Difference between revisions of "Cybercrime" - New World Encyclopedia

Cybercrime is a term used broadly to describe activity in which computers or networks are a tool, a target, or a place of criminal activity. These categories are not exclusive and many activities can be characterized as falling in one or more categories.

Overview

Although the term cybercrime is usually restricted to describing criminal activity in which the computer or network is an essential part of the crime, this term is also used to include traditional crimes in which computers or networks are used to enable the illicit activity.

Examples of cybercrime in which the computer or network is a tool of the criminal activity include spamming and certain intellectual property and criminal copyright crimes, particularly those facilitated through peer-to-peer networks.

Examples of cybercrime in which the computer or network is a target of criminal activity include unauthorized access (i.e, defeating access controls), malicious code, and denial-of-service attacks.

Examples of cybercrime in which the computer or network is a place of criminal activity include theft of service (in particular, telecom fraud) and certain financial frauds.

Finally, examples of traditional crimes facilitated through the use of computers or networks include Nigerian 419 or other gullibility or social engineering frauds (e.g., "phishing"), identity theft, child pornography, online gambling, securities fraud, etc. Cyberstalking is an example of a traditional crime — harassment — that has taken a new form when facilitated through computer networks.

Additionally, certain other information crimes, including trade secret theft and industrial or economic espionage, are sometimes considered cybercrimes when computers or networks are involved.

Cybercrime in the context of national security may involve hacktivism (online activity intended to influence policy), traditional espionage, or information warfare and related activities.

Another way to define cybercrime is simply as criminal activity involving the information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud.

Applicable laws

United States

• ACCESS DEVICE FRAUD. 18 U.S.C. § 1029. Fraud and related activity in connection with access devices.

• COMPUTER FRAUD AND ABUSE ACT. 18 U.S.C. § 1030. Fraud and related activity in connection with computers.

• CAN-SPAM ACT. 18 U.S.C. § 1037. Fraud and related activity in connection with electronic mail.

• EXTORTION AND THREATS. 18 U.S.C. § 875. EXTORTION and THREATS. Interstate communications.

• IDENTITY THEFT AND ASSUMPTION DETERRENCE ACT of 1998. 18 U.S.C. § 1028. Fraud and related activity in connection with identification documents, authentication features, and information.

• WIRE FRAUD. 18 U.S.C. § 1343. Fraud by wire, radio, or television.

• No Electronic Theft ("NET") Act. 17 U.S.C. § 506. Criminal Offenses. (criminal copyright infringement)

• DMCA . 17 U.S.C. § 1201. Circumvention of copyright protection systems.

• Electronic Communications Privacy Act, 18 U.S.C. § 2701, et seq. (STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS)

• Trade Secrets Act. 18 U.S.C. § 1832. Theft of trade secrets.

• Economic Espionage Act. 18 U.S.C. § 1831. Economic Espionage.

• US Computer Crime Laws by State

United Kingdom

• The Computer Misuse Act 1990 in the UK (Amended in the Police and Justice Act 2006)

Australia

• Cybercrime Act 2001 (Commonwealth)
• Crimes Act 1900 (NSW): Part 6, ss 308-308I.
• Criminal Code (WA): Section 440a, Unlawful Operation of a Computer System

Others

• Council of Europe Convention on Cybercrime
• Global Survey of Cybercrime Law
• Unauthorized Access Penal Laws in 44 Countries

• Convention on Cybercrime
• Council of Europe - Draft Convention on cyber-crime (Draft N° 27)

Academic resources

• Cybercrimes.net and Cyb3rCrim3.org Susan W. Brenner
• Cybercrime - High Tech crime JISC Legal Information Service
• Criminal Justice Resources - Cybercrime
• Cybercrime NYLS
• Cybercrime Law

Government resources

• Cybercrime.gov US Department of Justice CCIPS
• US CERT United States Computer Emergency Readiness Team (US-CERT)
• FBI Cyber Investigations Home Page
• US Secret Service Computer Fraud
• On Guard OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.
• ID Theft one-stop national resource to learn about the crime of identity theft
• FindLaw Computer Crime
• RCMP Computer Crime Prevention Royal Canadian Mounted Police

Commercial resources

• Annual e-Crime Conference : International Conference for Public & Private Security Specialists

