![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
Abstract
All too often claims about the prevalence of cybercrimes lack clarification as to what it is that is particularly ‘cyber’ about them. Perhaps more confusing is the startling contrast between the many hundreds of thousands of incidents of cybercrime supposedly reported each year and the relatively small number of known prosecutions. This contrasting evidence exposes a large gap in our understanding of cybercrime and begs a number of important questions about the quality of the production of criminological knowledge about it. For example, how reliable and partial are the informational sources that mould our opinions about cybercrime. Do we fully understand the epistemological differences between the various legal, academic, expert and popular (lay) constructions of cybercrime? Alternatively, is the criminal justice system just woefully inefficient at bringing wrongdoers to justice? Or are there still some major questions to be answered about the conceptual basis upon which information is gathered and assumptions about cybercrime made? This article takes a critical look at the way that public perceptions of cybercrime are shaped and insecurities about it are generated. It explores the varying conceptualisations of cybercrime before identifying tensions in the production of criminological knowledge that are causing the rhetoric to be confused with reality. It then contrasts the mythology of cybercrime with what is actually going on in order to understand the reassurance gap that has opened up between public demands for Internet security and its provision.
Keywords:
Notes
1. This article is based upon a paper that was first delivered at the ‘Media and Insecurities’ CRIMPREV meeting, 12–13 October 2007, Faculty of Criminal Justice, University of Maribor at Ljubljana, Slovenia. It was later delivered in more advanced form at the Max Planck Institute, Freiburg im Breisgau, Germany, 11 December 2007. The primary reference point for this article is D.S. Wall, Cybercrimes: The transformation of crime in the information age (Cambridge, Polity, 2007). All of the definitions are derived from the book's glossary at pp. 219–232. Specific and additional references are also included.
2. Symantec Internet Security Threat Report, Trends for January–June 07, Vol. XII (Cupertino, CA: Symantec, September 2007), 7 and 77.
3. The ‘212,101’ statistic was also covered by many of the reliable sources of information including the BBC, ‘Hi-Tech Crime “is Big Business”’, BBC News Online, 17 September 2007, http://news.bbc.co.uk/1/hi/technology/6998068.stm (accessed 10 March 2008); The Observer, see N. Mathiason, ‘The Guardian of Cyberspace’, The Observer, 23 September 2007, http://www.guardian.co.uk/business/2007/sep/23/technology.interviews (accessed 10 March 2008); Fox News.com, ‘Symantec: Online Criminals Now More Organized, Professional’, Fox News.com, 17 September 2007 http://www.foxnews.com/story/0,2933,297063,00.html (accessed 10 March 2008). The extent and variation of the coverage can be seen by simply doing a Google search for ‘212,101’.
4. See Hansard, 26 March 2002: column WA35; also Wall, Cybercrimes, 54.
5. Evidence of the Ministry of Justice to the 2007 House of Lords Science and Technology select committee enquiry into ‘Personal Internet Security’. Reported in BBC, ‘Lords Offer New Angle on E-Crime’, BBC News Online, 24 April 2007, http://news.bbc.co.uk/1/hi/technology/6589137. stm (accessed 10 March 2008).
6. See among others, R.G. Smith, P.N. Grabosky and G. Urbas, Cyber Criminals on Trial (Cambridge: Cambridge University Press, 2004).
7. J. Leyden, ‘Security Fears Stymy Online Sales: Nothing to Fear But Fear Itself’, The Register, 17 December 2007, http://www.theregister.co.uk/2007/12/17/e_commerce_security_fears/ (accessed 10 March 2008). Also see further the survey of Internet users by Get Safe Online, http://www.getsafeonline.org/ (accessed 10 March 2008).
8. House of Lords, Personal Internet Security, vol. I: Report, Science and Technology Committee, 5th Report of Session 2006–07, HL Paper 165–I, 10 August 2007 (London: The Stationery Office, 2007), 6. Available at http://www.publications.parliament.uk/pa/ld200607/ldselect/ldsctech/165/165i. pdf (accessed 10 March 2008).
9. For example, the Corporate IT Forum which ‘was initiated in 1996 by some of the largest corporate users of IT creating a confidential, vendor-free environment in which IT professionals could exchange practical and strategic intelligence’ (http://www.tif.co.uk/); see further R. Cellan-Jones, ‘Government “Failing on E-Crime”’, BBC News Online, 5 December 2007, http://news.bbc.co.uk/1/hi/technology/7128491.stm (accessed 10 March 2008).
