Cybercrime is a criminal act using a computer that occurs over the Internet. The Internet has become the source for multiple types of crime and different ways to perform these crimes. The types of cybercrime may be loosely grouped into three categories of cybercrimes. First, the Internet allows for the creation and maintenance of cybercrime markets. Second, the Internet provides a venue for fraudulent behavior (i.e., cyberfraud). Third, the Internet has become a place for the development of cybercriminal communities.
Computer crime has been an issue in criminal justice and criminology since the 1970s. In this venue, the types of computer crimes have been categorized in two ways. First, a prevalent activity is that of criminals stealing computers. Second, criminals use computers to commit crimes. The recent development of the Internet has created a substantial increase in criminals using computers to commit crimes. Thus, an emerging area of criminal behavior is cybercrime.
Cybercrime is a criminal act using a computer that occurs over the Internet. The Internet has become the source for multiple types of crime and different ways to perform these crimes. The types of cybercrime may be loosely grouped into three categories of cybercrimes. First, the Internet allows for the creation and maintenance of cybercrime markets. Second, the Internet provides a venue for fraudulent behavior (i.e., cyberfraud). Third, the Internet has become a place for the development of cybercriminal communities. The purpose of this research paper is to outline and exemplify these different forms of communities. The research paper then shifts into a discussion of policy steps to reduce some forms of cybercrime.
II. Cybercrime Markets
The Internet allows for illicit markets to be created and maintained. The Internet provides its users with an opportunity to hide their identities and to be in remote locations to create and be part of illicit markets. For instance, cybercriminals can use different Web sites to trade (i.e., buy or sell) merchandise illegally through legitimate sources (e.g., eBay) or through illegal sites. Some of theseWeb sites are not able to be traced back to their original sources. While a host of illicit markets exists (e.g., illegal adoptions, surrogate mothers, egg donors, obtaining banned substances, organ donors thieves, forbidden animals, endangered species, and illegal gambling), four markets will be discussed here.
One of the most pervasive forms of cybercrime is digital piracy (Gopal, Sanders, Bhattacharjee, Agrawal, & Wagner, 2004). Digital piracy is defined as the illegal act of copying digital goods, software, digital documents, digital audio (including music and voice), and digital video for any reason without explicit permission from and compensation to the copyright holder (Gopal et al., 2004; Higgins, Fell, &Wilson, 2006). The Internet has facilitated an increase in digital piracy in recent years. Wall (2005) notes four characteristics of the Internet that have enabled individuals to easily commit criminal activity: It allows anonymous communication, it is transnational, it has created a shift in thinking from the ownership of physical property to the ownership of ideas, and it is relatively easy. In addition, Wall contends that the Internet facilitates piracy because it allows the offense to take place detached from the copyright holder, which provides the offender with the perception that the act is victimless.
Several researchers have acknowledged subforms of digital piracy (i.e., audio and video piracy) as being increasingly pervasive (Gopal et al., 2004; Hinduja, 2003). Higgins et al. (2006) defined audio and video piracy as the “illegal act of uploading or downloading digital sound or video without explicit permission from and compensation to the copyright holder” (p. 4). Technological advancements are partly responsible for the increased ease and accessibility of digital piracy. The International Federation of Phonographic Industries (IFPI) (2006) estimates that one in three music discs purchased around the world is an illegal copy. The IFPI further estimates that 37% of all CDs purchased in 2005 were pirated, resulting in 1.2 billion illegal copies purchased worldwide. In fact, the IFPI concludes that pirate CD sales outnumbered legitimate CD sales in 30 markets across the world and resulted in a loss of $4.5 billion from the music industry.
Similar issues take place in the context of the movie industry. To be clear, industry figures indicate that the costs of unauthorized copying and redistribution of movies via physical media (e.g., video cassettes, DVDs, VCDs, etc.) exceed several billion dollars annually. In 2005, the Motion Picture Association of American (MPAA) reported that over 90% of the movies that are initially pirated are due to the use of camcording in movie theaters. The Internet has allowed movie pirates to be able to illegally download movies (MPAA, 2004). In 2004, the MPAA reported that $2.3 billion were lost due to Internet piracy.
Several researchers have argued that college students are likely to pirate almost all forms of digital media (Hinduja, 2003; Higgins et al., 2006). This includes software piracy. According to the Business Software Alliance (BSA, 2007), the trend of piracy among college students has been going up slightly compared to 2003 and 2005 rates. Importantly, two thirds of the students surveyed still believe that it is okay to swap or illegally download software without paying for it (BSA, 2007).
