Introduction
The cyberspace has been growing in
significance in recent years. This has especially been the case in the
developed world where the internet and online transactions are becoming
acceptable to consumers (KPMG, 2011). Companies have also been making use of
computer systems to develop intranets that ensure the cost effectiveness and
efficiency of their communication systems. The internet has also led to the
creation of a borderless economy with information flowing freely across
national boundaries with governments having little control over it (Global
Economic Symposium, 2012). Companies have moved to capitalise on this fact and
advance their brand awareness to other regions and countries.
The growth of the
internet usage around the world has led to the emergence of one major risk:
cybercrime. Cybercrime involves theft of information, sabotage of operations of
corporations and government departments, impersonation and others (KPMG, 2011).
This leads to loss of money, organisational secrets that could compromise how
secure an organisation is, security threat to the public, and loss of
confidence in an organisation’s systems. Curbing cybercrime becomes a big
challenge due to its borderless nature with countries having to share
intelligence in order to fight the vice more effectively (Global Economic
Symposium, 2012). This paper expounds on the common forms of cybercrime and
challenges that make it difficult for the risk to be mitigated. It also makes
recommendations on how such challenges can be surmounted.
Notable trends in cybercrime and common
technologies used for the vice
In recent years, cybercrime has been on
the increase. Statistics in 2010 indicate that the global spam rates increased
by 1.4% over the 2009 rates (Europol, 2012). While cyber attacks have in the
past been associated with geniuses innocently trying to prove their prowess in
computers and computer networks; the emergence of an underground economy
dealing in restricted information on people and companies have seen the
practice turn criminal. Cybercriminals are increasingly using their prowess to
steal and sell information which is then used to manipulate personal bank
accounts, steal company secrets and sabotage organisations and government
departments (Smith, 2007).
In 2010, a computer
worm Stuxnet was produced with an aim to sabotage computer systems at the Iran
nuclear plants (Pinguelo, Lee and Muller, 2012). This worm made computers give
wrong instructions and led to the malfunction that saw the country’s nuclear
operations after destroying their nuclear centrifuges. Even though the target
was Iran, the worm also affected Pakistan, Indonesia and India. Night dragon is
a program that was in operation from 2009-2011 and was targeted at the largest
multinationals dealing in oil and gas operations (KPMG, 2011). The program
enables the stealing of sensitive data on company operations and strategies.
Similar attacks were reported in 2010 when Google reported that personal
accounts for certain human rights activists had been compromised (Europol,
2012). Governments and government departments have also been subjected to cyber
attacks. In 2011 January, Canada was a victim of cyber attacks with various
government departments being unable to access the internet for a period of 2
months (KPMG, 2011). In 2009, the US’s Pentagon was hacked into stealing
sensitive data hence compromising the production of the country’s costliest
weapon ever to be made: the F-35 Lightning II (Global Economic Symposium, 2012).
There are various
technologies that are used to advance cybercrimes. Viruses and worms are used
to attack the storage devices they tend to replicate information hence jamming
the computers. Some viruses also hamper the normal functioning of computers
(ITU, 2009). Scareware is used to trick users to download software disguised as
antivirus. The attackers then demand payment to remove such viruses (KPMG,
2011). Phishing attacks on the other hand include specially designed programs
that are able to capture passwords to users’ accounts and use the information
to effect financial transactions or pose as the user in social sites (Will,
2011). Cybercriminals also use fiscal fraud tactics that target official online
payment systems and can hamper the transactions of businesses and government
agencies. With the growth of cybercrime, attention is being turned towards
fighting the vice. However, there are challenges that need to be overcome
before such risk mitigation measures can be effective.
Implications for rising cybercrime
Over 148,000 computers are affected by
viruses around the world on a daily basis (KPMG, 2011). The increase in the
crime leads to the escalation of costs. Governments and corporations have to
spend in order to restore their systems after a cyber attack. In 2011, the UK’s
costs attributed to cybercrime were estimated at $43 Billion (Global Economic
Symposium, 2012). Theft of intellectual property and espionage activities made
the greatest proportion of the estimates. In Germany, phishing activities are
believed to have risen by 70% to hit the $22 million mark in 2010 (KPMG, 2011).
