International cybercrime


There is no commonly agreed single definition of “cybercrime”. It refers to illegal internet-mediated activities that often take place in global electronic networks. Cybercrime is "international" or "transnational" – there are ‘no cyber-borders between countries'. International cybercrimes often challenge the effectiveness of domestic and international law and law enforcement. Because existing laws in many countries are not tailored to deal with cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages of the less severe punishments or difficulties of being traced. No matter, in developing or developed countries, governments and industries have gradually realized the colossal threats of cybercrime on economic and political security and public interests. However, complexity in types and forms of cybercrime increases the difficulty to fight back. In this sense, fighting cybercrime calls for international cooperation. Various organizations and governments have already made joint efforts in establishing global standards of legislation and law enforcement both on a regional and on an international scale. China–United States cooperation is one of the most striking progress recently, because they are the top two source countries of cybercrime.
Information and communication technology plays an important role in helping ensure interoperability and security based on global standards. General countermeasures have been adopted in cracking down cybercrime, such as legal measures in perfecting legislation and technical measures in tracking down crimes over the network, Internet content control, using public or private proxy and computer forensics, encryption and plausible deniability, etc. Due to the heterogeneity of law enforcement and technical countermeasures of different countries, this article will mainly focus on legislative and regulatory initiatives of international cooperation.

Typology

In terms of cybercrime, we may often associate it with various forms of Internet attacks, such as hacking, Trojans, malware, botnet, Denial-of-Service, spoofing, phishing, and vishing. Though cybercrime encompasses a broad range of illegal activities, it can be generally divided into five categories:

Intrusive Offences

Illegal Access: “Hacking” is one of the major forms of offences that refers to unlawful access to a computer system.
Data Espionage: Offenders can intercept communications between users by targeting communication infrastructure such as fixed lines or wireless, and any Internet service.
Data Interference: Offenders can violate the integrity of data and interfere with them by deleting, suppressing, or altering data and restricting access to them.

Content-related offences

Pornographic Material : Sexually related content was among the first content to be commercially distributed over the Internet.
Racism, Hate Speech, Glorification of Violence: Radical groups use mass communication systems such as the Internet to spread propaganda.
Religious Offences: A growing number of websites present material that is in some countries covered by provisions related to religious offences, e.g., anti-religious written statements.
Spam: Offenders send out bulk mails by unidentified source and the mail server often contains useless advertisements and pictures.

Copyright and trademark-related offences

Common copyright offences: cyber copyright infringement of software, music or films.
Trademark violations: A well-known aspect of global trade. The most serious offences include phishing and domain or name-related offences, such as cybersquatting.

Computer-related offences

Fraud: online auction fraud, advance fee fraud, credit card fraud, Internet banking
Forgery: manipulation of digital documents.
Identity theft: It refers to stealing private information including Social Security Numbers, passport numbers, Date of birth, addresses, phone numbers, and passwords for non-financial and financial accounts.

Combination offences

Cyberterrorism: The main purposes of it are propaganda, information gathering, preparation of real-world attacks, publication of training material, communication, terrorist financing and attacks against critical infrastructure.
Cyberwarfare: It describes the use of ICTs in conducting warfare using the Internet.
Cyberlaundering: Conducting crime through the use of virtual currencies, online casinos etc.

Threats

Similar to conventional crime, economic benefits, power, revenge, adventure, ideology and lust are the core driving forces of cybercrime. Major threats caused by those motivations can be categorized as following:
Economic security, reputation and social trust are severely challenged by cyber fraud, counterfeiting, impersonation and concealment of identity, extortion, electronic money laundering, copyright infringement and tax evasion.
Public interest and national security is threatened by dissemination of offensive material —e.g., pornographic, defamatory or inflammatory/intrusive communication— cyber stalking/harassment, Child pornography and paedophilia, electronic vandalism/terrorism.
Privacy, domestic and even diplomatic information security are harmed by unauthorized access and misuse of ICT, denial of services, and illegal interception of communication.
Domestic, as well as international security are threatened by cybercrime due to its transnational characteristic. No single country can really handle this big issue on their own. It is imperative for us to collaborate and defend cybercrime on a global scale.

International trends

As more and more criminals are aware of potentially large economic gains that can be achieved with cybercrime, they tend to switch from simple adventure and vandalism to more targeted attacks, especially platforms where valuable information highly concentrates, such as computer, mobile devices and the Cloud. There are several emerging international trends of cybercrime.