Since the Copyright Act of 1976, digital piracy has been a criminal act (Higgins et al., 2006). Mass copyright violations of movies and music were made a felony offense in 1982 by the Piracy and Counterfeiting Amendments Act, which was amended to include the distribution of copyrighted materials over the Internet via the No Electronic Theft Act (Koen & Im, 1997). That is, when an individual proceeds to burn an extra copy of a music CD, download music from the Internet without paying, or use a peer-to-peer network to download music information, he or she is pirating music. This is especially true for digital music piracy that is committed through a multitude of modi operandi (e.g., CD burning, peer-to-peer networks, LAN file sharing, digital stream ripping, and mobile piracy [seehttp://www.IFPI.orgfor a discussion of these techniques]). The penalties for these acts may be civil (e.g., $10,000 per pirated copy) as well as criminal (e.g., possible jail sentences) (Koen & Im, 1997).
Cybercrime includes the promotion and the distribution of pornography. When done over the Internet, this is known as cyberpornography. While viewing pornography may not be criminal for those who are of age, the Internet does not discriminate based on age. That is, teenagers’ fantasies about nudity may easily be replaced by hardcore pornographic images of every conceivable sexual activity.
In the academic literature, some researchers have shown that access to and viewing of cyberpornography is a behavior that is increasing. Ybarra and Mitchell (2005) used data from kids and young adults to examine exposure to cyberpornography. They showed that individuals that sought out cyberpornography were likely to be male, 14 years old and older, and more depressed, whereas those younger than 14 were more likely to be exposed to pornography through traditional means—movies and magazines.
Others have shown that cyberpornography is not just for teenagers, making the behavior non–age specific. Stack, Wasserman, and Kern (2004) used the General Social Science Survey to examine who viewed pornography using the Internet and the reasons why. They showed that individuals that had weak religious ties, unhappy marriages, and past sexual deviance are more likely to view pornography via the Internet. Buzzell (2005) examined the factors that influence access to cyberpornography. The study showed that when employment status increases, technology does play a role in the access to cyberpornography.
The Internet allows cybercriminals to participate in underage liaisons. One form of this particular type of cybercrime is the online solicitation of children for sex. This is exploitation that involves an adult who engages in discussion with a child online and uses his or her manipulation skills to coerce the child to meet in person for sexual purposes. Importantly, the number of children that are approached on the Internet for these types of offenses is staggering. Finkelhor, Mitchell, and Wolak (2000) showed that 1 out of every 5 youths is solicited by someone online for sexual relations.
The anonymity of the Internet allows cybercriminals to disguise their postings, responses, and identities. This affords the cybercriminals the opportunity to disappear at a moment’s notice. In short, the Internet allows cybercrimes to be performed more easily and simply while making criminals’ detection, apprehension, and prosecution more difficult. Therefore, the Internet makes cybercrimes through illicit markets more difficult to examine.
Browse criminal justice research papers or view criminal justice research topics.
This article examines how computer crime has changed over time with the emergence of Internet crimes (also referred to as cyber crimes). The types of internet criminal activity (identity theft, credit and debit card number theft, and money-laundering schemes) are examined. Child exploitation using the Internet is also discussed. International organizations and law enforcement agencies that are involved in the fight against Internet crime are profiled. The weaknesses in computer security as well as the easily exploited naiveté of Internet users are examined. In addition, the social backlash against new behaviors that are Internet specific and efforts to pass laws against banning those behaviors are also examined.
Keywords Child Exploitation; Cyber Crime; Computer Crime; Identity Theft; Internet Crime; Online Auction Fraud; Phishing; Spyware
Historically, computer crime was limited to computer systems and networks including hacking, data destruction, data theft, and system disruption. Many of those crimes were directed towards businesses, government agencies, or universities. In the 1990s, as the Internet came into widespread commercial use, the nature of computer crimes began to shift (Provos, Rajab & Mavrommatis, 2009). There are still crimes against computers in the traditional sense, but the vast majority of modern day computer crimes are those in which computers and the Internet are used to commit a wide variety of other types of crimes, against businesses as well as individuals (Fox, 2009)(Stansky, 2009).
An Increasing Threat
Internet crime is flourishing. In 2013, the Wall Street Journal reported that Internet crimes cost the United States up to $100 billion, accounting for 1 percent of the gross domestic product (GDP). Losses were measured in such terms as intellectual property loss direct loss, reputational loss, and the loss of sensitive information. Internet scams via e-mail have increased to the point that some users receive dozens of scam emails in the workplace and at home every week (Fox, 2009); the use of email blocks and filters can, however, minimize occurrences. Internet criminals can be found pretty much everywhere, including in social networking websites such as Facebook and Twitter. In addition, banks suffer huge losses every year involving e-mail scams and other identity theft methods which compromise account numbers, social security numbers, and passwords of bank customers (Silver-Greenberg, 2009). In the event that banking information of a small company is disclosed, it could cause several weeks of disruption to company operations.
