Тема магистерской диссертации: Мошенничество в сфере компьютерной информации
(Сomputer fraud)
Тема реферата: Характеристика компьютерной преступности ( Characteristics of computer crime)
Выполнил: студент 1 курса
2 группы заочной формы обучения
Будилов Андрей Михайлович
Вологда – 2018
Terms
Bank - an organization where people and businesses can invest or borrow money, change it to foreign money, etc., or a building where these services are offered.
Bankrupt - a person judged by a court to be insolvent, whose property is taken and disposed of for the benefit of their creditors.
Cash - money in coins or notes, as distinct from cheques, money orders, or credit.
Check fraud - is a criminal act which involves the unlawful use of checks to illegally acquire or borrow funds that do not exist within the account balance or account-holder's legal ownership.
Company - a voluntary association formed and organized to carry on a business.
Corruption - dishonest or fraudulent conduct by those in power, typically involving bribery, the process by which a word or expression is change.
Credit - the ability of a customer to obtain goods or services before payment, based on the trust that payment will be made in the future.
Credit card - is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant for goods and services based on the cardholder's promise to the card issuer to pay them for the amounts so paid plus the other agreed charges.
Credit card fraud - the fraudulent use of a credit card account through the theft of the account holder's card number, card details and personal information, through a wide variety of methods in order to perform unauthorized transactions from the compromised account.
Crime - an action or an instance of negligence that is deemed injurious to the public welfare or morals or to the interests of the state and that is legally prohibited.
Crime victims - as a person who has suffered physical or emotional harm, property damage, or economic loss as a result of a crime.
Criminal - one who has been legally convicted of a crime; one adjudged guilty of crime.
Criminal case - an action, suit, or cause instituted to punish an infraction of the criminal laws.
Criminal law - a branch or division of law which treats of crimes and their punishments. In the plural—"criminal laws"—the term may denote the laws which define and prohibit the various species of crimes and establish their punishments.
Criminal procedure - the framework of laws and rules that govern the administration of justice in cases involving an individual who has been accused of a crime, beginning with the initial investigation of the crime and concluding either with the unconditional release of the accused by virtue of acquittal (a judgment of not guilty) or by the imposition of a term of punishment pursuant to a conviction for the crime.
Criminalist - one versed in criminal law, one addicted to criminality, and, also, a psychiatrist dealing with criminality.
Customer - a person who buys goods or services from a shop or business, a person of a specified kind with whom one has to deal.
Embezzlement - to appropriate fraudulently to one's own use, as money or property entrusted to one's care.
Employer - a legal entity that controls and directs a servant or worker under an express or implied contract of employment and pays (or is obligated to pay) him or her salary or wages in compensation.
Financial crime - are crimes against property, involving the unlawful conversion of the ownership of property (belonging to one person) to one's own personal use and benefit.
Fraud - wrongful or criminal deception intended to result in financial or personal gain.
Fraudulent statement - this is an intentional false statement or misrepresentation of the facts made with the intent to deceive another party.
Identity fraud - is the use by one person of another person's personal information, without authorization, to commit a crime or to deceive or defraud that other person or a third person.
Insider trading - is the trading of a public company's stock or other securities by individuals with access to nonpublic information about the company. In various countries, some kinds of trading based on insider information is illegal.
Investigation - the act or process of examining a crime, problem, statement, etc. carefully, especially to discover the truth.
Kickback - is a percentage of income given to a person in a position of power or influence as payment for having made the income possible: usually considered improper or unethical.
Larceny - the wrongful taking and carrying away of the personal goods of another from his or her possession with intent to convert them to the taker's own use.
Misappropriation - is the unauthorized use of another's name, likeness, or identity without that person's permission, resulting in harm to that person.
Money laundering - is the process of creating the appearance that large amounts of money obtained from criminal activity, such as drug trafficking or terrorist activity, originated from a legitimate source.
Offender - a person who commits an illegal act, a person or thing that does something wrong or causes problems.
Proprietary information - information that is not public knowledge (such as certain financial data, test results or trade secrets) and that is viewed as the property of the holder.
Shareholder - an individual, group, or organization that owns one or more shares in a company, and in whose name the share certificate is issued. It is legal for a company to have only one shareholder.
Tax authority - any government entity that is authorized by law to assess, levy and collect taxes.
Theft - criminal act of dishonest assumption of the rights of the true owner of a tangible or intangible property by treating it as one's own, whether or not taking it away with the intent of depriving the true owner of it.