Further reading

Wikibooks has a book on the topic of

Legal and Regulatory Issues in the Information Economy

• The evolution of cybercrime from past to the present
• CNET - Cybercrime and Punishment

Identity taker is a term first appearing in U.S. literature in the 1990s, leading to the drafting of the Identity Theft and Assumption Deterrence Act.^[1]

In 1998, The Federal Trade Commission appeared before the Subcommittee on Technology, Terrorism and Government Information of the Committee of the Judiciary, United States Senate.^[2] The FTC highlighted the concerns of consumers for financial crimes exploiting their credit worthiness to commit loan fraud, mortgage fraud, lines-of-credit fraud, credit card fraud, commodities and services frauds. With the rising awareness of consumers to an international problem, in particular through a proliferation of web sites and the media, the term "identity theft" has since morphed to encompass a much broader range of identification-based crimes. The more traditional crimes range from dead beat dads avoiding their financial obligations, to providing the police with stolen or forged documents thereby avoiding detection, money laundering, trafficking in human beings, stock market manipulation and even to terrorism.

According to the non-profit Identity Theft Resource Center, identity theft is "sub-divided into four categories: Financial Identity Theft (using another's name and SSN to obtain goods and services), Criminal Identity Theft (posing as another when apprehended for a crime), Identity Cloning (using another's information to assume his or her identity in daily life) and Business/Commercial Identity Theft (using another's business name to obtain credit)."

The Identity Theft and Assumption Deterrence Act (2003)[ITADA] amended the U.S. Code, s. 1028 - "Fraud related to activity in connection with identification documents, authentication features, and information". The Code now makes possession of any "means of identification" to "knowingly transfer, possess, or use without lawful authority" a federal crime, alongside unlawful possession of identification documents.

Some people prefer the term "identity fraud" to describe when their means of identification has been exploited for an unlawful purpose. Others believe the thief does deprive the owner of his identity by replacing his reputation with the thief's. Both uses of the term focus on the act of acquiring the legally attributed personal identifiers and other personal information necessary to perpetrate the impersonation.^[3]

A classic example of consumer-dependent financial crime occurs when Bob obtains a loan from a financial institution impersonating Peter. Bob uses Peter's personal identifiers that he has somehow acquired. These personal identifiers conform with the data retained on Peter by national credit-rating services. The identifiers include surname, given names, date of birth, Social Security number (U.S.), Social Insurance Number (Cda), current and former addresses etc. These data are all part of credit header information retained by credit-rating services. The crimes are self-revealing. When Peter defaults on payments the lenders become aware. With consumers being credit-dependent, the onus shifts to them to re-establish their credit-worthiness with the lending institutions and credit-rating services.

Less commonly understood outside criminal intelligence and law enforcement circles is the impact of identification-based concealment crimes. As with credit-dependent consumer financial crimes, criminals acquire legally attributed personal identifiers and then clone someone to them for concealment from authorities. Unlike credit-dependent financial crimes, they are non self-revealing, continuing for an indeterminate amount of time without being detected.

The crimes include illegal immigration, terrorism and espionage, to mention a few. It may also be a means of blackmail if activities undertaken by the thief in the name of the victim would have serious consequences for the victim. There are cases of identity cloning to attack payment systems, such as obtaining medical treatment.

Personal Guardianship

The unlawful acquisition of legally attributed personal identifiers is made possible by serious breaches of privacy. For consumers it is usually due to personal naivete in who they provide their information to or carelessness in protecting their information from theft (e.g. vehicle break-ins and home invasions). Guardianship of personal identifiers by consumers is the most common intervention strategy recommended by the Federal Trade Commission, Canadian Phone Busters and most sites that address "identity theft". Personal guardianship issues include recommendations on what consumers may do to prevent their information getting into the wrong hands.

Agency Guardianship

Governments trade off diligence in issuing both foundation and other means of identification documents providing access to benefits, privileges and services, for delivery of smooth and efficient services to their clients.

In their May 1998 testimony on Identity Theft before a subcommittee of the Committee of the Judiciary, United States Senate, the Federal Trade Commission (FTC) reported on their response to consumer concern about the sale of their Social Security numbers and other personal identifiers by the individual reference service industry [credit-raters and data miners]. The FTC agreed to the industry's draft of self-regulating principles restricting access to non-public information which includes "credit header" information on credit reports. The credit header data typically includes the individual's name, address, aliases, Social Security number, current and prior addresses and telephone number.^[4] According the industry the restrictions vary according to the category of customer. Credit-rating services gather and disclosure personal and credit information to a wide business client base.