The costs related to cybercrime are not only related to restoration of systems;
they also include the cost of anticipating and preventing the crimes,
reputational damage discouraging online transactions, and the cost of
compensating persons whose security has been compromised by the crime (Doyle,
2009). These costs are very high and governments around the world are exuding
increased determination to fend of the vice.
Developments in the fight against
cybercrime
Advanced technologies have seen
countries develop databases that allow for identification and apprehension of
cybercriminals (Dominique, 2011). Countries have in realisation of the
seriousness of cybercrime come up with legislations to help in fighting it. For
instance, in 2010, the FBI established a separate division to address
cybercrime (Cybercrime and Trustworthy Computing Workshop, 2010). In the UK, a
special division of the police, the Police Central e-Crime Unit was established
to collaborate with corporations and other government agencies to step the vice
(Brenner, 2010). China has also been keen to defeat cybercrime despite the fact
that it is believed to be the largest source targeted hacking attacks. In 2009,
China incorporated cybercrime into its laws in an important first step in their
fight against the vice (KPMG, 2011).
In realisation of the
borderless nature of cybercrime, various international agencies have been
formed to coordinate cross-border efforts in the fight against the vice.
Europol created the European Union Cyber crime Task Force. This task force
shares information with European governments to inform them on developments in
the cyberspace, risks involved and how to counter such risks. In 2010, NATO
approved a proposal to create a network that coordinates efforts against
cybercrimes in member countries (Cybercrime and Trustworthy Computing Workshop,
2010). Despite these initiatives, cybercrime remains a big challenge with the
intergovernmental agencies seen to be largely ineffective due to the sensitive
nature of international law enforcement practices.
Challenges faced in cybercrime
mitigation efforts
Cybercrime remains very challenging due
to a number of reasons. To begin with, cybercrime is borderless (Ghosh, 2010).
A cyber attack can be initiated in one part of the world and executed in
another. The internet’s reach and subsequent flow of information does not
respect political and national boundaries. This increases the complexity of
cybercrime investigations and this often requires cooperation with governments
in countries where the crimes have been committed or originated. In most cases,
cybercriminals will pre-empt the direction investigations will take and situate
their operations in locations which are either difficult to trace or regions
that are outside of the jurisdiction of investigators (Clifford, 2011). Effective
mitigation of cybercrime would require that there be a global agency that can
access security data in different countries. This requires cooperation. This
may be difficult as countries tend to be uneasy when it comes to letting
international agencies access their systems. There may be issues arising from
such agencies accessing state secrets and leaving the countries in question
vulnerable. Such a regime would also need that laws in most countries and
judiciary processes be made similar (Europol, 2012). This would ensure that
crimes can be punished in any country. However, this goes to the core of
sovereignty. There are many countries that are yet to criminalise cybercrime.
China only did so in 2009 after immense pressure from their trading partners in
the West. Cybercrime is truly global in nature and can only be controlled
effectively once regulatory agencies and judiciary systems embrace a global
approach (Europol, 2012). This is still long in coming.
There has been a
significant growth in the underground cybercrime economy with sensitive
information as the main commodity. This economy is quite lucrative and players
often tend to realise great returns on their efforts in the crimes. Economic motivation is a very powerful force:
it forms the basis for most human actions (Smyth, 2010). The realisation that
extraordinary skill could be used to yield returns that are higher than average
motivates people with great computer skills to explore this option. The
information gathered through cyber attacks are distributed and sold to
interested parties. For instance, research reveals that in the US, bank account
information, credit card data, and email account information trades at about
$125, $30 and $12 respectively (KPMG, 2011). The data acquired can then be used
in purchases and other monetary transactions. The fact that the economy is
underground makes it extremely difficult to investigate. The players in the
industry are little known and it is even more difficult to capture sustainable
evidence that can secure convictions in courts of law (Clifford, 2011). This
ambiguous nature of the sector similar to that of illicit drugs; where
authorities have tried to eradicate drug peddling for decades without much
success.