Victimization - the action of singling someone out for cruel or unjust treatment.
White-collar criminals - crime that typically involves stealing money from a company and that is done by people who have important positions in the company: crime committed by white-collar workers.
Abstract: Cybercrime is not a common crime is a crime committed in a computer. Each year the victims of cybercrimes increases and makes losses of money, information, and data because of hackers. Storing illegal data, identity theft, fraud, and piracy are just some types of cybercrimes. Many hackers that committed cybercrimes have not yet been punished because it is very difficult for the victim, and law enforcement to collect evidence and know who committed the crime. There are major categories of cybercrimes, as well as criminological methods that explains why criminals commit cybercrimes. Anybody can be a victim of a cybercrime, as well anybody can be a hacker. Technology has changed the world entirely that now many people depend on technology, and thats what makes social network one of the biggest sources that hackers use to commit cybercrimes. As a nation everybody need to be aware of this types of crimes, and get protected for this attacks..
Internet has become a dependent component for many people all over the world. Government, schools, hospitals, and many others depend on the internet. This is why computer crimes, known as cybercrimes, are now committed more often by hackers and is increasing every day. There are several crimes that can be committed in a computer such as identity theft, cyber stalking, child pornography, frauds, plagiarism, and many others. These types of cybercrimes are put in three major categories that include crime vs person, crime vs property, and crime vs government. Cybercrime also has several types of criminological theories which explain why people may commit crimes. Technology has advanced in these past decades, which is good, but it has pros and cons because it permits cybercrimes to increase more and more each year.
Аннотация: Киберпреступность - это не преступление, совершенное на компьютере. Каждый год жертвы киберпреступлений увеличиваются и производят потери денег, информации и данных из-за хакеров. Хранение незаконных данных, кражи личных данных, мошенничества и пиратства - это всего лишь некоторые виды киберпреступлений. Многие хакеры, совершившие киберпреступности, еще не были наказаны, потому что жертве очень сложно, а правоохранительные органы собирают доказательства и знают, кто совершил преступление. Существуют основные категории киберпреступлений, а также криминологические методы, которые объясняют, почему преступники совершают киберпреступности. Любой может стать жертвой киберпреступности, и любой может быть хакером. Технология полностью изменила мир, что сейчас многие люди зависят от технологий, и именно это делает социальную сеть одним из самых больших источников, которые хакеры используют для совершения киберпреступлений. Как нация, всем нужно знать об этих видах преступлений и защищаться от этих атак.,
Интернет стал зависимым компонентом для многих людей во всем мире. Правительство, школы, больницы и многие другие зависят от Интернета. Вот почему компьютерные преступления, известные как киберпреступности, теперь чаще всего совершаются хакерами и ежедневно растут. Есть несколько преступлений, которые могут быть совершены в компьютере, таких как кражи личных данных, кибер-преследования, детской порнографии, мошенничества, плагиата, и многие другие. Эти типы киберпреступлений относятся к трем основным категориям, которые включают преступление против личности, преступление против собственности и преступление против правительства. Киберпреступность также имеет несколько видов криминологических теорий, которые объясняют, почему люди могут совершать преступления. В последние десятилетия технология продвинулась вперед, и это хорошо, но у нее есть плюсы и минусы, потому что она позволяет киберпреступности увеличиваться все больше и больше с каждым годом.
Keywords: Financial crime, crime victims, theft, fraud, insider trading, White-collar criminals, investigation.
Ключевые слова: Финансовая преступность, эмпирическое исследование, жертвы преступлений, кража, мошенничество, инсайдерская торговля, преступники из белых воротничков, финансовые преступления, мошенничество, расследование.
Introduction
The technology advancements in computers have made our lives easier, but it has also made us more vulnerable. We use computers, smart phones and the internet to do everything. We save credit card information, passwords, work projects, everything valuable in our laptops, smartphones and tablets. We think it's all safe because it's on our persons, until our checking account is emptied out, our email is hacked or another company has already patented our new idea. That's when we freak out. While there are ways for users to protect themselves, everyone is in danger.
Computer crime is any crime that involves a computer and a network. The computer may have been used in committing the crime, or it can be the target. By the year 2000, of over 300 million internet users, 1 million were involved in computer or internet crimes. These types of crimes often threaten the security and financial health of a person, business or even a country. The U.S. Department of Justice defines computer crimes as "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution." Because of computer crimes have such a broad definition it is nearly impossible to attain accurate statistics. Statistics are also difficult to gather because of the large amount of unreported computer crimes.
