Cybercrime E-Book

CONTENTS

Cover

Table of Contents

Title Page

Copyright

Preface and Acknowledgements to the Second Edition

Note

Preface and Acknowledgements to the First Edition

Acronyms

1 Introduction

Introduction

What has changed since the first edition?

The long-standing relationship between technology and crime continues

The aim of this book

Who is the book written for?

What are the principal research questions to be answered and how do they feature in the chapter structure?

Can this book be used for teaching?

Note

2 Producing Knowledge about Crime in Cyberspace

Introduction

Producing knowledge about cybercrimes?

Tensions in the production of knowledge about cybercrimes?

Conclusions: how has crime transformed criminal behaviour online and how do we know about it?

Notes

3 Cyberspace and the Transformation of Criminal Activity

Introduction

The internet and the birth of the information society

Changes in the organization of crime online and the division of criminal labour

Changes in the scope of criminal opportunity online

Changes in the type of criminal opportunity online (modus operandi)

Changes in the focus of criminal opportunity online: individual, organizational and nation-state victims

Conclusions

Notes

4 Cybercrimes against the Machine (Computer Integrity Crime): Hacking, Cracking and Denial of Service

Introduction

Hacking and hackers

Hacker tactics to compromise the integrity of networked computers

Motivations and attractions for offending

Conclusions

Notes

5 Cybercrimes Using the Machine (Computer-Enabled Crime): Virtual Robberies, Frauds and Thefts

Introduction

Virtual bank robbery: identity theft and exploiting online financial and billing systems

Virtual stings, deceptions, frauds and extortion

Virtual scams

Virtual theft (digital burglary) and cyber-piracy

Conclusions

Notes

6 Cybercrimes in the Machine (Computer Content Crime): Extreme Pornography, Hate and Violent Speech

Introduction

Illegal content that is violent, hateful or harmful online

Content that contributes to wrongdoing

Content that is the focus of cybercrime (stealing data, computer content and intellectual property)

Can content (words and imagery) actually cause harm by turning thoughts into actions?

Conclusions

Notes

7 The Cybercrime Ecosystem

Introduction

The new technological facilitators changing cybercrime

The emerging cybercrime ecosystem in practice

The (re)organization of cybercrime and the new faces of organized crime online: the facilitators and enablers of the cybercrime ecosystem

Conclusions

Notes

8 Policing Cybercrime: Maintaining Order and Law on the Cyberbeat

Introduction

Maintaining order in cyberspace: locating the police amongst other guardians within the networks and nodes of security within cyberspace

Maintaining law in cyberspace: the challenges of policing cybercrime

The role of the public police in policing cyberspace

Conclusions: the challenge of cybercrime for the police–public mandate

Notes

9 Controlling, Preventing and Regulating Cybercrime

Introduction

Law and legal action

Technological controls: cybercrime control and prevention using technology

Social controls: social values

Economic controls: market forces

Code and the public v. private interest

Conclusions: technologies of control or the control of technology

Notes

10 Conclusions: The Transformation of Crime in the Information Age

Introduction

Differentiating between the ways in which cybercrimes use digital and networked technologies

Differentiating between the varying modi operandi of cybercrimes

Differentiating between the different victim groups

Differentiating between law, law enforcement and public security when developing responses to cybercrime. The police cannot work alone on cybercrime!

Conclusions: living with and responding to constantly transforming criminal behaviour in the information age

Notes

Appendix: The Cybercrime Curriculum

A further note on broadening the curriculum

Glossary

Cases and References

Index

End User License Agreement

List of Illustrations

Chapter 3

Figure 3.1

The different impacts of technology upon cybercrimes

Figure 3.2

The three types of cybercrime modus operandi

Figure 3.3

The areas of overlap between levels of victimization

Chapter 4

Figure 4.1

The number of prosecutions and convictions in England and Wales under the Comput…

Chapter 5

Figure 5.1

Quarterly number of reported phishing attacks 2014–2022

Chapter 6

Figure 6.1

Percentage increase in user access to Pornhub during March 2020 following the CO…

Figure 6.2

Child Abuse Image offences 2008–2020 (possessing, taking, making and distributin…

Chapter 7

Figure 7.1

The annual rise in the number of cryptocrimes

Figure 7.2

The nine different stages of a ransomware attack

Figure 7.3

The skills and service supply chain that forms the cybercrime ecosystem

Chapter 8

Figure 8.1

UK cybercrime information flows and the relationship between local and national …

Chapter 9

Figure 9.1

Daily number of spam emails sent worldwide, January 2023 (in billions)

Figure 9.2

The monthly receipt of emails into a research email account from 2000 to 2004 an…

List of Tables

Chapter 7

Table 7.1

The individual selling value of stolen credentials

Chapter 8

Table 8.1

The internet’s order-maintenance assemblage

List of Boxes

Chapter 1

Box 1.1

Can’t we just switch it off?

Chapter 2

Box 2.1

Give me the data and I’ll tell you what the crimes are!

Box 2.2

What constitutes a ransomware attack for recording purposes?

Box 2.3

The Illinois water pump hack

Chapter 4

Box 4.1

The Wannacry cryptoworm ransomware attack

Chapter 5

Box 5.1

Scam email

Box 5.2

Ebay’s scam warning

Box 5.3

Example of a 419 advanced fee fraud: excerpt from email

Box 5.4

Donald Trump and his NFT digital trading cards

Box 5.5

Policing downloading via speculative invoicing

Chapter 6

Box 6.1

Sexual Offences Definitive Guideline

Box 6.2

The Dost test for lascivious exhibition

Box 6.3

Krone’s typology of online child sexual abuse materials offending

Box 6.4

Snapchat and ‘sexting’

Box 6.5

The Andrew Tate case – online misogyny

Box 6.6

Facebook, flirting and threats to kill

Chapter 7

Box 7.1

The OneCoin scam

Chapter 8

Box 8.1

The 2015 TalkTalk hack

Chapter 9

Box 9.1

Full text of the UN cyber norms

Guide

Cover

Table of Contents

Title Page

Copyright

Preface and Acknowledgements to the Second Edition

Preface and Acknowledgements to the First Edition

Acronyms

Begin Reading

Appendix: The Cybercrime Curriculum

Glossary

Cases and References

Index

End User License Agreement

Pages

iii

iv

viii

ix

x

xi

xii

xiii

xiv

xv

xvi

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

Cybercrime

The Transformation of Crime in the Information Age

2nd edition

polity

Copyright © David S. Wall 2024

The right of David S. Wall to be identified as Author of this Work has been asserted in accordance with the UK Copyright, Designs and Patents Act 1988.

