported risky explorers. This new analysis reveals that differences within countries are substantially larger than differences between countries, whether measured in terms of online opportunities, risk of harm or forms of parental mediation. The advantage of such pan-European similarities is that it makes sense for policy makers in one country to learn from the best practice initiated in another. Details: London: EU Kids Online, 2013. 46p. Source: Internet Resource: Accessed August 23, 2014 at: http://www.lse.ac.uk/media@lse/research/EUKidsOnline/EU%20Kids%20III/Classification/Country-classification-report-EU-Kids-Online.pdf Year: 2013 Country: Europe URL: http://www.lse.ac.uk/media@lse/research/EUKidsOnline/EU%20Kids%20III/Classification/Country-classification-report-EU-Kids-Online.pdf Shelf Number: 129952 Keywords: Computer CrimesInternet CrimeOnline Victimization (Europe)Social Networking |
Author: Stottelaar, Bas Title: Online social sports networks as crime facilitators Summary: Emerging technologies such as broadband services and mobile and wireless technologies create not only benefits for the community but also risks (Choo, Smith & McCusker, 2007). The implications of these developments should be evaluated to make any necessary changes to policing, policy and legislation. This study investigates the risk of disclosure of confidential information via online public exercise routes. The study identified in particular whether a) people inadvertently disclose their home address more often indirectly via online sports tracking networks than directly via other means and whether b) gender and age play a role in this disclosure. In addition, an analysis of the temporal characteristics of runs was performed to establish the window of opportunity for a home burglary and whether running is temporally predictable by hour of day or day of week. A total of 513 RunKeeper users were selected from the Dutch cities of Enschede and Nijmegen. 231 runners (45.03%) were located via RunKeeper and 122 (23.78%) via other Internet (i.e. non-social sports network) sources. It was found that a statistical difference exists between the indirect and direct disclosure of addresses; more runners disclose their home address via online sports tracking networks than via other sources. Furthermore, it was found that age played a role in the direct disclosure of addresses but not in the indirect disclosure. Older users more often disclosed their home address directly than younger ones. Conversely, gender plays a role in the indirect disclosure but not in the direct disclosure. Men more often disclosed their home address indirectly than women. Regarding temporal characteristics, it was found that the window of opportunity for a burglary is approximately 1 hour. Furthermore, the `within subject' analysis suggests that the starting hour of the run is the most predictable temporal characteristic, followed by the duration of the run and the day of the week. This research ultimately shows the extent to which the unique combination of spatial and temporal information available in online sports tracking networks can enable criminals to predict where a potential target lives and when he or she will be out running. Details: Crime Science, 3 (8). pp. 1-20. Source: Internet Resource: Accessed November 20, 2014 at: http://eprints.eemcs.utwente.nl/24780/01/s40163-014-0008-z.pdf Year: 2014 Country: Netherlands URL: http://eprints.eemcs.utwente.nl/24780/01/s40163-014-0008-z.pdf Shelf Number: 134158 Keywords: Cyber Security Cybercrime Internet CrimeSocial Networks Sports (Netherlands) |
Author: Panda Security Title: The Cyber-Crime Black Market: Uncovered Summary: Many of us in the team at Panda Security spend a lot of time traveling and attending all types of events: from specialized IT industry fairs and congresses, to those aimed at businesses, end-users, etc. Yet even though it is becoming more common to hear about the arrest of hackers that steal information and profit from it in many different ways, there are still many members of the public, not necessarily dedicated to IT security, who ask us: "Why would anyone want to steal information from me? I don't have anything of interest..." Another factor to bear in mind is that today's profit-oriented malware is designed to steal data surreptitiously, so the first indication that you have been a victim is when you get your bank or Paypal account statement. Moreover, there is a general perception that this problem only affects home users, and that businesses are immune. The result of our research, as you will read below, shows that this is not the case: Today nobody - neither home users nor businesses- is safe from confidential data theft (and the consequent fraud). This is despite the increased effort in recent years to improve awareness and education in IT security, initiated by governmental agencies in many countries, and of course, thanks to the security industry as a whole, along with other institutions, organizations, media, blogs, etc., who have been assisting with the task for some time now. Although we don't have precise data, we believe that this nefarious business has expanded with the economic crisis. Previously it was in no way easy to locate sites or individuals dedicated to this type of business, yet now it's relatively simple to come across these types of offers on underground forums. Details: Madrid: Panda Security, 2011. 44p. Source: Internet Resource: Accessed February 18, 2015 at: http://www.wgains.com/Assets/Attachments/The-Cyber-Crime-Black-Market.pdf Year: 2011 Country: International URL: http://www.wgains.com/Assets/Attachments/The-Cyber-Crime-Black-Market.pdf Shelf Number: 134636 Keywords: Computer CrimeComputer SecurityCyber SecurityCybercrimeInternet CrimeInternet Security |
Author: Financial Industry Regulatory Authority Title: Report on Cybersecurity Practices Summary: Like many organizations in the financial services and other sectors, broker-dealers (firms) are the target of cyberattacks. The frequency and sophistication of these attacks is increasing and individual broker-dealers, and the industry as a whole, must make responding to these threats a high priority. This report is intended to assist firms in that effort. Based on FINRA's 2014 targeted examination of firms and other related initiatives, the report presents FINRA's latest work in this critical area. Given the rapidly evolving nature and pervasiveness of cyberattacks, it is unlikely to be our last. A variety of factors are driving firms' exposure to cybersecurity threats. The interplay between advances in technology, changes in firms' business models, and changes in how firms and their customers use technology create vulnerabilities in firms' information technology systems. For example, firms' Web-based activities can create opportunities for attackers to disrupt or gain access to firm and customer information. Similarly, employees and customers are using mobile devices to access information at broker-dealers that create a variety of new avenues for attack. The landscape of threat actors includes cybercriminals whose objective may be to steal money or information for commercial gain, nation states that may acquire information to advance national objectives, and hacktivists whose objectives may be to disrupt and embarrass an entity. Attackers, and the tools available to them, are increasingly sophisticated. Insiders, too, can pose significant threats. This report presents an approach to cybersecurity grounded in risk management to address these threats. It identifies principles and effective practices for firms to consider, while recognizing that there is no one-size-fits-all approach to cybersecurity. Key points in the report include: 00 A sound governance framework with strong leadership is essential. Numerous firms made the point that board- and senior-level engagement on cybersecurity issues is critical to the success of firms' cybersecurity programs. 00 Risk assessments serve as foundational tools for firms to understand the cybersecurity risks they face acrosacross the range of the firm's activities and assets-no matter the firm's size or business model. 00 Technical controls, a central component in a firm's cybersecurity program, are highly contingent on firms' individual situations. Because the number of potential control measures is large and situation dependent, FINRA discusses only a few representative controls here. Nonetheless, at a more general level, a defense-in-depth strategy can provide an effective approach to conceptualize control implementation. 00 Firms should develop, implement and test incident response plans. Key elements of such plans include containment and mitigation, eradication and recovery, investigation, notification and making customers whole. 00 Broker-dealers typically use vendors for services that provide the vendor with access to sensitive firm or client information or access to firm systems. Firms should manage cybersecurity risk exposures that arise from these relationships by exercising strong due diligence across the lifecycle of their vendor relationships. 00 A well-trained staff is an important defense against cyberattacks. Even well-intentioned staff can become inadvertent vectors for successful cyberattacks through, for example, the unintentional downloading of malware. Effective training helps reduce the likelihood that such attacks will be successful. 00 Firms should take advantage of intelligence-sharing opportunities to protect themselves from cyber threats. FINRA believes there are significant opportunities for broker-dealers to engage in collaborative self defense through such sharing. Details: Washington, DC: FINRA, 2015. 46p. Source: Internet Resource: Accessed March 18, 2015 at: https://www.finra.org/sites/default/files/p602363%20Report%20on%20Cybersecurity%20Practices_0.pdf Year: 2015 Country: International URL: https://www.finra.org/sites/default/files/p602363%20Report%20on%20Cybersecurity%20Practices_0.pdf Shelf Number: 134961 Keywords: Computer SecurityCybercrimeCybersecurityFinancial CrimesInternet CrimeRisk Assessment |
Author: Chertoff, Michael Title: The Impact of the Dark Web on Internet Governance and Cyber Security Summary: With the Internet Corporation for Assigned Names and Numbers' contract with the United States Department of Commerce due to expire in 2015, the international debate on Internet governance has been re-ignited. However, much of the debate has been over aspects of privacy and security on the visible Web and there has not been much consideration of the governance of the "deep Web" and the "dark Web." The term deep Web is used to denote a class of content on the Internet that, for various technical reasons, is not indexed by search engines. The dark Web is a part of the deep Web that has been intentionally hidden and is inaccessible through standard Web browsers. A relatively known source for content that resides on the dark Web is found in the Tor network. Tor, and other similar networks, enables users to traverse the Web in near-complete anonymity by encrypting data packets and sending them through several network nodes, called onion routers. Like any technology, from pencils to cellphones, anonymity can be used for both good and bad. Users who fear economic or political retribution for their actions turn to the dark Web for protection. But there are also those who take advantage of this online anonymity to use the dark Web for illegal activities such as controlled substance trading, illegal financial transactions, identity theft and so on. Considering that the dark Web differs from the visible Web, it is important to develop tools that can effectively monitor it. Limited monitoring can be achieved today by mapping the hidden services directory, customer data monitoring, social site monitoring, hidden service monitoring and semantic analysis. The deep Web has the potential to host an increasingly high number of malicious services and activities. The global multi-stakeholder community needs to consider its impact while discussing the future of Internet governance. Details: Waterloo, ON: London: Centre for International Governance Innovation and the Royal Institute for International Affairs, 2015. 18p. Source: Internet Resource: Paper Series: No. 6: Accessed April 15, 2015 at: https://www.cigionline.org/sites/default/files/gcig_paper_no6.pdf Year: 2015 Country: International URL: https://www.cigionline.org/sites/default/files/gcig_paper_no6.pdf Shelf Number: 135233 Keywords: Computer CrimesCybercrimeCybersecurityDark WebInternet Crime |
Author: Nolan, Andrew Title: Cybersecurity and Information Sharing: Legal Challenges and Solutions Summary: Over the course of the last year, a host of cyberattacks has been perpetrated on a number of high profile American companies. The high profile cyberattacks of 2014 and early 2015 appear to be indicative of a broader trend: the frequency and ferocity of cyberattacks are increasing, posing grave threats to the national interests of the United States. While considerable debate exists with regard to the best strategies for protecting America's various cyber-systems and promoting cybersecurity, one point of general agreement amongst cyber-analysts is the perceived need for enhanced and timely exchange of cyber-threat intelligence both within the private sector and between the private sector and the government. Nonetheless, there are many reasons why entities may opt to not participate in a cyber-information sharing scheme, including the potential liability that could result from sharing internal cyber-threat information with other private companies or the government. More broadly, the legal issues surrounding cybersecurity information sharing - whether it be with regard to sharing between two private companies or the dissemination of cyber-intelligence within the federal government - are complex and have few certain resolutions. In this vein, this report examines the various legal issues that arise with respect to the sharing of cybersecurity intelligence, with a special focus on two distinct concepts: (1) sharing of cyberinformation within the government's possession and (2) sharing of cyber-information within the possession of the private sector. With regard to cyber-intelligence that is possessed by the federal government, the legal landscape is relatively clear: ample legal authority exists for the Department of Homeland Security (DHS) to serve as the central repository and distributor of cyber-intelligence for the federal government. Nonetheless, the legal authorities that do exist often overlap, perhaps resulting in confusion as to which of the multiple sub-agencies within DHS or even outside of DHS should be leading efforts on the distribution of cyber-information within the government and with the public. Moreover, while the government has wide authority to disclose cyber-intelligence within its possession, that authority is not limitless and is necessarily tied to laws that restrict the government's ability to release sensitive information within its possession. With regard to cyber-intelligence that is possessed by the private sector, legal issues are clouded with uncertainty. A private entity that wishes to share cyber-intelligence with another company, an information sharing organization like an Information Sharing and Analysis Organization (ISAO) or an Information Sharing and Analysis Centers (ISAC), or the federal government may be exposed to civil or even criminal liability from a variety of different federal and state laws. Moreover, because of the uncertainty that pervades the interplay between laws of general applicability - like federal antitrust or privacy law - and their specific application to cyberintelligence sharing, it may be very difficult for any private entity to accurately assess potential liability that could arise by participating in a sharing scheme. In addition, concerns may arise with regard to how the government collects and maintains privately held cyber-intelligence, including fears that the information disclosed to the government could (1) be released through a public records request; (2) result in the forfeit of certain intellectual property rights; (3) be used against a private entity in a subsequent regulatory action; or (4) risk the privacy rights of individuals whose information may be encompassed in disclosed cyber-intelligence. The report concludes by examining the major legislative proposal - including the Cyber Intelligence Sharing and Protection Act (CISPA), Cybersecurity Information Sharing Act (CISA), and the Cyber Threat Sharing Act (CTSA) - and the potential legal issues that such laws could prompt. Details: Washington, DC: Congressional Research Service, 2015. 62p. Source: Internet Resource: R43941: Accessed April 25, 2015 at: http://www.fas.org/sgp/crs/intel/R43941.pdf Year: 2015 Country: United States URL: http://www.fas.org/sgp/crs/intel/R43941.pdf Shelf Number: 135398 Keywords: Cyber SecurityCybercrime (U.S.)Information SharingIntelligence GatheringInternet Crime |
Author: Gu, Lion Title: The Mobile Cybercriminal Underground Market in China Summary: The mobile Web is significantly changing the world. More and more people are replacing their PCs with various mobile devices for both work and entertainment. This change in consumer behavior is affecting the cybercriminal underground economy, causing a so-called "mobile underground" to emerge. This research paper provides a brief overview of some basic underground activities in the mobile space in China. It describes some of the available mobile underground products and services with their respective prices. Note that the products and services and related information featured in this paper were obtained from various sites and QQ chats. Details: Irving, TX: Trend Micro, 2014. 17p. Source: Internet Resource: Cybercriminal Underground Economy Series: Accessed May 15, 2015 at: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-mobile-cybercriminal-underground-market-in-china.pdf Year: 2014 Country: China URL: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-mobile-cybercriminal-underground-market-in-china.pdf Shelf Number: 135688 Keywords: Computer CrimeCybercrimeInternet CrimeUnderground Economy |
