Showing papers in "International Journal of Cyber Criminology in 2015"

Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to Justice

Abstract: The primary goal of this paper is to raise awareness regarding legal loopholes and enabling technologies, which facilitate acts of cyber crime In perusing these avenues of inquiry, the author seeks to identify systemic impediments which obstruct police investigations, prosecutions, and digital forensics interrogations Existing academic research on this topic has tended to highlight theoretical perspectives when attempting to explain technology aided crime, rather than presenting practical insights from those actually tasked with working cyber crime cases The author offers a grounded, pragmatic approach based on the in-depth experience gained serving with police task-forces, government agencies, private sector, and international organizations The secondary objective of this research encourages policy makers to reevaluate strategies for combating the ubiquitous and evolving threat posed by cyber- criminality Research in this paper has been guided by the firsthand global accounts (via the author's core involvement in the preparation of the Comprehensive Study on Cybercrime (United Nations Office on Drugs and Crime, 2013) and is keenly focused on core issues of concern, as voiced by the international community Further, a fictional case study is used as a vehicle to stimulate thinking and exemplify key points of reference In this way, the author invites the reader to contemplate the reality of a cyber crime inquiry and the practical limits of the criminal justice process

Understanding Cyber Victimization: Digital Architectures and the Disinhibition Effect

Abstract: Researchers in the fields of sociology, psychology, behavioural sciences and law are trying to comprehend the radical rise of a new relational paradigm derived from the current proliferation of ICT. Crime dynamics and victimisation are not alien to the set of changes wrought by the digital era. The way in which victims behave in cyber space decisively elevates their risk of victimization. In connexion with this, the design of digital architectures notably increases criminal opportunities and facilitates cyber victimisation i.e. the defining traits of cyber space affect people's daily lives and incline them to adopt riskier lifestyles. Based on Routine Activity Theory and Lifestyle Theory, along with the interesting work of Suler (2004), the present article shows the importance of victimological perspective in explaining cyber criminal events and designing prevention strategies. Stemming from literature review, this analysis will focus on describing a set of psychological and sociological traits that comprise the profile of victims and explaining how the surroundings influence one's thoughts, desires, and

Out of the Beta Phase: Obstacles, Challenges, and Promising Paths in the Study of Cyber Criminology

Abstract: IntroductionComputers have become an integral part of every aspect of our lives. Computer technologies are relied on for nearly everything we do and we live in societies that are fundamentally dependent on digital infrastructure for their continued functioning. Increasingly, this mission-critical nature of computer networks for nearly all industry sectors, combined with the wealth of personal information that is being put online, has bred a new type of dangerous criminal-one that is targeting computers to steal our information, finances, and personal identifications (Bachmann & Corzine, 2009; Furnell, 2002; Holt, 2010; Jaishankar, 2007, 2008; Jewkes, 2007; Nhan & Bachmann, 2010; Yar, 2006). The Office of the President of the United States suggests that threat posed by these cyber-criminals "is one of the most serious economic and national security challenges" (2009, para, 18).Today, governments around the globe struggle to employ effective countermeasures against cyber-attacks. The implementation of such countermeasures is increasingly facilitated by the vast amount of scientific knowledge about the technical details of the various attack methods (Amoroso, 2011). Unfortunately, the guidance provided by these studies is limited to details on the methods of attack and is left lacking insight about who the attackers are and how they differ from "traditional" criminals. This situation persists despite the concerted efforts of a small number of dedicated scholars from around the globe (among them Bachmann, Brenner, Hinduja, Holt, Jaishankar, Jewkes, Kilger, Nhan, Turgeman-Goldschmidt, Patchin, Wall, Yar, to name but a few) advancing a newly developing field of criminological study, called "Cyber Criminology" (Jaishankar, 2007).For the past eight years, the young discipline, has grown with the contribution of many experts, including the exceptional efforts of its founder K. Jaishankar, who defined Cyber Criminology, as "the study of causation of crimes that occur in the cyberspace and its impact in the physical space" (Jaishankar, 2007; p.1). This definition accounts for the multidisciplinary nature of the field that relies upon insights from both the social (criminology and sociology) and computer sciences. Also, Jaishankar (2008) has introduced the first theory (Space Transition Theory of Cyber Crimes) exclusively developed to explain offending in cyberspace and has founded the first academic journal dedicated to the criminological study of cyber crimes, the International Journal of Cyber Criminology, http://www.cybercrimejournal.com (Jaishankar, 2007). With the contributions of international experts, this ranked journal with high quality articles and rigorous peer review has grown as a core outlet in the field of cyber criminology.These and similar efforts aside, the fact remains that cyber criminology is largely ignored or marginalized by mainstream criminology, and that many criminologists refrain from examining this important, future-oriented issue. Whether it be that they are lacking the necessary understanding of technology, are intimidated by the jargon of the field, or that they continue to fail to realize the full extent of societal implications of this new type of crime, the lack of consideration is troubling. Others become discouraged by the multitude of methodological problems involved in conducting quantitative studies of cyber-offenders, particularly when attempting to generate representative samples of online offenders. Also, major criminological associations (e.g. the American Society for Criminology (ASC)) continue to marginalize cyber criminological studies in their annual conferences and, partly due to the many unresolved methodological problems, cyber crime researchers face significant difficulties in getting their manuscripts accepted by top tier criminological journals. Taken together, these problems systematically discourage many from studying the problems and, in turn, result in still limited, albeit rapidly increasing, numbers of annual publications. …

