NESTA Crime Online - University of Brighton Repository

More documents

Recommendations

Info

2.1.3 Governance Value chain analysis highlights the need to understand the distribution of power along the chain. The cybercrime value chain is coordinated via the Internet by both buyers and producers of crimeware. Another central contribution from value chain analysis is the importance it places in characterising the power asymmetries in global value chains. In value chain analysis governance is defined as the power to determine who participates in the value chain, what is produced, how and when, and asymmetries (imbalances) in market power. What matters most is who determines the overall character of the chain and who governs it? The concept of governance is crucial in for three main reasons. First, leading actors in the chains can have a major impact in creating and shaping new markets. Second, they can help determine the price, quality and speed of production. Third, they can help determine the distribution of gains and profits along the chain. Building on this concept of governance, a broad distinction can be made between three types of value chain. The first describes the value chain where buyers set the rules, namely, buyer-driven chains. Buyer-driven chains generally describe those industries in which the specifications of the products are supplied by the large retailers or marketers that order the goods. The second describes industries where key producers, generally commanding vital technologies, coordinate the various links – producer-driven chains. This latter is characteristic of capital and technology-intensive industries. 155 These two basic categories automatically expand if we consider that, first, some value chains exhibit very little governance and, second, some chains may embody both producer- and buyer-driven governance. Given these limitations a third type of value chain has been defined, namely, the Internet-oriented chains, representing the dynamics of firms operating in the expanding digital economy and e-commerce. This distinct chain is composed of the firms that make Internet transactions possible, from computer manufacturers to Internet service providers. These chains are characterised by the virtual integration of their participants 155 Kaplinsky R, and Morris M., (2001), A Handbook for Value Chain Research. International Development Research Centre: Ottawa. Page 52
and facilitated by an explosion in connectivity due to the open and almost cost-free exchange of information. 156 In technology-intensive industries, it has been suggested that the ability to govern often rests in intangible competences (such as R&D and design) into which it is difficult for other firms to break. 157 Inherent to cybercrime is the constant search of new technologies for exploitation; however, this requires substantial investment in R&D, training and human resources, which is where traditional organised crime may have a significant role as investors. Organised criminal groups are gradually diversifying from traditional criminal activities to more lucrative and less risky e-crimes by co-opting a diverse array of technically competent cybercriminals. Although traditional criminal organisations generally lack the technical skills to generate crimeware, they have vast funds from traditional criminal activities to recruit highly skilled individuals and pay for their services, even sponsoring university degrees. Organised crime syndicates are in a position to fund computer science courses at university in return for cybercrime expertise after the course has finished. The chief information security officer for a large multinational recently said: "[cybercrime rings] have research and development programmes, they are putting people through university, 158 they are calculating return on investment and they have better quality assurance. By comparison, the legitimate security industry is under-funded, under- resourced and constantly on the back foot." 159 The preliminary findings for this overview indicate that we can find examples of each of these value chains for various segments of the cybercrime ‘industry’. In certain criminal 156 Gereffi, G., (2001): “Beyond the Producer-driven/Buyer-driven Dichotomy. The Evolution of Global Value Chains in the Internet Era”, IDS Bulletin Vol 32 No 3 2001. 157 Kaplinsky R, and Morris M., (2001), A Handbook for Value Chain Research. International Development Research Centre: Ottawa. 158 Interview with a Tamil who had been charged with credit card fraud. 159 Paul Simmonds of AstraZeneca, quoted in Marshall Kirkpatrick, (23 rd June 2008): Students: The New Hiring Frontier Online, for Good and Evil. See: http://www.readwriteweb.com/archives/students_the_new_hiring_frontier.php. Page 53
Page 1 and 2: Research report: July 2009 Crime on
Page 3 and 4: ‘official’ statistics exist yet
Page 5 and 6: Dynamic Capabilities The second com
Page 7 and 8: economics (finance, micro-, macro-)
Page 9 and 10: 2.3 Cybercrime business models 73 2
Page 11 and 12: we focus on financial cybercrime. O
Page 13 and 14: measure all other statistical outpu
Page 15 and 16: fraud. Their methodology is still b
Page 17 and 18: opportunity for online theft of cre
Page 19 and 20: However, the recent increase in fra
Page 21 and 22: penalties for those who make fraudu
Page 23 and 24: Source: Elaborated from CIFAS onlin
Page 25 and 26: The rise of online and telephone ba
Page 27 and 28: ecruitment marketplace for cybercri
Page 29 and 30: Figure 6: Origin and destination of
Page 31 and 32: corporate blackmail, spam attacks a
Page 33 and 34: Nigerian criminal gangs in North Am
Page 35 and 36: the fastest growing segments. Howev
Page 37 and 38: 2 Digital ecosystem Innovation stud
Page 39 and 40: A digital business ecosystem is one
Page 41 and 42: actors, which are increasingly dist
Page 43 and 44: Figure 8: The cybercrime value chai
Page 45 and 46: tool is used by security and networ
Page 47 and 48: writers do not necessarily know how
Page 49 and 50: conceal this. Third, the device con
Page 51: Fraud on fraudster The most recent
Page 55 and 56: The Storm botnet case study: the su
Page 57 and 58: accelerating on a monthly basis. Wi
Page 59 and 60: improvement and the introduction of
Page 61 and 62: that employees are more concerned a
Page 63 and 64: origin or signature or a presence o
Page 65 and 66: few simple words and a web link, wh
Page 67 and 68: web 2.0 sites (such as, social netw
Page 69 and 70: Source: John Leyden, “Trojan traw
Page 71 and 72: Cybercriminals find e-gold a conven
Page 73 and 74: ecosystem at various levels, creati
Page 75 and 76: expertise they need to perpetrate o
Page 77 and 78: are often offered for bulk purchase
Page 79 and 80: Crimeware-as-a-Service (CaaS): Para
Page 81 and 82: no dominant force. Unlike tradition
Page 83 and 84: is taken, priority is understandabl
Page 85 and 86: particularly good one, since consta
Page 87 and 88: outreach needs to be evaluated to e
Page 89 and 90: some of these firms may have adopte
Page 91 and 92: esilience must now surely be of con
Page 93 and 94: 7) Click fraud: also called pay-per
Page 95 and 96: 20) Pharming: is a scamming practic
Page 97: Acknowledgements Numerous people as

NESTA Crime Online - University of Brighton Repository

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?