Author: Goncharov, Max Title: Russian Underground 101 Summary: This research paper intends to provide a brief summary of the cybercriminal underground and shed light on the basic types of hacker activity in Russia. The bulk of the information in this paper was based on data gathered from online forums and services used by Russian cybercriminals. We also relied on articles written by hackers on their activities, the computer threats they create, and the kind of information they post on forums' shopping sites. Online fraud has long since moved from being a mere hobby to a means for cybercriminals to earn a living. This paper examines what is being sold on the most popular cybercrime forums like antichat.ru, xeka.ru, and cardingcc.com; which items are in demand; and what services professional fraudsters offer. The fraudsters consider the Internet a playing field. It has many vulnerable sites and a great deal of unprotected data. While "protected" data do exist, the places they are stored in can still be hacked. Some cybercriminals shared their experience in hacking; generating traffic; and writing code for Trojans, exploits, and other malware via online articles. This paper discusses fundamental concepts that Russian hackers follow and the information they share with their peers. It also examines prices charged for various types of services, along with how prevalent the given services are in advertisements. The primary features of each type of activity and examples of associated service offerings are discussed as well. Each section of this paper focuses on a specific type of criminal activity, good, or service in the Russian underground market. Details: Irving, TX: Trend Micro, 2012. 29p. Source: Internet Resource: Accessed May 16, 2015 at: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf Year: 2012 Country: Russia URL: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf Shelf Number: 135689 Keywords: Computer CrimeCybercrimeFraudInternet CrimeUnderground EconomyUnderground Markets |
Author: Goncharov, Max Title: Russian Underground Revisited Summary: In 2012, we published "Russian Underground 101," which provided a brief summary of the cybercriminal underground and shed light on the basic types of hacker activity in the region. This year, we revisited the Russian cybercriminal underground market to update the information we provided then. As in the 2012 paper, the bulk of the information in this paper was based on data gathered from online forums and services used by cybercriminals in the region. We also relied on articles written by hackers on their activities, the computer threats they create, and the kind of information they post on forums' shopping sites. It also discusses fundamental concepts that hackers follow and the information they share with their peers and compares product and service prices from 2011 to 2013. Primary features of each product or service and examples are also provided. This paper is divided into five main sections - introduction, what characterizes the Russian underground market unique, products, services, and cybercriminal ware offerings in the market. This section discusses how we gathered data, normalized prices, and classified an offering as either a product or a service to answer questions we received when we published the 2012 paper. The second section characterizes the Russian underground market. It differentiates the region's underground market from others. The third and fourth sections, meanwhile, provide detailed descriptions of the most common products and services, respectively, offered in the Russian underground market. The last section provides pricing information on the products and services sold in the market. The cybercriminal underground economy, much like any other type of business economy, experiences pricing highs and lows, depending on demand and supply. In the Russian cybercriminal underground market's case, the huge demand for credit card credentials drives prices up. Then again, incidents such as the massive breaches involving popular retailers a few months ago, which increased the supply of such credentials, drive prices down. Unlike legitimate businesspeople, however, cybercriminals need to keep their identities secret and, as much as possible, hide all traces of their "business" transactions. Factors like this make real-time transactions almost impossible to do in the underground market. That said, business dealings in cybercriminal underground markets are much slower than in the legitimate business world. Even though the prices of most products and services sold in the Russian underground market have been decreasing, that does not mean that business is not doing well for cybercriminals. It can even mean that the market is growing, as we see more and more product and service offerings as time passes. Cybercriminals, like legitimate businesspeople, are also automating processes, resulting in lower product and service prices. Of course, "boutique" products and services remain expensive because these involve specialized knowledge and skills to develop that only a few bad guys have. What we all need to keep in mind is that as long as profit can be made, cybercriminals will continue to offer products and services that can make life easier for themselves and their peers. And as long as customers exist, the cybercriminal underground will thrive. As users and potential victims, we all need to keep an eye out for the latest misdeeds to stay safe from all kinds of digital threats. Details: Irving, TX: Trend Micro, 2014. 25p. Source: Internet Resource: Cybercriminal Underground Economy Series: Accessed May 16, 2015 at: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-revisited.pdf Year: 2014 Country: Russia URL: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-revisited.pdf Shelf Number: 135690 Keywords: Computer Crime Cybercrime FraudInternet Crime Underground Economy Underground Markets |
Author: Gu, Lion Title: The Chinese Underground in 2013 Summary: Places in the Internet where cybercriminals converge to sell and buy different products and services exist. Instead of creating their own attack tools from scratch, they can instead purchase what they need from peers who offer competitive prices. Like any other market, the laws of supply and demand dictate prices and feature offerings. But what's more interesting to note is that recently, prices have been going down. Over the years, we have been keeping tabs on major developments in the cybercriminal underground in an effort to stay true to our mission - to make the world safe for the exchange of digital information. Constant monitoring of cybercriminal activities for years has allowed us to gather intelligence to characterize the more advanced markets we have seen so far and to come up with comprehensive lists of offerings in them. The barriers to launching cybercrime have decreased. Toolkits are becoming more available and cheaper; some are even offered free of charge. Prices are lower and features are richer. Underground forums are thriving worldwide, particularly in Russia, China, and Brazil. These have become popular means to sell products and services to cybercriminals in the said countries. Cybercriminals are also making use of the Deep Web to sell products and services outside the indexed or searchable World Wide Web, making their online "shops" harder for law enforcement to find and take down. All of these developments mean that the computing public is at risk of being victimized more than ever and must completely reconsider how big a part security should play in their everyday computing behaviors. We have been continuously monitoring the Chinese underground market since 2011. And by the end of 2013, we have seen more than 1.4 million instant chat messages related to activities in the market from QQ Groups alone. This research paper reviews these millions of messages, along with trends observed and product and service price updates seen in the Chinese underground market throughout 2013. Details: Irving, TX: Trend Micro, 2014. 21p. Source: Internet Resource: Cybercriminal Underground Economy Series: Accessed May 16, 2015 at: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-chinese-underground-in-2013.pdf Year: 2014 Country: China URL: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-chinese-underground-in-2013.pdf Shelf Number: 135691 Keywords: Computer Crime Cybercrime FraudInternet Crime Underground Economy Underground Markets |
Author: Merces, Fernando Title: The Brazilian Underground: A Market for Cybercriminal Wannabes? Summary: The Cybercriminal Underground Economy Series (CUES) has established that there is a booming underground market where cybercriminals can buy and sell products and services they use for their activities. This thriving market has provided attackers with the tools and knowledge needed to break barriers and launch cybercrime attacks. Very much like any other market, the laws of supply and demand dictate prices of the products and services being offered. The availability of materials used to inflict harm has increased: toolkits are more visible and their prices are getting cheaper. Interestingly enough, as the prices went lower, the features grew richer. In our continuing effort to closely observe booming underground markets scattered in different countries across the globe, this Trend Micro research paper closely looks at the continuing maturity of the Brazilian underground despite the lack of development in available tools and tactics. Similar to other cybercriminal underground markets like those that exist in China and Russia, the Brazilian underground possesses unique characteristics such as the use of popular social media platforms to commit fraud instead of hiding in the deep recesses of the Web with tools that ordinary users normally don't have access to. Cybercrooks in Brazil make use of popular mediums such as social networks like Facebook, YouTube, Twitter, Skype, and WhatsApp, as these have turned out to be effective venues. Notably, the underground scene in Brazil also has players that market number generators and checkers or testers for more than just credit cards. They offer tools created for attacks against products and services exclusive in Brazil while also offering training services for cybercriminal wannabes. The Underground Market Scene: Product Offerings: Banking Trojans: Brazil has been known for banking Trojans created by Brazilians to target banking customers in the country. Various Trojan-based techniques are being used to steal user credentials from bolware, including domain name system poisoning, fake browser windows, malicious browser extensions, and malicious proxies. Business application account credentials: Confidential data is of utmost value in Brazil, as in any underground market. In their cybercriminal underground market, credentials for popular business application services provided by Unitfour and Serasa Experian are being sold. Unitfour's online marketing service, InTouch, has the capability to keep and access potential or existing customers' personal information, which made it a target for cybercrooks. Such is the case with Serasa Experia, where plenty of information are used and sold for nefarious purposes. Online service account credential checkers: These are essentially tools used to validate account numbers for online services which they obtain by getting log in information from phishing campaigns. Phishing pages: In Brazil, creating phishing pages is simple-cybercriminals copy everything on the legitimate pages they wish to phish and change the destination the data collected goes to, such as a free webmail account that they own. This is how victims are redirected from legitimate websites without noticing it. Phone number lists: Phone number lists per town or city are usually offered by cybercriminals who sell spamming software and hardware. A mobile phone number list for a small town can be bought as well as home phone number lists used in phone-based scams. The list above is by no means comprehensive. Details: Irving, TX: Trend Micro, 2014. Source: Internet Resource: Cybercriminal Underground Economy Series: Accessed May 16, 2015 at: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-brazilian-underground-market.pdf Year: 2014 Country: Brazil URL: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-brazilian-underground-market.pdf Shelf Number: 135692 Keywords: Computer Crime Cybercrime Fraud Internet Crime Underground Economy Underground Markets |
Author: Tjong Tjin Tai, Eric Title: Duties of care and diligence against cybercrime Summary: - The present report is an exploratory investigation of whether contributory parties other than criminals and private individuals may have legal duties to help combat cybercrime. The scope is limited to four jurisdictions (The Netherlands, U.S.A., Brazil, and Czech Republic) and three specific topics of cybercrime: security of hardware and software, ransomware, and DDoS attacks. The focus is on a legal analysis, preceded by a brief factual description, and closing with tentative suggestions for improvement. - The causes and incidence of the three topics of cybercrime discussed in this research are tied up with global networks of communication, whereby purely local national government intervention may be insufficient to effectively fight cybercrime. In the relevant literature it is generally suggested that public-private partnerships would be required for combating cybercrime. - The approach of duties of care and diligence is a regulatory mechanism in which the focus is on private action with public encouragement. It relies on fostering practices that develop their own implicit standards and culture. - Specific parties such as Internet Service Providers (ISPs), software vendors, and businesses that are the victim of cybercrime are, in principle, well positioned to take actions against cybercrime. Albeit significant effort is taken by many companies, these efforts as a whole do not appear to have sufficient effect. The existing standards for action appear to be insufficiently specific. In addition, particular companies within these categories may do less than is possible, due to several causes. - ISPs in general have no legal duty to act to take preventive actions against cybercrime. They are generally exempt from liability as long as they remain passive to the content they transmit. Voluntary action by ISPs is to some extent discouraged by legal principles such as the rights to privacy and freedom of expression and the principle of net neutrality. The Netherlands has relatively detailed administrative rules regarding ISPs, compared to other jurisdictions. - Software vendors may have a limited duty to provide secure software, but their actual liability is insignificant as the result of limitation clauses. An exception is Brazil, which does have a form of product liability for software. Vendors have economic disincentives (a premium on being first to market with new functionality, and lack of user discrimination towards software security) against spending more effort for increasing software security. There is no administrative supervision for the software sector in general. - Businesses have, to some extent, a legal duty to prevent security breaches and unavailability of service through DDoS attacks. Customers have limited remedies to businesses that breach their obligations. Further action by businesses may find obstacles in a lack of security awareness or sense of urgency, limits to perceived benefits of additional security efforts, and lack of expertise. Details: Tilberg, NETH: Tilburg University, 2015. 208p. Source: Internet Resource: Accessed July 13, 2015 at: https://www.gccs2015.com/sites/default/files/documents/Bijlage%202%20-%20Duties%20of%20care%20and%20diligence%20against%20cybercrime%20(1).pdf Year: 2015 Country: International URL: https://www.gccs2015.com/sites/default/files/documents/Bijlage%202%20-%20Duties%20of%20care%20and%20diligence%20against%20cybercrime%20(1).pdf Shelf Number: 136014 Keywords: Cyber SecurityCybercrimeInternet CrimeInternet Security |
Author: Behr, Ines von Title: Radicalisation in the digital era: the use of the internet in 15 cases of terrorism and extremism Summary: This paper presents the results from exploratory primary research into the role of the internet in the radicalisation of 15 terrorists and extremists in the UK. In recent years, policymakers, practitioners and the academic community have begun to examine how the internet influences the process of radicalisation: how a person comes to support terrorism and forms of extremism associated with terrorism. This study advances the evidence base in the field by drawing on primary data from a variety of sources: evidence presented at trial, computer registries of convicted terrorists, interviews with convicted terrorists and extremists, as well as police senior investigative officers responsible for terrorist investigations. The 15 cases were identified by the research team together with the UK Association of Chief Police Officers (ACPO) and UK Counter Terrorism Units (CTU). The research team gathered primary data relating to five extremist cases (the individuals were part of the Channel programme, a UK government intervention aimed at individuals identified by the police as vulnerable to violent extremism), and ten terrorist cases (convicted in the UK), all of which were anonymised. Our research supports the suggestion that the internet may enhance opportunities to become radicalised and provide a greater opportunity than offline interactions to confirm existing beliefs. However, our evidence does not necessarily support the suggestion that the internet accelerates radicalisation or replaces the need for individuals to meet in person during their radicalisation process. Finally, we didn't find any supporting evidence for the concept of self-radicalisation through the internet. Details: Santa Monica, CA: RAND, 2013. 74p. Source: Internet Resource: Accessed July 13, 2015 at: http://www.rand.org/content/dam/rand/pubs/research_reports/RR400/RR453/RAND_RR453.pdf Year: 2013 Country: United Kingdom URL: http://www.rand.org/content/dam/rand/pubs/research_reports/RR400/RR453/RAND_RR453.pdf Shelf Number: 136018 Keywords: Extremist GroupsInternet CrimeRadical GroupsRadicalizationTerrorismTerrorists |
