Cybercrime is a topic in which public and governmental understandings have long been shaped by cultural constructions and the almost theatrical politics of security. In recent years, however, the Cybercrime stakes have risen with more professional and state engineered attacks, more commercial cybercrime and it being used to spread hate. As a consequence, Cybercrime has risen up the political agenda and it has come to be taken much more seriously. Our societal responses to it are now framed by Governmental Cyber-security strategies and policies, yet a simple reading of the situation suggests that we still have some way to go to improve our understanding of the actual problem.
The author has decided to review the following research paper written by C. Hargreaves and Dr D. Prince (2013) “Understanding Cyber Criminals and Measuring Their Future Activity Developing cybercrime research”, Lancaster University, which is particularly relevant to this topic of cybercrime because it covers the interdisciplinary across the subjects of the sciences and social sciences and yet still manages to emphasise upon the need for a greater focus and understanding upon the victims and offenders. The research paper goes a long way to identify the normal phenomenon about cyber-crime on that there is a need to fully understand the role of technologies and/or individuals not to make any sudden knee jerk reactions to cyber-crime. It also highlights the need to develop standard protocols for data and also agree on mechanisms for the capture of that data. It also requires and acknowledges the need to develop a more sophisticated knowledge and understanding of offenders and their victims.
Throughout the paper it was apparent that during the research the authors came across the same everyday attitude and findings towards cyber-crime in that from the research it was difficult to fully define cybercrime, the authors did however identify why the felt that it was difficult to do so. “Firstly cybercrime encompasses a broad spectrum of offences many of which can be traced back to traditional crimes; the question is then raised as to whether new definitions and laws are needed or whether amendments to existing legislation are all that is required. Cybercrime is a relatively new crime, in which government agencies, law enforcement bodies, businesses and academics have deliberated over in an effort to come to an overarching definition. Dependent upon the organisation defining the crime some discrepancies exist, however there are two fundamental categories, computer enabled and computer dependent crime. Computer enabled crime is a traditional crime facilitated by technology whilst computer dependent crime is a crime which could not exist without new technology.” This is a true argument in my belief because it is becoming more and more difficult to fully identify what crime category does cyber-crime fall into? Also it appears that due to the improvement within technology and the intervention of various technological advances also muddy’s the differences between computer enabled and computer dependant crime.
The research paper compiled that the broad categories of computer enabled and computer dependent crime it is important to develop mechanisms to be able to judge the extent to which either should be selected. The workshop discussed utilising the following concepts:
- Force Amplification: A simple analogy here is that of physical harm with or without the use of a weapon. The level of harm that the average person can achieve with a weapon is far greater than that without. Similarly the amount of harm that can be caused with digital technology can be greatly amplified, for example, consider fraud via spam. If a fraudster had to send a letter to each target then the number of targets would be greatly diminished. The use of digital technology and communications enables the criminal to be able to interact with potential victims on a global basis.
- Entry Barrier: A significant feature of all technology is that it significantly reduces the entry barrier for people to commit a criminal activity, consider copyright theft. In this instance, the digital replication of any copyright protected information, music, film, literature, is relatively trivial given the currently available technology.
By utilising these two comparative properties crimes involving digital equipment may be compared for equivalency but also classification as computer enabled or computer dependent. This has a potentially significant advantage for the legal system in two respects. Firstly it presents the impact that technology played in the crime via a mechanism that does not rely on technical details that a lay person would find difficult to comprehend. Secondly it facilitates a comparative approach for prosecution and sentencing decisions which are again technology agnostic. This is an important principle that should be considered going forward, “Focus on the impact of the technology not on the technology itself”. The parting line here is fully agreeable because too much emphasis is placed upon trying to define and identify the effects of the technology then on the actual effects caused by the technology during the crime.
The research paper goes onto discuss the datasets that can be identified and used to study and identify a standardised process, but again it is only stepping stones to fill the knowledge gap that will always have is difficulties in obtaining a true and accurate picture across all fields and entities. If these findings were utilised properly and in the future it will enable and possible identify true accounts of the victims on the receiving end of the crimes and also establish the facts behind the offenders and their reasoning behind conducting these types of crimes. It is my belief that offenders feel that they are not conducting these crimes against a human being but more to a technological system because they do not see the human face! Establishing whether victims of cybercrime are a specific group of people will help to target preventative methods and resources. Through a victim information database researchers can investigate the characteristics of the victims to develop our understanding of who they are and determine if specific groups of people are more vulnerable to cyber-attacks and if so the reasons why. Following this information the common characteristics of the victims can be identified. For example, it may become apparent that the majority of victims were of the age 25 to 30, if this is the case preventative methods, such as educating them on how to stay safe online, could be targeted to this age group.