10. Home Office, The Government Reply to the Fifth Report from The House of Lords Science and Technology Committee, Session 2006-07 HL Paper 165, Personal Internet Security, October 2007. Available at http://www.official-documents.gov.uk/document/cm72/7234/7234.pdf (accessed 10 March 2008).
11. Reported in J. Allen, S. Forrest, M. Levi, H. Roy and M. Sutton, ‘Fraud and Technology Crimes: Findings from the 2002/03 British Crime Survey and 2003 Offending, Crime and Justice Survey’, Home Office Online Report 34/05, 2005. Available at http://www.homeoffice.gov.uk/rds (accessed 10 March 2008). Also D. Wilson, A. Patterson, G. Powell and R. Hembury, ‘Fraud and Technology Crimes: Findings from the 2003/04 British Crime Survey, the 2004 Offending, Crime and Justice Survey and Administrative Sources’, Home Office Online Report 09/06, 2006. Available at http://www.homeoffice.gov.uk/rds/pdfs06/rdsolr0906.pdf (accessed 10 March 2008).
12. M. Barone, ‘The National Interest: Absence of Evidence is Not Evidence of Absence’, US News & World Report, 24 March 2004. Available at http://www.usnews.com/usnews/opinion/barone web/mb_040324.htm (accessed 10 March 2008).
13. See generally Wall, Cybercrimes, and references therein.
14. Later reproduced in J. Dann and G. Dozois, eds., Hackers (New York, NY: Ace Books, 1996). Please note that there are a number of different claims over the development of the concepts. At the time there was a lot of discussion about the concepts because they excited participants in the discourse. Regardless of the actual assignation, the main point is the cultural formation and links that were made.
15. Writer Bruce Bethke is accredited with coining the word ‘Cyberpunk’ in his 1980 story Cyberpunk. See B. Bethke, ‘The Etymology of “Cyberpunk”’, 1997, available at http://www.brucebethke.com/nf_cp.html (accessed 10 March 2008).
16. W. Gibson, Neuromancer (London: HarperCollins, 1984).
17. N. Stephenson, Snowcrash (London: ROC/Penguin, 1992).
18. Please note that the examples of books and films given here and below are intended to be representative and not exhaustive. Choices of particular media can become very personal, the object of the exercise is to draw conclusions of types that illustrate change.
19. In The Matrix Neo kept his computer disks in a hollowed out copy of Jean Baudrillard's, Simulacra and Simulation (Ann Arbor: University of Michigan Press, 1994). Baudrillard's ideas are reputed to have inspired the film's producers and writers, although Baudrillard is reported to have curmudgeonly stated that he thought they misunderstood his work. See R. Hanley, ‘Simulacra and Simulation: Baudrillard and the Matrix’, Whatisthematrix, December 2003. Available at http://whatisthematrix.warnerbros.com/rl_cmp/new_phil_fr_hanley2.html (accessed 10 March 2008).
20. Simulacra (simulacrum in singular) is a term used by Baudrillard (Simulacra and Simulation) to describe a situation where one can have copies without originals. It introduces a useful language to describe the construction and dissemination of multi-media materials in computer file format. Simulation captures the essence of a real object in such a way that it can be used to observe and predict how that object may behave when subject to changing inputs.
21. F. Furedi, Culture of Fear (London: Continuum, 2002).
22. Wall, Cybercrimes, 16.
23. H.G. Wells' better known science fiction novels are The Time Machine, 1895; The Island of Dr Moreau, 1896; The Invisible Man, 1897; The War of the Worlds, 1898; The First Men in the Moon, 1901.
24. Social science fiction is a sub-genre of science fiction that focuses upon the forms of society that result from technological change.
25. G. Orwell, 1984 Nineteen Eighty-Four (London: Penguin Books, 1990).
26. Toffler, Future Shock (New York: Bantam Books, 1970).
27. Furedi, Culture of Fear.
28. D. Garland, The Culture of Control (Oxford: Oxford University Press, 2001), 367.
29. ‘Governance through crime’ is a discourse in (terrestrial) criminology that locks into the work of Jonathan Simon and David Garland respectively. For the (terrestrial) debates, see further, J. Simon, Governing through Crime: How the War on Crime Transformed American Democracy and Created a Culture of Fear (New York: Oxford University Press, 2007). Also Garland, Culture of Control.