Author: Finklea, Kristin Title: Dark Web Summary: The layers of the Internet go far beyond the surface content that many can easily access in their daily searches. The other content is that of the Deep Web, content that has not been indexed by traditional search engines such as Google. The furthest corners of the Deep Web, segments known as the Dark Web, contain content that has been intentionally concealed. The Dark Web may be used for legitimate purposes as well as to conceal criminal or otherwise malicious activities. It is the exploitation of the Dark Web for illegal practices that has garnered the interest of officials and policy makers. Individuals can access the Dark Web by using special software such as Tor (short for The Onion Router). Tor relies upon a network of volunteer computers to route users' web traffic through a series of other users' computers such that the traffic cannot be traced to the original user. Some developers have created tools - such as Tor2web - that may allow individuals access to Torhosted content without downloading and installing the Tor software, though accessing the Dark Web through these means does not anonymize activity. Once on the Dark Web, users often navigate it through directories such as the "Hidden Wiki," which organizes sites by category, similar to Wikipedia. Individuals can also search the Dark Web with search engines, which may be broad, searching across the Deep Web, or more specific, searching for contraband like illicit drugs, guns, or counterfeit money. While on the Dark Web, individuals may communicate through means such as secure email, web chats, or personal messaging hosted on Tor. Though tools such as Tor aim to anonymize content and activity, researchers and security experts are constantly developing means by which certain hidden services or individuals could be identified or "deanonymized." Anonymizing services such as Tor have been used for legal and illegal activities ranging from maintaining privacy to selling illegal goods - mainly purchased with Bitcoin or other digital currencies. They may be used to circumvent censorship, access blocked content, or maintain the privacy of sensitive communications or business plans. However, a range of malicious actors, from criminals to terrorists to state-sponsored spies, can also leverage cyberspace and the Dark Web can serve as a forum for conversation, coordination, and action. It is unclear how much of the Dark Web is dedicated to serving a particular illicit market at any one time, and, because of the anonymity of services such as Tor, it is even further unclear how much traffic is actually flowing to any given site. Just as criminals can rely upon the anonymity of the Dark Web, so too can the law enforcement, military, and intelligence communities. They may, for example, use it to conduct online surveillance and sting operations and to maintain anonymous tip lines. Anonymity in the Dark Web can be used to shield officials from identification and hacking by adversaries. It can also be used to conduct a clandestine or covert computer network operation such as taking down a website or a denial of service attack, or to intercept communications. Reportedly, officials are continuously working on expanding techniques to deanonymize activity on the Dark Web and identify malicious actors online. Details: Washington, DC: Congressional Research Service, 2015. 18p. Source: Internet Resource: CRS:R55101: Accessed July 20, 2015 at: https://www.fas.org/sgp/crs/misc/R44101.pdf Year: 2015 Country: International URL: https://www.fas.org/sgp/crs/misc/R44101.pdf Shelf Number: 136120 Keywords: Computer CrimeDark WebIllegal BehaviorIllicit GoodsInternet CrimeOnline Communications |
Author: Hewlett-Packard Development Company Title: HP Security Research: Cyber Risk Report 2015 Summary: Welcome to the HP Cyber Risk Report 2015. In this report we provide a broad view of the 2014 threat landscape, ranging from industry-wide data down to a focused look at different technologies, including open source, mobile, and the Internet of Things. The goal of this Report is to provide security information leading to a better understanding of the threat landscape, and to provide resources that can aid in minimizing security risk. Details: Palo Alto, CA: Hewlett-Packard, 2015. 74p. Source: Internet Resource: Accessed August 27, 2015 at: http://fcw.com/whitepapers/2015/05/hpsp-052815-security-research-cyber-risk-report.aspx?tc=page0 Year: 2015 Country: International URL: http://fcw.com/whitepapers/2015/05/hpsp-052815-security-research-cyber-risk-report.aspx?tc=page0 Shelf Number: 136599 Keywords: Cyber Security Cybercrime Internet Crime |
Author: Broadband Commission for Digital Development Title: Cyber Violence against Women and Girls: A world-wide wake-up call Summary: Violence Against Women and Girls (VAWG) is already a problem of pandemic proportion; research shows that one in three women will experience some form of violence in her lifetime. Now, the new problem of cyber crime could significantly increase this staggering number, as our research suggests that 73% of women have already been exposed to or have experienced some form of online violence. With social networks still in their relative infancy, this is a problem that urgently needs to be addressed if the Net is to remain an open and empowering space for all. - The sheer volume of cyber VAWG has severe social and economic implications for women's status on the Internet. Threats of rape, death, and stalking put a premium on women's emotional bandwidth, take-up time and financial resources including legal fees, online protection services, and missed wages. Cyber VAWG can have a profoundly chilling effect on free speech and advocacy. - Women aged 18 to 24 are at a heightened risk of being exposed to every kind of cyber VAWG; they are uniquely likely to experience stalking and sexual harassment, while also not escaping the high rates of other types of harassment common to young people in general, like physical threats. - In the EU-28, 18 per cent of women have experienced a form of serious Internet violence at ages as young as 15. This corresponds to about 9 million women. - Complacency and failure to address and solve cyber VAWG could significantly impede the uptake of broadband by women everywhere; without action, an unprecedented surge of 21st century violence could run rampant if steps are not urgently taken to rein in the forms of online violence that are escalating unchecked. Details: Geneva, SWIT: The Commission, 2015. 70p. Source: Internet Resource: Accessed September 30, 2015 at: http://www.broadbandcommission.org/Documents/reports/bb-wg-gender-report2015.pdf Year: 2015 Country: International URL: http://www.broadbandcommission.org/Documents/reports/bb-wg-gender-report2015.pdf Shelf Number: 136923 Keywords: Computer CrimeCybercrimeInternet CrimeOnline VictimizationViolence Against Women, Girls |
Author: European Commission. Directorate-General for Home Affairs Title: Cyber Security Summary: This report brings together the results of the Special Eurobarometer public opinion survey on "Cyber security" in the 28 European Union countries. Cybercrime is a borderless problem, consisting of criminal acts that are committed online by using electronic communications networks and information systems, including crimes specific to the Internet, online fraud and forgery, and illegal online content. Whilst the value of the cybercriminal economy as a whole is not precisely known, the losses are thought to represent billions of euros per year. The scale of the problem is itself a threat to law enforcement response capability - with more than 150,000 viruses and other types of malicious code in circulation and a million people victims of cybercrime every day. Given the development of cybercrime in recent years, the European Commission has designed a coordinated policy in close co-operation with European Union (EU) Member States and the other EU institutions. EU legislative actions contributing to the fight against cybercrime address issues such as attacks against information systems, online offensive material and child pornography, online privacy, and online fraud and counterfeiting. The aim of this survey is to understand EU citizens' experiences and perceptions of cyber security issues. The survey examines the nature and frequency of Internet usage; their awareness and experience of cybercrime; and the level of concern that they feel about this type of crime. The findings from this survey update a previous survey which was carried out in May-June 2013 (Special Eurobarometer 404). The 2014 survey repeats most of the questions asked in 2013 in order to provide insight into the evolution of knowledge, behaviour and attitudes towards cyber security in the European Union. Details: Luxembourg: European Commission, 2015. 171p. Source: Internet Resource: Special Eurobarometer 423: Accessed February 8, 2016 at: http://ec.europa.eu/public_opinion/archives/ebs/ebs_423_en.pdf Year: 2015 Country: Europe URL: http://ec.europa.eu/public_opinion/archives/ebs/ebs_423_en.pdf Shelf Number: 137810 Keywords: Computer CrimeCyber SecurityCybercrimeInternet CrimeInternet SafetyOnline Victimization |
Author: Adams, Samantha Title: The governance of cybersecurity: A comparative quick scan of approaches in Canada, Estonia, Germany, the Netherlands and the UK Summary: Society's increased dependency on networked technologies and infrastructures in nearly all sectors poses a new challenge to governments and other actors to ensure the sustainability and security of all things 'cyber'. Cybersecurity is a particularly complex field, where multiple public and private actors must work together, often across state borders, not only to address current weaknesses, but also to anticipate and prevent or pre-empt a number of different kinds of threats. This report examines how public policy and regulatory measures are used to organise such processes in five countries: Canada, Estonia, Germany, the Netherlands and the UK. Details: Tilburg, NETH: Tilburg University, Tilburg Institute for Law, Technology, and Society, 2015. 167p. Source: Internet Resource: Accessed March 30, 2016 at: https://pure.uvt.nl/ws/files/8719741/TILT_Cybersecurity_Report_Final.pdf Year: 2015 Country: International URL: https://pure.uvt.nl/ws/files/8719741/TILT_Cybersecurity_Report_Final.pdf Shelf Number: 138497 Keywords: Computer CrimeCybercrimeCybersecurityInternet Crime |
Author: McAfee Title: McAfee Labs Threats Report Summary: Our McAfee Labs 2016 Threats Predictions Report, published in late November, has been widely read and quoted in the media. Some of the most interesting media coverage comes from The Wall Street Journal, Good Morning America, Silicon Valley Business Journal, and CXO Today. The report includes both near- and long-term views of our cyber security future. And now, as winter's storms have passed, we have published the McAfee Labs Threats Report: March 2016. In this quarterly threats report, we highlight two Key Topics: Intel Security interviewed almost 500 security professionals to understand their views and expectations about the sharing of cyber threat intelligence. We learned that awareness is very high and that 97% of those who share cyber threat intelligence see value in it. We explore how the Adwind Java-based backdoor Trojan attacks systems through increasingly clever spam campaigns, leading to a rapid increase in the number of Adwind .jar file submissions to McAfee Labs. These two Key Topics are followed by our usual set of quarterly threat statistics. Details: Santa Clara, CA: McAfee Labs, 2016. 46p. Source: Internet Resource: Accessed March 31, 2016 at: http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf Year: 2015 Country: International URL: http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf Shelf Number: 138504 Keywords: Computer CrimeComputer SecurityCybercrimeCybersecurityInternet Crime |
Author: Australian Government Title: Australia's Cyber Security Strategy: Enabling innovation, growth and prosperity Summary: Strong cyber security is a fundamental element of our growth and prosperity in a global economy. It is also vital for our national security. It requires partnership involving governments, the private sector and the community. Being connected is now essential, creating new opportunities for innovation and growth for all Australians. To be competitive, businesses need to be online. But this also brings risks. Australia is increasingly a target for cybercrime and espionage. All of us- governments, businesses and individuals- need to work together to build resilience to cyber security threats and to make the most of opportunities online. To grow, Australia needs to innovate and further diversify its economy-to access new markets and new forms of wealth creation. We must embrace disruptive technologies; those that have the potential to fundamentally change traditional business models and the way people live and work. They will open up new possibilities for agile businesses in ways as yet unimagined. But the potential of digital technologies depends on the extent to which we can trust the internet and cyberspace. Getting cyber security right will mean we capture more of the opportunities the connected world offers. It will also make Australia a preferred place to do business. This in turn will boost our national prosperity. We can also expand our cyber security businesses and export capability. Australia's cyber security is built on a solid foundation. Our past investment has been strong. Recent Government initiatives such as the Australian Cyber Security Centre have lifted Government capabilities to a new level. Many of our larger businesses, particularly banks and telecommunications companies, have strong cyber security capabilities. Our future work will build on this platform. Details: Canberra: Office of the Prime Minister, 2016. 76p. Source: Internet Resource: Accessed April 26, 2016 at: https://cybersecuritystrategy.dpmc.gov.au/assets/img/PMC-Cyber-Strategy.pdf Year: 2016 Country: Australia URL: https://cybersecuritystrategy.dpmc.gov.au/assets/img/PMC-Cyber-Strategy.pdf Shelf Number: 138819 Keywords: Cyber SecurityCybercrimeInternet CrimeNational Security |
Author: Kruithof, Kristy Title: Internet-facilitated Drugs Trade: An Analysis of the size, scope and the role of the Netherlands Summary: The potential role of the Internet in facilitating drugs trade first gained mass attention with the rise and fall of Silk Road; the first major online market place for illegal goods on the hidden web. After Silk Road was taken down by the FBI in October 2013, it was only a matter of weeks before copycats filled the void. Today, there are around 50 so-called cryptomarkets and vendor shops where anonymous sellers and buyers find each other to trade illegal drugs, new psychoactive substances, prescription drugs and other goods and services. But it is not just the obscure parts of the Internet where drugs are on offer. There are numerous web shops, easily found by search engines, which offer new psychoactive substances, often labelled as 'research chemicals'. The Netherlands occupies a crucial position in European illicit drug markets. Data from the European Monitoring Centre for Drugs and Drug Addiction suggested it is the main producer of MDMA, ecstasy and herbal cannabis and a key distribution hub for cannabis resin and cocaine. Whether the pivotal role of the Netherlands also extends online, has yet been unclear. The Netherlands Ministry of Security and Justice commissioned RAND Europe to provide a firmer evidence base to this phenomenon and, in particular, the role of the Netherlands. This report analyses the size and scope of Internet-facilitated drugs trade both on the so-called clear and hidden web, paying special attention to the Netherlands, and delineates potential avenues for law enforcement for detection and intervention. Key Findings Monthly revenues from drugs on cryptomarkets are in the double-digit million dollars Of all products and services on offer, this study found that 57 per cent of listings across the eight analysed cryptomarkets offered drugs. The results indicate that these cryptomarkets generated a total monthly revenue of $14.2m (L12.6m) in January 2016, $12.0m (L10.5m) when prescription drugs and alcohol and tobacco are excluded (lower-boundary estimate). An upper-boundary estimate for monthly drug revenues via visible listings on all cryptomarkets would be $25.0m (L22.1m) and $21.1m (L18.5m) when prescription drugs and alcohol and tobacco are excluded. Cannabis, stimulants and ecstasy were responsible for 70 per cent of all revenues on the analysed cryptomarkets. No information was identified on revenues on the clear net. The values are based on EUR/USD exchange rate of 1.14 as of April 2016. Cryptomarkets are not just an 'eBay for Drugs' Large 'wholesale' level transactions (those greater than $1,000) are important for cryptomarkets, generating nearly one quarter of overall revenue both in September 2013 and in January 2016. Based on these findings it is likely that many cryptomarket customers are drug dealers sourcing stock intended for offline distribution. Most revenues are generated by vendors who indicate they are operating from Anglo-Saxon countries or Western Europe Most vendors appeared to be operating from the United States (890), followed by the United Kingdom (338), and Germany (225). Vendors indicating they ship from the United States generated 36% per cent of all drug revenues within our sample. Other Anglo-Saxon (Canada and the United Kingdom) as well as Western European countries (the Netherlands, Germany, Spain, France) also generate substantial proportions of revenues. Revenues from vendors operating from the Netherlands are by far the largest on a per capita basis Revenues to vendors reporting to operate from the Netherlands on cryptomarkets accounted for 8 per cent of total drug revenues. On a per capita basis, revenues to vendors operating from the Netherlands were 2.4 times higher than those from the United Kingdom and 4.5 higher than those from the United States. Vendors and buyers on online markets seem to have similar characteristics Traditional investigation techniques applied in the drug chain, postal detection and interception, online detection and online disruption are potential law enforcement strategies in the detection and intervention of Internet-facilitated drugs trade. In addition, international cooperation and coordination (and the accompanying legal challenges), capacity and resources and (technical) capabilities could play a facilitating role in deploying the different strategies to tackle Internet-facilitated drugs trade. There are four broad categories of modes of detection and intervention Traditional investigation techniques applied in the drug chain, postal detection and interception, online detection and online disruption are potential law enforcement strategies in the detection and intervention of Internet-facilitated drugs trade. In addition, international cooperation and coordination (and the accompanying legal challenges), capacity and resources and (technical) capabilities could play a facilitating role in deploying the different strategies to tackle Internet-facilitated drugs trade. Details: Santa Monica, CA: RAND, 2016. 203p. Source: Internet Resource: Accessed August 25, 2016 at: http://www.rand.org/content/dam/rand/pubs/research_reports/RR1600/RR1607/RAND_RR1607.pdf Year: 2016 Country: Netherlands URL: http://www.rand.org/content/dam/rand/pubs/research_reports/RR1600/RR1607/RAND_RR1607.pdf Shelf Number: 140034 Keywords: Computer CrimesDrug MarketsIllegal Drug TradeIllegal DrugsInternet Crime |