Governments, in registering sole proprietorships, partnerships and corporations do not make an effort to determine if the officers listed in the Articles of Incorporation are who they say they are, potentially allowing criminals access to personal information through credit-rating and data mining services. Other poor corporate diligence standards include: i) a failure to shred confidential information before throwing it into dumpsters; ii) the brokerage of personal information to other businesses without ensuring that the purchaser maintains adequate security controls; and iii) the theft of laptop computers being carried off-site containing vast amounts of personal information.

If corporate or government organizations do not protect consumer privacy, client confidentiality and political privacy, the acquisition of personal identifiers to commit unlawful acts will continue to be a prime target for criminals.^[5]

Legal response

In the United Kingdom personal data is protected by the Data Protection Act. The Act covers all personal data which an organization may hold, including names, birthday and anniversary dates, addresses, telephone numbers, etc.

Under English law, the deception offenses under the Theft Act 1968 increasingly contend with identity theft situations. In R v Seward (2005) EWCA Crim 1941^[6] the defendant was acting as the "front man" in the use of stolen credit cards and other documents to obtain goods. He obtained goods to the value of £10,000 for others who are unlikely ever to be identified. The Court of Appeal considered sentencing policy for deception offenses involving "identity theft" and concluded that a prison sentence was required. Henriques J. said at para 14:"Identity fraud is a particularly pernicious and prevalent form of dishonesty calling for, in our judgment, deterrent sentences."

In Australia, privacy law is the responsibility of the Office of the Privacy Commissioner.^[7]

In the USA, until 2003, dealing with consumer crimes involving legally attributed personal identifiers was the jurisdictional responsibility of the local and state authorities. Identification documents are a different story, addressed in Title 18 > Part I > Chapter 47 s.1028 of the U.S. Code. The unlawful use of identification documents is historically a federal offence. In response to the consumer issue of "identity theft", the U.S. Congress passed the Identity Theft and Assumption Deterrence Act (2003) amending Title 18 > Part I > Chapter 47, s. 1028 to include the unlawful use of a "means of identification" [s,1028 (d)(7)] making it a federal crime alongside identification documents. The title of s.1028 is, "Fraud related to activity in connection with identification documents, authentication features, and information". The Act also provides the Federal Trade Commission with authority to track the number of incidents and the dollar value of losses. There figures relate mainly to consumer financial crimes and not the broader range of all identification-based crimes.^[8] Punishments for the unlawful use of a "means of identification" were strengthened in s.1028a, allowing for a consecutive sentence under specific conditions of a felony violation defined in s. 1028c.

If used to commit another crime in the commission of identity theft in the United States (if charged federally) include:

• Class B Felony: 6-20 years in Jail and a fine up to $10,000
• Class C Felony: 2-8 years in Jail and a fine up to $10,000

If charges are brought by state or local law enforcement agencies, different penalties apply depending on the state.

In France, a person convicted of identity theft can be sentenced upto 5 years in prison and fined upto €75,000.[1]

Techniques for obtaining information

• stealing mail or rummaging through rubbish (dumpster diving)
• eavesdropping on public transactions to obtain personal data (shoulder surfing)
• stealing personal information in computer databases [Trojan horses, hacking]
• infiltration of organizations that store large amounts of personal information
• impersonating a trusted organization in an electronic communication (phishing)
• Spam (electronic): Some, if not all spam requires you to respond to alleged contests, enter into "Good Deals", etc.
• using another arguably illegal reason to victimize individuals who display their personal information in good faith, such as landlord-related fraud, where the Patriot Act is used to create suspicion on prospective tenants, and then using their personal information to commit fraud. This is a very common practice among slumlords, who violate civil rights and use the right to request background checks to defend their legal policies, which are later used to commit crimes; the laws themselves create this conflict and is a type of identity theft created and enforced by federal law.