The growth however, has come at a price. A new area of crime has been created providing a new, distinct criminal to prosper and in most cases go undiscovered. The criminal activity involved is known as "Cybercrime" and is defined by "Computer Crime: The New Threat", into two categories:
a) Crimes in which the computer is used as a tool to aid criminal activity such as producing false identifications, reproducing copyright materials, and many other things.
b) Crimes in which the computer is used as a target, and probably a tool, to attack organisations in order to steal or damage information, attack banks to make unauthorised money transactions, steal credit card numbers, as well as many other activities.
The various types of Cybercrime which can be committed with or against information systems can be varied and can include such "traditional" illegalities as theft, fraud and extortion. The spectrum can then expand to include such activities as cyberstalking, piracy and theft of information services. As well as the cyber crime that is outlined in "Cyber Crime and Information Warfare", the following is a summary of four of the criminal activities involving the use of computers:.
a) Piracy & Fraud.
"A recent e-mail scam mailed to America Online subscribers reveals the extent of the growing sophistication of "Cybercriminals." AOL subscribers were sent a link to a Web page, where they were asked to enter their name, address, home phone number, and credit card number. This information, which was requested in the name of helping AOL fix its busy-signal problem, was being used by a cyber thief trying to commit credit card fraud."
As technology improves, the application of fraudulent activities also increases. Such activities can be varied from gaining unauthorised details such as personal and financial information and credit card details, to classic pyramid schemes. Other such fraudulent activities have been outlined in "Cyber Crime and Information Warfare" where the emphasis has been focused on Sales and Investment fraud and Electronic Funds Transfer fraud. This article explains that with the increasing technologies in electronic commerce alone, the opportunity for Cybercrime to exploit the industry has resulted in over 5% of industry turnover being lost to fraud..
Within this wave of information technology, the digital aspect of multimedia, sound, and graphic software has also increased dramatically. As a result of the increase in communication that is available, an increase in piracy has developed. This increase has been estimated at losses of between US15 billion to US 17 billion dollars a year.
Main Part
Cybercrime and cybersecurity are issues that can hardly be separated in an interconnected environment. The fact that the 2010 UN General Assembly resolution on cybersecurity addresses cybercrime as one major challenge underlines this. Cybersecurity plays an important role in the ongoing development of information technology, as well as Internet services. Enhancing cybersecurity and protecting critical information infrastructures are essential to each nation’s security and economic well-being. Making the Internet safer (and protecting Internet users) has become integral to the development of new services as well as government policy. Deterring cybercrime is an integral component of a national cybersecurity and critical information infrastructure protection strategy. In particular, this includes the adoption of appropriate legislation against the misuse of ICTs for criminal or other purposes and activities intended to affect the integrity of national critical infrastructures. At the national level, this is a shared responsibility requiring coordinated action related to prevention, preparation, response and recovery from incidents on the part of government authorities, the private sector and citizens. At the regional and international level, this entails cooperation and coordination with relevant partners. The formulation and implementation of a national framework and strategy for cybersecurity thus requires a comprehensive approach. Cybersecurity strategies – for example, the development of technical protection systems or the education of users to prevent them from becoming victims of cybercrime – can help to reduce the risk of cybercrime.The development and support of cybersecurity strategies are a vital element in the fight against cybercrime. The Global Cybersecurity Agenda has seven main strategic goals, built on five work areas:
1) Legal measures;
2) Technical and procedural measures;
3) Organizational structures;
4) Capacity building; and
5) International cooperation.48
The fight against cybercrime needs a comprehensive approach. Given that technical measures alone cannot prevent any crime, it is critical that law-enforcement agencies are allowed to investigate and prosecute cybercrime effectively. Among the GCA work areas, “Legal measures” focuses on how to address the legislative challenges posed by criminal activities committed over ICT networks in an internationally compatible manner. “Technical and procedural measures” focuses on key measures to promote adoption of enhanced approaches to improve security and risk management in cyberspace, including accreditation schemes, protocols and standards. “Organizational structures” focuses on the prevention, detection, response to and crisis management of cyberattacks, including the protection of critical information infrastructure systems. “Capacity building” focuses on elaborating strategies for capacity-building mechanisms to raise awareness, transfer know-how and boost cybersecurity on the national policy agenda. Finally, “International cooperation” focuses on international cooperation, dialogue and coordination in dealing with cyberthreats.