First published in 2007 by Polity PressThis 2nd edition first published in 2024 by Polity Press.

Polity Press65 Bridge StreetCambridge CB2 1UR, UK

Polity Press111 River StreetHoboken, NJ 07030, USA

All rights reserved. Except for the quotation of short passages for the purpose of criticism and review, no part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publisher.

ISBN-13: 978-1-5095-6313-5

A catalogue record for this book is available from the British Library.

Library of Congress Control Number: 2023945979

The publisher has used its best endeavours to ensure that the URLs for external websites referred to in this book are correct and active at the time of going to press. However, the publisher has no responsibility for the websites and can make no guarantee that a site will remain live or that the content is or will remain appropriate.

Every effort has been made to trace all copyright holders, but if any have been overlooked the publisher will be pleased to include any necessary credits in any subsequent reprint or edition.

For further information on Polity, visit our website:politybooks.com

Preface and Acknowledgements to the Second Edition

So much has happened in the world since the first edition of this book was published in 2007, and yet many of its initial observations are still valid. In this preface, I note the main changes that have occurred since the first edition was written and also point out what has remained the same.

The advent of social media, cloud technologies, the 'Internet of Things' and cryptocurrencies have augmented already emerging technological trends to lead to a marked step-change in the threat landscape, arising from malware (malicious software) and social engineering. Alongside the botnets were information-guzzling malware (to quote The Register) such as Zeus, Emotet and Trickbot. Then came the nation-state attacking Stuxnet, and more recently scareware, ransomware, data extortion and ransomhacks (automated malware which deceives individuals into paying a ransom directly to the criminals). Of worldwide concern in the middle of the third decade of the twenty-first century has been the increased use of data as the focus of cybercrime, and also the use of cybercrime in geopolitical conflicts which may direct its future trajectory. Data breaches are now commonplace in many cybercrimes and have become a major driver of crime as the importance of data is so much greater to its owners today. Infrastructure as well as the financial sector are now common targets, which indicates that the criminal actors often have political as well as financial motivations. Since the first edition of this book was published, these four technological developments have changed the cybercrime threat landscape to a point where some of the more fanciful predictions made about cybercrime in the late twentieth and early twenty-first centuries are now becoming very real and harmful. Many new attack vectors, for example, seek to victimize the organizational infrastructure in ways that were initially imagined in science fiction books. Many of the largely unfounded claims that were made in previous decades, which I was once critical of, are now starting to come true.

Whereas the first edition showed how networked and digital technologies enabled a single criminal to commit many different crimes simultaneously, this edition illustrates how we have witnessed a gradual division of labour in the organization of cybercrime in the second and third decades of the twenty-first century that has led to the emergence of a supply chain of skills for hire. This cybercrime ecosystem helps and enables cybercriminals to commit their acts. Perhaps one of the bigger changes in approach since the first edition is that, whereas I used to warn against reading cybersecurity reports (the grey literature) as they were little more than ‘weather reports from umbrella manufacturers’, 15 years later I would now advise everyone to read them, although always with a wary and critical eye.

There are times when one wonders what has actually changed in the field, because so many of the key issues that prevailed in the early 2000s are still very alive today, but bigger. New technological developments are continually being introduced and converging with others to create new creative, educational, commercial, leisure possibilities. But the main difference is that not only has the technological environment changed through cloud technologies and the Internet of Things, which speed up communications and create new information paths, but social media and cryptocurrencies have also created new ways of interaction and transaction which have shaped the social, financial and political environments in which we live. Of course, along with these opportunities (or affordances1) come new and often unintended opportunities for crime and malevolent behaviour. It is the same with the growth in popularity of social media which now dominates societal usage of the internet, followed by a revolution in internet sales and banking, which have jointly expanded the cyber-threat landscape. Moreover, its many platforms have also contributed to increases in the scale of offending and new and novel opportunities for cybercriminals. Yet, in response to these changes, most countries have now introduced national cybersecurity strategies and associated cybercrime policies, and the UN and other international bodies are exploring the development of international norms and treaties. There also exist a range of formal institutional responses for policing and prosecuting the various types of cybercrime across borders. Yet the march of progress always seems to keep offenders one step ahead of law enforcement, which still largely acts upon reports of victimization. So, it still feels as though those charged with protecting society from wrongdoing are always one step behind.

Alongside technological development has been a change in social and political cyberspace. Social media technology has become a serious force, especially in the wrong hands, where it has contributed to the fermentation of political unrest. In more tolerant regimes, flash mobbing has been used to signal disquiet both online, through distributed denial of service attacks, and also offline by enabling crowds to organize and assemble physically. Social network media (Facebook, Twitter/X, Threads, Telegram, Instagram, Snapchat, Whatsapp, TikTok and so on) were a twinkle in the technologist’s eye 15 years ago, and now they are principal forms of communication for the digital generation – many of whom now work in cybersecurity and the criminal justice system, especially policing agencies. These digital natives are no longer perplexed by new technologies but embrace them as a part of their lives without thinking about it. Access to communications technology and social media is now a ‘given’ rather than a ‘desirable’ aspect of life today, which diminishes the power of democratic governments to restrict its usage. So, when you thought it was all bad, one factor remains reassuring, which is that, just as criminals have become networked, then so have the police and the various policing agencies, so there is hope, especially as the lag between criminal and police use of technologies has reduced and new forms of artificial intelligence-driven ‘policing’ methods to assist police are being experimented with – though not without concerns for privacy. There has also not been the anticipated radical transformation in police, government and most corporate structures, because echoes of many of the cultural and organizational issues identified in the first edition of this book still linger today over a decade and a half later. So, although technology has advanced and the cyber-threat landscape has changed considerably, and the cybercrimes described have changed in terms of size and volume, as has their complexity, many of the observations made in the earlier version still stand today.

