The stages of cybercrime investigations: Bridging the gap between technology examination and law enforcement investigation

Cybercrime investigation can be argued as still in its infancy. The technical investigation practices and procedures of global law enforcement are also still evolving in response to the growing threat of the cybercriminal. This has led to considerable debate surrounding the adequacy of current technical investigation models, examination tools and the subsequent capability of law enforcement to tackle cybercrime. To bridge the gap between low-level technology recovery and digital forensic examination, and to overcome the many technical challenges now faced by law enforcement; this paper presents an extended cybercrime investigation model capable of guiding the investigative practices of the broader law enforcement community. The Stages of Cybercrime Investigations discussed throughout this paper, demonstrate the logical steps and primary considerations vital to investigating cyber related crime and criminality. The model is intended to provide both technical and non-technical investigative resources, covering mainstream law enforcement, partner agencies and specialist technical services, with a formal and common structure when investigating the complex technical nature of cybercrime. Finally, the model is further aimed at providing cybercrime investigators with a means to consolidate understanding, share knowledge and communicate the resulting outcomes as an investigation moves through each relevant stage.     

Developments in cybercrime law and practice in Ethiopia

With increasing access to information and communication technologies such as the Internet, Ethiopia has recently taken responsive legislative measures. One such legislative measure is enactment of cybercrime rules as part of the Criminal Code of 2004. These rules penalize three items of computer crimes namely hacking, dissemination of malware and denial of service attacks. The cybercrime rules are however slightly outdated due to changes that have occurred in the field of cybercrime since the enactment of the Code. The surge of new varieties of cybercrimes previously uncovered under the Code and the need to legislate tailored evidentiary and procedural rules for investigation and prosecution of cybercrimes have recently prompted the Ethiopian government to draft modern and comprehensive cybercrime legislation, but the draft law still needs further work on cybercrimes in light of other major legislative developments at regional and national levels. This article closely examines major developments in cybercrime law and practice in Ethiopia since the enactment of the first set of cybercrime rules and proffers recommendations towards a unified cybercrime regime.     

Data attack of the cybercriminal: Investigating the digital currency of cybercrime

It is increasingly argued that the primary motive of the cybercriminal and the major reason for the continued growth in cyber attacks is financial gain. In addition to the direct financial impact of cybercrime, it can also be argued that the digital data and the information it represents that can be communicated through the Internet, can have additional intrinsic value to the cybercriminal. In response to the perceived value and subsequent demand for illicit data, a sophisticated and self-sufficient underground digital economy has emerged. The aim of this paper is to extend the author’s earlier research that first introduced the concept of the Cybercrime Execution Stack by examining in detail the underlying data objectives of the cybercriminal. Both technical and non-technical law enforcement investigators need the ability to contextualise and structure the illicit activities of the cybercriminal, in order to communicate this understanding amongst the wider law enforcement community. By identifying the potential value of electronic data to the cybercriminal, and discussing this data in the context of data collection, data supply and distribution, and data use, demonstrates the relevance and advantages of utilising an objective data perspective when investigating cybercrime.     

How organised is organised cybercrime?

To some writers and commentators, fully fledged organised cybercrime is currently emerging. Law enforcement spokesmen and Internet security firms have even made comparisons between the structure of cybercriminal enterprises and organisations like La Cosa Nostra. But, in reality, conventional criminal labels applied to cybercrime are themselves often poorly understood by those who employ them. The purpose of this research note is to apply scholarly rigor to the question of whether profit-driven cybercrime can fit underneath formal definitions of organised crime and mafias. It proceeds in three sections: the first section outlines academic definitions of organised crime, mafias and cybercrime; the second section assesses whether online cybercriminal trading forums, perhaps the most visible and documented examples of cybercriminal organisation, might constitute mafias as some contend; the third section briefly discusses some other less documented examples of ‘organised’ cybercrime and assesses the broader possibility of online groups being classified as organised crime groups.     