Author: Libicki, Martin C. Title: The Defender's Dilemma: Charting a Course Toward Cybersecurity Summary: Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations' attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. A heuristic model was developed to demonstrate the various cybersecurity levers that organizations can control, as well as exogenous factors that organizations cannot control. Among the report's findings were that cybersecurity experts are at least as focused on preserving their organizations' reputations as protecting actual property. Researchers also found that organizational size and software quality play significant roles in the strategies that defenders may adopt. Finally, those who secure networks will have to pay increasing attention to the role that smart devices might otherwise play in allowing hackers in. Organizations could benefit from better understanding their risk posture from various actors (threats), protection needs (vulnerabilities), and assets (impact). Policy recommendations include better defining the role of government, and exploring information sharing responsibilities. Key Findings Common Knowledge Confirmed Security postures are highly specific to company type, size, etc.; and there often aren't good solutions for smaller businesses. Quarantining certain parts of an organization offline can be a useful option. Responding to the desire of employees to bring their own devices and connect them to the network creates growing dilemmas. Chief information security officers (CISOs) feel that attackers have the upper hand, and will continue to have it. Reasonable Suppositions Validated Customers look to extant tools for solutions even though they do not necessarily know what they need and are certain no magic wand exists. CISOs want information on the motives and methods of specific attackers, but there is no consensus on how such information could be used. Current cyberinsurance offerings are often seen as more hassle than benefit, only useful in specific scenarios, and providing little return. Surprising Findings A cyberattack's effect on reputation (rather than more direct costs) is the biggest cause of concern for CISOs. The actual intellectual property or data that might be affected matters less than the fact that any intellectual property or data is at risk. In general, loss estimation processes are not particularly comprehensive. The ability to understand and articulate an organization's risk arising from network penetrations in a standard and consistent matter does not exist and will not exist for a long time. Recommendations Know what needs protecting, and how badly protection is needed. It was striking how frequently reputation was cited by CISOs as a prime cause for cybersecurity spending, as opposed to protecting actual intellectual property. Knowing what machines are on the network, what applications they are running, what privileges have been established, and with what state of security is also crucial. The advent of smart phones, tablets, and so forth compounds the problem. Know where to devote effort to protect the organization. A core choice for companies is how much defense to commit to the perimeter and how much to internal workings. Consider the potential for adversaries to employ countermeasures. As defenses are installed, organizations must realize they are dealing with a thinking adversary and that measures installed to thwart hackers tend to induce countermeasures as hackers probe for ways around or through new defenses. Government efforts aren't high on CISO's lists, but governments should be prepared to play a role. By and large, CISOs we interviewed did not express much interest in government efforts to improve cybersecurity, other than a willingness to cooperate after an attack. Yet it seems likely that government should be able to play a useful role. One option is to build a body of knowledge on how systems fail (a necessary prerequisite to preventing failure), and then share that information. A community that is prepared to share what went wrong and what could be done better next time could produce higher levels of cybersecurity. Details: Santa Monica, CA: RAND, 2015. 162p. Source: Internet Resource: Accessed September 28, 2016 at: http://www.rand.org/content/dam/rand/pubs/research_reports/RR1000/RR1024/RAND_RR1024.pdf Year: 2015 Country: United States URL: http://www.rand.org/content/dam/rand/pubs/research_reports/RR1000/RR1024/RAND_RR1024.pdf Shelf Number: 140475 Keywords: Computer Crime Cyberattacks Cybercrime (U.S.) Cybersecurity Internet CrimeNational Security Terrorism |
Author: U.S. Federal Communications Commission Title: Cybersecurity Risk Reduction Summary: Cybersecurity is a top priority for the Commission. The rapid growth of network-connected consumer devices creates particular cybersecurity challenges. The Commission's oversight of our country's privately owned and managed communications networks is an important component of the larger effort to protect critical communications infrastructure and the American public from malicious cyber actors. The Commission is uniquely situated to comprehensively address this issue given its authority over the use of radio spectrum as well as the connections to, and interconnections between, commercial networks, which touch virtually every aspect of our economy. Other agencies have also begun looking at network-connected devices and the security implications they bring in certain industry segments. The Commission's rules include obligations for Internet Service Providers (ISPs) to take measures to protect their networks from harmful interconnected devices. These rules make clear that providers not only have the latitude to take actions to protect consumers from harm, but have the responsibility to do so. Reasonable network management must include practices to ensure network security and integrity, including by "addressing traffic harmful to the network," such as denial of service attacks. The Public Safety and Homeland Security’s (PSHSB or Bureau) cybersecurity initiatives build upon FCC rules that have, for decades, effectively evolved to balance security, privacy, and innovation within the telecommunications market. The U.S. telecommunications market leads the world as a consequence of this light touch, but surgical, approach. Commission staff actively work with stakeholders to address cyber challenges presented by today's end-to-end Internet environment. This environment is vastly different and more challenging than the legacy telecommunications security environment that preceded it. Today insecure devices, connected through wireless networks, have shut down service to millions of customers by attacking critical control utilities neither licensed nor directly regulated by the Commission. These attacks highlight that security vulnerabilities inherent in devices attached to networks now can have large-scale impacts. As the end-to-end Internet user experience continues to expand and diversify, the Commission's ability to reduce cyber risk for individuals and businesses will continue to be taxed. But shifting this risk oversight responsibility to a non-regulatory body would not be good policy. It would be resource intensive and ultimately drive dramatic federal costs and still most certainly fail to address the risk for over 30,000 communications service providers and their vendor base. The Commission must address these cyber challenges to protect consumers using telecommunications networks. Cyber risk crosses corporate and national boundaries, making it imperative that private sector leadership in the communications sector step up its responsibility and accountability for cyber risk reduction. In this vein, the Commission has worked closely with its Federal Advisory Committees (FAC), as well as with its federal partners and other stakeholders, to foster standards and best practices for cyber risk reduction. The Commission worked with the other regulatory agencies to create a forum whereby agency principals share best regulatory practices and coordinate our approaches for reducing cybersecurity risk. A rich body of recommendations, including voluntary best practices, is the result. Industry implementation of these practices must be part of any effort to reduce cybersecurity risk. The Commission, however cannot rely solely on organic market incentives to reduce cyber risk in the communications sector. As private actors, ISPs operate in economic environments that pressure against investments that do not directly contribute to profit. Protective actions taken by one ISP can be undermined by the failure of other ISPs to take similar actions. This weakens the incentive of all ISPs to invest in such protections. Cyber-accountability therefore requires a combination of market-based incentives and appropriate regulatory oversight where the market does not, or cannot, do the job effectively. PSHSB has developed a portfolio of programs to address cybersecurity risk in the telecommunications sector in a responsible manner. These initiatives include collaborative efforts with key Internet stakeholder groups; increased interagency cooperation; and regulatory solutions to address residual risks that are unlikely to be addressed by market forces alone. This white paper describes the risk reduction portfolio of the current Commission and suggests actions that would continue to affirmatively reduce cyber risk in a manner that incents competition, protects consumers, and reduces significant national security risks. Details: Washington, dC: Federal Communications Commission, 2017. 56p. Source: Internet Resource: Accessed February 11, 2017 at: http://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0118/DOC-343096A1.pdf Year: 2017 Country: United States URL: http://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0118/DOC-343096A1.pdf Shelf Number: 145022 Keywords: CybercrimeCybersecurityInternet CrimeInternet SecuritySupply ChainsTelecommunications |
Author: Diniz, Gustavo Title: Deconstructing Cyber Security in Brazil: Threats and Responses Summary: Brazil is doubling down on its cyber-security architecture while simultaneously consolidating its emerging power status. Although organized crime is one of the major threats to Brazilian cyberspace, resources are focused instead on military solutions better suited to the exceptional case of warfare. There is less emphasis on expanding law enforcement capabilities to identify and respond to cyber-crime and related digital malfeasance. Due to the absence of a unified government position on the issue or reliable data, Brazil has evolved an imbalanced approach to cyber-security. If Brazil is to re-balance its approach, it needs to fill knowledge gaps. At a minimum, policy makers require a better understanding of the strategies, tactics and resources of hackers and cyber-crime groups, the ways in which traditional crime is migrating online and the implications of new surveillance technologies. The government should also encourage a broad debate with a clear communications strategy about the requirements of cyber-security and what forms this might take. More critical reflection on the form and content of measured and efficient strategies to engage cyber threats is also needed. Improved coordination between state police forces to better anticipate and respond to cyber-crime is essential. If Brazil is to build a robust and effective cyber-security strategy, an informed debate must begin immediately. Details: Rio de Janeiro: Instituto Igarapé , 2014. 35p. Source: Internet Resource: Strategic Paper 11: Accessed March 4, 2017 at: https://igarape.org.br/wp-content/uploads/2014/11/Strategic-Paper-11-Cyber2.pdf Year: 2014 Country: Brazil URL: https://igarape.org.br/wp-content/uploads/2014/11/Strategic-Paper-11-Cyber2.pdf Shelf Number: 141328 Keywords: Computer CrimeCyber SecurityCybercrimeInternet CrimeSurveillance Technology |
Author: Finklea, Kristin Title: Dark Web: Updated Summary: The layers of the Internet go far beyond the surface content that many can easily access in their daily searches. The other content is that of the Deep Web, content that has not been indexed by traditional search engines such as Google. The furthest corners of the Deep Web, segments known as the Dark Web, contain content that has been intentionally concealed. The Dark Web may be used for legitimate purposes as well as to conceal criminal or otherwise malicious activities. It is the exploitation of the Dark Web for illegal practices that has garnered the interest of officials and policymakers. Individuals can access the Dark Web by using special software such as Tor (short for The Onion Router). Tor relies upon a network of volunteer computers to route users’ web traffic through a series of other users’ computers such that the traffic cannot be traced to the original user. Some developers have created tools—such as Tor2web—that may allow individuals access to Torhosted content without downloading and installing the Tor software, though accessing the Dark Web through these means does not anonymize activity. Once on the Dark Web, users often navigate it through directories such as the “Hidden Wiki,” which organizes sites by category, similar to Wikipedia. Individuals can also search the Dark Web with search engines, which may be broad, searching across the Deep Web, or more specific, searching for contraband like illicit drugs, guns, or counterfeit money. While on the Dark Web, individuals may communicate through means such as secure email, web chats, or personal messaging hosted on Tor. Though tools such as Tor aim to anonymize content and activity, researchers and security experts are constantly developing means by which certain hidden services or individuals could be identified or “deanonymized.” Anonymizing services such as Tor have been used for legal and illegal activities ranging from maintaining privacy to selling illegal goods—mainly purchased with Bitcoin or other digital currencies. They may be used to circumvent censorship, access blocked content, or maintain the privacy of sensitive communications or business plans. However, a range of malicious actors, from criminals to terrorists to state-sponsored spies, can also leverage cyberspace and the Dark Web can serve as a forum for conversation, coordination, and action. It is unclear how much of the Dark Web is dedicated to serving a particular illicit market at any one time, and, because of the anonymity of services such as Tor, it is even further unclear how much traffic is actually flowing to any given site. Just as criminals can rely upon the anonymity of the Dark Web, so too can the law enforcement, military, and intelligence communities. They may, for example, use it to conduct online surveillance and sting operations and to maintain anonymous tip lines. Anonymity in the Dark Web can be used to shield officials from identification and hacking by adversaries. It can also be used to conduct a clandestine or covert computer network operation such as taking down a website or a denial of service attack, or to intercept communications. Reportedly, officials are continuously working on expanding techniques to deanonymize activity on the Dark Web and identify malicious actors online. Details: Washington, DC: Congressional Research Service, 2017. 19p. Source: Internet Resource: R44101: Accessed March 17, 2017 at: https://fas.org/sgp/crs/misc/R44101.pdf Year: 2017 Country: United States URL: https://fas.org/sgp/crs/misc/R44101.pdf Shelf Number: 144490 Keywords: Computer Crime Dark Web Illegal Behavior Illicit Goods Internet Crime Online Communications |