This (admittedly long overdue) second edition updates the first edition and, although the explanation and analysis of events remain much the same, new information about events and comment have been added. Moreover, a new story emerges, mentioned above, which shows how cybercrime has become a sophisticated business that now has its own dedicated supply chain and supportive ecosystem. I have, however, retained some of the earlier examples to demonstrate the lingering importance of many of the original issues and events, and also that many of the new events that scare us today are variations on a familiar theme. Not least, the internet is no longer ‘new’ and is now over 35 years old and spanning 5 decades, and it has started to develop its own history. So, I have retained examples that are still relevant and added new ones. (N.B.: an important note to students, please do not start your essays with the phrase ‘Cybercrimes are a new phenomenon caused by the internet …’ – they are not new!)

I still owe the same debts to the folk mentioned in the preface to the first edition, but I must now add to that original list my colleagues in the criminology group at Durham University between 2010 and 2015; in computer science at Newcastle University, at CEPOL and the UNODC; and also on the various research projects that I have been involved with in the past 15 years. Then there are the many others whom I have omitted because of space, but who nevertheless matter. Also, I must thank my various research colleagues over the years who have worked with me on my cybercrime research projects, including Drs Lena Connolly, Roberto Musotto, Yanna Papadodimitraki, Maria Grazia Porcedda and Harrison Whitehouse-Wall, who are now part of a new generation of academic researchers that are taking this field forward.

My family still provide loving support, entertainment and also a welcomed disruption to my endeavours, although one wonderful new development is that I am now able to discuss some of the ideas in this book with my children, who (allegedly!) are now mature adults. Between 2010 and 2015, I moved up the A1M from Leeds to Durham University, but then moved back to Leeds in 2015 to a more research-oriented position. I made a wonderful new set of colleagues in Durham and still keep in touch with many, but it is great to be back with my old and new colleagues at Leeds. I still do not, however, dedicate this book to my colleagues or family as is the custom – rather, this dedication still goes to the train drivers between York and Leeds (and for 5 years between York and Durham) and the good folk of Rosedale Abbey who have kept me sane and provided me that much needed few hours of solitude each day to have a cup of coffee and ponder on research ideas and the text of this book. I would also like to thank Jonathan Skerrett, commissioning editor at Polity, and his colleagues Karina Jákupsdóttir, Neil de Cort and Leigh Mueller for their patience over the years, and especially when bringing this edition together; plus, of course, the anonymous reviewers whose comments and observations were extremely useful.

With my pessimistic hat on, it looks as though aspects of everybody’s personal data will soon be leaked online at some point, and we will become prey to cybercriminals or even warring nations! But can I also say, with my happy hat on, that the advantages of the new technologies still far outweigh the disadvantages and there have been some incredible advances in responding to the cyber-threat field? While I would not call myself a digital native, I do love (most) streamed TV, I love using GPS devices to guide me when I am walking in the wilds, I love mobile banking and email and social media, I love being able to switch on my water heater remotely (not that I do very often), I love being able to buy a washing machine from my phone and, as a diabetic, I love being able to use my ‘phone’ to check my blood glucose levels. I, like most on this planet, would be lost in life without cyberspace, so we need to work hard to preserve the good parts of it, especially as we cannot switch it off!

David S. Wall, Leeds, 16 August 2023

Note

1.

See later discussion about ‘affordances’ – in this case, technologies which ‘afford’ opportunities (here, cybercrime).

Preface and Acknowledgements to the First Edition

When I was young, there was a programme on British TV called Tomorrow’s World which presented new technologies and inventions. It symbolized the ‘White Heat of Technology’ of the 1960s and made the viewer privy to an exciting world of whirring and clicking computers administered by people in white coats. This was a world of hovercrafts, jet packs, cures for this, that and the other – James Bond stuff for real. The show was inherently optimistic in tone and promoted technologies either as benign or in terms of the ways they could advance the human cause. Unfortunately, the youthful optimism it bred in me was later shattered by my academic study which made me realize that the chilling reality of the real Tomorrow’s World was quite different because the technologies are by no means benign. Yes, they may do good, interesting and useful things and I still retain some optimism to this effect, but they can also put people out of work, victimize individuals, and potentially threaten our liberties. Moreover, technologies are now becoming more pervasive, especially when they converge, and they are beginning to frame our lives in ways that are both good and bad. It is therefore from this perspective of critical optimism that I approach the subject of this book.

With the benefit of 20:20 hindsight, this was not an easy book to write because the subject matter changed so rapidly. Indeed, it was the very nature of this change that subsequently became an important part of the narrative. Because of this, the book possibly tries to achieve too much. Furthermore, it is also a snapshot of the state of play in 2006, so by the time of its publication in 2007, new events may have either confirmed the predictions or even superseded them. Such is the risk in writing about the internet. Then why bother? The answer is simple: the account within this book is a thematic history of cybercrime’s present. Epistemologically, without an historical awareness of the behaviour we call cybercrime how can we understand what it is and in what direction it is developing?

This book is intended for upper-level undergraduates and graduates. It contains a monograph style narrative that can be read in its entirety, but also contains much specific information that can be accessed via the index to search out particular issues, or through the list of cases and references to follow up any reference streams.

It will be apparent from my institutional affiliation that I live and work in the UK. However, where possible, I have sought to provide cross-jurisdictional information and examples. Since one of the book’s central arguments is that the internet is a global information and networked medium, it is no surprise that the broader findings show thematic similarities across jurisdictions.

In writing this book there are many people I need to thank. Some have been directly involved, others indirectly. So, the first group to thank are the funders. The School of Law at the University of Leeds gave me research leave during which I brought together many of the ideas that had been informed by prior research projects funded by the bodies I list in the introduction. An AHRC award then provided additional funding to extend my period of research (Award APN18143).