International responses

G8
Group of Eight is made up of the heads of eight industrialized countries: the U.S., the United Kingdom, Russia, France, Italy, Japan, Germany, and Canada.
In 1997, G8 released a Ministers' Communiqué that includes an action plan and principles to combat cybercrime and protect data and systems from unauthorized impairment. G8 also mandates that all law enforcement personnel must be trained and equipped to address cybercrime, and designates all member countries to have a point of contact on a 24 hours a day/7 days a week basis.
United Nations
In 1990 the UN General Assembly adopted a resolution dealing with computer crime legislation.
In 2000 the UN GA adopted a resolution on combating the criminal misuse of information technology.
In 2002 the UN GA adopted a second resolution on the criminal misuse of information technology.
ITU
The International Telecommunication Union, as a specialized agency within the United Nations, plays a leading role in the standardization and development of telecommunications and cybersecurity issues. The ITU was the lead agency of the World Summit on the Information Society.
In 2003, Geneva Declaration of Principles and the Geneva Plan of Action were released, which highlights the importance of measures in the fight against cybercrime.
In 2005, the Tunis Commitment and the Tunis Agenda were adopted for the Information Society.
Council of Europe
Council of Europe is an international organisation focusing on the development of human rights and democracy in its 47 European member states.
In 2001, the Convention on Cybercrime, the first international convention aimed at Internet criminal behaviors, was co-drafted by the Council of Europe with the addition of USA, Canada, and Japan and signed by its 46 member states. But only 25 countries ratified later. It aims at providing the basis of an effective legal framework for fighting cybercrime, through harmonization of cybercriminal offences qualification, provision for laws empowering law enforcement and enabling international cooperation.

Regional responses

APEC
Asia-Pacific Economic Cooperation is an international forum that seeks to promote promoting open trade and practical economic cooperation in the Asia-Pacific Region.
In 2002, APEC issued Cybersecurity Strategy which is included in the Shanghai Declaration. The strategy outlined six areas for co-operation among member economies including legal developments, information sharing and co-operation, security and technical guidelines, public awareness, and training and education.
OECD
The Organisation for Economic Co-operation and Development is an international economic organisation of 34 countries founded in 1961 to stimulate economic progress and world trade.
In 1990, the Information, Computer and Communications Policy Committee created an Expert Group to develop a set of guidelines for information security that was drafted until 1992 and then adopted by the OECD Council. In 2002, OECD announced the completion of "Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security".
European Union
In 2001, the European Commission published a communication titled "Creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime".
In 2002, EU presented a proposal for a “Framework Decision on Attacks against Information Systems”. The Framework Decision takes note of Convention on Cybercrime, but concentrates on the harmonisation of substantive criminal law provisions that are designed to protect infrastructure elements.
Commonwealth
In 2002, the Commonwealth of Nations presented a model law on cybercrime that provides a legal framework to harmonise legislation within the Commonwealth and enable international cooperation. The model law was intentionally drafted in accordance with the Convention on Cybercrime.
ECOWAS
The Economic Community of West African States is a regional group of west African Countries founded in 1975 it has fifteen member states. In 2009, ECOWAS adopted the Directive on Fighting Cybercrime in ECOWAS that provides a legal framework for the member states, which includes substantive criminal law as well as procedural law.
GCC
In 2007, the Arab League and Gulf Cooperation Council recommended at a conference seeking a joint approach that takes into consideration international standards.

Voluntary industry response

During the past few years, public-private partnerships have emerged as a promising approach for tackling cybersecurity issues around the globe. Executive branch agencies, regulatory agencies, separate agencies and industry are all involved in partnership.
In 2004, the London Action Plan was founded, which aims at promoting international spam enforcement cooperation and address spam related problems, such as online fraud and deception, phishing, and dissemination of viruses.

Case analysis

U.S.

According to Sophos, the U.S. remains the top-spamming country and the source of about one-fifth of the world's spam. Since fighting cybercrime involves great amount of sophisticated legal and other measures, only milestones rather than full texts are provided here.

Legal and regulatory measures

The first federal computer crime statute was the Computer Fraud and Abuse Act of 1984.
In 1986, Electronic Communications Privacy Act was an amendment to the federal wiretap law.
“National Infrastructure Protection Act of 1996”.
“Cyberspace Electronic Security Act of 1999”.
“Patriot Act of 2001”.
Digital Millennium Copyright Act was enacted in 1998.
Cyber Security Enhancement Act was passed in 2002.
Can-spam law issued in 2003 and subsequent implementation measures were made by FCC and FTC.
In 2005 the USA passed the Anti-Phishing Act which added two new crimes to the US Code.
In 2009, the Obama Administration released Cybersecurity Report and policy.
Cybersecurity Act of 2010, a bill seeking to increase collaboration between the public and the private sector on cybersecurity issues.
A number of agencies have been set up in the U.S. to fight against cybercrime, including the FBI, National Infrastructure Protection Center, National White Collar Crime Center, Internet Fraud Complaint Center, Computer Crime and Intellectual Property Section of the Department of Justice, Computer Hacking and Intellectual Property Unit of the DoJ, and Computer Emergency Readiness Team/Coordination Center at Carnegie-Mellon, and so on.
CyberSafe is a public service project designed to educate end users of the Internet about the critical need for personal computer security.