The other challenge
faced by governments relates to the dynamic nature of cybercrime. New
technologies are developed on a daily basis and this makes it difficult for law
enforcement agencies to keep up with such changes. Such an initiative would
require lots of skilled employees. The private sector offers better packages
and skilled people tend to prefer the private sector to the public sector
(Europol, 2010). Cybercrime is also such that it can be initiated by a single
person with its effects often very grave. It would normally require teams to
develop countermeasures. This means that the law enforcement agencies will at
any particular point be outnumbered by cybercriminals in terms of the actual
volumes of work to be undertaken. The UK cybercrime unit of the police is run
by a mere 40 core team members (KPMG, 2011). Similar problems are experienced
in Australia with cases piling up for lack of adequate labour and skill to
resolve them (KPMG, 2011). Cybercriminals are ever researching on new ways of
committing the crime and when they discover one, it takes a relatively long
time before regulators are able to come up with a countermeasure (Cybercrime
and Trustworthy Computing Workshop, 2010). This even leads to a situation where
governments could stay offline for days while erecting firewalls. In a recent
development, the US senate introduced debate on a legislation in 2011 allowing
the president to shut down the internet in the entire country in the event that
there was a massive cyber attack (Europol, 2012). Such a move would have
far-reaching repercussions with the economy losing billions of dollars per
day.
The rise in cybercrime
is made worse by the growing popularity of pirated software. Pirated software
tends to be more prone to cyber attacks with increased vulnerability to
viruses, trojans and malware (Smyth, 2010). The piracy covers various types of
software and applications as well as security software. Counterfeiters tend to
develop antivirus software which is available for free on trial basis and very
easy to install. Such software may be used to weaken firewalls or even capture
passwords from a computer. For instance, the Conficker virus that spread
rapidly around the world in 2008 is believed to have been able to spread quickly
due to lack of regular updates for unlicensed software (KPMG, 2011). The same
applies to applications such as computer games which are increasingly popular
around the world. These systems could compromise security of computer systems
and make them prone to cyber attacks. Piracy rates have been buoyed by the
rising number of computers in emerging countries such as China and Brazil. The
piracy market in China is believed to be the largest with over $19billion spent
on pirated software in 2009 as compared to India’s $2billion in the same year
(KPMG, 2011). In the Gulf cooperation countries, pirated software is believed
to stand at 50% of all software (KPMG, 2011).
Recommendations for overcoming
challenges
The underground economy can be weakened
by the targeting of underground forums in a move that could interrupt the
circulation of powerful and easy to use cybercriminal tools. Such tools include
botnets and malware kits. Governments and agencies should disrupt the
infrastructure in the underground economy and dismantle the ‘bullet proof’
hosting companies (Dominique, 2011). Since most of the crimes are directed at
the financial sector, there should be cooperation with banks which can
volunteer information on the sources of the cyber attacks. The information
could then be used in cooperation with other government agencies to identify
developer groups and disable their infrastructure. There should also be an
active system of gathering information and submitting it for analysis. Such
analyses help in identifying trends and moving to curb them.
The only solution to
overcoming the borderless nature of the crime is to develop systems that can be
effected around the world. This calls for international pressure on countries
that are yet to criminalise the vice and develop special agencies which can
then cooperate with their counterparts around the world. This could be made even more effective by
introduced centralised agencies that coordinate activities against cybercrime
in every region.
Antipiracy laws should
be enforced around the world are weed out all pirated software from the world
economy. Such a move would make computer systems less vulnerable to cyber
attacks and would also help in tracing the sources of the attacks in the event
that they actually occur.