I must then thank my immediate colleagues at the University of Leeds, especially Yaman Akdeniz, Adam Crawford, Paul Taylor, Clive Walker, but also Anthea Hucklesby, Sam Lewis, Stuart Lister, Norma Martin Clement, Emma Wincup and the others in the School of Law and Centre for Criminal Justice Studies. In the broader academy I have to thank for their friendship, help, or just inspiration (in alphabetical order): Richard Ericson, Peter Grabosky, Kevin Haggerty, Yvonne Jukes, Tony Krone, Mike Levi, David Lyon, Peter Manning, Sam McQuade III, Soumyo Moitra, Hedi Nasheri, April Pattavina, Ken Pease, Ernesto Savonna, Jackie Schneider, Clifford Shearing (Clifford and Jennifer Wood gave particularly insightful comments on an earlier draft of chapter 8), Russell Smith, Mike Sutton, Matt Williams, Maggi Wykes, Majid Yar. And, of course, there are the providers of information about events that is so important to the narrative, such as the staff at The Register and Wired, and the various columnists at the BBC News Online site.

Moving on to others, I am indebted to Emma Longstaff, commissioning editor at Polity, for her forbearance and very useful editorial input; Ann Bone (desk editor) and Anne Dunbar-Nobes (copy editor); plus, of course, the anonymous reviewers whose comments were invaluable.

Finally, I thank Helen, Harrison, Sophie and James for their support and for being there for me. Sophie (aka Bubble-Pop Electric) and Harri enlightened me as to how central the internet is to the world of teenagers. Unfortunately, in so doing, they also showed me just how hard it is to remove malicious software in the form of trojans, viruses and worms from their computer – kids eh!

But, contrary to tradition, I do not dedicate this book to them, or to my colleagues, funders, friends, helpers or inspiration. Instead, I would like to dedicate this book to the 7.06 am and 6.55 pm trains between York and Leeds which gave me that much needed hour or so of solitude each day to have a cup of coffee and ponder on the text.

David S. Wall, Leeds 2007

Acronymns

AHRC

Arts and Humanities Research Council

AI

Artificial Intelligence

APACS

Association for Payment Clearing Services (now UK Payments)

APIG

All Party Internet Group

APP

authorized push payment

APWG

Anti-Phishing Working Group (UK)

ARP

Address Resolution Protocol

BBFC

British Board of Film Classification

BBS

bulletin board services

BEC

business email compromise

BGP

Border Gateway Protocol

BPI

British Phonographic Industry

BTC

Bitcoin

CaaS

crimeware as a service

CAUCE

Coalition Against Unsolicited Commercial Email

CEPOL

European Union Agency for Law Enforcement Training

CERT

Computer Emergency Response Team

CIFAS

Credit Industry Fraud Avoidance System

CNSA

Contact Network of Spam Authorities

CoE

Council of Europe

CPS

Crown Prosecution Service (UK)

CSEW

Crime Survey for England and Wales

CSI

Computer Studies Institute

CVC

card validation code

DBT

Department for Business and Trade (UK)

DCMS

Department for Culture, Media and Sport

DDoS

distributed denial of service

DHS

Department of Homeland Security (US)

DNS

domain name servers

DoJ

Department of Justice (US)

DTI

Department of Trade and Industry (UK)

EC

European Commission

ENISA

European Network and Information Security Agency

EPSRC

Engineering and Physical Sciences Research Council

ESRC

Economic and Social Research Council

EuroISPA

European Internet Service Providers Association

EUROPOL

European Union Agency for Law Enforcement Cooperation

FACT

Federation Against Copyright Theft (UK)

FBI

Federal Bureau of Investigation

FUD

Fear, Uncertainty and Doubt

GCHQ

Government Communications Headquarters

GUI

graphics user interface

HTCC

High-Tech Crime Consortium

HTTPS

Hypertext Transfer Protocol Secure

IC3

Internet Crime Complaint Center (US)

ICANN

Internet Corporation for Assigned Names and Numbers

ICMEC

International Centre for Missing and Exploited Children

ICO

Initial Coin Offering

INTERPOL

International Criminal Police Organization

IoT

Internet of Things

IP

internet protocol (also see TCP/IP)

IPR

intellectual property rights

IPTS

Institute for Prospective Technological Studies

IRC

internet relay chat

ISIPP

Institute for Spam and Internet Public Policy (UK)

ISP

internet service provider

IWF

Internet Watch Foundation

MPAA

Motion Picture Association of America

NCA

National Crime Agency (UK)

NCCU

National Cyber Crime Unit

NCIS

National Criminal Intelligence Service (UK)

NCSC

National Cybercrime Security Centre

NCVS

National Crime Victimization Survey

NFIB

National Fraud Intelligence Bureau

NFIC

National Fraud Information Center

NFT

non-fungible token

NHTCU

National Hi-Tech Crime Unit (UK)

NIM

National Intelligence Model (UK)

NIPC

National Infrastructure Protection Center (US)

NISCC

National Infrastructure Security Co-ordination Centre

NSA

National Security Agency (US)

NSPCC

National Society for the Prevention of Cruelty to Children

OCJS

Offending, Crime and Justice Survey

OECD

Organisation for Economic Co-operation and Development

Ofcom

Office of Communications (UK)

ONS

Office of National Statistics

P2P

peer-to-peer

PC

personal computer

POLCYB

Society for the Policing of Cyberspace

RaaS

ransomware as a service

RATware/RAT

remote administration trojans

RDP

Remote Desk Protocol

RIAA

Recording Industry Association of America

ROCU

Regional Organized Crime Unit (UK)

SAP

Sentencing Advisory Panel

SCADA

Supervisory Control and Data Acquisition

SDR

Software Defined Radio

SOCA

Serious Organized Crime Agency (UK)

SSL

secure sockets layer

TCP/IP

transmission control protocol / internet protocol

TIA

terrorism information awareness

ToR

The Onion Router

UNIRAS

Unified Incident Reporting and Alert Scheme

UNODC

United Nations Office on Drugs and Crime

VoIP

voice over internet protocol

VPN

Virtual Private Network

WWW

World Wide Web

1Introduction

Chapter contents and key points

What has changed since the first edition?