Author: Wespieser, Karen Title: Young people and e-safety. The results of the 2015 London Grid for Learning e-safety survey Summary: The focus of the survey was to look at the wide and common online activities of London's young people. As found in previous LGfL surveys, children and young people use technology to have fun, study and communicate with others. Most children and young people have positive experiences online. On the whole they are sensible online and do not put themselves 'at risk'. However, there remain a number of areas where schools can support young people - and their families - in increasing their online safety. Nine out of ten young people access the Internet at home. Ten per cent of pupils therefore do not. Just over a third of young people would like more opportunity to use computers at school. As found in previous LGfL surveys , children and young people use technology to have fun, study and communicate with others. Most children and young people have positive experiences online. They are sensible online and do not put themselves 'at risk'. An increasing number of young people own their own device. Young people access the Internet through a range of devices but there are significant differences between boys and girls; boys use games consoles more than girls and more girls have a mobile device than boys. Very few young people report that they use these devices to access the Internet away from home. The home is therefore the key location for going online, outside of school. Forty per cent of 7-year-olds report that their parents always know what they do online; a percentage that (understandably) drops with age. Just over half of young people use a password on their device at home. This is slightly lower for devices that young people use at school. Of those that use a password, half report that someone else knows it, although the majority identified this person as a family member at home. Of those that use a password, a majority reported they do not change it regularly. Over half say that they never change it. Young people report that they spend their time online doing school work or studying. Three-quarters of young people report that they like playing games online but as they get older they play games less and spend more time on social networks and chat sites. Overall, the use of the Internet becomes more diverse as young people get older. There are also gender differences. More girls than boys listen or download music and use instant messaging. Conversely, more boys than girls report using YouTube and playing games. Many children play games not suitable for their age and a small but concerning minority play 18+ rated games. Of the young people playing age inappropriate games, two-thirds are boys. Furthermore, the greatest proportion of children who report playing these games also report they have parental consent. Unsuitable games include titles such as 'Grand Theft Auto' and 'Call of Duty'. Details: Slough: National Foundation for Educational Research, 2015. 44p. Source: Internet Resource: Accessed April 22, 2017 at; https://www.lgfl.net/downloads/online-safety/LGfL-OS-2015-E-Safety-Survey-Final-Report.pdf Year: 2015 Country: United Kingdom URL: https://www.lgfl.net/downloads/online-safety/LGfL-OS-2015-E-Safety-Survey-Final-Report.pdf Shelf Number: 145162 Keywords: Child ProtectionComputer CrimeInternet CrimeOnline SafetyOnline VictimizationSocial Media |
Author: Tehan, Rita Title: Cybersecurity: Legislation, Hearings, and Executive Branch Documents Summary: Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated against individuals, corporations, and countries. Targets have included government networks, companies, and political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomatic or industrial espionage, engaging in cybercrime, or intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult, which may make responding problematic. Despite many recommendations made over the past decade, most major legislative provisions relating to cybersecurity had been enacted prior to 2002. However, on December 18, 2014, five cybersecurity bills were signed by the President. These bills change federal cybersecurity programs in a number of ways: codifying the role of the National Institute of Standards and Technology (NIST) in developing a "voluntary, industry-led set of standards" to reduce cyber risk; codifying the Department of Homeland Security's (DHS's) National Cybersecurity and Communications Integration Center as a hub for interactions with the private sector; updating the Federal Information Security Management Act (FISMA) by requiring the Office of Management and Budget (OMB) to "eliminate ... inefficient and wasteful reports"; and requiring DHS to develop a "comprehensive workforce strategy" within a year and giving DHS new authorities for cybersecurity hiring. This report provides links to cybersecurity legislation in the 112th, 113th, and 114th Congresses. Congress has held cybersecurity hearings every year since 2001. This report also provides links to cybersecurity-related committee hearings in the 112th, 113th, and 114th Congresses. Details: Washington, DC: Congressional Research Service, 2017. 56p. Source: Internet Resource: R43317: Accessed May 17, 2017 at: https://fas.org/sgp/crs/misc/R43317.pdf Year: 2017 Country: United States URL: https://fas.org/sgp/crs/misc/R43317.pdf Shelf Number: 145553 Keywords: Computer Crime Cybercrime Cybersecurity Internet Crime |
Author: Hawkins, Zoe Title: Australia's cyber security strategy: execution and evolution Summary: The Australian Government's Cyber Security Strategy was released on 21 April 2016. This report provides an accessible and critical appraisal of the government's implementation of the strategy over the past 12 months. It addresses each of the strategy's five themes, highlighting achievements and areas of weakness; evaluates issues of execution; and suggests ways to evolve the delivery and initiatives of the strategy to achieve its objectives. The report also includes a table showing a detailed breakdown of progress against each initiative in the strategy's Action Plan, and another that examines the funding provided to achieve the objectives of the strategy. Details: Barton ACT, Australia: Australian Strategic Policy Institute, 2017. 44p. Source: Internet Resource: Accessed June 2, 2017 at: https://www.aspi.org.au/publications/australias-cyber-security-strategy-execution-and-evolution/ASPI-Cybersecurity-Exec-and-Evolution.pdf Year: 2017 Country: Australia URL: https://www.aspi.org.au/publications/australias-cyber-security-strategy-execution-and-evolution/ASPI-Cybersecurity-Exec-and-Evolution.pdf Shelf Number: 145841 Keywords: Computer Crime Cybercrime Cybersecurity Internet Crime |
Author: Northern Ireland Criminal Justice Inspection Title: Cyber Crime: An Inspection of how the Criminal Justice System deals with Cyber Crime in Northern Ireland Summary: Cyber crime is a relatively recent phenomenon and its prevalence has increased exponentially in recent years at the same time as rates for the traditional crime types have fallen. More crime is committed online than offline and the cost of cyber crime to the economy is substantial. of partners from law enforcement, business and academia to investigate cyber crime and share information, and had prosecuted complex cases. Cyber crime was a fast-developing area and a comprehensive assessment of the scale and extent of cyber crime was necessary for the PSNI to provide an effective response to the current threat, to allocate resources and to meet investigative and victim needs. There was a recognised under-reporting of cyber crime. Police recording did not capture the full extent of reported cyber crime and cyber fraud; this created a gap between the true scale and impact of cyber crime and that which was reported in crime statistics. Almost all crime now had a technological aspect; as people had moved their communications and shopping online; criminals had done the same with their offending. The scale of demand for digital forensic examinations, coupled with the increasing capacity of devices had created examination backlogs. Whilst the PSNI had taken a number of steps to address this issue, delays impacted on victims of crime, the effectiveness of criminal investigations and the speed of justice through the courts, and the PSNI needed to take action to reduce the number of examinations awaiting completion. The digital forensic capacity of the CCC was supported in the Police Districts by local E-Crime Support Units which performed a valuable role. The demand for device examination had exceeded the Units' capacity, and recognition of this had led to an internal review which Inspectors welcomed as an opportunity to re-examine the effectiveness of the provision of digital forensics for District policing, and online access for investigative purposes. From April 2015 fraud and related cyber crimes were no longer reported to the PSNI but to the "Action Fraud" national reporting centre. The transition had encountered some initial difficulties and Inspectors found a mixed level of understanding about the reporting arrangements among front-line police and the business community. Work was taking place to improve IT information transfer, and the PSNI had taken positive steps to improve fraud investigation management and monitoring to improve outcomes. Inspectors considered it an opportune time to review the effectiveness of this approach to tackle fraud. Training is vital for officers to effectively investigate cyber crime, to provide advice about preventative measures and to support the needs of victims. Training for the PSNI officers had been provided at various levels, including new staff joining the Service, however Inspectors identified gaps, and the current provision should be assessed against a comprehensive analysis of need. It was evident during this inspection that a limited understanding of the threat from cyber crime was widespread. The PSNI was fully involved in the national initiatives operating here; it was a key player in the local groups involving academia and the business community, and police had established excellent links with stakeholders across Northern Ireland. There were extensive resources provided on the PSNI website and active media promotion and advice about cyber crime and internet security. Despite all of this, cyber crime was the cause of considerable concern amongst the public, and Inspectors identified the need for a more strategic approach to increase awareness and education about cyber crime and internet security amongst the business and wider community in Northern Ireland. Details: Belfast: Criminal Justice Inspection Northern Ireland, 2017. 68p. Source: Internet Resource: Accessed June 24, 2017 at: http://www.cjini.org/getattachment/de5474c9-fbf4-4caf-b7fd-4c440e133b8f/picture.aspx Year: 2017 Country: United Kingdom URL: http://www.cjini.org/getattachment/de5474c9-fbf4-4caf-b7fd-4c440e133b8f/picture.aspx Shelf Number: 146355 Keywords: Computer Crime Crime Analysis Criminal Investigation Cybercrime Fraud Internet Crime |
Author: McAfee Title: Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity Summary: Cybercriminals have the advantage. This has been true since the internet was commercialized 20 years ago. The incentives for cybercrime have made it a big business and a dynamic marketplace. Defenders are hard pressed to keep up. Misaligned incentives explain much of this - both within organizations and between attackers and defenders in cyberspace. Misaligned incentives between attackers and defenders mean that the decentralized market in which cybercriminals operate makes them adapt and innovate faster and more efficiently than defenders, whose incentives are shaped by bureaucracies and top-down decision making. Some of the advantage cybercriminals have over defenders is due to technology - we now all know that the internet was never designed to be secure. Some is due to policy. There are countries that tolerate, shelter, and maybe even encourage cybercrime. Governments and companies know they are at a disadvantage, but they are playing catch-up. Managing the risk posed by cyberthreats has become a priority, but the best criminals still seem able to stay ahead, even as companies allocate more resources to cybersecurity. This does not mean cybercrime will always win. It does mean that companies and governments will need to rethink how they measure, reward and incentivize defense. Markets send signals by creating prices and rewards, creating incentives for action. The cybercrime market is efficient, and the incentives for cybercriminals are clear and compelling. The same is not true for defenders. Criminals flourish in this market, but most defenders work in bureaucracies. In most companies, cybersecurity is the responsibility of a diverse range of groups and individuals using different (and sometimes conflicting) metrics for success. Incentives are not only misaligned between attackers and defenders, but within companies. To examine this misalignment of incentives, we conducted a survey of 800 respondents from companies ranging in size from 500 employees to more than 5,000 across five major industry sectors, including finance, healthcare, and the public sector. Our survey targeted respondents with executive level responsibility for cybersecurity, as well as operators that have technical and implementation responsibilities for cybersecurity. The results provide insight into how each group views cyber risk in making decisions about an organization's cyber-risk management strategy. Better calibrating the misaligned incentives we uncovered may yield a more coherent and effective cybersecurity posture for companies worldwide. Details: Santa Clara, CA: McAfee Security, Center for Strategic and International Studies, 2017. 34p. Source: Internet Resource: Accessed August 7, 2017 at: https://www.mcafee.com/us/resources/reports/rp-misaligned-tilting-playing-field.pdf Year: 2017 Country: International URL: https://www.mcafee.com/us/resources/reports/rp-misaligned-tilting-playing-field.pdf Shelf Number: 146755 Keywords: Computer CrimeCybercrimeCybersecurityInternet Crime |
Author: Brodie, Neil Title: How to Control the Internet Market in Antiquities? The Need for Regulation and Monitoring Summary: Illicit antiquities, some pilfered from war zones where jihadist groups operate, are increasingly finding their way online where they are being snapped up by unknowing buyers and further driving the rampant plunder of archaeological sites. These internet sales are spurring a vicious cycle: increasing demand for antiquities, which drives the looting, producing a greater supply of artifacts, which further increases demand. While global auction sales of art and antiquities declined in 2015 - falling as much as 11 percent -online sales skyrocketed by 24 percent, reaching a staggering $3.27 billion dollars. According to Forbes, "This suggests that the art market may not be 1 cooling, exactly, but instead shifting to a new sales model, e-commerce." How can an online buyer guarantee that a potential purchase is not stolen property, a "blood antiquity," or a modern forgery? The best protection is to demand evidence of how the object reached the market in the first place. However, as in more traditional sales, most antiquities on the internet lack any such documentation. Online shoppers therefore have limited means of knowing what they are buying or from whom. This is a particularly serious concern given the industrial scale looting now taking place in Iraq and Syria, which the United Nations Security Council warns is financing Daesh (commonly known as ISIS, ISIL, or Islamic State), al Qaeda, and their affiliates. Despite the clear implications for both cultural preservation and national security, so far public policy has completely failed to regulate the online antiquities trade. This is particularly true in the United States, which remains the world's largest art market and a major center for the internet market in antiquities. American inaction has 3 made it impossible to combat the problem globally, and moreover, is in great contrast to positive steps taken by other "demand" nations like Germany. This paper offers practical solutions to help better protect good faith consumers from purchasing looted or fake antiquities - while also protecting online businesses from facilitating criminal behavior. After briefly reviewing what is known of the organization and operation of the internet market in antiquities, it considers some possible cooperative responses aimed at educating consumers and introducing workable regulation. These responses draw upon the German example, as well as recent criminological thinking about what might constitute effective regulation. Finally, the paper makes seven policy recommendations, which while geared towards the American market, are applicable to any country where antiquities are bought and sold online. Details: Washington, DC: Antiquities Coalition, 2017. 16p. Source: Internet Resource: Policy Brief No. 3: Accessed September 15, 2017 at: http://thinktank.theantiquitiescoalition.org/wp-content/uploads/2017/07/Policy-Brief-3-2017-07-20.pdf Year: 2017 Country: International URL: http://thinktank.theantiquitiescoalition.org/wp-content/uploads/2017/07/Policy-Brief-3-2017-07-20.pdf Shelf Number: 147333 Keywords: Antiquities Cultural Property Heritage Crime Internet CrimeInternet TradeLooting Stolen Property Trafficking in Antiquities |