The paper also identifies the need of a better understanding of whom the criminals and victims are in terms of their characteristics thus it will help deliver appropriate interventions along with further research required on cybercrime data to enable a critical research against traditional crime along with the research into why individuals commit crime when others do not, and to ascertain how these individuals are different to law abiding citizens is essential if we are to tackle cyber criminality.
With this analysis and results it would enable the wider community to have a clearer understanding and education into shaping policy in terms of detection, intervention and punishment. These facts will also provide the benchmark for future regulations and legislation improvement when tackling cyber-crime.
This research really does sit will within what I see as the fundamental issues with cyber-crime and the information that is available; it appears that there is a flaw in the definition and the distinguishing between computer enabled crime and computer dependent crime which has a reasonably robust set of criteria for assessment as embodied by legislation such as the Computer Misuse Act. Computer enabled crime embodies the transformation of conventional crime (covered by current legislation) by digital technology.
For this research and any progression in this field it would require the discussion of possibility of an alternative to developing new legislation to handle computer enabled crime. Instead new sentencing guidelines could be developed for existing criminal offences where technology is seen as an aggravating or reducing factor in the commissioning of the crime. This provides the court service greater flexibility in sentencing, but also enables the courts to remain dynamic enough to keep up to date with the evolving use of technology in the commission of crimes.
Also it is without a shadow of doubt beneficial to conduct future analysis in the area surrounding victimology and distinguishing criteria that could enable preventative and protective measures to be developed and deployed to protect potential victims.
Farrington, D.P. (1992). ‘Criminal Career Research in the United Kingdom,’ British Journal of Criminology, Vol.32, No.4.
Francis, B., Soothill, K. and Ackerley, E. (2004). ‘Multiple Cohort Data, Delinquent Generations, and Criminal Careers,’ Journal of Contemporary Criminal Justice, Vol. 20, No.2, May, 103-126.
Holt, T. J. (2010). Exploring strategies for qualitative criminological and criminal justice inquiry using on-line data. Journal of Criminal Justice Education, Vol.21, 300-321.
Holt, T. J., Soles, J., and Leslie, L. (2008). Characterizing malware writers and computer attackers in their own words. Paper presented at the 3rd International Conference on Information Warfare and Security, April 24-25, in Omaha, Nebraska.
Holt, T.J., Strumsky, D., Smirnova, O. & Kilger, M. (2012). Examining the Social Networks of Malware Writers and Hackers. International Journal of Cyber Criminology, Vol.6, No.1, 891-903.
Macloed, J.F., Grove, P.G. and Farrington, D.P. (2012). Explaining Criminal Careers: Implications for Justice Policy, Oxford: Oxford University Press.
Soothill, K., Fitzpatrick, C. and Francis, B. (2009). Understanding Criminal Careers, Devon: Willon Publishing.
Wall, D.S. (2007/10).Policing Cybercrimes: Situating the Public Police in Networks of Security within Cyberspace (Revised May 2010), Police Practice & Research: An International Journal, Vol.8, No.2, 183-205.
Copyright | © 2017 Stephen Langley
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
About the Author
Stephen Langley is an accomplished Senior Security Professional and Brand Protection Manager, who has expertise in compliance related investigations. Stephen holds a degree in UK Law (LLB) that he attained from the Open University and a MSc in Security Management that he obtained from the University of Portsmouth and also various Leadership and Management qualifications.
Other Publications from Stephen
Langley S. (2016). ‘Insider Threat’ in M. Petrigh (ed.) Security and Risk Management: Critical Reflections and International Perspectives, Volume 1 (pp. 37-68). London: Centre for Security Failures Studies Publishing
Subscribe to Stephen’s Articles
Readers who would like to receive an automatic notification every time Stephen Langley publishes a new Article on our Blog can subscribe via FeedBurner, either by email or RSS.
The opinions expressed in this Article are those of the author and do not reflect the opinions of the Centre for Security Failures Studies or its Editors or its Members. Neither the Centre for Security Failures Studies nor the author of this Article guarantee the accuracy or completeness of any information published herein and neither the Centre for Security Failures Studies nor the author shall be responsible for any error, omission, or claim for damages, including exemplary damages, arising out of use, inability to use, or with regard to the accuracy or sufficiency of the information contained in this Article.
Your Opinion Matters
Do you have anything to say about this article, the issues it revealed or the insights it gave you? Was it useful, did you like it?Interact with the author of this Article and other security and risk professionals by using the comment box and the “like button” placed just below.