Cybercrime and Cybersecurity – SOC3075
Dr Michael McGuire
NO SESSION ON WEEK 9 (8TH OF APRIL NO LECTURE OR SEMINAR).
Assignment 1 = 2,000-word essay (50%) due by Wednesday 9 th of March at 4pm.
1. To what extent could it be said that there was cybercrime or cybersecurity prior to the
advent of digital networks?
2. ‘The misuse of malware is best characterised as a ‘cyber-dependent’ crime.’ Can this claim
be defended?
3. Identify some of the ways in which computer hacking has changed since the early 1990’s. –
think about the history of cybercrime, it has a track record. Who were the hackers in the
1990s, who are they now?
4. ‘DDos attacks present a more serious threat than ransomware attacks in the long term’.
Discuss. – An evaluation to analyse threats and what that means for societies, companies,
and states in the long term, why might this be relevant to ransomware opposed to DDos.
Assignment 2 = 2,000-word essay (50%) due by Tuesday 24 th of May at 4pm.
Your work will be directly assessed in terms of the following criteria:
Level of understanding
Quality of analysis/argument
Use of literature and other sources
Relevance to question/objectives
Structure and organisation
Insight, creativity & originality
Presentation/expression
Referencing
Week 1
Lecture 1 – 11/02
What is the Relationship between Cybercrime and Cybersecurity? It is very unclear.
‘Cyber’: William Gibson’s ‘The Neuromancer’ is a science fiction novel which includes the idea of
cyberspace. It is an idea that you can connect with others through networks an enter a realm
called cyberspace.
Cybercrime:
No universally accepted definition – it is a contested term
Not even a standardly agreed name, it has been referred to as:
E-crime
Internet crime or net crime
Computer crime
Hi-tech crime
Technocrime
Ambiguous legal status – there is no specific law in the UK or most jurisdictions –
CYBERCRIME IS NOT A CRIME!!
No legal controls of any form related to networks until the 1990’s.
,For example:
In 1984-85 two individuals able to obtain unauthorised access to British Telecom's Prestel interactive
‘viewdata’ service. They did this by a technique now known as ‘shoulder surfing’ - observing the log
on details of a Prestel engineer (username: 22222222 password – 1234).
Also managed to gain access to Prince Phillips mailbox causing consternation in government and
embarrassment to BT. People demanded revision on how to deal with the demands for prosecution.
The lack of relevant legislation meant both were tried under the Forgery and Counterfeiting Act 1981
- because ‘they had ‘forged’ the password (or PIN) to gain System Administrator privilege.
However, both appealed - and were acquitted by the House of Lords because there was no material
gain from the entry they gained; this marks the dawn of the internet era there was no specific UK
law against hacking!
Perceptions, Myths and Realities of Cybercrime
Early cybercrime tended to be interpreted as ‘Crime using a computer’ as the computer was
a defining characteristic.
Forbes (2017) found Americans worry the most about cybercrime (‘having personal, credit
card or financial information stolen by computer hackers’); hackers are now the main kind of
cybercriminal.
The UK national security strategy regards cybercrime as a tier 1 threat – the most serious.
Do hackers have a paedophile background? The NSPCC (2016) claim an increase in sexual
predators targeting children online.
Clapper (2013) claims cybercrime replaces terrorism as the biggest threat!
There is an ‘arms race’ between cybercriminals and cybersecurity.
Cybersecurity largely depends upon acquiring the most powerful, up-to-date tech to install
the best protecting software.
There are many challenges in researching and measuring cybercrime e.g., the lack of material
evidence; how do we acquire knowledge about cybercrime?
Defining Concepts of Cybersecurity:
There is no agreed origin to the term ‘cybersecurity’.
It is largely a ‘reactive’ concept which responds to ‘cyber-attack’.
Related to the technologies, processes and controls designed to protect digital systems,
networks, programmes, devices and content.
Defining Concepts of Cybercrime:
1. ‘Computer Crime’ is a misnomer – it would not exist if computers were not connected.
Therefore, should cybercrime be understood as crimes of a network? Only when you get a
connection between systems, is when crimes become feasible. Society has always been a
network, but not in a digital form. Cybercrime would be better termed as ‘network crime’.
What do computers add to crime, to make it cybercrime?
