Cybercrime

Introduction

In the year ending December 2018, there was a range of cybercrime, including fraud and computer misuse, such as fraud related to bank and credit accounts, consumer and retail fund and other activities, and online crimes (The Home Office Police, 2019). Cybercrime is rising in scale and in complexity. The increase in ransomware campaigns evidence this aspect (The National Crime Agency, 2021).

A 2018 report found that a large number of well-known brands were affected by attempts to defraud them or to perpetrate other cybercrime including selling of fraud packs containing stolen personal data; bank account numbers and sort codes; and advice on phishing among others, through the use of dark web (Gee, et al., 2018). Such crimes are largely anonymous activities with the ability of the perpetrators to attack from anywhere (Lusthaus & Varese, 2021). These aspects of cybercrime challenge the existing paradigms of crime and policing (Lusthaus & Varese, 2021). This essay will give an overview of cybercrime and explore the challenges for law enforcement agencies. This essay will particularly explore cybercrime in the dark web in this respect.

Overview of cybercrime offences

There are two activities involved in cybercrime: i) Cyber-dependent crimes and 2) Cyber-enabled crimes (HM Government, 2016). The former comprises those crimes, such as propagating malware for financial gain or hacking, committed only by using the information and communications technology devices. Such devices become the tool and the target of the crime. The latter comprises those traditional crimes, such as cyber-enabled fraud and data theft, committed in a larger scale by using information and communications technology devices (such as) (HM Government, 2016).
Cybercrime can be targeted against the government, individuals and property (Holt, 2013). Offences against property involve online crimes targeting or abusing against computers or servers, such as hacking, virus transmission, or infringing intellectual property (Yar, 2013). Fraud and computer misuse have led to loss of money or property through the commission of fraud, including bank and credit account fraud and consumer and retail fraud; computer misuse affecting the victims using computer virus; and unauthorised access to personal information, including hacking (The Home Office Police, 2019) (see the dataset year ending December 2018). Offences against persons affect people’s lives, through cyber harassment, child pornography, spoofing, bank account fraud and human trafficking among others (Yar, 2013). Such online crimes include obscene publications; child sexual offences; blackmail; public order offences; child sexual offences); criminal damage and arson; and other offences (The Home Office Police, 2019) (see the dataset year ending December 2018).

The rapid growth of internet and the World Wide Web has left the information technology prone to misuse and abuse presenting a threat and challenge in the cyberspace (Ozkaya & Islam, 2019). It has opened up a range of opportunities for perpetrators to victimise people and business in the online environment (Brunty, et al., 2014; Wall, 2007). Williams (2013) argues that regulating online crime is difficult and challenging given that the crime can be committed anonymous and without physically confining to one geography. The crime, thus, transcends borders and internet facilitates criminal activities.

Criminological theories

Cybercrime is associated with different motivational factors. Monetary benefit could drive cybercrime, such phishing concerning bank account fraud (Jaffar, et al., 2016). Some cybercrime could be due to emotional motivators, including anger, revenge or other emotional needs (Shinder & Cross, 2008). Cybercrime could also have political motives, where the offenders may be members of extremist and radical groups attacking websites and networks of their political enemies (Shinder & Cross, 2008). They can steal to fund extremist activities or support or carry out political propaganda, attacks on infrastructure or crimes across the world; spread fake news targeting social media platforms (Shinder & Cross, 2008; Harvey, 2014).

Perpetrators may also commit cybercrime for entertainment using the internet. Such perpetrators may hack government sites or defence to gain attention (Holt, 2013). They could be the pioneer types, who are fascinated by technology; the Scamps who are the playful hackers that do not intend any harm; Explorers who out of curiosity carry out hacking; or the Game players, who hack for game (Shinder & Cross, 2008). Then there are the sexually motivated cybercriminals, including passive and active pedophiles; those who are engaged in sadomasochistic sex; serial rapists; and sexual serial killers. These impulses cause such kinds of cybercrime (Shinder & Cross, 2008).