Digital Realism and the Governance of Spam as Cybercrime

Spamming is a major threat to the formation of public trust in the Internet and discourages broader civil participation in the emerging information society. To the individual, spams are usually little more than a nuisance, but collectively they expose Internet users to a panoply of new risks while threatening the communications and commercial infrastructure. Spamming also raises important questions of criminological interest. On the one hand it is an example of a pure cybercrime – a harmful behaviour mediated by the Internet that is the subject of criminal law, while on the other hand, it is a behaviour that has in practice been most effectively contained technologically by the manipulation of ‘code’ – but at what cost? Because there is not an agreed meaning as to what constitutes ‘online order’ that renders it simply and uncritically reducible to a set of formulae and algorithms that can be subsequently imposed (surreptitiously) by technological processes. The imposition of order online, as it is offline, needs to be subject to critical discussion and also checks and balances that have their origins in the authority of law. This article deconstructs and analyses spamming behaviour, before exploring the boundaries between law and code (technology) as governance in order to inform and stimulate the debate over the embedding of cybercrime prevention policy within the code itself.     

The contemporary cybercrime ecosystem: A multi-disciplinary overview of the state of affairs and developments

This article provides a multi-disciplinary overview of the contemporary cybercrime ecosystem and its developments. It does so by reviewing and synthesising recent cybercrime research from fields such as cybersecurity, law and criminology. The article also examines ways in which gaps between the aforementioned fields arise and how to lessen them to increase cybersecurity. This article is divided into four main parts. The first part offers background on cybercrime and some of its main elements. It defines terminology, sets out a legal taxonomy of cybercrime offences and presents the estimated costs, threat agents and characteristics of various illicit activities and technical aspects of cybercrime. Parts two, three and four build on this preceding analysis by (separately) examining three prominent threat vectors within the ecosystem – malware, the darknet and Bitcoin and other cryptocurrencies. For each threat vector, the article identifies and investigates features, history, functions and current and expected states of development within the ecosystem. Through its attention to and synthesis of current research and results from different fields, this article offers a synoptic account of the cybercrime ecosystem, which can bridge potential knowledge gaps between fields.     

The Dark Figure of Online Property Crime: Is Cyberspace Hiding a Crime Wave?

A pronounced drop in crime, since the early 1990s, has encompassed every crime category tracked by the FBI’s Uniform Crime Reports, including property crime. However, over the same period, the rates of online property crime (OPC) have been on the rise according to available evidence. We delineate the extent of our knowledge and data concerning cybercrime and identity theft and, using data from several nationally representative victimization surveys, offer an alternative view of property crime trends while pointing out the glaring gap in crime reporting and accounting in relation to the growing category of property crimes perpetrated online. In addition, we compare estimated costs of traditional property crime vs. OPC. Finally, we identify the main challenges for obtaining reliable data on OPC and discuss their implications, especially when applying the traditional methods of compiling crime statistics.     

Cybercrime Tendencies and Legislation in the Republic of Macedonia

The advancement of information and communication technologies opens new venues and ways for cybercriminals to commit crime. There are several different types of cybercrime offences that need to be treated in a separate and different manner. The major international source that provides guidelines for treatment of cybercrime is the Convention on Cybercrime adopted by the Council of Europe and the European Commission Action Plan. The purpose of the paper is to present, discuss and analyze the Macedonian legislation treating cybercrime, with respect to the specific cases typically encountered in practice and the international guidelines concerning cybercrime. The major source of cybercrime legislation in Macedonia is the Criminal Code with provisions thereof in ten of its articles; it addresses cybercrimes such as personal data abuse, copyright and piracy issues, production and distribution of child pornography, computer viruses, intrusions into computer systems, computer fraud and computer forgery. We also present and analyze reports on cybercrime complaints and victims from Macedonia, issued by the Internet Crime Complaint Center and the Macedonian Ministry of Internal Affairs. The reports reveal the unusually high number of complaints for perpetrators and victims originating from Macedonia. Furthermore, we highlight several recent cybercrime cases reported in Macedonia. All things considered, the Macedonian penal legislation is modern and it follows the current European and world standards. It provides guidelines for successful resolution of cybercrime committed in the Republic of Macedonia. However, it could be improved by a more active inclusion of Macedonian authorities in the global response to cybercrime and by stronger enforcement of cybercrime prevention measures and strategies.     