2. Agency – how do computers proliferate criminal acts? Cyber-dependant crimes = some
crimes are specific to computers (e.g., malware and hacking), however, many cybercrimes
, can be committed without network devices and are known as Cyber enabled crimes (e.g.
fraud, sexual molestation etc).
Cyber-dependent Crimes vs Cyber-enabled Crimes
1. Cyber-dependent crimes - can only be committed by using a computer network, or other
form of ICT. For example, the spread of viruses and other malicious software, hacking, and
distributed denial of service (DDoS) attacks.
2. Cyber-enabled crimes - traditional crimes that can still be committed without ICT but have
increased in their scale, force or reach by the use of computers, computer networks or other
ICT. Crimes which are executed with more victims, force and more effectively with the use of
computers.
The Computer Misuse Act (1990)
The first cyber-specific law was passed in the UK, following the Prestel hack in 1984-85 and outlined
three new offences:
1. Unauthorised access to computer material, punishable by 12 months' imprisonment (and/or
a fine "not exceeding level 5 on the standard scale".
2. Unauthorised access with intent to commit or facilitate commission of further offences,
punishable by 12 months/maximum fine on summary conviction.
3. Unauthorised modification of computer material, punishable by 12 months/maximum fine.
Legal Status of Cybercrime in the USA…
The first cyber specific law, ‘Computer Fraud and Abuse Act’ (1986), was passed in the USA in a
panicked, unconsidered response to regulating the new era of digital crime.
Since then, it has been amended several times and a patchwork of offence specific laws e.g., the
Sexual Offences Act (2003), the Criminal Justice and Courts Act (2015), seek to regulate cyber-
enabled crime.
Examples of a Lack or Failure in Cybersecurity
Human error is the cause of approximately 90 percent of data breach reports data received
by the Information Commissioner’s Office (ICO) between 2017 and 2018.
Equifax breach (2017) – despite known security flaws and warning emails, the leading US
consumer credit reporting agency did not fix them. Personal information of 145m US citizens
& 10m UK citizens were exposed.
Pentagon Phishing Attack (2015) – a simple phishing email probe enabled Russian
intelligence to access data on thousands of US military personnel.
Therefore, cybersecurity is so much more than information security:
Cybersecurity focuses on protecting computer systems from unauthorised access,
information being damaged or made inaccessible.
Information security looks to protect all information assets in either hard copies or digital
forms.
Origins and Interconnections
, Prima facie, cybercrime and cybersecurity have a short history and originate back to only 1991 – the
year when the WWW came into being, bringing with it innovative communication protocols for
networked communication.
The WWW sits upon the internet; the internet is a series of connections.
IT SHOULD BE EXPLICITLY DISTINGUISHED FROM THE INTERNET. CYBERCRIME IS MUCH MORE
BROADLY CONCIEVED, HAS A LONGER DEVELOPMENT PROCESS AND IS NOT SO TECHNOLOGICALLY
DEPENDANT.
The Early Development of Networks
Roads, trading routes, communications systems, computers, the telegraph system (Victorian
Internet) and early phone network.
1930’s – the development of Computers began, but first electronic programmable computer
was the Colossus (1943) developed with help of Alan Turing - mainly used to break German
military codes. The first working digital computer was ENIAC (functional by 1946).
The Early Development of Cybercrime
1953 - IBM had introduced the 701 computer – a commercially available programmable
system with memory storage.
1950s - only around 100 computers in the whole world = no possibilities for cybercrime.
Late 1960 - 1970s - two developments changed this: the development of Arpanet, US
military system for networking computers and the creation of small personal computing
devices (PCs).
Humans and the Technical are always interwoven amongst both cybercrime and cybersecurity.
Do our conception of how threatening cybercrime and cybersecurity are, affect how we
respond to them?
Who are the cybercriminals?
Where does cybersecurity begin/end?
What are the consequences to society in ‘securitising’ digital offending through
implementing drastic measures?
Seminar Activities – 11/02
Activity 1a.
The Tinder Swindler. Conned an estimated $10 million from numerous women by scamming them
online, involved the use of scamming, defraud, theft and forgery.
Significant as Simon Leviev met all the women online and committed most of the crimes via the
internet. He exploited the convenience of online financial operations to commit cyber-enabled crime
without leaving any identifying evidence or personal material which could hold him liable.
The scale of the crime is also significant; not many individuals are able or conspiring enough to
commit a collection of such serious crimes and avoid legal justice or accountability.
Activity 1b.