There have been many big cases of Internet crime during the last decade and credit card and debit card number theft have been amongst the most dramatic and most costly. One case involved eleven perpetrators who allegedly hacked nine major retailers in the United States and stole over 40 million credit and debit card numbers. It was an international conspiracy with perpetrators from the United States, Estonia, Ukraine, the People's Republic of China, and Belarus. Much of the theft was accomplished by intruding into the wireless networks of retail outlets. The retailers included TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21, and DSW. Some of the credit card and debit card numbers were sold in the United States and Eastern Europe (Brannen, 2008)("Department of Justice brings," 2008). As a result of these types of crimes, business have had to spend large sums of money to upgrade their network security. In another example, in January of 2012 the shoe retail company Zappos.com was attacked and customer billing/shipping information and credit card data were exposed.
Organized crime has certainly found a new home and expanded opportunity on the Internet (Choo, 2008)(Spafford, 2008). Organized criminal activity on the Internet includes identity theft, the movement of illegal drugs, and the movements of counterfeit pharmaceutical drugs and other counterfeit merchandise around the world. Many of these crimes are financial crimes — with credit card fraud, money-laundering schemes, and identity theft leading the list of thriving criminal enterprises. Many of these organized crime groups operate in multiple countries including the United States, Canada, Pakistan, Portugal, Romania, and dozens of others. Financial institutions that have been targeted in these schemes include Citibank, Capital One, JPMorgan Chase, Comerica Bank, Wells Fargo, eBay, and PayPal (Foltz, 2008).
Child exploitation is not an invention of the Internet age by any means. However, the Internet has become the new playground for consumers of child pornography and a market place for those who purvey it. Pedophiles have formed Internet communities and exchange materials. Another aspect of child exploitation on the Internet is when adults attempt to pick up minors; that is, engage minors in chats or discussions online and then attempt to meet them in person to expand their relationship (Baker, 1999). There have been several dramatic cases of adults facing arrest for this behavior (Preston, 2008)(Sheldon & Howitt, 2008). Many corporations have installed web browser filters to block employees from specifically surfing to websites that provide this illegal content.
Identity theft on and off the Internet is also a growing criminal enterprise. These scams usually involve misuse of existing credit card or bank accounts, opening new accounts using stolen identities, fraudulently obtaining government benefits or services, obtaining new documents to support the use of the stolen identity, and even health care fraud ("Scoping paper," 2008). Although many people consider identity theft as an Internet crime, it has become a cross over crime with stolen identities as well as stolen corporate credit cards being used online as well as off line.
Stalking, harassment, and bullying have also found their way to the Internet. Although these types of activities may not be as dramatic as other Internet crimes, they are still a personally frightening and often terrifying event for those who are targeted (Gillespie, 2006). Cyber stalking can include unsolicited emails of a threatening or intimidating nature or be repeated confrontation in chat rooms or on networking sites by a threatening person (Hewitt, Dodd, Ingrassia, Truesdell, York & O'Connor (2005). Cyber harassment can include repeated antagonistic, hostile, or false postings on blogs or other social sites.
Commonly termed cyberbullying, this kind of harassment can include sending angry or threatening emails designed to intimidate a person from participating in activities. There have been several high-profile cases of cyberbullying in the United States in the 2000s, many unfortunately affecting children and teenagers, with some tragically ending in suicide. The common use of social networks and the relative ease of online anonymity make this an increasingly serious issue for youth; the general consensus is that this form of bullying affects more than half of teens. Legal protections against cyberbullying and cyberstalking are in place in most US states. In some cases, perpetrators have been prosecuted for such crimes as criminal harassment, violation of civil rights, stalking, and electronic harassment; new and proposed cyberbullying legislation also takes into account the actions and policies of schools.
Intellectual Property Piracy
One of the biggest dollar-volume businesses on the Internet is piracy of intellectual property. This includes the illegal copying, distribution, and sales of copyrighted works including books, music, software, and videos (Einhorn, 2009). The FBI has pursed thousands of investigations and indictments of copyright infringement crimes and a large portion of these cases have been international in scope and resulted in thousands of arrest and the seizure of hundreds of millions of dollars in pirated works. Piracy has also cost businesses billions of dollars in lost revenue.
In the early 1990s most people were ecstatic about the potential of the Internet and most still are. However, the types of Internet crimes that have emerged have outraged many people and there are ongoing efforts to pass new laws to protect Internet users and to prosecute Internet criminals. Many people and organizations blame the Internet as the ubiquitous cause of these new crime waves. In reality, the Internet has just become the latest means of committing crimes.