The development of adequate legislation and within this approach the development of a cybercrime- related legal framework is an essential part of a cybersecurity strategy. This requires first of all the necessary substantive criminal law provisions to criminalize acts such as computer fraud, illegal access, data interference, copyright violations and child pornography. The fact that provisions exist in the criminal code that are applicable to similar acts committed outside the network does not mean that they can be applied to acts committed over the Internet as well. Therefore, a thorough analysis of current national laws is vital to identify any possible gaps. Apart from substantive criminal law provisions, the law-enforcement agencies need the necessary tools and instruments to investigate cybercrime. Such investigations themselves present a number of challenges. Perpetrators can act from nearly any location in the world and take measures to mask their identity. The tools and instruments needed to investigate cybercrime can be quite different from those used to investigate ordinary crimes.57
Cybercrime often has an international dimension. E-mails with illegal content often pass through a number of countries during the transfer from sender to recipient, or illegal content is stored outside the country. Within cybercrime investigations, close cooperation between the countries involved is very important. The existing mutual legal assistance agreements are based on formal, complex and often time-consuming procedures, and in addition often do not cover computer-specific investigations. Setting up procedures for quick response to incidents, as well as requests for international cooperation, is therefore vital. A number of countries base their mutual legal assistance regime on the principle of “dual criminality”.
Investigations on a global level are generally limited to those crimes that are criminalized in all participating countries. Although there are a number of offences – such as the distribution of child pornography – that can be prosecuted in most jurisdictions, regional differences play an important role. One example is other types of illegal content, such as hate speech. The criminalization of illegal content differs in various countries. Material that can lawfully be distributed in one country can easily be illegal in another country.
The computer technology currently in use is basically the same around the world. Apart from language issues and power adapters, there is very little difference between the computer systems and cell phones sold in Asia and those sold in Europe. An analogous situation arises in relation to the Internet. Due to standardization, the network protocols used in countries on the African continent are the same as those used in the United States. Standardization enables users around the world to access the same services over the Internet.
The question is what effect the harmonization of global technical standards has on the development of the national criminal law. In terms of illegal content, Internet users can access information from around the world, enabling them to access information available legally abroad that could be illegal in their own country.
Theoretically, developments arising from technical standardization go far beyond the globalization of technology and services and could lead to the harmonization of national laws. However, as shown by the negotiations over the First Protocol to the Council of Europe Convention on Cybercrime (the “Convention on Cybercrime”), the principles of national law change much more slowly than technical developments. Although the Internet may not recognize border controls, there are means to restrict access to certain information. The access provider can generally block certain websites and the service provider that stores a website can prevent access to information for those users on the basis of IP-addresses linked to a certain country (“IP-targeting”).Both measures can be circumvented, but are nevertheless instruments that can be used to retain territorial differences in a global network. The OpenNet Initiative reports that this kind of censorship is practised by about two dozen countries.
Fraud and computer-related fraud
Computer-related fraud is one of the most popular crimes on the Internet, as it enables the offender to use automation and software tools to mask criminals’ identities. Automation enables offenders to make large profits from a number of small acts. One strategy used by offenders is to ensure that each victim’s financial loss is below a certain limit. With a “small” loss, victims are less likely to invest time and energy in reporting and investigating such crimes. One example of such a scam is the Nigeria Advanced Fee Fraud. Although these offences are carried out using computer technology, most criminal law systems categorize them not as computer-related offences, but as regular fraud. The main distinction between computer-related and traditional fraud is the target of the fraud. If offenders try to influence a person, the offence is generally recognized as fraud. Where offenders target computer or data-processing systems, offences are often categorized as computer-related fraud. Those criminal law systems that cover fraud, but do not yet include the manipulation of computer systems for fraudulent purposes, can often still prosecute the above-mentioned offences. The most common fraud offences include online auction fraud and advanced fee fraud. Online auctions are now one of the most popular e-commerce services. In 2006, goods worth more than USD 20 billion were sold on eBay, the world’s largest online auction marketplace. Buyers can access varied or specialist niche goods from around the world. Sellers enjoy a worldwide audience, stimulating