The Dark Side of Internet Searches: A Macro Level Assessment of Rape Culture

Abstract: Introduction.28 seconds, the total time the Google search engine takes to deliver nearly onehundred thousand websites for the search query "best rape scenes". The intent of this statement is not to reflect in availability of material or suggest the search reflects those looking for, in fact, the best rape scenes. Rather being able to identify these search queries and track the trends and popularity of user queries is methodologically worthy of inquiry. Researchers agree the Internet is an influential source of acquisition and replication of norms, behavior, and attitudes (Jaishankar, 2008; Yar, 2006). The evolving nature of these networks have fundamentally influenced production of knowledge, distribution of tasks, and activities society engages, shaping the perspectives of generations of individuals (Castells, 1996). While research continues to study the relative strength of the Internet within acquisition and reinforcement, it has remained a consistent source of interest within human development (Greenfield & Yan, 2006). Having access to track interesting search queries overtime or following specific events presents as an important source of data, one that may undoubtedly provide new insight into human behavior.Currently there are ~275 million Internet users in North America and ~2.4 billion Internet users globally (Miniwatts Marketing Group, 2013), making the study of this tool incredibly relevant to social scientists. Introducing new methods has the capacity to benefit and reinvigorate discussion on sexual violence and foster the emergence of new perspectives. The increasing use of the Internet and resulting immersion into the daily lives of users would prove an important data source, specifically if the data allowed a longitudinal analysis, which controlled for population changes. For example, if Internet queries for "how to be a better parent" gradually increased 50-percent over a ten-year period, or "racist jokes" decreased 35-percent, a nation and its people would offer signs of change.In the past, access to violent, heterosexual pornography was largely limited to pornographic magazines or dark curtained rooms in video stores. Growth in the Internet and diverse nature of Internet users has fostered spread of not merely pornography, but the growth of niche pornography. As pornography becomes more socially acceptable, accessible, and marketed to wider audiences, its role in perpetuating misogynistic behaviors and attitudes thereby increases (Jensen, 2011; Picker & Sun, 2008). Scholars have suggested that pornography has a prominent feature within acquisition of behaviors and attitudes that correlate increasingly with acceptance, reproduction, and transference of what scholars have voiced as 'rape culture' (Miller & Biele, 1993).Conceptualized and widely studied across disciplines since the late 1980s, 'rape culture' research concerns itself with operationalizing, evaluating, and mediating acquisition of the associated attitudes, behaviors, and norms correlated with violence against women (Herman, 1989). Researchers suggested that violence against women is multifaceted; reflecting the interplay between personal, situational, and socio-cultural factors (Heise, 1998, p. 263). The research took multiple paths, but as Heise (1998) offers, it was important that scholars understand the primacy of culturally constructed messages promoting and promulgating violence against women in a society. Therefore, it was important to understand further the acquisition, modes of transmission, and reinforcement of these intricate markers (attitudes, behaviors, and norms) for rape culture.The resulting research produced important insight into rape culture and sexual violence. Researchers have explained the characteristics reflected at a micro and macro level for prolongation of misogyny and manifestation of rape culture in society. However, accurately measuring individual characteristics within the current studies is limited to survey instruments and focus groups, or at a macro level, official crime statistics, surveys of victims, or content analysis of popular media. …