Bandura developed the Social Learning Theory suggesting that a person may learn criminality from their immediate surrounding, including family, friends and social circle that indicates their childhood experiences eventually developing a lifelong learning pattern (Bandura & Walters, 1963). According to this theory, Kemshall (2011) argues that criminality arises from observation and imitation, which is supported by Schmalleger (1996) arguing that values and behavioural pattern are formed that lead to deviate criminal. In cybercrime context, Mazur (2015) argues that cyber criminals learn from each other developing a pattern of deviant behaviours. According to Leukfeldt and Yar (2016) and Pratt and Turanovic (2016), lifestyle exposure and routine activities could expose a victim to cybercrime thereby converging the offender and victim and creating opportunities for the crime.. Both routine activities and lifestyle exposure theories emphasise on the role of the victims in their victimisation in exposing themselves to the risk of a cyber-attack.

According to the General Strain Theory, there is a link between crime, the income bracket and pursuit of economic goals (Agnew, et al., 2009, p. 35). Thus, it is argued that people belonging to lower income class may commit crime for monetary gains (Agnew, et al., 2009). The commission of a crime involves the offender weighing the costs and the benefits of the criminal act with specific focus on the crime against the specific benefits or needs the offender is pursuing. There is a rational approach to committing the crime. Accordingly, Cornish and Clarke (1986) state that there is a belief system that the criminal act will deliver the desired benefit. The belief system comprises making a rational choice weighing the cost and the benefits of the performance of the act (Cornish & Clarke, 1986).

Dark Web and the Construction of Criminality

Cybercrime through dark web

One of the complex strategies or means to perpetrate cybercrime is the dark web. Dark web is a series of ‘darknets’ created using specific software, configuration or access authorisation allowing small, peer-to-peer networks as well as large networks such as Tor, Freenet and Riffle (Gee, et al., 2018). It represents a global network of computers using a cryptographic protocol to anonymously communicate and conduct transactions (Gemma Davies, 2020). Darknet is used for multiple criminal activities, including the sale of illegal drugs and weapons; of bank details; of National Insurance numbers; of Pharmaceutical certificates; and of sensitive stolen personal data. Such unlawful activities affect all kinds of market and public service segments, including Banking and Finance Telecommunications Entertainment. Davies (2020) cites a 2014 study that found that child pornography followed by black marketplaces were the most common type of content requested through Tor. Davies also cites a study by researchers at King’s College London who found that 57% of the hidden-services websites within Tor facilitate criminal activities involving drugs, illicit finance and pornography (Davies, 2020).

Gee and his colleagues (2018) found that found that eight banking and finance organisations out of the top 50 UK brands were affected by fraudsters selling. Similarly, they also found that six telecommunications organisations out of the top 50 brands were affected by fraudsters selling of stolen internet services, methods to steal money from people using ATM machines, and ‘free’ online TV accounts such as Netflix that enabled theft, digital piracy and intellectual property fraud. Similar fraud methods were used on the dark web to sell ‘lifetime’ access to various online TV subscription services for less than $10; or to sell guides for buying counterfeit designer goods, counterfeit shopping vouchers, or methods to hack online store accounts (Gee, et al., 2018). The illegal or illicit sale is carried out in a dark web marketplace (Davies, 2020). Davies states that such marketplaces essentially enable anonymised access, bitcoin payment and vendor feedback system where transaction occurs in an escrow account (Davies, 2020).

Construction of criminality

Ladegaard (2017) argues that there is a relative failure of general deterrence in the darknet cyber-crime. Ladegaard suggests that criminologists should engage the perimeter of the dark web. Relevance could be drawn to the suggestion of Carrington and colleagues (2016) who have highlighted the problem of adopting universal knowledge claims without considering specificities. Lee, thus, argues that the claim of universality regarding existing criminological theories may not give a clear understanding of new domains and developments in criminal activity and criminalisation. Hence, there may be a limited recourse in criminal laws regarding regulating the behaviours (Lee, 2018).

