NESTA Crime Online - University of Brighton Repository

More documents

Recommendations

Info

In the UK a national initiative is urgently required, which is followed up at a regional level and in international forums. The UK should co-ordinate the national fight against cybercrime in partnership with other international actors. For this purpose, combining resources and sharing information across national, regional and international intelligence forces becomes crucial. European Union member states need to make common cause. Given that so many cybercrime operations take place in developing countries, aid agencies need to be persuaded to become significant stakeholders – having already become involved in police reform programmes, this is an institutionally legitimate area of development. The value chain analysis illustrates the disperse nature of cybercrime – multiple actors involved in the processes of detecting vulnerabilities, infection, distribution and exploitation – which makes it difficult to identify the criminals. Once crimes are perpetrated, there is a question as to who bears the costs? In this process, the victims of cybercrime – often individuals – tend to become powerless receiving mixed information from police, banks or retailers. One of our interviewees 245 strongly recommended that the protection of citizens needs to be at the heart of any new initiatives to combat cybercrime. The fundamental problem within the private sector is transparency. Simply put, the high street banks have been reluctant to release adequate information. The recent, fundamental shift in the relationship between these institutions and government as a result of the financial crisis should be used to apply leverage to encourage greater information sharing and analysis. It is also unclear to what extent the banks work together in this area but there is a strong suspicion that efforts are atomised, whereas cooperation would offer a far better use of resources. Banks should also be encouraged to pledge a percentage of profits or turnover to combating cybercrime. A similar response is required in relation to the independent security firms that track and analyse cybercrime. There is little transparency with regard to capabilities and methodologies. In the absence of such information, there is a tendency to suspect that 245 Interview with Michael Hallowes, National Policing Improvement Agency (NPIA), 2 nd April 2009. Page 88
some of these firms may have adopted methodologies and techniques that inflate the scale of the problem and the level of vulnerability, not least as a means of generating business. Here again, government intervention is required to develop a code of practice for the private sector which could be enforced by an Ombudsman. Both the private and the public sectors are increasingly looking to the policy research and academic communities for a greater input into understanding and analysing cybercrime, especially with regard to ‘over-the-horizon’ perspective. Although cybercrime research is now an accepted criminology sub-discipline, it remains in a developmental stage. More criminologists (and IT experts) need to be trained in this area, although it has begun to attract the attention of the UK research councils. 246 At the regional and international level, genuine institutional partnerships and networks need to be forged, developed and maintained. There is an urgent need for research on the different approaches that individual countries have taken to combat cybercrime. 247 As is often the case, efforts to combat cybercrime would be greatly enhanced if greater collaboration and co-ordination could be achieved; in policing, this would seem to be the main raison d’être for the creation of the E-Crime Unit. However, co-ordinated activities need to be looked at across the board. Financial cybercrime is increasing exponentially. In due course it will begin to affect a global banking system already severely weakened by the global financial crisis. The system cannot continue to mask the scale and nature of the problem by compensating, in good faith, the victims of theft and fraud (and then presumably passing on the costs to their customers). Co-ordination and collaboration can make the best use of the limited resources available that may not increase in the future to anything like the level required. Our research has clearly indicated that there is no technical fix available. One of the most difficult policy areas concerns individual lapses in personal security – the human dimension. 246 The UK’s Technology Strategy Board has recently begun to devote funding for the creation of centres for the development of security technologies. 247 France, for example, is thought to have fared less badly on account of relatively strict state controls over the overall banking system, whereas the US banking system is particularly vulnerable. Page 89
Page 1 and 2:
Research report: July 2009 Crime on
Page 3 and 4:
‘official’ statistics exist yet
Page 5 and 6:
Dynamic Capabilities The second com
Page 7 and 8:
economics (finance, micro-, macro-)
Page 9 and 10:
2.3 Cybercrime business models 73 2
Page 11 and 12:
we focus on financial cybercrime. O
Page 13 and 14:
measure all other statistical outpu
Page 15 and 16:
fraud. Their methodology is still b
Page 17 and 18:
opportunity for online theft of cre
Page 19 and 20:
However, the recent increase in fra
Page 21 and 22:
penalties for those who make fraudu
Page 23 and 24:
Source: Elaborated from CIFAS onlin
Page 25 and 26:
The rise of online and telephone ba
Page 27 and 28:
ecruitment marketplace for cybercri
Page 29 and 30:
Figure 6: Origin and destination of
Page 31 and 32:
corporate blackmail, spam attacks a
Page 33 and 34:
Nigerian criminal gangs in North Am
Page 35 and 36:
the fastest growing segments. Howev
Page 37 and 38: 2 Digital ecosystem Innovation stud
Page 39 and 40: A digital business ecosystem is one
Page 41 and 42: actors, which are increasingly dist
Page 43 and 44: Figure 8: The cybercrime value chai
Page 45 and 46: tool is used by security and networ
Page 47 and 48: writers do not necessarily know how
Page 49 and 50: conceal this. Third, the device con
Page 51 and 52: Fraud on fraudster The most recent
Page 53 and 54: and facilitated by an explosion in
Page 55 and 56: The Storm botnet case study: the su
Page 57 and 58: accelerating on a monthly basis. Wi
Page 59 and 60: improvement and the introduction of
Page 61 and 62: that employees are more concerned a
Page 63 and 64: origin or signature or a presence o
Page 65 and 66: few simple words and a web link, wh
Page 67 and 68: web 2.0 sites (such as, social netw
Page 69 and 70: Source: John Leyden, “Trojan traw
Page 71 and 72: Cybercriminals find e-gold a conven
Page 73 and 74: ecosystem at various levels, creati
Page 75 and 76: expertise they need to perpetrate o
Page 77 and 78: are often offered for bulk purchase
Page 79 and 80: Crimeware-as-a-Service (CaaS): Para
Page 81 and 82: no dominant force. Unlike tradition
Page 83 and 84: is taken, priority is understandabl
Page 85 and 86: particularly good one, since consta
Page 87: outreach needs to be evaluated to e
Page 91 and 92: esilience must now surely be of con
Page 93 and 94: 7) Click fraud: also called pay-per
Page 95 and 96: 20) Pharming: is a scamming practic
Page 97: Acknowledgements Numerous people as
show all

NESTA Crime Online - University of Brighton Repository

Create successful ePaper yourself

Delete template?

Save as template?