30. M. Innes, ‘Reinventing Tradition? Reassurance, Neighbourhood Security and Policing’, Criminal Justice 4, no. 2 (2004): 151–71.
31. See further, the references in Wall, Cybercrimes, 161.
32. J. Baudrillard, The Consumer Society: Myths and Structures (London: Sage, 1998), 34.
33. Innes, ‘Reinventing Tradition?’, 151.
34. M. Innes, ‘Why Disorder Matters? Antisocial Behaviour and Incivility as Signals of Risk’, paper given to the Social Contexts and Responses to Risk (SCARR) Conference, Kent, UK, 28–29 January 2005, p. 5. Available at http://www.kent.ac.uk/scarr/papers/papers.htm (accessed 10 March 2008).
35. Convenient, because I did not have to search far. Despite this rather journalistic abstract, the House of Lords Science and Technology Select Committee report is a very informative and useful document.
36. Ibid., 6.
37. BBC, ‘The Government's Explanation for the Loss of Discs with 25 m Child Benefit Records on is Facing Fresh Scrutiny’, BBC News Online, 22 November 2007. Available at http://news.bbc.co.uk/1/hi/uk_politics/7106987.stm (accessed 10 March 2008).
38. BBC, ‘Up to 3,000 Patients’ Data Stolen', BBC News Online, 14 December 2007. Available at http://news.bbc.co.uk/1/hi/wales/7143358.stm (accessed 10 March 2008). Also BBC, ‘Data of 60,000 on Stolen Computer’, BBC News Online, 7 December 2007. Available at http://news.bbc.co.uk/1/hi/northern_ireland/7133194.stm (accessed 10 March 2008).
39. See Allen et al., ‘Fraud and Technology Crimes’; and also, Wilson et al., ‘Fraud and Technology Crimes’.
40. See further J. Saltzer, D. Reed and D. Clark, ‘End-to-End Arguments in System Design’, ACM Transactions in Computer Systems 2, no. 4 (1984): 277–88.
41. See further Walker and Bakopoulos's research into young people and chatrooms. R. Walker and B. Bakopoulos, ‘Conversations in the Dark: How Young People Manage Chatroom Relationships’, First Monday 10, no. 4 (2005). Available at http://firstmonday.org/issues/issue10_4/walker/index.html (accessed 10 March 2008).
42. B. Ortega, ‘News’, Security & Privacy Magazine 4, no. 6 (2006): 6–9.
43. P. Ohm, ‘The Myth of the Superuser: Fear, Risk, and Harm Online’, University of Colorado Law Legal Studies Research Paper no. 07-14, 22 May 2007.
44. Ibid, 1.
45. P. Sommer, ‘The Future for the Policing of Cybercrime’, Computer Fraud & Security 1 (2004): 8–12 at 10.
46. S. Brenner, ‘Organized Cybercrime? How Cyberspace may affect the Structure of Criminal Relationships’, North Carolina Journal of Law & Technology 4, no. 1 (2002), 1–41 at 1.
47. Botnets comprise lists of the Internet Protocol (IP) addresses of ‘zombie’ computers that have been infected by remote administration tools (malcode) and that can subsequently be controlled remotely. Botnets are valuable commodities because of the power they can place in the hands of the remote administrators (bot herders) to deliver a range of harmful malicious software. For this purpose they can be hired out, sold, or traded.
48. ‘Uncovered: Trojans as Spam Robots’, C'T Magazine, 23 February, 2004. Available at http://www.heise.de/english/newsticker/news/44879 (accessed 10 March 2008).
49. See ‘Targeted trojan email attacks’, NISCC Briefing 08/2005, 16 June, 2005. Available at http://www.cpni.gov.uk/Docs/ttea/pdf (accessed 10 March 2008). Also P. Warren, ‘UK Trojan Siege has been Running over a Year’, The Register, 17 June, 2005. Available at http://www.theregister.co.uk/2005/06/17/niscc_warning/ (accessed 10 March 2008).
50. See further http://www.soca.gov.uk ‘The Serious Organised Crime Agency (SOCA) is an Executive Non-Departmental Public Body sponsored by, but operationally independent from, the Home Office. The Agency has been formed from the amalgamation of the National Crime Squad (NCS), National Criminal Intelligence Service (NCIS), that part of HM Revenue and Customs (HMRC) dealing with drug trafficking and associated criminal finance and a part of UK Immigration dealing with organised immigration crime (UKIS). SOCA is an intelligence-led agency with law enforcement powers and harm reduction responsibilities. Harm in this context is the damage caused to people and communities by serious organised crime.’