demand and boosting prices. Offenders committing crimes over auction platforms can exploit the absence of face-to-face contact between sellers and buyers.The difficulty of distinguishing between genuine users and offenders has resulted in auction fraud being among the most popular of cybercrimes. The two most common methods include offering non-existent goods for sale and requesting buyers to pay prior to delivery and buying goods and asking for delivery, with no intention of paying. In response, auction providers have developed protection systems such as the feedback/comments system. After each transaction, buyer and sellers leave feedback for use by other users as neutral information about the reliability of sellers/buyers. In this case, “reputation is everything” and without an adequate number of positive comments, it is harder for offenders to persuade targets to either pay for non-existent goods or, conversely, to send out goods without receiving payment first. However, criminals have responded and circumvented this protection through using accounts from third parties. In this scam called “account takeover”, offenders try to get hold of user names and passwords of legitimate users to buy or sell goods fraudulently, making identification of offenders more difficult. In advance fee fraud, offenders send out e-mails asking for recipients’ help in transferring large amounts of money to third parties and promise them a percentage, if they agree to process the transfer using their personal accounts. The offenders then ask them to transfer a small amount to validate their bank account data (based on a similar perception as lotteries – respondents may be willing to incur a small but certain loss, in exchange for a large but unlikely gain) or just send bank account data directly. Once they transfer the money, they will never hear from the offenders again. If they send their bank account information, offenders may use this information for fraudulent activities. Evidence suggests that thousands of targets reply to e-mails. Current researches show that, despite various information campaigns and initiatives, advance fee frauds are still growing – in terms of both the number of victims and total losses.
Offenders have developed techniques to obtain personal information from users, ranging from spyware to “phishing” attacks. “Phishing” describes acts that are carried out to make victims disclose personal/secret information. There are different types of phishing attacks, but e-mail-based phishing attacks contain three major phases. In the first phase, offenders identify legitimate companies offering online services and communicating electronically with customers whom they can target, e.g. financial institutions. Offenders design websites resembling the legitimate websites (“spoofing sites”) requiring victims to perform normal log in procedures, enabling offenders to obtain personal information (e.g. account numbers and online banking passwords).
In order to direct users to spoofing sites, offenders send out e-mails resembling e-mails from the legitimate company, often resulting in trademark violations.The false e-mails ask recipients to log in for updates or security checks, sometimes with threats (e.g. to close the account) if users do not cooperate. The false e-mail generally contains a link that victim should follow to the spoof site, to avoid users manually entering the correct web address of the legitimate bank. Offenders have developed advanced techniques to prevent users from realizing that they are not on the genuine website.
As soon as personal information is disclosed, offenders log in to victims’ accounts and commit offences such as the transfer of money, application for passports or new accounts, etc. The rising number of successful attacks proves phishing’s potential. Phishing techniques are not limited to accessing passwords for online banking only. Offenders may also seek access codes to computers, auction platforms and social security numbers, which are particularly important in the United States and can give rise to “identity theft” offences.
Conclusion
It is important to remind ourselves that the sample in this research consists of all white-collar criminals in white-collar crime cases presented in Norwegian financial newspapers from 2009 to 2012. This sample is biased for two reasons First, only cases that satisfy media criteria are included, such as famous, surprising, important, high profile cases. Secondly, only detected and prosecuted cases are included. As known from other crime areas as well, the detection rate is an important variable26. If, for example, it is assumed that the detection rate is 10 percent, i.e. one out of ten white-collar criminals are detected, then it remains an open question whether our sample represents a reliable distribution in terms of categories of crime victims. Finally, what cases to prosecute is decided by prosecution lawyers. It might be argued, for example, that cases where customers and shareholders are victims, will be more seldom prosecuted because of evidence problems. Cases involving the employer, a bank, or tax authorities might be associated with relatively easier access to evidence retrieval and presentation.
References
1. Benson, M.L., Simpson, S.S. (2009), White-Collar Crime: An Opportunity Perspective, Criminology and Justice Series, Routledge, NY, 256 p.
- Dr. Petter Gottschalk (2013), Victims of White-Collar crime, Matters of Russian and International Law, Norway, 91-106
- Peltier-Rivest, D. (2009), "An analysis of the victims of occupational fraud: a Canadian perspective", Journal of Financial Crime, No. 1(16), pp. 60-66.
- Simpson, S.S. (2011), "Making Sense of White Collar Crime: Theory and Research", The Ohio State Journal of Criminal Law, No. 2(8), pp. 481-502.