Lee (2018) argues that criminology should acknowledge that cybercrime is central to the problem of crime. It is not merely an extension of terrestrial crime but has accompanying cultures and social and cyber networks marking a distinction from the usual crimes. Thus, not one criminological theory mentioned earlier can individually explained cybercrime in the dark web. Thus, the General Strain Theory could explain the motive of financial gain behind dark web criminal activities, such as selling in the crypto market or sale of ‘free’ online TV accounts, fake products, or CNP frauds. However, this theory cannot explain sexually motivated cybercrime or pornography. Such crime may be explained by the Social Learning theory where the offenders might have learnt and observed criminal behaviours from peers or learnt how to access and use Tor to indulge in pornography.

The Social Learning theory and the General Strain theory will not be able to explain crimes such as hacking with a political motive, which is not driven by economic motive. Such crime may be explained by the routine activity theory. Holt (2013) argues that cybercrime is complex considering that there are many actions such as hacking committed both for criminal activity and political purposes. For instance, hacking sometime forms a part of defence security (Holt, 2013). Supported by Broadhurst (2006), military agencies conduct as routine activities of hacking and of encrypting secret codes of an enemy country to assess plans and strategies. For crimes that do not have any economic motivation or political motivation, such as spreading fake news targeting social media platforms or cyber terrorism the Rationale Choice theory may give some explanations regarding the rationale process and the decision to omit the crime. However, this theory may not be able to explain ‘expressive’ crime such as those committed by or the pioneers, the Scamps, or the explorers to attain some fascination, or satisfying curiosity. Hayword (2007) argues that in these crimes, the criminals tends to engage in decision making strategies because of the subjectivities and emotions linked to the material values and cultural logic of the contemporary times.

Legislative framework, enforcement challenges, and suggested solution

Legislative framework

Darknet cybercrime are both cyber-dependent and cyber-enabled crimes as determined by the types of crimes conducted in darknet. Hence, the legislation applicable to both the types of cybercrime will be applicable to darknet cybercrime. Regarding crimes that are cyber-dependent, the Computer Misuse Act 1990 will mainly address the crimes, including offences such as hacking or denial of service. Sections 1, 2 and 3ZA are relevant here to address unauthorised access to computer material, to commit or facilitate offences or to cause serious material damage. The Investigatory Powers Act 2016, S3(1) criminalises intentional unlawful interception of a communication, either public or private. Cybercrime may also be subject to Sections 170 to 173 of the Data Protection Act 2018 where there is unlawful disclosure and commercialisation of personal data without the consent. Regarding cyber-enabled crimes, the Theft Act 1968, Computer Misuse Act 1990, Forgery and Counterfeiting Act 1981, and Proceeds of Crime Act 2002. The criminalisation will depend on whether the commission of the act is done with the intent to commit or facilitate further offences (The Crown Prosecution Services, 2019). In case of multiple suspects in an online fraud, the provision conspiracy falling under Section 1 of the Criminal Law Act 1977, or common law conspiracy to defraud will be applied. Online frauds involving fraudulent social networking accounts for financial gain is addressed by the Fraud Act 2006, Section 8 (The Crown Prosecution Services, 2019).

In case of cybercrime involving copyright infringement, such as cyber piracy or counterfeiting goods, the Copyright Designs and Patents Act 1988 and Trade Marks Act 1994 will apply. Other legislation such as the Counterfeiting and Forgery Act 1981 for crimes such as selling online fake item, the Video Recordings Act 2010 and the Registered Designs Act 1949 will also apply. In addition, the general statutory offences under the Fraud Act 2006 and money laundering offences under Part 7 of Proceeds of Crime Act 2002 will also apply (The Crown Prosecution Services, 2019). The Proceeds of Crime Act 2002, the Forgery and Counterfeiting Act 1981 and the Fraud Act 2006 should be considered for sale of illicit items, including fake items. The Identity Documents Act 2010, Section 7 shall apply to sale of fake identity documents Section 1(1) of the Criminal Law Act 1977 will apply to collectively running such a website and a charge of conspiracy could be made.