51. L. Rodgers, ‘Smashing the Criminals’ E-Bazaar', BBC News Online, 20 December 2007. Available at http://news.bbc.co.uk/1/hi/uk/7084592.stm (accessed 10 March 2008).
52. Ibid.
53. See Wall, Cybercrimes, 80; Rodgers, ‘Smashing the Criminals’ E-Bazaar'; also E. Parizo, ‘Busted: The Inside Story of “Operation Firewall”’, SearchSecurity.com, 28 November 2005. Available at http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1146949,00.html (accessed 10 March 2008).
54. K. Haggerty and R. Ericson, ‘The Surveillant Assemblage’, British Journal of Sociology 51, no. 4 (2000): 605–622.
55. Wall, Cybercrimes, 164.
56. H. Trevor-Roper, The Last Days of Hitler (London: Pan Books, 1972), 259.
57. It must be noted, however, that pre disintermediated news sources were the subject of criticism for the opposite reasons – that the editors exercised too much control and in so doing applied their own value systems!
58. See further R. Sambrook, ‘How the Net is Transforming News’, BBC News Online, 20 January 2006. Available at http://news.bbc.co.uk/1/hi/technology/4630890.stm (accessed 10 March 2008).
59. APIG chairman Derek Wyatt, cited by M. Broersma, ‘Boost UK Govt Cybercrime Resources’, ComputerWeekly, 17 May 2004. Available at http://www.computerweekly.com/Articles/2004/05/17/202467/boost-uk-govt-cybercrime-resources.htm (accessed 10 March 2008).
60. R. Rosenberger, ‘Would Umbrella Manufacturers Predict Good Weather? (Part 2)’, Vmyths, 17 August 2001. Available at http://www.vmyths.com/column/1/2001/8/17/ (accessed 10 March 2008).
61. Symantec, note 2, 7, 77.
62. See note 3, for example, the BBC, ‘Hi-Tech Crime’, or Mathiason, ‘The Guardian of Cyberspace’.
63. This is the case in the BBC and The Observer articles referenced above (note 62).
64. DTI, Information Security Breaches Survey 2004, Department of Trade and Industry, London, 2004.
65. CSI/FBI, CSI/FBI Computer Crime and Security Survey 2006 (San Francisco: Computer Security Institute, 2006).
66. In the UK, for example, the British Crime Survey contains Internet crime questions. See for the British Crime Survey, Allen et al., ‘Fraud and Technology Crimes’; and also, Wilson et al. ‘Fraud and Technology Crimes’. In the USA the National Crime Victimization Survey (NCVS) has, or is due to have, similar questions included.
67. No examples of media reportage were found that described low levels of findings.
68. For details of the convention and the additional protocol, plus the latest on signatories see COE, ‘Convention on Cybercrime’, Council of Europe, Budapest, 23 November 2001 (ETS no. 185). Available at http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm (accessed 10 March 2008). Also the COE, ‘Additional Protocol to the Convention on Cybercrime, Concerning the Criminalisation of Acts of a Racist and Xenophobic Nature Committed through Computer Systems’, Council of Europe, Strasbourg, 28 January 2003 (ETS no. 189). Available at http://conventions.coe.int/Treaty/en/Treaties/Html/189.htm (accessed 10 March 2008).
69. Viral information flow is a term that describes how information proliferates across distributed networks by word of ‘mouse’ (rather than mouth). The information flows can be almost viral in the way that they are distributed exponentially from node to node across networks. The term ‘viral’ is now used colloquially to describe the Internet video phenomenon; indeed they are actually called ‘virals’.
70. BBC, ‘Northern Rock Besieged by Savers’, BBC News Online, 17 September 2007, http://news.bbc.co.uk/1/hi/business/6997765.stm (accessed 10 March 2008).
71. See for example, Daily Telegraph.co.uk ‘Madeleine McCann’ pages, http://www.telegraph.co.uk/news/main.jhtml?xml = %2Fnews/exclusions/madeleine/nosplit/madeleine.xml (accessed 10 March 2008).
72. ‘Reality’ entry in the Shorter Oxford Dictionary.