The Role of Love Stories in Romance Scams: A Qualitative Analysis of Fraudulent Profiles

Abstract: IntroductionThe internet offers consumers and businesses a global marketplace which is both accessible and convenient for a wide range of services. In this space, one such service is online dating, which has evolved very quickly from its beginnings as a site of marginal interest to now become a mainstream social practice. Surveys indicate that whilst in 2003 there were an estimated 29 million Americans (two out of five singles) who used an online dating service, this would increase by 2004 to 40 million unique visitors to online dating sites each month (Edelson, 2003). Currently, it has been found that the 'online personals category' is one of the most lucrative forms of paid content on the web in the United States, with the market being worth $642 million in 2008 and $1.9 billion in 2012 (Edelson, 2003). The total profit of online dating services is estimated to be $1.4 billion per year (Rege, 2009). These revenues are said to be growing at a rate of 10 percent each year (Bridges, 2012), and it has been claimed that social networking of this kind has now become the fourth most popular strategy in finding a date or a romantic partner (Valkenburg & Peter, 2007).Unscrupulous individuals have recognized the monetizing potential of cyberspace, and the similar scams and frauds that have traditionally been conducted by mail and phone can now be found on the web, email, and social networking sites. Of considerable concern here is that the extent of these cyber scams appears to be growing (Bergiel, Bergiel, & Balsmeier, 2008). Indeed, given the popularity of the online dating market and the significant economic implications of the area, it is perhaps not surprising that this has become a key focus of fraudsters and scammers (Fair, Tully, Ekdale, & Asante, 2009; Rathinaraj & Chendroyaperumal, 2010). Because of the universal availability of the internet, countries other than the United States are not immune to this practice. In one Australian state alone, it has been estimated that Queenslanders are losing over $500K per month to "Nigerian" scammers, a figure that is growing at about 15% per year. In addition, the Melbourne Herald Sun reports that Australians lost $21 million to online dating scams in 2011 (Herald Sun, 2011).Adding to the concern regarding this practice, it is becoming apparent that financial loss is not the only damage caused by romance scams. It also has a serious social and psychological side (Ross & Smith, 2011). These romance scams target vulnerable, romantic or lonely people (Buchanan & Whitty, 2014) looking for love and companionship, and scammers employ several tactics to make the victim develop strong personal feelings for them. The victims are encouraged to build an intimate virtual personal relationship with the scammer, during which they show normal temporal relationship behaviour patterns such as sharing emotions, revealing personal information as secrets and wishes, and also providing personal support. Persons who were involved in the romance scam regularly describe themselves as a 'victim' even if they have not suffered any financial loss (Whitty, 2013).In the flow of events in this area, it is after deep trust has been established, that a call of distress and a need for money comes from the scammer. This apparent need for financial support continues over the period that the victim trusts in the virtual relationship. During this time the victim will sacrifice considerable financial resources, and it is not uncommon that when all these financial resources have been exhausted, the victim will start to suggest different ways to help. However, because the scammer is not usually interested in alternative means of aid since this does not generate financial benefit, these suggestions are rejected, and it is at this time where most victims realise that the relationship is a scam and it is terminated either by the victim or by the scammer.An important observation at this point is that although the scam relationship might be recognized and terminated by the victim, this does not signal the end of the problem. …