Spread and impact of consumer-based "identity theft"

Surveys in the USA from 2003 to 2006 showed a decrease in the total number of victims but an increase in the total value of identity fraud to US$56.6 billion in 2006. The average fraud per person rose from $5,249 in 2003 to $6,383 in 2006.^[9]

The 2003 survey from the Identity Theft Resource Centre found that :

• Only 15% of victims find out about the theft through proactive action taken by a business
• The average time spent by victims resolving the problem is about 600 hours
• 73% of respondents indicated the crime involved the thief acquiring a credit card
• The emotional impact is similar to that of victims of violent crimes

In a widely publicized account,^[10] Michelle Brown, a victim of identity fraud, testified before a U.S. Senate Committee Hearing on Identity Theft. Ms. Brown testified that: "over a year and a half from January 1998 through July 1999, one individual impersonated me to procure over $50,000 in goods and services. Not only did she damage my credit, but she escalated her crimes to a level that I never truly expected: she engaged in drug trafficking. The crime resulted in my erroneous arrest record, a warrant out for my arrest, and eventually, a prison record when she was booked under my name as an inmate in the Chicago Federal Prison."

In Australia, identity theft was estimated to be worth between AUS$1billion and AUS$4 billion per annum in 2001.^[11]

In the United Kingdom the Home Office reported that identity fraud costs the UK economy £1.7 billion^[12] although privacy groups object to the validity of these numbers, arguing that they are being used by the government to push for introduction of national ID cards. ^{[citation needed]} Confusion over exactly what constitutes identity theft has led to claims that statistics may be exaggerated.^[13]

In popular culture

• The public fascination with impostors has long had an effect on popular culture and extends to modern literature.
• Across the ages there have been many cases of "identity theft"
• The story of Michelle Brown has been made into a film.^[14]
• In Frederick Forsyth's novel The Day of the Jackal the would-be assassin of General de Gaulle steals three identities. Firstly, he assumes the identity of a dead child by obtaining the child's birth certificate and using it to apply for a passport. He also steals the passports of a Danish clergyman and an American tourist, and disguises himself as each of those persons in turn.
• In the 1995 movie The Net, Sandra Bullock plays a computer consultant whose life is taken over with the help of computer assisted identity theft.
• In Jonathan Smith's novel Night Windows the action is based on the horrific and real life theft of Smith's own identity.

• Protection - Find resources provided by the FDIC to educate and protect consumers, revitalize communities, and promote compliance with the Community Reinvestment Act and fair lending laws. Tips, and ways to help protect yourself from online identity theft can be found at www.fdic.gov

See also

• Impostor
• Fair and Accurate Credit Transactions Act
• Fair Credit Billing Act
• Fair Credit Reporting Act
• Identity document forgery
• Lapsed lurker
• Pharming
• Phishing
• Spam

References

ISBN links support NWE through referral fees

External Links

• All Party Parliamentary Group on Identity Fraud Website - initiative of British parlimenatrians
• Privacy Rights Clearinghouse webpages a non profit consumer information and advocacy organisation
• U.S. (FTC.gov) website devoted to ID theft
• Identity Theft Insider - Identity Theft from a previous victim's perspective
• IdentityLockBlog.Info - Blog tracking identity theft developments with daily news updates
• IdentityTheftSecrets.com - Very clever anatomy of a phishing scheme in action
• AlabamaConsumerLawBlog.com - Blog tracking consumer law and identity theft issues
• United Kingdom Home Office Identity Theft Website
• Identity Theft and Fraud from the US Dept. of Justice
• Internet Fraud from the US Dept. of Justice
• Identity Theft — Carnegie Mellon CyLab's MySecureCyberspace, a portal on cybersecurity for home users
• Privacy Laws by State
• [2] The Identity Theft Resource Center, a nonprofit, nationally respected program dedicated exclusively to identity theft.
• "Transcript of Attorney General Alberto R. Gonzales and FTC Chairman Deborah Platt Majoras Announcing the Release of the President's Identity Theft Task Force", US Department of Justice, April 23, 2007. Retrieved 2007-04-24.
• Identity Theft Crackdown: Strengths, Weaknesses and Red Flags For Identity Theft Task Force Strategic Plan GammaWealth Strategy & Research, LLC
• Identity Theft - The Time Bomb On Your Desktop Richard Odell - Computer security article
• Worksheet to follow if you suspect you are a victim of identity theft - Steps and resources to contact for victims of identity theft

External links in French

• Olivier Iteanu, "Identity theft: the law or technology to protect you??," Le Journal du Net, 9 September 2004
• Category: French criminal law