The longstanding relationship between technology and crime continues The aim of this book

Who is the book written for?

What are the principal research questions to be answered and how do they feature in the chapter structure?

How do we know how criminal behaviour has changed online?

(

Chapter 2

)

How have networked technologies changed opportunities for cybercrimes?

(

Chapter 3

)

How has criminal activity changed in the information age? Cybercrimes against the machine, cybercrimes using the machine, cybercrimes in the machine

(

Chapters 4

,

5

,

6

)

How is criminal activity and its organization continuing to change in the information age?

(

Chapter 7

)

How is cyberspace regulated and policed and by whom?

(

Chapter 8

)

How are cybercrimes to be controlled, regulated and prevented?

(

Chapter 9

)

Why are the answers to these questions so important?

(

Chapter 10

)

Can this book be used for teaching?

Chapter at a glanceThis introductory chapter describes the aim of this book, for whom the book is written, the principal research questions to be answered and how they feature in the chapter structure. It then outlines the questions which shape each chapter: What are cybercrimes? What do we know about them? How have networked technologies changed opportunities for criminal activity? What are those criminal opportunities? How is criminal activity continuing to change in the information age? How is cyberspace policed and by whom? How are cybercrimes to be regulated and prevented? Why are the answers to these questions so important? Finally in this introduction, some suggestions are made as to how this book can be used as a basis for teaching cybercrime.

Introduction

I would like to think that the cover photographs of this and the previous edition of this book reflect changes in the cybercrime field in the eras they span. The first edition cover displayed a young woman sitting alone with her laptop in the corner of her favourite internet café. She had just pressed the send button and was looking nervously over her shoulder. Who was she? A victim, an offender, a passer-by? A decade or more ago, the answer was not clear at all as to who she was or what she was doing because the internet distorted conventional reference points, forcing us to challenge our (then) previously held assumptions, particularly about crime and the internet. But the answer to these questions is still not as clear today as we had hoped it would be, but at least we are further on than we were – the problem today is that there are a host of entirely new questions to answer. The prevailing moral concerns at the time of the first edition were largely centred around the threat of extreme materials, especially sexual content, and low-level frauds. Now, more than a decade and a half later, the climate has shifted to one where the major concerns are largely about the threats to society from economic cybercrimes and data theft. So, the cover for this edition is therefore more direct, illustrating how digital and network technologies have become much more invasive, pervasive, ubiquitous and automated in developing new crime opportunities – which is a recurring theme throughout the book. I suppose that if one were to be more accurate, one of the many hands in the cover photo should also be holding a mobile device or two, and another pointing in the direction of a bank or a nation-state conflict, but these could be themes for the next editions!

This book still remains an exploration of what is a relatively new and evolving field of criminal activity. This field is commonly referred to as ‘cybercrime’ because it arises from the bad side of the cyberspace imaginary, which is the way in which society reacts to the convergence of digital and networked technologies. Not only does cybercrime continually evolve, but it also keeps being reinvented as the cybersecurity landscape changes. Indeed, between the editions of this book a number of profound changes have occurred in it that are exposing us to an entirely new generation of data-fuelled cybercrime facilitated by cloud technologies, the Internet of Things (IoT), social media and cryptocurrencies, plus a number of terrestrial conflicts, which I have tried to capture in the text.

What has changed since the first edition?

Crudely put, this book deconstructs cybercrime for the reader. In so doing, it shows how the internet (digital and networked technology) has mechanized and industrialized a particular type of criminal behaviour online. If the first two decades of cybercrime, as represented in the first edition, showed how it enabled individuals to take control of and perform bulk cybercrimes by themselves on a global scale, then the next two decades chart how technology has further developed some of the key transformations (or technological affordances) that were only briefly outlined in the first edition: technologies which, in turn, have introduced social media networks and the Internet of Things into our lives. Digital and networked technologies have also created new market forces that have driven cybercrime opportunities which have caused cyber-offenders to become more organized in order to make cybercrime pay. This recent period is when the early fears about cybercrime have actually become a reality. Yet many of the events that occurred in the period covered by the previous edition have shaped what happened after then. What this means for the reader is that part of the original analysis is repeated in this edition because these events shape how we view this later period.

The 2007 edition illustrated how the networked and digital technologies created entirely new opportunities for cybercrime, by effectively deskilling some pre-internet crime processes into their component parts and automating them. The reskilling (of the managing of) the automated processes allowed one person to commit online a complete crime that would otherwise have taken a group of individuals working closely together. Cybercrime in the mid-noughties was serious in terms of disruption and small-impact bulk victimizations, but not always as serious as predicted by the early cybersecurity industry, which had a vested interest in gloomy predictions.

Since the 2007 edition, there has been a marked shift in the cybersecurity landscape. This is because offenders have had to adapt to circumstances and scale up their crime operations in order to reach their criminal objectives in terms of financial gain, disruption, destruction, stealing crucial data. To achieve their criminal goals, a supply chain emerged of skilled specialists that could be hired to facilitate cyber-crime. The market for these skills constitutes a cybercrime ecosystem which has expanded the cybercrime landscape and provided a foothold for organized crime groups. After many years of apocryphal warnings from the cybersecurity industry that ‘the sky is falling in’ – at the time it was rather like listening to a weather report from an umbrella manufacturer – the evidence now looks as though it is in danger of doing so! Nevertheless, it is important to underline this rather brash statement with the caveat that the cybersecurity industry and police, and various internet guardians, have also made some massive strides forward in understanding and counteracting cybercrime behaviour – which has meant offenders have to work harder to be successful.