Author: Kruithof, Kristy Title: The role of the 'dark web' in the trade of illicit drugs Summary: The Internet has fundamentally changed ways of doing business, including the operations of illegal markets. RAND Europe was commissioned to investigate the role of the Internet in facilitating the drugs trade, particularly in the Netherlands. The Internet has fundamentally changed ways of doing business, including the operations and activities of illegal markets. There are now around 50 online marketplaces on the 'dark web' that trade illegal drugs, novel psychoactive substances (NPS), prescription drugs and other - often illegal - goods and services. These so-called cryptomarkets are accessible with a normal Internet connection, but require special anonymising software to access. The role of these cryptomarkets in facilitating the trade of illicit drugs was first highlighted by the success of Silk Road, an online marketplace for the sale of illegal goods. Silk Road was taken down by the FBI in October 2013; however, other very similar cryptomarkets filled the void within a matter of weeks. Details: Cambridge, UK: RAND Europe, 2016. 8p. Source: Internet Resource: Research Brief: Accessed September 27, 2017 at: https://www.rand.org/pubs/research_briefs/RB9925.html Year: 2016 Country: Netherlands URL: https://www.rand.org/pubs/research_briefs/RB9925.html Shelf Number: 147473 Keywords: Dark WebDrug MarketsIllegal Drug TradeIllegal MarketsInternet Crime |
Author: Great Britain. Home Office. Science Advisory Council Title: Understanding the costs of cyber crime: A report of key findings from the Costs of Cyber Crime Working Group Summary: The Home Office today published the findings that came out of the 'Costs of Cyber Crime Working Group' that ran from 2014-2016. The group, attended by techUK, was composed following a commitment in the 2013 Serious and Organised Crime Strategy that aimed to improve the quality of data that is used when estimating the cost of cyber-crime incidents. The report is intended to help take the research community closer towards achieving better estimates of the costs of cyber-crime as part of future studies. The report sets out the framework that will now be used for estimating costs and also makes a number of recommendations on the design of future research into the costs of cyber-crime, including: - Calling for researchers designing future costs of cyber-crime to approach their research design in a systematic fashion using the framework in the report; identify gaps in the costs of cyber-crime framework and tailor research questions so that they can fill these specific gaps - That future studies should further investigate the costs and profits to offenders of engaging in cyber-crime - That future studies investigate the financial impact of cyberattacks on a businesses' reputation - That future research consider how to estimate the monetary cost of the fear of cyber crime Details: London: Home Office, 2018. 82p. Source: Internet Resource: Research Report 96: Accessed January 18, 2018 at: http://www.techuk.org/insights/news/item/12135-home-office-publishes-understanding-the-costs-of-cyber-crime-report Year: 2018 Country: United Kingdom URL: http://www.techuk.org/insights/news/item/12135-home-office-publishes-understanding-the-costs-of-cyber-crime-report Shelf Number: 148868 Keywords: Computer CrimeCosts of CrimeCybercrimeInternet Crime |
Author: London Assembly. Police and Crime Committee Title: Tightening the net: The Metropolitan Police Service's response to online theft and fraud Summary: The internet is changing the nature of crime -- The internet has revolutionised the way that we live our lives. But it has also changed the way that criminals operate: increasingly, there is a cyberdimension to almost all types of crime. Our investigation focused on how the internet has enabled criminals to commit acquisitive crimes - those that involve taking goods or money from a victim - in different ways. We found that, while crimes such as burglary are falling, a whole new collection of online crimes have emerged. One crime in particular has been transformed by the internet: fraud. Around 70 per cent of frauds are now "cyber-enabled" and the internet provides an opportunity for fraudsters to expand their activities on a huge scale. Unlike in the past, fraudsters can target large numbers of victims, often at next to no cost. The types of online scams are wide-ranging. Cyber-criminals tailor frauds to the individual; as one expert told us, we are all at risk. We do not know enough about the perpetrators of online crime. What is clear is that cyber-criminals do not fit into a typical mould. Organised crime groups are responsible for an element of online crime in London. But - in addition to these groups - many local, known criminals have expanded their day-to-day criminal activities into London's cyberspace. Computer literacy is no barrier to becoming a cyber-criminal - in fact, you need no more skill than to be able to log on. This, combined with a lower personal risk of being caught, makes online crime appealing to another, perhaps less expected, group of perpetrators: those new to crime. Committing crime using the internet offers anonymity - many would not commit a similar crime if it involved face-to-face contact with the victim. Like the perpetrators of online crime, its victims no longer fit into a typical group or category. Our research found that victims came from different ethnic groups, social grades and areas of London. We also found that becoming a victim of an online crime can be just as distressing as if it were a traditional crime, even when there has been no financial loss. Even the mere thought that someone had impersonated or tricked them can cause a great deal of stress for the victim. A greater understanding and sensitivity to victims' experiences will be an essential part of the police's response to online crime. We do not know the extent of online theft and fraud Crime statistics should help us to measure the extent - and the trend - of online crime. The Office for National Statistics (ONS) uses two headline measures for trends in total crime over time: police-recorded crime and the Crime Survey for England and Wales. Both sets of data tell a similar story crime in England and Wales has fallen sharply in the last decade. But both measures contain flaws, not least that they are failing to capture a range of crimes committed using the internet. Many online crimes will not appear in police-recorded statistics because often victims choose not to report crimes to the police in the first place. This may be because victims feel embarrassed at being tricked by a fraudster or that there is little the police can do to catch the perpetrator. Due to the hidden nature of many online frauds, often victims cannot report the offence immediately because they are unaware that it has been committed against them in the first place. The Crime Survey for England and Wales is not capturing trends in online crime either. It has failed to keep up as the public's experience of victimisation has evolved: the survey does not currently ask respondents about a range of crimes committed using the internet and excludes many crimes, such as fraud, from its headline results. The effect of this omission on the overall level of crime that the survey measures is significant. In light of the current limitations with both police-recorded crime and the Crime Survey, we commissioned our own victimisation survey to better understand the extent of online crime in London. Our findings paint an alarming picture of the balance between old and new crimes. Among the 1,004 Londoners we surveyed, we found that a higher proportion had been a victim of an online crime than of a more traditional form of property crime. Perceptions differ too: higher proportions of respondents felt online crimes have increased in recent years relative to traditional crimes. And respondents were also more worried about online crimes than they were traditional crimes. The police should reflect on our results as it develops its approach to online crime. The police service has been slow to respond to the emergence of online crime The police are behind the curve when it comes to tackling online crime. The research base for policing the cyber-threat is not as well developed as in other areas of policing and, in some cases, there is a lack of appetite among police forces and officers to tackle offences such as cyber-fraud, often not seen as exciting crimes to investigate. In order to improve the police service's response, the Government changed the system for reporting fraud. Action Fraud - the UK's national reporting centre for fraud and internet crime - has had a number of successes, such as improving the level of crime reporting and the ways in which positive outcomes are sought for victims. But, while the new system represents an improvement on that which preceded it, one problem stands out: there is still a need to raise awareness among the public - and even among parts of the police - about Action Fraud. To increase reporting of crime in London, the Mayor, MOPAC and the Met should all work with the City of London Police to help to raise awareness about online crime and the role of Action Fraud. Better co-operation between the police and other organisations is needed as well. The police service has claimed that banks and others do not routinely report offences because they do not wish to reveal how vulnerable they are. Some have argued that these and other organisations should be encouraged or even compelled to share fraud data with law enforcement agencies. MOPAC and the Met have started to take the problem seriously The Mayor's Office for Policing and Crime (MOPAC) recognises that online crime is a significant problem in London. So far, MOPAC's approach has focused mainly on online crimes against businesses. This is important: some small businesses are particularly vulnerable. But MOPAC must not let the Met lose focus on individual victims of online crime. And, to help the Met to avoid viewing cyber-crime in isolation, all MOPAC's future strategies should directly address pertinent internet risks, something missing in its recently published Hate Crime Reduction Strategy for London. Like MOPAC, the Met is also aware of the difficulty in tackling online crime. It has created a new Fraud and Linked Crime Online (FALCON) command, with substantially increased resources, to reduce the harm caused by fraud and cyber-criminals in London. Given the potential scale of online crime, FALCON must make choices to meet this objective and secure the best value for money from its resources. Since many online crimes do not align with policing, national or international boundaries, enforcing the law can be difficult. As the FALCON command matures, it needs to develop its methods for disrupting criminals and preventing crimes from happening in the first place. It must also build a workforce with the right balance between police officers and civilian staff: piling in loads of uniformed officers is not the way to deal with online fraud. One of the reasons that many victims of online crime do not report the offence to the police is that they do not think the police will do anything about it. In order to show that they are taking online crime seriously, MOPAC and the Met need to demonstrate that they are making a difference. Measuring the level of online victimisation through prevalence surveys is perhaps the most effective way of doing that. We ask that MOPAC collects data in its future surveys and publishes the results on a regular basis. The Met faces challenges in the future The Met's decision to establish a new command to tackle fraud and online crime clearly demonstrates that it is taking these threats seriously. But this approach is not without risks. We are concerned that the FALCON command might become siloed from the rest of the Met. Given that that there is increasingly a cyber-dimension to almost all crimes, the Met needs to ensure that all of its officers and staff are as comfortable policing London's cyberspace as they are London's streets; it must not be left to specialists alone. Both inside and outside of the FALCON command, the Met needs to determine what skills and training its workforce needs to tackle the challenge of online crime. Aside from formal training, we heard that the Xbox and PlayStation generation of police officers are already well prepared to fight online crime. The Met should tap into this resource which is already among its ranks. Details: London: The Assembly, 2015. 58p. Source: Internet Resource: Accessed February 8, 2018 at: https://www.london.gov.uk/sites/default/files/Tightening%20the%20net_0.pdf Year: 2015 Country: United Kingdom URL: https://www.london.gov.uk/sites/default/files/Tightening%20the%20net_0.pdf Shelf Number: 149034 Keywords: Acquisitive CrimesComputer CrimeCybercrimeFraudInternet CrimeOnline VictimizationProperty CrimeTheft |
Author: Ponemon Institute Title: 2017 Cost of Cybercrime Study: Insights on the Security investment that Make a Difference Summary: With cyber attacks on the rise, successful breaches per company each year has risen more than 27 percent, from an average of 102 to 130. Ransomware attacks alone have doubled in frequency, from 13 percent to 27 percent, with incidents like WannaCry and Petya affecting thousands of targets and disrupting public services and large corporations across the world. One of the most significant data breaches in recent years has been the successful theft of 143 million customer records from Equifax- a consumer credit reporting agency-a cyber crime with devastating consequences due to the type of personally identifiable information stolen and knock-on effect on the credit markets. Information theft of this type remains the most expensive consequence of a cyber crime. Among the organizations we studied, information loss represents the largest cost component with a rise from 35 percent in 2015 to 43 percent in 2017. It is this threat landscape that demands organizations reexamine their investment priorities to keep pace with these more sophisticated and highly motivated attacks. To better understand the effectiveness of investment decisions, we analyzed nine security technologies across two dimensions: the percentage spending level between them and their value in terms of cost-savings to the business. The findings illustrate that many organizations may be spending too much on the wrong technologies. Five of the nine security technologies had a negative value gap where the percentage spending level is higher than the relative value to the business. Of the remaining four technologies, three had a significant positive value gap and one was in balance. So, while maintaining the status quo on advanced identity and access governance, the opportunity exists to evaluate potential over-spend in areas which have a negative value gap and rebalance these funds by investing in the breakthrough innovations which deliver positive value. Following on from the first Cost of Cyber Crime1 report launched in the United States eight years ago, this study, undertaken by the Ponemon Institute and jointly developed by Accenture, evaluated the responses of 2,182 interviews from 254 companies in seven countries-Australia, France, Germany, Italy, Japan, United Kingdom and the United States. We aimed to quantify the economic impact of cyber attacks and observe cost trends over time to offer some practical guidance on how organizations can stay ahead of growing cyber threats. Details: s.l.: Accenture, 2017. 56p. Source: Internet Resource: https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf Year: 2017 Country: United States URL: https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf Shelf Number: 149125 Keywords: Costs of Crime Crime Against BusinessesCrime StatisticsCyber SecurityCybercrime Internet Crime |
Author: ECPAT International Title: Regional Overview: The Sexual Exploitation of Children in Southeast Asia Summary: Southeast Asia has a booming economy and is undergoing impressive growth in a number of sectors. For example, the region has one of the world's fastest growing internet markets, currently with 260 million users and a projected 480 million users by 2020. Mobile connections account for 130% of the population. The continued growth of international arrivals in the region is largely due to increasing numbers of intra-regional and inter-regional tourists and travelers. According to data of the UNWTO, Thailand recorded the world's highest growth in international tourist receipts in 2016. Such developments should result in positive changes in the lives of children - and indeed, significant progress has been made on a number of child rights indicators in the region. Nevertheless there is a dark and disturbing downside to this growth. The proliferation of the internet and related communication technologies has significantly expanded opportunities for child sex offenders to plan their travel, to communicate anonymously with other child sex offenders, to access, produce and disseminate child sex abuse images, and to engage in online sexual encounters with children without them even having to leave their homes. As technology evolves, forms and modus operandi of exploitation also evolve. The rapid growth in travel and tourism increases the number of children vulnerable to sexual exploitation. In the pursuit of economic development, a number of Southeast Asian countries have allowed large-scale foreign investment in tourism and other sectors and the proliferation of Special Economic and Free Trade Zones. These positive economic developments often are accompanied by the building of casinos and entertainment venues including bars and brothels, which can be high-risk locales for children. This report highlights both the domestic and international dimension of the sexual exploitation of children. The vast majority of child sex offenders in Southeast Asia are nationals of the countries of the region, the victims primarily girls. Yet emerging evidence also suggests that a considerable numbers of boys are abused and that foreign child sex offenders are increasingly accessing children through voluntary or professional positions in schools, orphanages, and child care centres Details: Bangkok: ECPAT, 2017. Source: Internet Resource: Accessed March 16, 2018 at: http://www.ecpat.org/wp-content/uploads/2018/02/Regional-Overview_Southeast-Asia.pdf Year: 2017 Country: Asia URL: http://www.ecpat.org/wp-content/uploads/2018/02/Regional-Overview_Southeast-Asia.pdf Shelf Number: 149499 Keywords: Child PornographyChild ProstitutionChild Sexual AbuseChild Sexual ExploitationInternet CrimeOnline VictimizationSex TourismSex Trafficking |