What this Means to the World of Business
Corporations are on the frontline in the fight against Internet crime. In addition to spending more on computer and network security, corporations have also found it necessary to better train employees to identify potential scams as well as determine if corporate assets have been compromised. It has also become necessary to monitor and control employee Internet use to prevent intentional misuse as well as unintentional actions that may cause network security problems.
Corporations have been fighting spam since the mid 1990s. Spam email has clogged corporate email servers and bogged down communications within the company as well as between the company and its suppliers and customers. Businesses receive hundreds of billions of spam e-mails every year and spend billions of dollars per year getting rid of spam and spyware (Garcia, 2006)(Sun, 2008).
Many large and small companies alike have also installed various Types of filters and blocking software that prevents employees from accessing websites, social networks, or communication systems on the Internet. The process of blocking websites can improve security on the corporate network in two ways. First, it can prevent misuse of company computers and networks by disallowing certain types of Internet activity. Second, when employees are limited in their web use, they can be kept from accessing websites that may be spyware traps or that spread other types of malicious code (Taylor, 2008). Other companies have an ongoing effort to monitor Internet use of their employees and can warn employees about misuse or even terminate them (Fortier, 2007).
Internet crime has created several other perils for corporate information security including making the company laptops and tablets (and even smart phones) prime targets for theft. Many laptops and tablets have corporate information, user names, and passwords stored on them. If one is stolen and falls into the wrong hands, Internet criminals could too easily start gaining access to company computer systems and networks (Britt, 2009).
There have also been several cases where data stored on laptops and tablets included employee names, addresses, and even social security numbers. When these devices are stolen or lost, the potential for crimes like identity theft are high. If this type of data is on a company computer, it is essential that it be secured (Foster, 2008). Corporations as well as nonprofit organizations are facing a growing number of laws and regulations regarding the safety of employee and customer personal data. This is especially true for financial data and health care related data. Companies can be fined by the government but they also face the potential of class action suits by groups whose data have been compromised (Levenson, 2008).
The Fight Against Internet Crime
Just as the Internet has spawned new industries and new ways to make money for individuals as well as large companies, it has also giving rise to new products, new services, and new law enforcement efforts to fight Internet crime. The computer security products business has grown to over $80 billion annually and is expected to keep growing at a rapid rate.
Most countries have passed some law or regulation to address Internet crime. The Council of Europe's Convention on Cybercrime and relevant European Union legislation, for the most part, has been the primary reference model for many regulations. In addition, most countries have established some sort of central agency or agencies to fight Internet crime ("The promotion of," 2005). It is not known how well developed these agencies are or to what extent they are successful.
Regulation within the United States
In the United States, law enforcement agencies and government regulators have started several new initiatives to combat Internet crime. The FBI has hired more agents with computer skills and is training agents in computer forensics. The FBI has also established several computer forensics centers across the United States to help the bureau in Internet crime fighting and to assist local law enforcement organizations in their efforts (Mercer, 2004). The FBI works in conjunction with the United States Secret Service, the United States Immigration and Customs Enforcement (ICE), the United States Postal Inspection Service, and the Bureau of Alcohol, Tobacco and Firearms (ATF)("Reporting computer hacking," 2009).
The Federal Bureau of Investigation
The FBI has worked to establish InfraGard, which is a joint effort between the FBI and private businesses, academic institutions, state and local law enforcement agencies, and other interested parties. The goal of InfraGard is facilitate "dialogue and communication between members and the FBI" that is helpful in countering cyber crime as well as other threats against the infrastructure of the United States ("About InfraGard," 2009). InfraGard is an important mechanism for the private businesses that are involved. It allows them to interact with the Internet crime fighting community and share information, and provides them assistance in their efforts to stop Internet criminals.
The Federal Trade Commission
The United States Federal Trade Commission (FTC) focuses on fighting identity theft, spyware, and Internet scams. The FTC provides information to consumers about identity theft and has an online compliancy reporting system. Spyware, software that is installed on your computer without your consent, can monitor and even control your computer use. The FTC has an initiative to fight spyware through law enforcement and consumer education. Internet fraud is also on the FTC's Internet crime fighting agenda ("Computers & the internet," 2009).
Internet Enforcement Program
The United States Securities and Exchange Commission has established the Internet Enforcement Program and Office (OIE). The OIE coordinates the investigation of enforcement-related cases generated from investor tips received in the SEC Complaint Center. The OIE also performs surveillance for potential Internet securities-related fraud and provides strategic and legal guidance to law enforcement agencies nationwide. The SEC is responsible for investigating...