NESTA Crime Online - University of Brighton Repository

More documents

Recommendations

Info

The Cybercrime Digital Ecosystem This study has shown that management study’s methodology is a useful tool for explaining, analysing and understanding cybercrime. Value Chain Analysis The concept of a value chain is a simple but very effective way to explain how innovation can help to tackle cybercrime. Value chains describe the sequence of activities that are required to make a product or service, from conception to delivery and disposal. They operate within an ‘ecosystem’ or environment where businesses cooperate and compete. This sequence of activities involves the combination of inputs from various actors, which are increasingly distributed globally. This idea emphasises the global reach of economic activities, and its central concern is to unpack the relationships between the actors involved in producing a good or service. Value chain analysis allows us to grasp the big picture of cybercrime and give perspective to the individual anecdotes and isolated figures that are reported daily. It also highlights the need to understand the distribution of power along the chain. The cybercrime value chain is virtually coordinated by both buyers and producers of crimeware (malicious software designed to automate financial crime). This analysis recognises the importance of the power asymmetries in global value chains, particularly who leads the overall character of the chain and who governs it? The concept of governance is crucial for three main reasons. First, leading actors in the chains can have a major impact in creating and shaping new markets. Second, leading actors will have a major role in determining the price, quality and speed of production. Third, leading actors will have a major role in determining the distribution of gains and profits along the chain. Innovation is a major force for the continuous improvement of products and processes. However, value chain analysis stresses that innovation needs to be placed in a relative context, in particular, compared to competitors. ‘Upgrading’ is the term used for this process of innovation in an industry formed by many global actors competing and integrating with each other. Page 4
Dynamic Capabilities The second component relates to capabilities. A firm’s capability is “a collection of routines that confers upon an organisation’s management the ability to produce significant outputs of a particular type”. However, analysts argue that dynamic capabilities – the capacity to adapt to rapidly changing environments – are required to create and sustain competitive advantage in a changing business environment. Such capabilities therefore underpin the ability of an organisation to make best use of new equipment or technologies to produce novel and innovative products or services. They improve their productivity and competitive advantage. As with firms that deploy home- grown capabilities to create competitive advantage or a market niche, cybercriminals appear to also have some in-house capabilities to carry out their activities and easy access to buy in the required capabilities. In part, this may be due to a complete absence of norms and legislation and the eclectic mix of actors and their characteristics that exist within the cybercrime world. Business Models The third component of the cybercriminals’ world is that of business models. The position of firms and its activities in the value chain is an important determinant of how it approaches business and generates a profit. Common to all definitions of business models is an emphasis upon how a firm makes money. Business models have the added attraction of being potentially comparable across industries. Therefore, in the context of this study, business models refer to the way in which different cybercriminals specifically generate revenue, and the nature of the arrangement they have with their customers and suppliers in the value chain. Future Trends in Cybercrime The organisational and technological capabilities of cybercriminals, especially in the absence of a global counter-strategy, will likely deepen and widen into the foreseeable future. As cyberspace develops further, so new opportunities will open up for organised crime groups. Crimes such as electronic theft and fraud will occur more rapidly, reducing the likelihood of being caught in the act. Information about how to compromise a system will be available more quickly and to more people, which means that opportunistic criminals linked into networks of organised criminals will come to dominate and define the world of Page 5
Page 1 and 2: Research report: July 2009 Crime on
Page 3: ‘official’ statistics exist yet
Page 7 and 8: economics (finance, micro-, macro-)
Page 9 and 10: 2.3 Cybercrime business models 73 2
Page 11 and 12: we focus on financial cybercrime. O
Page 13 and 14: measure all other statistical outpu
Page 15 and 16: fraud. Their methodology is still b
Page 17 and 18: opportunity for online theft of cre
Page 19 and 20: However, the recent increase in fra
Page 21 and 22: penalties for those who make fraudu
Page 23 and 24: Source: Elaborated from CIFAS onlin
Page 25 and 26: The rise of online and telephone ba
Page 27 and 28: ecruitment marketplace for cybercri
Page 29 and 30: Figure 6: Origin and destination of
Page 31 and 32: corporate blackmail, spam attacks a
Page 33 and 34: Nigerian criminal gangs in North Am
Page 35 and 36: the fastest growing segments. Howev
Page 37 and 38: 2 Digital ecosystem Innovation stud
Page 39 and 40: A digital business ecosystem is one
Page 41 and 42: actors, which are increasingly dist
Page 43 and 44: Figure 8: The cybercrime value chai
Page 45 and 46: tool is used by security and networ
Page 47 and 48: writers do not necessarily know how
Page 49 and 50: conceal this. Third, the device con
Page 51 and 52: Fraud on fraudster The most recent
Page 53 and 54: and facilitated by an explosion in
Page 55 and 56:
The Storm botnet case study: the su
Page 57 and 58:
accelerating on a monthly basis. Wi
Page 59 and 60:
improvement and the introduction of
Page 61 and 62:
that employees are more concerned a
Page 63 and 64:
origin or signature or a presence o
Page 65 and 66:
few simple words and a web link, wh
Page 67 and 68:
web 2.0 sites (such as, social netw
Page 69 and 70:
Source: John Leyden, “Trojan traw
Page 71 and 72:
Cybercriminals find e-gold a conven
Page 73 and 74:
ecosystem at various levels, creati
Page 75 and 76:
expertise they need to perpetrate o
Page 77 and 78:
are often offered for bulk purchase
Page 79 and 80:
Crimeware-as-a-Service (CaaS): Para
Page 81 and 82:
no dominant force. Unlike tradition
Page 83 and 84:
is taken, priority is understandabl
Page 85 and 86:
particularly good one, since consta
Page 87 and 88:
outreach needs to be evaluated to e
Page 89 and 90:
some of these firms may have adopte
Page 91 and 92:
esilience must now surely be of con
Page 93 and 94:
7) Click fraud: also called pay-per
Page 95 and 96:
20) Pharming: is a scamming practic
Page 97:
Acknowledgements Numerous people as
show all

NESTA Crime Online - University of Brighton Repository

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?