Author: DeMarco, Jeffrey Title: Behaviour and Characteristics of Perpetrators of Online-facilitated Child Sexual Abuse and Exploitation: A Rapid Evidence Assessment Summary: - The Independent Inquiry into Child Sexual Abuse: The primary remit of the Independent Inquiry into Child Sexual Abuse (IICSA) is to explore how public bodies and other non-state institutions in England and Wales have handled their duty of care in protecting children from sexual abuse. One of the investigations focuses on the institutional responses to child sexual abuse (CSA) and exploitation facilitated by the internet. This is referred to as the Internet Investigation. - ICT and CSA: Evidence suggests that all perpetrators of online-facilitated CSA have broadly been using information and communication technology (ICT) to commit child abuse since the late 1980s. - Research aims and objectives: IICSA commissioned this rapid evidence assessment as part of its investigation into the internet and CSA. Its aim was to answer the question: 'What is known about the behaviour and characteristics of people who sexually abuse or exploit children, where such abuse is facilitated by the internet?' Research aims and objectives - In responding to the primary research question listed above, the rapid evidence assessment considered how perpetrators use specific technologies to offend and how the availability of these technologies influences perpetrators' behaviour, how perpetrators identify and target potential victims across forums, and what the key safeguarding challenges are for institutions raised by changing technologies and associated perpetrator behaviour. - The rapid evidence assessment also sought to identify evidence regarding emerging types of offences, including self-generated material in sexual solicitation, exploitation and abuse of children, sexual extortion, and offences in which self-generated sexual material shared freely online by children is identified and circulated by perpetrators with an interest in child sexual exploitation material. - Lastly, the rapid evidence assessment also aimed to capture information pertaining to children who perpetrate online-facilitated sexual abuse against peers, relationships between different types of offending, and pathways into offending. - The rapid evidence assessment was conducted in four stages: pilot, evidence selecting, evidence screening and evidence synthesising. - The findings from the above points are presented to best synthesise the information in responding to each one while considering the primary research question. Details: London: NatCen Social Research, 2018. 85p. Source: Internet Resource: Accessed March 23, 2018 at: https://www.iicsa.org.uk/document/rapid-evidence-assessment-behaviour-and-characteristics-perpetrators-online-facilitated Year: 2018 Country: United Kingdom URL: https://www.iicsa.org.uk/document/rapid-evidence-assessment-behaviour-and-characteristics-perpetrators-online-facilitated Shelf Number: 149552 Keywords: Child PornographyChild Sexual AbuseChild Sexual ExploitationInternet CrimeOnline VictimizationSex OffendersSexting |
Author: Livingstone, Sonia Title: Net Children Go Mobile: The UK report Summary: This report presents new UK findings regarding children's online access, opportunities, risks and parental mediation. The primary focus is on risk and safety considerations. The new UK findings are compared in this report with: - Findings from the seven‐country European 2013‐14 survey by Net Children Go Mobile. - UK findings from the 25‐country European 2010 survey by EU Kids Online. - Illustrative quotations from children are drawn from qualitative interviews conducted by Net Children Go Mobile (which will report later in 2014). Access and use Mobile and personalised media are expanding the spatial and temporal locations of internet use among children by providing 'anywhere, anytime' accessibility: - Home is still the main location of internet use by far, despite it now being available in many locations out and about. Forty per cent of children use the internet at home several times per day, most of them in their bedroom. Over half also go online in other places, and half use it when out and about. - Compared with 2010, half as many now use a desktop PC, so that access is more often on a personalised device (smartphone, laptop, games console, tablet as well as desktop). - In the UK, smartphones are already more popular than laptops (used daily by 56% and 47% of 9-to-16‐year‐olds daily). In Portugal and Italy, laptops are used more often than smartphones, while in Denmark both are used daily by nearly three in four children. - The age of first use overall - at around eight years old - is little changed since 2010, although by 2013, children, especially 9-to-10- year‐olds, have access to much more complex smartphone convergent technologies than their 2010 predecessors. Online activities Research has shown that children's online activities vary by age - with children progressing up 'the ladder of opportunities' over time, from basic uses to creative and participatory uses of the internet: - The most popular online activities are watching video clips, social networking and listening to music. Some of the activities that policy makers and parents worry about are, in fact, rather rare - purchasing apps, spending time in a virtual world, registering one's geographic location, visiting chatrooms. - More children do more of most online activities now compared with a few years ago. Moreover, smartphone users make considerably more use of the internet in almost every way. However, many informational, civic and creative uses are regularly undertaken only by a minority of children. - By comparison with other European countries, UK children are the most satisfied with the online offer. But 9-to-10-year‐olds have become less satisfied over time with the content available to them. Smartphones expand the range of mobile communicative practices and audiences children are now able to engage with. Which children, then, use social networking and media‐sharing platforms, and how do they use them? - Facebook is the main platform used by the youngest age band, with 18% of 9-to-10‐year olds and 25% of 11-to-12‐year‐olds having a profile. Children continue to adopt some of the latest social networking sites (SNSs), and the UK is distinctive in the popularity of Twitter - 14% of all 9-to-16‐year‐olds use it. - However, since 2010, SNS use has dropped for girls (from 65% to 50%) but hardly for boys. It has also dropped substantially for younger children: safety campaigns have possibly had some effect. - Substantial numbers of children have relatively few online contacts, and the number of online contacts has dropped a little since 2010, when 16% reported more than 300 contacts (compared with 10% in 2013). - However, the UK's 14% who accept all 'friend' requests exceeds the European average of 9%, and is lower only than that of Romanian children (18%). - Half of SNS users keep their profiles private. Boys, teens, and children from low socio‐ economic status (SES) homes are more likely to have public profiles. - One‐quarter have provided a false age on their profile - more often younger children than teens. Skills Contrary to the myth of the digital native, children and young people do not naturally or automatically acquire digital literacy. The research examined children's self‐reported competence (or self‐confidence), along with self‐ reported ability with a specific list of skills, including those needed for mobile/online devices: - Two in three children say they know more than their parents about the internet, and 86% claim to know more than their parents about smartphones. However, 9-to-10-year‐olds generally think their parents know more about using the internet than they do. - Children's digital literacy and safety skills have not changed much since 2010, although children are now less able to block junk/spam and more able to manage their privacy settings and delete their history. - In Denmark the average number of skills related to the internet is higher than the UK, possibly because UK parents practise more restrictive mediation, limiting children's chance to explore and learn online. - Smartphone users are generally skilled in the use of their personal devices, but around one‐ third cannot block pay‐for pop‐ups or compare and choose the best or most reliable app or deactivate the function showing their geographical position. Younger girls seem particularly to lack the skill to use their personal devices effectively. Details: London: London School of Economics and Political Science, 2014. 70p. Source: Internet Resource: Accessed March 23, 2018 at: http://eprints.lse.ac.uk/59098/1/__lse.ac.uk_storage_LIBRARY_Secondary_libfile_shared_repository_Content_Livingstone%2C%20S_EU%20Kids%20Online_Livingstone_Net_%20children_%20go_2014_Livingstone_Net_%20children_%20go_2014_author.pdf Year: 2014 Country: United Kingdom URL: http://eprints.lse.ac.uk/59098/1/__lse.ac.uk_storage_LIBRARY_Secondary_libfile_shared_repository_Content_Livingstone%2C%20S_EU%20Kids%20Online_Livingstone_Net_%20children_%20go_2014_Livingstone_Net_%20children_%20go_2014_auth Shelf Number: 149553 Keywords: Internet CrimeOnline VictimizationSocial Media |
Author: International Fund for Animal Welfare Title: Out of Africa: Byting Down on Wildlife Cybercrime Summary: The International Fund for Animal Welfare (IFAW) has been researching the threat that online wildlife trade poses to endangered species since 2004. During that time, our research in over 25 countries around the globe has revealed the vast scale of trade in wildlife and their parts and products on the world's largest marketplace, the Internet - a market that is open for business 24 hours a day, 365 days a year. Whilst legal trade exists in respect of many species of wildlife, online platforms can provide easy opportunities for criminal activities. Trade over the Internet is often largely unregulated and anonymous, often with little to no monitoring or enforcement action being taken against wildlife cybercriminals. In addition, cyber-related criminal investigations are complicated by jurisdictional issues, with perpetrators in different geographical locations and laws differing from country to country. This poses a serious threat to the survival of some of the world's most iconic species and the welfare of individual animals. This report outlines the results of new IFAW research in seven different countries in Africa, exploring the availability of wild animals and their products in an area of the world with a rapid growth in access to the Internet. This research is part of a broader project to address wildlife cybercrime in Africa, funded by the US government's Department of State's Bureau of International Narcotics and Law Enforcement Affairs (INL). The wider project included researching trade in elephant, rhino and tiger products over the 'Darknet'; providing training on investigating wildlife cybercrime to enforcers in South Africa and Kenya; ensuring policy makers addressed the threat of wildlife cybercrime through adopting Decision 17.92 entitled Combatting Wildlife Cybercrime at the CoP17 of the Convention on International Trade in Endangered Species of Wild Fauna and Flora (CITES) in Johannesburg 2016; carrying out a review of legislation as it pertains to wildlife cybercrime; and providing training to online technology companies to assist with the effective implementation of their policies. Research focused on online marketplaces and social media platforms utilised by traders stating they were based in Ethiopia, Ivory Coast, Kenya, Nigeria, South Africa, Tanzania and Uganda. In most cases, this meant focusing on trading platforms based in those specific countries, but researchers also identified traders stating they were based in South Africa using international Alibaba and eBay sites. Details: Washington, DC: IFAW, 2017. 32p. Source: Internet Resource: Accessed April 20, 2018 at: https://s3.amazonaws.com/ifaw-pantheon/sites/default/files/legacy/(Pixelated%20Webversion)SAInvestigationReport_lores.pdf Year: 2017 Country: Africa URL: https://s3.amazonaws.com/ifaw-pantheon/sites/default/files/legacy/(Pixelated%20Webversion)SAInvestigationReport_lores.pdf Shelf Number: 149865 Keywords: Computer CrimeCybercrimeIllegal Wildlife TradeInternet CrimeWildlife Crime |
Author: Big Brother Watch Title: Cyber attacks in local authorities: How the quest for big data is threatening cyber security Summary: Local authorities are holding ever-expanding troves of personal information about citizens. Under the banner of data-driven government, they are seeking to actively gather more information about people. So-called 'smart cities' are armed with sensors and cameras that amass data about citizens, introducing a new level of everyday surveillance in the UK. This accumulation of big data evokes not only concerns about ethics, rights and violations of privacy, but also about how equipped councils are to protect citizens' sensitive data. The number of serious cyber attacks is forecasted to significantly rise in the near future, making cyber security risks a clear priority. But is cyber security being appropriately prioritized by local authorities, or is more data collection the main focus of their digital strategies? Based on Freedom of Information requests, Big Brother Watch found that UK local authorities have experienced in excess of 98 million cyber attacks over 5 years. This means that there are at least 37 attempted breaches of UK local authorities every minute. In addition, at least 1 in 4 councils experienced a cyber security incident - that is, an actual security breach - between 2013 - 2017. While some councils have taken measures to face the ever growing threat from cyber attacks, especially the areas of staff training and reporting of successful cyber attacks need urgent attention. In 2015, Big Brother Watch exposed how local authorities commit 4 data breaches a day, predominantly caused by human error. 1 Surprisingly, our current investigation reveals that little action has been taken to increase staff awareness and education in these matters. We found that 75% of local authorities do not provide mandatory training in cyber security awareness for staff and 16% do not provide any training at all. Considering that the majority of successful cyber attacks start with phishing emails aimed at unwitting staff, 2 negligence in staff training is very concerning and only indicative of the low priority afforded to cyber security issues. Our findings further reveal that 25 local authorities experienced losses or breaches of data in the past five years as a result of cyber security incidents. Yet, 56% of councils who failed to protect data from cyber security threats did not even report the incidents. Big Brother Watch urges local authorities to review their policies with a view to mitigating the risks of cyber security incidents that threaten the security of citizens' invaluable data. 1. Local authorities must appropriately prioritize their cyber security. Instead of investing in surveillance technologies, councils should invest resources on the development of cyber security strategies and the training of staff. 2. Cyber security incidents should be consistently reported. Local authorities need to establish a simple protocol that allows them to report incidents to the right authorities, whether the police, Information Commissioner's Office or the National Cyber Security Centre. This would ensure that threats are dealt with appropriately and that authorities' propensity to attacks is monitored. Furthermore, local authorities should utilise the National Cyber Security Centre's definitions of cyber attacks and cyber security incidents to ensure consistent reporting. 3. All staff should receive mandatory training in cyber security. Cyber attacks are not only designed to breach computer systems, but also to exploit humans who are often the weakest cyber security link. The ability to identify threats must not be reserved to ICT specialists but spread throughout the staff body. With large and ever-increasing volumes of data at stake, all local authority staff should have basic cyber security awareness. Details: London: Big Brother Watch, 2018. 66p. Source: Internet Resource: Accessed May 3, 2018 at: https://bigbrotherwatch.org.uk/wp-content/uploads/2018/02/Cyber-attacks-in-local-authorities.pdf Year: 2018 Country: United Kingdom URL: https://bigbrotherwatch.org.uk/wp-content/uploads/2018/02/Cyber-attacks-in-local-authorities.pdf Shelf Number: 150032 Keywords: Computer CrimesCybercrimeCybersecurityInternet Crime |