国际反网络犯罪立法及其对我国的启示——以《网络犯罪公约》为中心

《网络犯罪公约》作为国际社会反对网络犯罪、加强国际合作的重要产物，第一次明确了网络犯罪行为的种类及行为人的责任，规定了有关电子证据调查的特殊程序法制度，并确立了网络犯罪管辖的基本原则。但也存在网络犯罪圈划定范围过大、人权与自由保护不足、管辖权过分包容并易导致冲突等问题。因此对该公约需理性看待，应发掘、借鉴其闪光点来推动我国的网络犯罪立法。     

Diffusion of the Budapest Convention on cybercrime and the development of cybercrime legislation in Pacific Island countries: ‘Law on the books’ vs ‘law in action’

The Council of Europe Convention on Cybercrime,¹ referred to as the Budapest Convention on Cybercrime, has been diffused globally, and is serving as a benchmark or a ‘model law’ for drafting national cybercrime legislation in many countries worldwide. This paper argues that, through the mechanism of ‘state socialization’ combined with incentives, e.g. assistance in building law enforcement capacity, the diffusion of the Budapest Convention has had a profound influence on the development of cybercrime legislation in a number of Pacific Island Countries (PICs).² Some PICs have expressed their great interest in acceding to the Convention and ‘imported’ several provisions from the Convention. This article, nevertheless, contends that these PICs do not seem to consider carefully whether the ‘imported’ law is applicable to their existing law enforcement capacity. It is evident that various domestic factors, such as lack of resources, have deterred the enforcement of cybercrime laws in these countries. As the result, although those PICs would have adequate cybercrime laws ‘on the books’, ‘law in action’ is still feeble.     

计算机网络犯罪对刑事诉讼的挑战与制度应对

计算机网络犯罪对现代刑事诉讼带来了严峻的挑战。为应对这一挑战,许多国家建立了专门打击计算机网络犯罪的侦查机构,并扩大其适用技术侦查措施的权限。根据不同的标准,可以对打击计算机网络犯罪的技术侦查措施做出不同的分类。为防止侦查机关在打击计算机网络犯罪过程中对公民权利造成不必要的损害,技术侦查措施的适用必须遵循司法审查原则和比例原则。美国"肉食者"系统和"棱镜"项目存在突破比例原则和司法审查原则的风险。我国在打击计算机网络犯罪的制度建构方面存在严重问题,必须进行全面改革与完善。     

Redefining borders: The challenges of cybercrime

Cybercrime is the newest securitythreat in the world today, and is distinct from anyother threat facing the world. This paper attempts toplace cybercrime in relation to other securitythreats, as well as illustrate the uniquecharacteristics of cybercrime. First, aninvestigation of the major elements of cybercrime willbe conducted. After the parameters of cybercrime havebeen laid out, cybercrime will be analyzed as asecurity threat on both domestic and internationallevels. Finally, current security structures will beexamined for their effectiveness in controlling thethreat posed by cybercrime.     

Cybercrime awareness and victimisation in individuals over 60 years: A Portsmouth case study

Currently cybercrime awareness education tends to be generic, which is not useful for certain demographics, such as older adults, who are at a higher risk of victimisation due to their potential unfamiliarity with cyberspace norms and practices. The Cybercrime Awareness Clinic team carried out focus groups and interviews with older adults with the aim of gaining a better understanding of their cybercrime perceptions and experiences. Fifteen older adults over 60 years participated in focus groups or semi-structured interviews and discussed their experiences of using the internet and dealing with cybercrime. The study concluded that older adults have specific cyberawareness resource requirements, which reinforces the need for more tailored prevention and reporting mechanisms. Education in relation to cyber-risks and prevention is crucial, but can only be effective when co-designed with those that are supposed to receive this training in a grassroots way.     