Conclusion
Cybercrime has been on the rise around
the world and this has had regulatory agencies jittery as they move to curb the
vice. However, there have been some major challenges that have seen theiur
efforts become largely fruitless. For instance, cybercrime is borderless. The
virus, Trojans and phishing attacks can be coordinated from different countries
and that makes it difficult for a single country to effectively regulate it.
This implies the need for cooperation between countries in a move that would
see countries establish agencies that can share intelligence and work in
synergy with each other. The other challenge hinges on the fact that cybercrime
is developing into a lucrative underground industry. The computer geniuses are
quickly running to the vice to make quick riches and this makes it difficult to
curb the vice. This challenge can be overcome by targeting and destroying the
infrastructure of such underground economies and making it difficult for code
developers and others to do so without proper supervision. Piracy is not only a
concern in relation to cybercrime; it also causes great losses for companies
and individuals that produce the genuine software. By curbing piracy, software
in most computers would be less prone to cyber attacks and this could go a long
way in reducing the spread of cybercrime. Cybercrime is a major risk in global
business and governance and it is important that efforts be made to stop it.
Brenner, S.W., 2010. Cybercrime: criminal threats from cuberspace. Santa Barbara, Calif:
Praeger
Clifford, R., 2011. Cybercrime: the investigation, prosecution and defense of computer
related crime. Durham, N.C: Carolina Academic Press
Cybercrime and Trustworthy Computing Workshop, 2010.
Second Cybercrime and Trustworthy
Computing Workshop: CTC 2010 proceedings. Los Alamitos, Calif: IEEE
Computer Society
Dominique, V., 2011. Cybercrime: issues. (Online) Available at:
http://alpha.lib.uwo.ca/search~S20?/Xcybercrime&searchscope=20&SORT=D/Xcybercrime&searchscope=20&SORT=D&SUBKEY=cybercrime/1%2C104%2C104%2CB/frameset&FF=Xcybercrime&searchscope=20&SORT=D&3%2C3%2C
(Accessed 29 March 2012)
Doyle, C., 2009. Cybercrime
and its implications. New York: Nova Science Publishers
Europol, 2012. Fighting
cybercrime a major challenge for global society. (Online) Available at:
https://www.europol.europa.eu/content/simplenews/fighting-cybercrime-%E2%80%93-major-challenge-global-society-1249
(Accessed 29 March 2012)
Ghosh, S.M, 2010. Cybercrimes: a multidisciplinary analysis. Berlin, Heidelberg:
Springer-Verlag Berlin Heidelberg
Global Economic Symposium, 2012. Dealing with cybercrime- Challenges and
Solutions. (Online) Available at:
http://www.global-economic-symposium.org/solutions/the-global-polity/cybercrime-cybersecurity-and-the-future-of-the-internet/strategyperspectivefolder/dealing-with-cyber-crime-2013-challenges-and-solutions
(Accessed 29 March 2012)
ITU, 2009. Understanding
Cybercrime: A guide for developing countries. (Online) Available at:
http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-understanding-cybercrime-guide.pdf
(Accessed 29 March 2012)
KPMG, 2011. Issues
Monitor: Cybercrime- A growing Challenge for Governments. (Online)
Available at:
http://www.kpmg.com/Global/en/IssuesAndInsights/ArticlesPublications/Documents/cyber-crime.pdf
(Accessed 29 March 2012)
Pinguelo, F.M., Lee, W., Muller, B.W., 2012. Virtual
crimes, Real Damages. Virginia Journal of
Law & Technology, 17(1), pp. 5-19
Smith, R.G., 2007. Crime control in the digital age:
an exploration of human rights implications. International Journal of Cyber Criminology, 1(2), pp. 167-179
Smyth, S.M., 2010. Cybercrime in Canadian criminal law. Toronto: Carswell
Will, G., 2011. Cybercrime
and espionage: an analysis of subversive multivector threats. Boston:
Elsevier/Syngress
No comments:
Post a Comment