National Cyber Security Policy and Strategy of Nigeria: A Qualitative Analysis

Abstract: With advancements in modernization came the infiltration of information and communication technologies across the world, Nigeria inclusive. Several benefits are obtainable from these but also prevalent are some associated risks. Communication exists massively in cyberspace and as such poses a myriad of threats to a nation. This can be addressed on a national spectrum by the implementation of cyber security policies and strategies. This research involves making a qualitative analysis of the current Nigerian National Cyber Security Policy and Strategy. The documents were analyzed in the light of selected harmonized strategy developmental frameworks and subsequently comparatively evaluated with similar documents of selected countries. After the analysis, the national documents were found to have met majority of the requirements in terms of content, but failed to address certain elements of concern to cyber security in the Nigerian environment.

Cyber Criminal Networks and Money Mules: An Analysis of Low-Tech and High-Tech Fraud Attacks in the Netherlands

Abstract: IntroductionMoney mules can be seen as a crucial part of the criminal network. They are of great importance for the core members of these networks because money mules are used to interrupt the trail that may lead law enforcement agencies to the top of the network. Money mules, for example, register bank accounts or businesses under their names, which are actually exploited by the criminal network.Several studies acknowledge the important role of money mules in the diversion of money stolen by cyber criminals who are engaged in financial cyber crimes, such as carding3 or phishing4 attacks (Choo, 2008; Moore & Clayton, 2009; McCombie, 2011;Aston et al., 2009; Soudijn & Zegers, 2012; Leukfeldt, 2014; Leukfeldt et al., 2016b, 2016c). Most of these studies, however, concentrate primarily on the core group of the criminal networks and only focus indirectly on money mules. Empirical studies into characteristics of internet money mules are lacking. Only Aston et al. and McCombie carried out some exploratory analyses of money mules used in Australian phishing attacks.In order to fill this knowledge gap, this paper focuses on money mules who are used by cyber criminal groups that carry out attacks on financial institutions. To gain insight into this group of criminals, which we believe plays a vital role in the crime process; we analyzed unique data from a fraud registration system of a major Dutch bank. We obtained 600 fraud incidents from the period 2011-2013. Based on these data, this paper provides insight into the characteristics of money mules and the way in which this group is used by criminal networks to transfer money from victim bank accounts. More specifically, we present background characteristics, the socioeconomic status of money mules, and the value and number of transactions to money mules.Review of LiteratureThe present study advances the work of Leukfeldt et al. (2016a, 2016b, 2016c). These studies provide insight into the composition, origin and growth, and criminal capabilities of criminal networks carrying out financial cyber crimes. Forty cyber criminal networks were analyzed in the Netherlands, Germany, UK and the US. The Dutch cases provided the authors with information about cyber criminal networks and their members largely as a result of investigative methods such as wiretaps, IP taps, observations, undercover policing and house searches. The authors reviewed the financial cyber crime cases systematically using an analytical framework. In the other three countries, the authors relied on interviews with case officers and public prosecutors involved in the criminal investigations against cyber criminal networks since no police files were available to them. This section briefly describes the main results of these three studies.Criminal CapabilitiesAll networks that were analyzed by Leukfeldt et al. are involved in attacks on online banking. The crime scripts of the Dutch networks have many similarities. Step one is obtaining login credentials from victims. Cyber criminals use phishing e-mails, phishing websites and malware to intercept these credentials. However, in order to transfer money from the account of the victims, so-called 'one-time transaction authentication codes' are needed. Hence, step two is obtaining these codes. Various methods are used to obtain these codes. In some cases, the criminals posed as bank employees and made telephone calls to the victims. In other cases, malware adapted the transaction that victims made without them knowing or being able to see it. Step three is related to the topic of the present study, i.e., transferring money to money mule accounts. Money from victims' accounts is not transferred to the accounts of core members directly. Rather, in order to obscure the trail to the core members, money mule bank accounts are used.5 Once money is transferred to the money mule account, the money is taken out in cash as fast as possible and via various links given to the core members. …