Sentencing data-driven cybercrime. How data crime with cascading effects is tackled by UK courts

This paper contributes to research seeking to understand if and how legislation can effectively counter cybercrimes that compromise personal data. These ‘data crimes’, which are the ‘dark side’ of big data and the data economy enabled by cloud computing, display cascading effects, in that they empower disparate criminals to commit further crimes and victimise a broad range of individuals or data subjects. The paper addresses the under-researched area of sentencing, which, as the last step of the judicial process, plays a crucial role in how the law is interpreted and implemented.This paper investigates courts’ approach to the evolving technological environment of cybercrime captured by data crime and the cascade effect and whether the cascade effect can assist courts in dealing with data-driven cybercrime. The paper examines original data collected from UK courts, namely 17 sentencing remarks relating to cybercrime court cases decided in England & Wales between 2012 and 2019. The analysis shows that courts appreciate the impact of data crime and their cascading effects, but that the complexity of the offences is lost at sentencing, arguably due to the negative impact of systemic factors, such as technology neutral law and the lack of legal authorities.After examining such systemic factors, the paper suggests how the cascade effect could aid sentencing by adding specificity and context to data crime. The paper ends with avenues for further research relating to debates on fair cybercrime sentencing and open justice.     

打击网络犯罪国际规则的博弈与中国方案

现有的打击网络犯罪国际规范包括公约、协定(指令)和示范法三大类,其中公约类规范是网络犯罪国际规则博弈的焦点。欧洲委员会《布达佩斯公约》和俄罗斯提出的《联合国打击网络犯罪合作公约(草案)》虽然各有特点,但是均存在一定不足,难以成为中国参与网络犯罪国际规则制定的理想法律范本。联合国大会第74/247号决议的通过为网络犯罪规则制定提供了新的发展方向,制定全球性网络犯罪国际公约的中国方案应当以联合国为基础平台,尤其是注重发挥新设立的政府间专家委员会的作用,并将坚持主权原则、体现发展中国家的诉求、推动不同国家打击网络犯罪的协作作为核心主张。具体层面,应以倡导网络空间命运共同体、充分体现中国的经验做法、充分体现网络犯罪治理的时代性与前瞻性为指导理念,同时分总则、定罪、执法程序、国际合作、网络犯罪预防和最后条款等部分进行设计。     

Concerns of cyber criminality in South Africa,Ghana, Ethiopia and Nigeria: rethinking cybercrime policy implementation and institutional accountability

Undoubtedly, some African states have put in place cybercrime legal frameworks and institutional policies to combat cybercrime and curtail the proliferation of the crime globally. Although the cybercrime policy implementation gap is a global problem, this paper notes that these African States have a peculiar challenge of implementation gap or lack of implementation of cybercrime legal frameworks and policies as a basis for cybercrime proliferation and this poses great concerns for internet users. Incentive is comparatively drawn from the United States of America and the United Kingdom in determining what these African governments and institutions should do towards fighting cybercrime.     

Cybercrime jurisdiction

The principles that govern a sovereign’s exercise of jurisdiction to prohibit conduct and to sanction those who violate such prohibitions are well-established as to conduct occurring in the real, physical world. These principles evolved over the last several millennia, as law increased in sophistication and life became more complex. Real-world crime is, almost exclusively, a local phenomenon; the perpetrator(s) and victim(s) are all physically present at a specific geographical point when a crime is committed. The principles that govern the exercise of criminal jurisdiction are therefore predicated on the assumption that “crime” is a territorial phenomenon. Cybercrime makes these principles problematic in varying ways and in varying degrees. Unlike real-world crime, it is not physically grounded; cybercrime increasingly tends not to occur in a single sovereign territory. The perpetrator of a cybercrime may physically be in Country A, while his victim is in Country B, or his victims are in Countries B, C, D and so on. The perpetrator may further complicate matters by routing his attack on the victim in Country B through computers in Countries F and G. The result of these and other cybercrime scenarios is that the cybercrime is not committed “in” the territory of a single sovereign state; instead, “pieces” of the cybercrime occur in territory claimed by several different sovereigns.     