The long-standing relationship between technology and crime continues

A simple reading of history shows that the relationship between crime and technology is by no means new and that the potential for creating harm never seems to be far away from any apparently beneficial new technological development. Although the hardware used to implement technological ideas may change across the span of time, many of the basic crime ideas remain familiar, particularly those which exploit chains of trust created and supported by technology. In the early nineteenth century, for example, the ingenuity of some of the wire frauds perpetrated by tapping into electric telegraph systems bears an uncanny resemblance to modern-day hacks. This long-standing, though ‘uneasy’, relationship between crime and technology also extends to ideas about crime prevention and security – the architects of the pyramids, for example, employed sophisticated security technologies to thwart tomb raiders – a few wrong or unexpected moves and … slam! … the tomb entrance was sealed forever – not so different in principle to the automated surveillant technologies installed at airports to detect potential terrorist actions by identifying abnormal patterns of movement. And on the subject of the electric telegraph, no sooner had it been invented than it was being used to catch criminals, as murderer John Tawell reflected upon in the moments before his execution in 1845. After killing his mistress and fleeing to London by train, Tawell’s physical description was telegraphed forward by police and he was arrested upon his arrival (Standage, 1998: 51).

Today, the technological cat-and-mouse game between offender and investigator remains today much the same as in the past. Offenders still adaptively exploit new technologies while the investigators rush to catch up quickly, using those same technologies for investigation, apprehension and prevention. What has changed significantly in late modern times is, as indicated above, the increase in the scale of cybercrime due to the availability of personal and mobile computing across globalized communications networks. The time frame during which harmful behaviour occurs is substantively much shorter today because ‘cloud technology’ has speeded up networking. It is also particularly worrying that the length of time for a cybercrime opportunity to turn into a cybercrime wave is now measured in hours, minutes and even seconds, rather than days, months or years. As a consequence, digital and networked technology has become more than simply a ‘force multiplier’, because networks have globalized ideas about committing crimes. Ideas about committing crime being carried out across globalized networks. Of course, they have also globalized ideas about its investigation and prevention, which, along with developments in methods of technological detection, have contributed to offenders having to up their game. So fast has been the rate of change that this book has already been revised considerably during the course of writing and revision, which is living proof of Moore’s proposal that one internet year is approximately equal to three months or less in real time (based upon Moore, 1965: 114).

Drawing upon almost three decades of multidisciplinary research and sources, this book explores the transformation of crime in the information age. Although it tends to focus upon high-end cybercrimes – those which are solely the product of networked technologies – it also seeks to explain the broader range of behaviours referred to as cybercrime. Moreover, it also addresses the various legal, academic, expert and popular constructions of cybercrime and explains the disparities between them. It is argued that not only have networked technologies changed the criminal process by creating new generations of hackers and crackers, fraudsters and pornographers and hate-mongers, but these have themselves now been superseded. The convergence of digital and networked technologies with other technology has arguably led to a third (and possibly fourth or fifth) generation of cybercrimes to augment, or even succeed, the first (computer-crime) and the second (hacking) generations that emerged in the first decade of the twenty-first century. It can now be argued, for example, that earlier concerns about the ‘hacking’ of individual systems by skilled individuals have become sidelined by new advanced attack methods whereby offender groups rent crimeware-as-a-service (CaaS) facilities to commit their crimes, almost as casually as if they were renting a film. These CaaS facilities are themselves chosen as if from a slot machine. Run from digital dashboards, they employ ‘botnets’ of many millions of ‘zombie’ computers infected by remote-administration malware and facilitated by cloud technologies and the Internet of Things. CaaS can now automate the hacking process, and also the process by which offenders engage with their victims. These facilities and the relationship between them are explained later in greater detail.

The challenges of responding to cybercrime remain considerable. On the one hand, sensationalized media coverage has raised public expectations of a high level of cybercrime. Yet, on the other hand, the reality is that many of those cybercrimes are not regarded by victims as being particularly serious, because either their impacts may be delayed, or they may be offset by the victim’s banks or insurance policies. Police actions and prosecutions are also relatively low against reports of crime, as they are for most crime. But, culturally and historically, the police are not very well equipped to respond to cybercrimes, so they tend to take a tactical ‘whack a mole’ rather than strategic approach (Palmer, 2021). Politically, cybercrimes simply do not ‘bang, bleed or shout’ (BBC, 2019), which, as illustrated in chapter 8, does not make cybercrimes a primary policing priority. However, localized crime statistics also tend not to grasp the global picture because the true seriousness of cybercrimes often lies in their aggregate impact or subsequent knock-on cybercrime, as in the case of data theft. The first edition identified a world of low-impact, multiple-victim crimes where bank robbers no longer had to plan the high-risk thefts of millions of dollars because new technological capabilities meant that one person could commit millions of low-grade robberies of $1 each. In fact, recent cloud technologies increase data processing power and now mean that one person could technically commit billions of lower-grade robberies of $0.1 each: small (de-minimis) crimes that are practically impossible to investigate.

The main development since the ‘early’ period of cybercrime, however, is that, while many cybercrimes have relatively small impact, the scale has increased and so have the proceeds of cybercrime. This has meant that our understandings need to change to incorporate the bigger picture today. Many of the smaller and individual victimizations originate out of larger keystone crimes, typically corporate data breaches, which provide the essential data to set up the various components of the cybercrime ecosystem – for example, gaining access to victims’ accounts or setting up botnets. Unless this is countered, we face the prospect of being faced with ‘ubiquitous’ and automated victimization.

The framing of this bigger picture in which offenders upscale their cybercrimes via a cybercrime ecosystem to make their crimes lucrative, is an important part of the narrative within this book. But so is the role of law and law enforcement in dealing with the conceptual fog of cybercrime trends and the recurring problems of ‘de minimism’ and jurisdictional boundaries. On the one hand, criminal justice systems that are used to one criminal per crime are still not geared up to deal with either multiple offending across different bodies of law or the aggregations of offences. Because of their enormity, cybercrimes can create many practical, technical and legal problems for investigation and prosecution. On the other hand, optimistically, the digital realism, of cybercrime is such that the more a behaviour is mediated by new technology, then the more it can be governed by that same technology. Laws, for example, could be and are starting to be written into the very codes that make software work. However, unless reduced, this trend could create the spectre of citizens being exposed to ubiquitous law enforcement and the potential problems it creates of acting on a ‘pre-crime’ prediction. This is where artificial intelligence analyses all available data about individuals and the surrounding circumstances to anticipate when a cybercrime is likely to occur, rather than when it actually does. Such an idea is very attractive to some sections of society but also contains drawbacks for various cherished personal freedoms.