73. For more elaborate explanations see further, Wall, Cybercrimes.
74. Wall, Cybercrimes, 3.
75. See FBI, ‘Over 1 Million Potential Victims of Botnet Cyber Crime’, FBI Press Release, 13 June 2007. Available at http://www.fbi.gov/pressrel/pressrel07/botnet061307.htm (accessed 10 March 2008); also news coverage at D. Goodin, ‘Botmaster Owns Up to 250,000 Zombie PCs: He's a Security Consultant. Jail Beckons’, The Register, 9 November 2007. Available at http://www.theregister.co.uk/2007/11/09/botmaster_to_plea_guilty/ (accessed 10 March 2008).
76. FBI, ‘BOT Roast II: Cracking Down on Cyber Crime’, FBI Headline Archives, 29 November 2007. Available at http://www.fbi.gov/page2/nov07/botnet112907.html (accessed 10 March 2008).
77. BBC, ‘Arrests Made in Botnet Crackdown’, BBC News Online, 30 November 2007. Available at http://news.bbc.co.uk/1/hi/technology/7120251.stm (accessed 10 March 2008).
78. D. Goodin, ‘FBI Crackdown on Botnets gets Results, but Damage Continues: 2 Million Zombies and Counting’, The Register, 29 November 2007. Available at http://www.theregister.co.uk/2007/11/29/fbi_botnet_progress_report/ (accessed 10 March 2008).
79. The amount that ‘small’ refers to varies according to constituency. Individuals will only write off very small amounts of money. Corporate entities, however, are alleged to write off much larger sums, for example £500 was one sum mentioned, because of the costs of investigation. While this may efficiently resolves the private interest in an economic sense, it does nevertheless mean that important criminal intelligence is lost.
80. See further Wall, Cybercrimes, chaps. 4–6.
81. See further Wall, Cybercrimes, chaps. 4 and 7 for the reasons why spamming etc are different to hybrids.
82. Phishing is the use of Internet communications, e.g. emails, to socially engineer (trick people) out of personal financial information. Variations include ‘spear phishing’ where specific, rather than blanket, targets are chosen. Also pharming, smishing, vishing.
83. Pharming is an automated version of phishing that does not rely upon social engineering to trick the recipient because it automatically redirects the recipient to the offending site.
84. Smishing is a form of phishing that uses bulk text messaging facilities to target mobile devices such as phones or PDAs (personal digital assistants) with urgent text requests for the recipient to call an alleged bank phone number or log onto a website and change their security information, thereby revealing it.
85. Vishing is another form of phishing that uses VoIP (voice over Internet protocol) to spam recorded messages to telephone numbers. The VoIP messages purport to be from banks, other financial institutions, online merchants such as Amazon or Internet auction houses such as eBay, and warn that their credit card has been used for fraudulent transactions. As with phishing and its variations, recipients are asked to contact a phone number or logon to a website to verify and change their security information.
86. See further Wall, Cybercrimes, chaps. 4–6.
87. De minimism is from de minimis non curat lex, where it means the ‘law does not deal with trifles’. It is used in this book to describe low-impact, bulk victimisations that cause large aggregated losses spread out globally across potentially all known jurisdictions.
88. See Wall, Cybercrimes.
89. Honeynets are fake websites constructed to socially engineer offenders into accessing them and showing intent by wilfully passing through various levels of security, agreeing at each stage that they are aware of the content and indicating their intent. Offenders eventually find themselves facing a law enforcement message (a ‘gotcha’) and a notice that that their details will be recorded or that they will become subject to investigation in cases where intent is clear. See further, Honeynet Project, Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community (Harlow, Essex: Addison Wesley, 2002).
90. M. Goodman, ‘Why the Police Don't Care about Computer Crime’, Harvard Journal of Law and Technology 10 (1997): 645–694 at 484. Also Y. Jewkes and C. Andrews, ‘Policing the Filth: The Problems of Investigating Online Child Pornography in England and Wales’, Policing & Society 15, no. 1 (2005): 42–62 at 51.
91. R. Reiner, The Politics of the Police, 3rd ed. (Oxford: Oxford University Press, 2000), xi.
92. See Wall, Cybercrimes, chap. 8.
93. In the UK, computer misuse legislation has, for example, been revised to assist the policing of cybercrime. The Police and Justice Act 2006 amends the Computer Misuse Act 1990 to include DDOS attacks (CL 40), as well as increasing the penalty for unauthorised access (CL 39) and making illegal the making, supplying or obtaining articles for use in computer misuse offences (CL 41) (HL Bill 104, 2005–6).