Consumer Perceptions of Mobile and Traditional Point-of-Sale Credit/Debit Card Systems in the United States: A Survey

Abstract: IntroductionPoint-Of-Sale (POS) systems are used globally to accept payment from consumers using credit or debit cards to purchase goods or services. The most popular form of POS reader, especially in the United States (US), involves swiping a credit or debit card through a magnetic scanner (Smart Card Alliance, 2011). This "traditional" POS (TPOS) system requires a dedicated, standalone card reader deployed solely for the purpose of processing transactions using credit/debit cards. Such systems have been used for many years and most consumers are familiar with them.Recently, a new POS system was introduced to the market, the mobile POS (MPOS) system (Johnson, 2012). Manufactured by several venders, including Square®, Intuit GoPayment® and Paypal Here®, MPOS systems take two forms. One type, hardware-based MPOS systems, consists of a small reader that plugs into a mobile device such as a smart phone or tablet. Consumers swipe their credit/debit cards through the device to make a payment. Merchants typically use the mobile device not just to accept payments but also for various other personal or business purposes. Payments are processed through software apps stored on the device. The other type of MPOS system is software based and usually requires manual entry of card information onto the phone or tablet. In some cases, the merchant can photograph the credit/debit card instead of entering data found on the card (www.card.io).A large body of research suggests consumers may have anxiety, fear, or concern about their personal safety and security when using new technology, especially when they are sharing personal or secure information such as credit or debit card numbers using that technology (Liu, 2012; Meuter et al., 2003; Perea y Monsuwe, Dellaert, & de Ruyter, 2004). Such anxiety was reported by consumers, for example, when making Internet-based credit card purchases a decade ago (Perea y Monsuwe et al, 2004) and more recently in using self-service bank machines (Liu, 2012). Given recent mass media publicity about cyber-crime and the potential for personal data to be stolen electronically (e.g., Whitaker, 2014), MPOS systems may introduce particular concern about crime victimization among consumers for several reasons. These include: (a) the electronic devices are used for multiple purposes by merchants, including personal matters, which may introduce greater risk of consumer information being stolen or misused; (b) they are small, mobile devices connected wirelessly and often insecurely to the Internet, which may raise fear of ready access by criminals to personal information; (c) third-party apps are both easily and typically stored on MPOS host devices and may contain malware; and (d) credit card theft has been featured prominently by national US media outlets in recent years.Given the rapid increase recently in the use of MPOS systems, the potential for high levels of consumer anxiety about crime victimization while using them based on research with similar technologies, and the dearth of empirical research on consumer anxiety about crime and personal security surrounding MPOS systems and the implications of that anxiety for industry, this study was designed to evaluate consumer fear, anxiety, and discomfort using MPOS devices at local merchants. Specifically, we tested four hypotheses: (a) consumers will generally feel comfortable using either MPOS or TPOS systems, but (b) consumers will report less concern using TPOS systems than with using MPOS systems; (c) consumers will report greater trust in TPOS systems over MPOS systems; and (d) consumers will find TPOS systems as convenient as MPOS systems. To test these hypotheses, we conducted a clustered case vs. control survey research study. Consumers making purchases at two small businesses, an ice cream shop that used a TPOS reader and a sandwich shop that used an MPOS reader, were surveyed.MethodsResearch SitesStudy sites were selected to meet the following criteria: (a) large and diverse consumer population, (b) high levels of consumer traffic during peak hours, (c) located geographically (