Author: Romanosky, Sasha Title: Law Enforcement Cyber Center: Final Technical Report Summary: Cybercrime and cyber threats place many demands on law enforcement agencies, ranging from investigating cyber incidents to securing their own information systems. In addition, law enforcement agencies are required to collect and handle the constantly increasing volume of digital evidence. The Bureau of Justice Assistance established the Law Enforcement Cyber Center (LECC) in October 2014 to help state and local law enforcement better combat cybercrime. The LECC, which completed in September 2017, was tasked to serve as an online portal and a clearinghouse of information, directing users to existing resources developed and managed by subject-matter experts, professional organizations, and government agencies. The LECC was managed by a consortium of organizations led by the RAND Corporation as the main grantee. Partner organizations in the LECC team were the International Association of Chiefs of Police and the Police Executive Research Forum. Although doing so was not formally part of the LECC grant, the project team also collaborated with the National White Collar Crime Center, a nonprofit organization. This technical report provides an account of LECC activities since its inception in October 2014 to its completion in September 2017. Key Findings The LECC Met Its Objectives and Completed All Its Planned Tasks The LECC project team set up the LECC website, identified training and training needs for various stakeholders, contributed to better links among crime units, enhanced prevention education, and developed technical assistance materials for relevant audiences. The project team also organized the LECC Justice Executive Cyber Roundtable, which provided a unique forum to bring together police chiefs, prosecutors, and judges to address the fight against cybercrime. The Metrics Employed by the Project Team Demonstrated the Usefulness of the Type of Services Provided by the LECC As the LECC web traffic data demonstrate, the content provided on the LECC website was successful in attracting traffic to the website. The volume of traffic visiting the website grew over time, suggesting that it is possible to attract new users as well as retain existing visitors by providing a continuously updated set of relevant information. The presentation of the LECC and its website at various meetings, fora, and conferences received interest and enthusiasm, indicating a perceived need for such a resource among various stakeholders. The LECC's resources were also designed to foster greater links among crime units; for example, the LECC team compiled a list of regional capabilities relevant for combatting cybercrime, such as forensics labs or training facilities. The LECC team developed a report on the implementation of the Utah Model of cybercrime prevention, summarizing lessons and best practices from the implementation of a new cybercrime unit in Utah. Recommendation Future endeavors to assist state and local law enforcement and prosecutors with cybercrime prevention, investigation, and prosecution should continue to broker the exchange of knowledge within and across law enforcement stakeholder groups. Details: Santa Monica, CA: RAND, 2017. 48p. Source: Internet Resource: Accessed May 25, 2018 at: https://www.rand.org/content/dam/rand/pubs/research_reports/RR2300/RR2320/RAND_RR2320.pdf Year: 2017 Country: United States URL: https://www.rand.org/content/dam/rand/pubs/research_reports/RR2300/RR2320/RAND_RR2320.pdf Shelf Number: 150370 Keywords: Computer Crime Costs of CrimeCrime PreventionCriminal Investigation CybercrimeInternet Crime |
Author: Wingard, James R. Title: Catch Me If You Can: Legal Challenges to illicit wildlife trafficking over the internet Summary: Although illicit internet trade falls into the larger universe of cybercrime, it is better described as a cyber-enabled crime - in other words, a traditional crime that uses new technologies with the traditional part being the illegal capture of wildlife and the associated physical forms of trade. In addition to the many legal and enforcement challenges associated with conventional wildlife crimes, internet-based illegal wildlife trade (IWT) poses another set of problems for officials, forcing them to operate in a trans-jurisdictional, virtual space that they, and the law, are largely unprepared to manage. On the practical side, they face substantial difficulties merely distinguishing legal from illegal trade, including: - knowing which species are involved and which countries' laws apply to the activity in question (e.g. advertising, sale and purchase, arrangement of logistics); - determining trade quantities and making decisions on whether to invest resources in the pursuit of crimes; and - knowing which specific legal basis may apply to the species being traded. In terms of their legal authorities and practices, officials also confront further problems, in that they may have no specific power to carry out covert investigations; no, or limited, access to cybercrime units; and no, or limited, experience with cybercrime laws and digital forensics to conduct necessary investigations. Concerning the legal frameworks directed at illicit wildlife trade, they face: - criminal and related laws that do not adequately address all parts of the digital trade chain by expressly criminalizing the advertising of illicit wildlife trade or related offences; - differing investigative authorities between jurisdictions that compromise transnational enforcement efforts; and - inconsistent regulation of and limitations to subject matter and personal jurisdiction that create 'digital safe havens' and prevent prosecutions. Taken as a whole, the overall ability of enforcement authorities to adequately identify, investigate and prosecute the advertising of illicit wildlife on the internet is severely compromised. Key efforts to improve this situation have been included in the conclusion and recommendations to this brief. Details: Geneva, SWIT: Global Initiative Against Transnational Organized Crime, 2018. 31p. Source: Internet Resource: Accessed August 23, 2018 at: http://globalinitiative.net/wp-content/uploads/2018/07/Wingard-and-Pascual-Digital-Dangers-Catch-me-if-you-can-July-2018.pdf Year: 2018 Country: International URL: http://globalinitiative.net/wp-content/uploads/2018/07/Wingard-and-Pascual-Digital-Dangers-Catch-me-if-you-can-July-2018.pdf Shelf Number: 151245 Keywords: Computer CrimeCybercrimeIllegal Wildlife TradeIllicit TradeInternet CrimeTrafficking in WildlifeWildlife CrimeWildlife Trafficking |
Author: Thomaz, Felipe Title: Illicit Wildlife Markets and the Dark Web: A Scenario of the Changing Dynamics Summary: This brief gives an overview of the online illicit wildlife trade (IWT), and analyzes the current state of this market, and speculates on its likely developments. Although there is currently very little IWT activity on the dark web, we expect this to change as enforcement steps up, and this brief explores how that process might evolve. The online market for illicit wildlife trade appears to be disaggregated and characterized by 'blurred channels', yet, at the same time, it is relatively 'out in the open', which points either to a lack of enforcement or challenges that stymie effective enforcement.However, as and when enforcement activities are stepped up, it is probable that the IWT will respond by moving along a specific pathway. This trajectory would first see a move to centralized dark-web markets, then to specialist, and smaller, dark-web 'shops'. These market shifts would be followed by 'markets by invitation' and then distributed, peer-to-peer marketplaces. Under this scenario of a changing market, each step would be accompanied by a decline in market size caused by a decrease in potential consumers (and vendors), but this market loss would be counteracted by an increase in marketing efficiencies and organization on the part of the vendors. Details: Global Initiative Against Transnational Organized Crime, 2018. 15p. Source: Internet Resource: Accessed Dec. 6, 2018 at: https://globalinitiative.net/wp-content/uploads/2018/11/TGIATOC-DarkWebReport-Web.pdf Year: 2018 Country: International URL: https://globalinitiative.net/wp-content/uploads/2018/11/TGIATOC-DarkWebReport-Web.pdf Shelf Number: 153927 Keywords: Dark Web Illicit Markets Illicit Wildlife Trade Internet CrimeOrganized Crime Wildlife Crime |
Author: McCue, Corrie Title: Ownership of Images: The Prevalence of Revenge Porn Across a University Population Summary: Abstract Since the Internet was first established in the late 1960s it has become significantly easier to gain access to. Email, bulletin board systems, and Internet gaming came to be in the 1970s. Internet pornography soon followed and access has continued to increase. A new trend in pornography includes interactive pornographic websites, which offers users the ability to upload and share pornographic materials. This ability allows individuals to not only post their own photos or videos, but also the photos and videos of others who may, or may not, have consented to such distribution. Nonconsensual pornography also referred to as "revenge porn," "cyber rape," or "involuntary porn," concerns the creation, acquisition and/or distribution of sexually graphic images or movies of individuals without their consent to the distribution. Simply, it is the nonconsensual distribution of consensually or nonconsensually created pornography. This exploratory research hopes to better understand the prevalence and effects of revenge porn amongst college students through a convenience sample of 167 criminal justice students at Bridgewater State University. Specifically this study asks, how prevalent is revenge porn among university students? What is the relationship between social media presence and revenge porn victimization? And what are the demographic characteristics of criminal justice students who post revenge porn online? Details: Bridgewater, MA: Bridgewater State University, 2016. 107p. Source: Internet Resource: Accessed January 18, 2019 at: https://vc.bridgew.edu/cgi/viewcontent.cgi?referer=https://www.google.com/&httpsredir=1&article=1041&context=theses Year: 2016 Country: United States URL: https://vc.bridgew.edu/theses/43/ Shelf Number: 154263 Keywords: College StudentsCyber RapeGraphic ImagesInternet CrimeInvoluntary PornNonconsensual PornographyPornographhic WebsitesPornographyRevenge PornSocial Media |
Author: Great Britain. House of Commons. Petitions Committee Title: Online abuse and the experience of disabled people. First Report of Session 2017-19 Summary: Social media is a means for people to organise, campaign and share experiences. It helps them to access services, manage their careers, shop, date and navigate a society that is too often designed without disabled people in mind. The disabled people we heard from were some of social media's most enthusiastic users. However, their experiences and Katie Price's petition highlight the extreme level of abuse that disabled people receive online-not just on social media, but in online games, web forums, newspaper comments sections and elsewhere. It is shameful that disabled people have had to leave social media whilst their abusers continue unchecked. Self-regulation of social media has failed disabled people. We agree with Katie Price's petition that the law on online abuse is not fit for purpose. Laws which cannot act against fake child pornography designed to mock a disabled child and his family cannot be considered adequate. Online abuse can destroy people's careers, their social lives and do lasting damage to their health. People should not have to avoid their town centre, local park or place of work to avoid sustained abuse, mockery and threats. Online spaces are just as important in the modern world and should be treated as such. Our recommendations focus on the experiences of disabled people as told to us during our inquiry and consultation events. We recognise there is wider work to do on the law on online abuse and the governance of social media. This is being taken up by other Select Committees. Our conclusions and recommendations should be read as a contribution to the conversation around online abuse, disability and the responsibility to ensure that offline and online spaces are safe and inclusive. For our part, our recommendations include: - The Government and social media companies must directly consult with disabled people on digital strategy and hate crime law. It is not enough to just provide alternative formats-though that is crucially importantor consult with self-appointed representatives. - Social media companies need to accept their responsibility for allowing toxic environments to exist unchallenged. They must ensure that their mechanisms and settings for managing content are accessible to and appropriate for all disabled people. They need to be more proactive in searching for and removing hateful and abusive content. They must demonstrate that they have worked in partnership with disabled people to achieve this. - The Government needs to recognise that the way disabled people are often marginalised offline plays a significant part in the abuse they receive online. It needs to challenge stereotypes and prejudices about disabled people, particularly among children and young people, and require proportionate representation of disabled people in its advertising. - Disability hate crime is not fully recognised and perpetrators are not appropriately punished. The law on hate crime must give disabled people the same protections as those who suffer hate crime due to race or religion. - The criminal justice system is too quick to categorise disabled people as "vulnerable". Hostility towards disabled people is often based on a perception that they are an easy target who can't contribute to society. The Government must recognise the links between prejudice against disabled people and their perceived vulnerability. Crimes against disabled people by reason of their disability should be recorded and sentenced as hate crimes. - It must be possible to see if someone has been convicted of a hate crime on the grounds of disability before employing them to work closely with disabled people. If the Government acts on our other recommendations, this should be possible through a Disclosure and Barring Service check. - The Government must review the experience of disabled people when reporting crimes and giving evidence. Too many disabled people have not been treated seriously because frontline officers and staff do not understand disability. Training and support is needed to overcome this. Good practice is too often isolated to a few specially trained police officers and initiatives. - The Government needs to review the law on exploitation within friendships or relationships. Social media companies need to review their processes and provide advice and support for those who identify as needing additional protection. In doing so, both Government and social media companies must consult directly with disabled people and respect their rights to make their own decisions about their lives. Details: London: House of Commons, 2019. 88p. Source: Internet Resource: HC 759: Accessed March 12, 2019 at: https://publications.parliament.uk/pa/cm201719/cmselect/cmpetitions/759/759.pdf Year: 2019 Country: United Kingdom URL: https://publications.parliament.uk/pa/cm201719/cmselect/cmpetitions/759/759.pdf Shelf Number: 154898 Keywords: Disabled PersonsHate CrimeInternet CrimeOnline VictimizationSocial Media |
Author: Street, Cathy Title: Evaluating the response to online safety: CAMHS Local transformation Project (Dudley) Summary: Youthworks was commissioned to - Conduct a needs assessment in order to establish a clear picture of the extent to which online safety issues impact on the emotional health and well-being needs of children and young people within the borough. - Make commissioning recommendations in respect of programmes and interventions, to ensure the online safety of children, young people and their families across the borough. Dudley's children and young people - online experiences - To obtain information around children and young people's online experiences: in 2014 the Cybersurvey was conducted in Dudley and it will be repeated in 2016 as the next phase of this assessment with an in-depth look at young people's responses and any relevant comparisons drawn out. Stakeholder Interviews Phase 1 involved a consultation with local stakeholders. Twenty one people were approached and fifteen local stakeholders were interviewed from: - Child and adolescent mental health services (CAMHS) - local authority children's services, including the Respect and teenage pregnancy team - the school nursing service - the police - the education inspection team - integrated youth services - the local safeguarding board - a private sector company providing online counselling - a local charity providing a variety of advice, support and outreach services for young people The aim of the stakeholder interviews was to explore and establish: - The extent to which children and young people referred into CAMHS state online safety issues as a key factor in their emotional well-being. - The extent to which children and young people referred into the local authority Children's Service Single Point of Access state online safety issues as a key factor in respect of a safeguarding concern. - The extent to which children and young people accessing the counselling provided via Kooth.com (Xenzone) state online safety issues as a key factor. - The extent to which, children and young people who are victims or perpetrators of crime, state online safety issues as a key factor. - What, if any, questions agencies ask children and young people in respect of the impact of cyber-bullying/online risk on their emotional health and wellbeing. - Local trends and issues in relation to online safety (identified by the above local services). Details: Surrey, UK: Youthworks, 2016. 46p. Source: Internet Resource: Accessed May 2, 2019 at: http://youthworksconsulting.co.uk/uploads/875735700EVALUATING_THE_RESPONSEfinal_edit2.pdf Year: 2016 Country: United Kingdom URL: http://youthworksconsulting.co.uk/uploads/875735700EVALUATING_THE_RESPONSEfinal_edit2.pdf Shelf Number: 155609 Keywords: Cyberbullying Internet CrimeOnline Safety Online Victimization Social Media |