Cybercrime investigation in Finland

Nordic police cooperation concerning cybercrimes has been developed during the last few years, e.g. through the Nordic Computer Forensics Investigators (NCFI) and Nordplus training programmes. More empirical research is needed in order to enhance cybercrime investigation and address the training needs of police officers. There is a knowledge gap concerning organizational models for the police’s cybercrime investigation: How the function is organized, what the professional characteristics of the staff are and how to combine computer forensics with crime investigation? The purpose of this paper was to study the organization of cybercrime investigation in Finland. Data were collected by a questionnaire from all 11 local police districts and the National Bureau of Investigation in July–August 2014. In addition, six thematic interviews of cybercrime investigators were conducted in 2014. Three investigation models of computer integrity crimes were found: (1) Computer forensic investigators conduct the entire pre-trial examination, (2) Computer forensic investigators conduct only the computer forensics, and tactical investigation is done by an occasional investigator, (3) Computer forensic investigators conduct only the computer forensics and tactical investigation is centralized to designated investigators. The recognition of various organizational models and educational backgrounds of investigators will help to develop cybercrime investigation training.     

What Could a New Crime Commission Accomplish?

Even though the crime rate in the United States has dropped since the U.S. President's Commission on Law Enforcement and Administration of Justice under President Johnson issued its report in 1967, the total number of serious crimes in the nation has increased, and public concern about the subject remains high. The 1960s Commission did not fully consider several major subjects that have emerged after it reported, including mental illness, immigration, cybercrime and other white collar crimes, indigent defense, crime victims, and evidence‐based crime policy. Many observers believe that the need to deal with these subjects in addition to those discussed by other researchers in this volume warrants an examination of crime and justice by a new commission. Congress has considered proposals for such a study for nearly a decade, but they are yet to be acted on amid ideological disputes over other criminal justice issues. If Congress fails to establish a new commission, it is still possible that one could be formed with the support of state, county, and local governments, as well as with the support of private foundations.     

An inquiry into the legal status of the ECOWAS cybercrime directive and the implications of its obligations for member states

On 19 August 2011, the ECOWAS Council of Ministers adopted Directive C/DIR.1/08/11 on Fighting Cybercrime at its Sixty Sixth Ordinary Session in Abuja, Nigeria. The adoption of the Directive at that time arose from the need to tackle the growing trend in cybercrime within the ECOWAS region, as some Member States were already gaining global notoriety as major sources of email scams and Internet fraud. Accordingly, the Directive established a legal framework for the control of cybercrime within the ECOWAS region, and also imposed obligations on Member States to establish the necessary legislative, regulatory and administrative measures to tackle cybercrime. In particular, the Directive required Member States to implement those obligations “not later than 1st January, 2014″. This article undertakes an inquiry into the legal status of the Directive as an ECOWAS regional instrument in the domestic legal systems of Member States.In this regard, the article examines whether the requirement regarding the superiority or direct applicability of ECOWAS Community laws such as ECOWAS Acts and Regulations in the domestic legal systems of Member States also apply to ECOWAS Directives such as the Cybercrime Directive. The article also examines the legal implications of the Directive's obligations for Member States. The article argues that while some Member States have not implemented the obligations under the Directive, that those obligations however provide a legal basis for holding Member States accountable, where the failure to implement has encouraged the perpetration of cybercrime that infringed fundamental rights guaranteed under human right instruments such as the African Charter on Human and Peoples’ Rights or under their national laws.