Technical measures

Better encryption methods are developed to deal with phishing, smishing and other illegal data interception activities.
The Federal Bureau of Investigation has set up special technical units and developed Carnivore, a computer surveillance system which can intercept all packets that are sent to and from the ISP where it is installed, to assist in the investigation of cybercrime.

Industry collaboration

In 2008, the second annual Cyber Storm conference was exercised, involving nine states, four foreign governments, 18 federal agencies and 40 private companies.
In 2010, National Cyber Security Alliance’s public awareness campaign was launched in partnership with the U.S. Department of Homeland Security, the Federal Trade Commission, and others.
Incentives for ISP: Though the cost of security measures increases, Internet Service Providers are encouraged to fight against cybercrime to win consumer support, good reputation and brand image among consumer and peer ISP as well.

International cooperation

USA has signed and also ratified Convention on Cybercrime.
United States has actively participated in G8/OECD/APEC/OAS/U.S.-China cooperation in cracking down international cyber crime.

Future challenges

in tracking down cybercrime is being challenged and becomes a controversial issue.
Public-private partnership. As the U.S. government gets more involved in the development of IT products, many companies worry this may stifle their innovation, even undermining efforts to develop more secure technology products. New legislative proposals now being considered by the U.S. Congress could be potentially intrusive on private industry, which may prevent enterprises from responding effectively to emerging and changing threats. Cyber attacks and security breaches are increasing in frequency and sophistication, they are targeting organizations and individuals with malware and anonymization techniques that can evade current security controls. Current perimeter-intrusion detection, signature-based malware, and anti-virus solutions are providing little defense. Relatively few organizations have recognized organized cyber criminal networks, rather than hackers, as their greatest potential cyber security threat; even fewer are prepared to address this threat.

China

In January 2009, China was ranked No.3 spam-producing country in the world, according to data compiled by security vendor Sophos. Sophos now ranks China as spam producer No.20, right behind Spain.
China's underground economy is booming with estimated 10 billion RMB in 2009. Hacking, malware and spam are immensely popular. With patriotic hacktivism, people hack to defend the country.

Legal and regulatory measures

Criminal Law – the basic law identifies the law enforcement concerning cybercrime.
In 2000, the Decision on Internet Security of the Standing Committee of the NPC was passed.
In 2000, China issued a series of Internet rules that prohibit anyone to propagate pornography, virus and scams.
In 2003, China signed UN General Assembly Resolution 57/239 on “Creation of a global culture of cybersecurity”.
In 2003, China signed Geneva Declaration of Principles of the World Summit on the Information Society.
In 2006, an anti-spam initiative was launched.
In July 2006, the ASEAN Regional Forum, which included China, issued a statement that its members should implement cybercrime and cybersecurity laws “in accordance with their national conditions and by referring to relevant international instruments”.
In 2009, ASEAN-China framework agreement on network and information security emergency response were adopted.
In 2009, agreement within the Shanghai Cooperation Organization on information security was made.

Technical measures

"Golden Shield Project" or "The Great Firewall of China": a national Internet control and censorship project.
In 2009, Green Dam software: It restricts access to a secret list of sites, and monitors users’activity.
Operating system change: China is trying to get around this by using Linux, though with a lot of technical impediments to solve.

Industry collaboration

Internet Society of China — the group behind China's anti-spam effort — is working on standards and better ways of cooperating to fight cybercrime.
ISPs have become better at working with customers to cut down on the spam problem.

International cooperation

In 2005, China signed up for the London Action Plan on spam, an international effort to curb the problem.
Anti-Spam “Beijing Declaration”2006 International Anti-Spam Summit was held.
The APEC Working Group on Telecommunications agreed an action plan for 2010–2015 that included “fostering a safe and trusted ICT environment”.
In January 2011, the United States and China committed for the first time at head of state level to work together on a bilateral basis on issues of cybersecurity. "Fighting Spam to Build Trust" will be the first effort to help overcome the trust deficit between China and the United States on cybersecurity. Cyber Security China Summit 2011 will be held in Shanghai.

Achievement and future challenges

Successfully cracking down spam volume in 2009. However, insufficient criminal laws and regulations are great impediments in fighting cybercrime. A lack of electronic evidence laws or regulations, low rank of existing internet control regulations and technological impediments altogether limit the efficiency of Chinese governments' law enforcement.