Rather surprisingly, after a quarter of a century, both researching and teaching cybercrime still seem like an uphill struggle, as box 1.1 illustrates.

Box 1.1 Can’t we just switch it off?

Exactly 25 years ago, I recall talking to a meeting of international security chiefs about the cybercrime threat. The head of a rather large international airport said in a somewhat incredulous tone, ‘The answer is simple, let’s just switch it off.’ After being patiently told that you can’t switch off the internet as it is designed to be resilient to attack, he exclaimed, ‘Which idiot allowed that to happen!’, to which a terse reply came from a senior US defence official: ‘Well, we did, the internet was built by the US so that we could retain governmental and defence communications across the country if ever a nuclear attack occurred and wiped out a major communications hub.’ After the penny dropped, the newly enlightened and now less incredulous security chief was far more understanding of the problem and contributed to the debates. For me, this vignette illustrated not only how quickly the internet had become embedded in everyone’s lives, even if many, at the time, did not even realize it had done so. It also illustrated the wider extent to which governments did not fully appreciate or even understand the complexities and criminal implications of internet technologies, and how little of the cybercrime problem was understood by those responsible for protecting society against it. Finally, it illustrated how vulnerable they were at the time to what Ross Anderson has referred to as ‘the siren call of the software salesman’ (cited in Claburn, 2022). Cybersecurity had become big business and those in the industry were never going to be guilty of understating the problem.

Today, these themes and attitudes are reflected in many of the debates about social media-driven hate speech, and also recent concerns about artificial intelligence. And the message is the same, we can’t just switch it off, delete materials; and there is no silver bullet that will magically resolve the issue. The world has changed and will continue to change, and criminals will continue to capitalize on this fact. Society, therefore, needs to adapt its responses accordingly!

The aim of this book

As indicated earlier, the primary aim of this second edition remains much the same as the first, which is to contribute to our knowledge and understanding of cybercrimes. It is not a manual of computer crimes nor the methods by which to resolve them – others do that far better. Rather, it seeks to obtain a critical understanding of the various transformations that have taken place in criminal activity and its regulation, as a result of digital and networked technologies. Central to the arguments made in the forthcoming chapters is a ‘transformation thesis’ which looks at the various ways in which cybercriminal behaviours are transformed by the informational, global and networked qualities of these technologies. Such an approach will reveal that there are actually a range of different types of cybercrime that are the product of digital technology that reduces objects such as images, documents, sounds into computer files, and networked technologies which send them (potentially) across the planet. In so doing, they have transformed the more traditional divisions of criminal labour to provide entirely new opportunities for, and indeed new forms of, crime that typically involve the acquisition or manipulation of information and its value across global networks. This notion of transformation is important because it offers the prospect of reconciling very different accounts of cybercrime by representing them as very different phases in the crime process. The transformation concept is also important because its flipside, as indicated earlier, is that the same technologies which create cybercrimes also provide unique opportunities for their regulation and policing. However, while this may provide a solution, it also stimulates an important debate about the framework for maintaining order and law enforcement on the internet.

Who is the book written for?

This book is primarily written for those who are interested in this field of study, my various cybercrime students, colleagues near and far, as well as the many policymakers and practitioners working in this field. I also must confess to writing it for myself as an aide-memoir after researching this field for over 30 years.

When the first edition was commissioned, there were few comprehensive cyber-crime texts available. Now there are many available texts, but few are positioned between law, criminal justice and criminology, and this book fills that spot. It will be no surprise then, that the book’s main academic reference point is the intersection between law and criminology, particularly as it relates to the ‘law in action’. This is because many of the harmful internet behaviours that raise public concern do not necessarily fall neatly within the criminal or civil codes. Furthermore, how they are currently resolved is framed increasingly by the broader discourse over public safety, as well as specific law enforcement debates. Although the narrative is driven by a progressing thesis, it also maps out and contextualizes the range of cybercrimes, and in so doing the book contributes to ongoing academic debates. The book’s intended audiences are advanced undergraduates and graduate students on a variety of programmes, as well as the professional communities involved in cybercrime-related policymaking or practice. It also complements some of the very good texts that emerged on the subject in what has now become quite a crowded field; see, for example, the seminal work of Grabosky and Smith (1998; Smith et al., 2004) and Grabosky (2016), followed by McQuade’s (2006b) and Majid Yar’s (2006; 4th edn, with Steinmetz, 2023) sociological treatise on cybercrime and society, and Fafinski’s (2009) legal/regulatory debate; Maras’s 2016 Cybercriminology, Steinmetz’s (2016) analysis of hackers, Leukfeldt’s (2016) study of cybercrime and organized crime; also Lusthaus (2019), Lavorgna (2020), Holt and Bossler (2015) and Holt et al. (2022) on digital forensics in cybercrime; and Button et al. (2022) on economic cybercrimes. And there are many other tomes that are too numerous to mention, yet, I must add, no less important!

