Week 3 - Cybercrime

Cybercrime

a crime in which a computer is the object of the crime or is used as a toolp to commit an offence

categories of cybercrime

1. Cyber-dependent crime

2. Cyber-enabled crime

3. Cyber-supported crime

what are 2 important principles of criminal law

• nullum crimen sine lege = no crime without law

• nulla poena sine lege = no punishment without law

nullum crimen sine lege

a person should not face punishment except for an act that was criminalized by law, before it was performed

nulla poene sine lege

a person can only be punished for doing something if a penalty for this behaviour is already fixed in criminal law

what are the consequences of the nulla poene and nullum crimen principles?

• a new crime cannot be created by analogy

• a new crime cannot be created by extensive interpretation

• criminal law does not apply retroactively

what is the problem with regulating cybercrime?

• cyberspace is not limited by national borders

• while criminal law follows a national approach (jurisdiction, investigation, prosecution, offences)

what is the solution to the fact that cyberspace is not limited by national borders?

• national laws + international required

• for gathering information, for extraditions, for transferral of proceedings and / or sentences

what are the obligations established by the Budapest convention?

• obligation on states to establish criminal offences

• obligation to create jurisdiction

• obligations to create investigative powers

• obligations regarding international cooperation

types of offences in the cybercrime convention

1. First category of offences

2. Second category of offences

3. Third category of offences

First categories of offences

crimes against confidentiality, availibility, and integrity of computer systems

which articles in the cybercrime convention are first category of offences?

• art. 2 - 6 CC

second category offences

versions of established crimes which involve the use of computers

which articles in the cybercrime convention are second category of offences?

art. 7 - 8 CC

Third category offences

content related crimes

which articles in the cybercrime convention are second category of offences?

art. 9 - 10 CC

how does the cybercrime convention work

• split into 3 pillars (criminalized conduct, procedural rules, international cooperation)

• emphasis on harmonization = ensuring that counties have similar criminalized conduct for cybercrime so that cybercrime perpetrators cannot escape to another jurisdiction

what is criminalized conduct in the cybercrime convention?

• illegal access

• illegal interception

• data interference

• misuse of devices

• fraud and forgery

• child pornography

• intellectual property right offences

procedural rules in the cybercrime convention

• expedited preservation = ordering an ISP to freeze data so a suspect does not delete it before it is warranted

• search and seizure = power to search cloud data or physical harddrives

• interception = right to listen in on data

international cooperation in cybercrime convention

• Extraction

• MLA = mutual legal assistance

• spontaneous information

• expedited preservation

• MLA for accessing computer data

• 24/7 points of contact

hacking

unauthorized intrusion into a computer or network

phreaking

using a computer or other device for tricking telephone systems to obtain free calls

cracking

breaking into someone else’s computer system to bypass passwords or licences, or in other ways to intentionally breach computer security

R v Bennet

• example case of employment hacker

• Superintendent Bennet used the police national computer (PNC) system to identify his ex wife’s new partner

• by using detailed he had gathered on him from observation

R v Bonnet

• a part-time law enforcement officer was accessing the PNC without authority

• to find out who owned a specific car using its registration number because he wanted to buy it

DPP v Bignell

• insider hacker

• the respondents were 2 married police officers, Paul and Victoria Bignell

• they accessed the PNC to extract details of motor vehicles owned by Mr Howell

• Mr Howell was the new partner of Paul’s ex wife

R v Gouden

• external hacker

• a software contractor in dispute with a client over unpaid fees “locked the clients computer system by installing a security program

• the software contractor refused to hand over the password until the fees were paid

McKinnon v Government of the US

• Example of external hacker that involved collaboration between the US and UK regarding extradition

• A UK hacker gained, from the UK, access to a number of US military sites, including the Department of Defense, the US Army, Navy, and NASA.

• He appears to have been originally motivated by a desire to discover evidence of extraterrestrial visits and technologies which he, in common with other UFOlogists, belives are held in US military files.

what are examples of cybercrimes which are not covered by the cybercrime convention, but are covered by national law?

• The “419 advance fee” fraud

• the russian scam

• card not present fraud

The russian scam

• The victim is usually selected from a dating site or

  singles site.

• They are contracted by a young woman

  who claims to be looking to marry a UK, NL, DE, etc.

  citizen.

• She will often send pictures and will spend some

  time communicating with the victim by email, social

  media, or perhaps even by telephone.

• The fraudster will then make requests for funds. These

  may involve payments for medical expenses for the

  young woman’s mother, or for assistance with housing

  costs.

• She will then indicate that she is willing to travel

  to meet the victim and will ask for expenses for visas,

  travel tickets, and hotel rooms.

• The fraudster then

  disappears with the funds.

Card not present fraud

• The fraudster gets hold of credit card details by using discarded credit card receipts, or by ‘skimming’ a card in a restaurant, or shop, or by ‘phishing’ for such details online.

• Once these details are known the fraudster may purchase goods or services online

• He might also choose to sell the information to third partie

phishing

• a type of cyberattack where scammers trick individuals into revealing sensitive information

• by impersonating a trusted organization or person via email, text, or social media

The ‘419 advance-fee’ fraud

• The victim receives an email from someone claiming to represent a company or individual with a large sum of money or similar assets which they require to transfer

• They claim to have no ability to transfer the funds or assets directly themselves, usually due to banking regulations or some other legal impediments.

• They ask the victim for their assistance in making the transfer and in return offer them 10-40% of the value of the asset or funds

R. v Brown (UK)

facts

• Mr Brown sold through his website the “Anarchist Cookbook” - a publication that included recipes for the manufacture of bombs, explosives and poisons.

• Although he was not motivated by ideology but rather financial gain, he did accept that the information would be useful for terrorists and made no attempt to control the dissemination of the material.

• As a result, he was convicted of collection or making a record of information likely to be useful to a person committing or preparing an act of terrorism under Terrorism Act 2000 and selling and distributing terrorist publications under Terrorism Act 2006

question

• Does the prosecution of Mr Brown constitute a violation of his freedom of expression under Article 10

  ECHR?

reasoning

• No breach of Article 10 ECHR - The right to freedom of expression includes the right to impart information and ideas without interference by public authority.

• It is, however, subject to restrictions prescribed by law and necessary in a democratic society in the interests of, among other things, national security, public safety, for the prevention of disorder or crime, and for the protection of the rights of others.

• Consequently, there are occasions when it is legitimate and permissible for the right to freedom of expression to be curtailed. Acts of terrorism violate the rights of others - in particular their right to life.

• Therefore, proportionate interference with the right to freedom of expression in order to reduce, diminish, or extinguish acts of terrorism is legitimate