Informed by my own empirical research and that of other colleagues in the field, the narrative has largely been constructed from a grounded analysis of events and draws upon a range of diverse and different sources. Theoretically, it owes debts to the narrative criminologies of Katz (1988) and colleagues, the grounded theories of Glaser and Strauss (1967), Gibson’s ‘Affordance Theory’ (1966) and Cohen and Felson’s routine activities theories (1979). It is also informed by, and sometimes opposes, the cultural cybercrime narratives mapped out in the 1980s cyberpunk literature (see later). The narrative is also shaped by the distributed (as opposed to centralized) organization of the internet and multiple flows of often conflicting information about cybercrime offending and victimization. A fact of life is that we (researchers) continually fight against the myth of available data about cybercrime, and the assumption that data streams exist, when in fact they do not exist in an easily usable form for social scientists. Furthermore, networked information has the tendency to flow quite freely in all directions and so evades the editorial verification and control of dissemination which characterized previous media technologies. Some of these information sources are the product of impartial and reliable news reporting, others are not. The latter may be the product of vested (usually commercial) interests, or the results of academic research, or surveys conducted by the many governmental and non-governmental agencies that have an interest in most things ‘cyber’. As an example, consider the problem of when a cybercrime event actually takes place so that it can be recorded. Is it when a particular law is broken, or when the victim reports it, or an offender claims it (it does happen!), or a journalist or some other party exposes it? Event identification has been an age-old problem for criminology but becomes even more problematic when cybercrimes are involved. Wherever possible, original and independent sources of information have been drawn upon to ensure the reliability of information, in order either to confirm a particular trend in two or more independent data sets or to record the occurrence of an event. Since the first edition, this includes open-source databases on cybercrimes, ransomware victims and conflict groups assembled for various funded research projects.

Adopting such an approach has helped to counter simplistic or conventional wisdoms, often simplified by the media for public consumption. Particular care was taken to avoid following purely sensationalized news streams, where one article reporting a sensational news event would tend to spawn a chain of others. The resulting analysis therefore takes a multidisciplinary approach to respect the many voices of crime (Garland and Sparks, 2000). The digital realist perspective adopted here is not, however, to be confused with the artistic theory of pseudo-realism which carries the same name (see Surman, 2003: 11) or indeed debates about left-realism (Young, 1997). Rather, it originates more in the work of Lessig (1998a, 1998b, 2006) and Greenleaf (1998), but, as indicated earlier, also combining and adapting the work of criminological theorists, routine activities theory (Felson), affordance theory (Gibson), symbolic interactionalism (Matza) and cultural sociology (Katz) to understand and contextualize cybercrime. It is essentially a multiple discourse approach which recognizes that cybercrime, like ordinary crime, is a form of behaviour that is mediated as much by technology as by social and legal values, economic drivers and also opportunities. The interrelation between these influences not only shapes the digital architecture of criminal opportunity, but also provides directions for resolving the same harms.

What follows, then, is a systematic enquiry based upon available knowledge, literature and research findings, much of which is outlined in the next chapter. It is also informed by my own funded research projects into crime, criminal justice and the internet, conducted between 1999 and 2023 for a range of organizations and agencies.1

What are the principal research questions to be answered and how do they feature in the chapter structure?

In pursuit of the central aim of exploring the transformation of crime in the information age, which is simply defined as the time period after adoption of digital and networked technologies in the early 1990s when information, rather than things, became keys to progress (or not, as the case may be), this book seeks to answer six logical research questions that frame the discussion in each of the forthcoming chapters.

What are cybercrimes, what do we know about them and how do we make sense of them? Chapter 2 looks at the production of knowledge about cybercrime and the origins of the term. It then looks at the various discourses that give meaning to it, before exploring critically the tensions that exist between various ways in which knowledge about cybercrimes is produced. Analysis of ‘the problem’ provides a language with which to discuss it.

How have networked technologies changed opportunities for criminal activity?Chapter 3 discusses the emergence of networked society and the technologies that construct it. The chapter then explores the various ways in which their distinctive characteristics have transformed criminal behaviour and created new conduits for cyber-assisted, cyber-enabled and cyber-dependent criminal activities.

How has criminal activity changed in the information age? The following three chapters seek to answer this question by exploring the different focus, or modus operandi, of cybercrimes.

Chapter 4 looks at cybercrimes against the machine (which I have previously referred to as computer integrity crime (2007b) and cybertrespass (2001b)). It specifically outlines the various challenges to the integrity of computing systems, for example through hacking, to breach established boundaries to gain access to spaces over which ownership and control have already been established.

Chapter 5 explores cybercrimes using the machine (previously referred to as computer-assisted crime). Much of the discussion here focuses upon the various permutations of what is effectively cyber-theft or frauds – deceptive and acquisitive behaviour in cyberspace. But computer-mediated communications also increasingly fall under this banner because they seek to deceive.

Chapter 6 focuses upon cybercrimes in the machine (previously computer content crime) and considers these types of cybercrimes in the context of three key broad areas of concern: extreme pornography, hate speech, extreme political speech.

How is criminal activity and its organization continuing to change in the information age?Chapter 7 explores how the organization of cybercrime is becoming more sophisticated. Developments in malware are continuing to automate victimization, and social engineering has become more technically and psychologically sophisticated – both to the point that they are now the province of those selling their specialized skill sets as a service to would-be offenders. Not only is crime-as-a-service creating entirely new levels of cybercrime, but it also expands the scale of the offences and their impact upon victims. The chapter also contemplates some of the informational problematics that arise with regard to identifying offenders and their victims. In some contexts, the very concepts of offender and victim are challenged – both being central to the understanding of law and criminology.

How is cyberspace policed and by whom?Chapter 8 explores how cyberspace is policed. It plots the compliance framework that currently shapes the regulation of behaviour online to illustrate how order and law are currently maintained on the internet. It then identifies the challenges posed by cybercrimes for criminal and civil justice processes before positioning the ‘public police’ as gatekeepers to the criminal justice system, within that structure.

How are cybercrimes to be controlled, regulated and prevented? Given that we can’t just switch the internet off when something goes wrong, chapter 9 looks at the regulatory challenges by focusing upon the processes that govern online behaviour and the roles played by law, technology and other influences in the regulation of cyberspace.

Why are the answers to these questions so important?Chapter 10 concludes by summarizing the findings of the preceding chapters and explaining how crime has become transformed by digital and networked technologies. Hopefully, the answers to the above questions will help you, the reader, to understand the different layers of phenomena colloquially known as cybercrimes. It will also help you to develop a language framework through which you can develop your own information about changing trends in cybercrime and communicate them with others.

Can this book be used for teaching?