Regarding illicit trade online, charges of encouraging or assisting an offence or a number of offences provided under Section 46 of the Serious Crime Act 2007 may apply. Suspects related to purchasing illegal goods online may be charged as an attempt to commit an offence, and many be charged under the Fraud Act 2006, the Misuse of Drugs Act 1971 or the Firearms Act 1968 (The Crown Prosecution Services, 2019). The charge of conspiracy may also be applied. Regarding sexual offences, Section 33 of the Criminal Justice and Courts Act 2015 may apply to the act of disclosing private sexual images without consent. This will be applied to revenge pornography. Section 69 of the Serious Crime Act 2015 criminalises the act of possessing a paedophile manual or items containing advice or guidance about sexually abusing children. The Sexual Offences Act 2003, Sexual Offences Act 1956 and Indecency with Children Act 1960 may be applied. Section 1 of the Protection of Children Act 1978 and Section 160 of the Criminal Justice Act 1988 criminalises the act to ‘take, make, distribute or advertise indecent images of children’.

Enforcement challenges

Davis and Arrigo (2021) argue that the governments, policymakers and other stakeholders lack an appropriate understanding of the extent of the impact of dark web. As such there is a failure to implement laws in this regard (Davis & Arrigo, 2021). The multiple legislation, as addressed above, seems to show a lack of a comprehensive legislative framework to tackle dark web cybercrime. This aspect is recognised by the Home Office when in 2010 they recognised a range of challenges while addressing cybercrime, including challenges to find a balance between protecting security and the right to life; to meet the test of necessity and proportionality due to the widely ‘distributed, de-centralised and unbounded’ forms of cyberspace; or to establish an ethical foundation and safeguards that would ensure public support the protection measures (The Home Office, 2010). The inability to appropriately address dark web cybercrime is also attributable to the creative tactics of highly focused and skilled Advanced Persistent Threats (APTs) affecting large organisations and nation states. They employ zero-day exploits of holes in security system gaining privileged access to target systems that are traded (Ask et al., 2013; Tankard, 2011; (Winkler & Gomes, 2016; Tankard, 2011). This was found in the cyberattacks during the COVID-19 pandemic. Pranggono and Arabo (2021) have categorised cyberattacks during the COVID-19 pandemic as scams and phishing; malware; and distributed denial-of-service (DDoS). They argue that cybercriminals and criminals and APT groups are targeting vulnerable people and organisations through COVID-19 related scams and phishing with the motive commercial gains or collecting vaccines related information (Pranggono & Arabo, 2021). Such scams and phishing are found to be the most common and effective attack (NCSC; CISA, 2020; World Economic Forum, 2020). Pranggono and Arabo (2021) state that cyber criminals and APT groups target vulnerable people and systems via malware using emails and websites with 94% of computers got corrupted. DDoS attacks targeted and affected universities' Internet service provider JISC impacting access to IT resources. Such attacks also targeted health organisations worldwide (Pranggono & Arabo, 2021).

Some of the challenge in addressing cyberattacks may include the inability to collect digital evidence as digital evidence may be created using complex codes and data thus causing challenges in verifying the origin and use (Crown Prosecution Services, 2019). The problem might be further aggravated with the fragmented legislative framework that cannot meet the whole range of cybercrime and activities in the dark web. An increase screen time, relevant with the lifestyle and routine theory, also exposed users particularly children to vulnerability (Dept. for Digital, Culture, Media & Sport; Home Office, 2020).

Plausible solution

Europol in November 2021 took down DarkMarket, claimed to be the world’s largest illegal dark market place. It was a coordinated enforcement approach including many countries, such as Germany, Australia, Denmark, Moldova, Ukraine, the United Kingdom, and the USA (Europol, 2021). The mission comprised a specialist operational analysis and coordinated cross-border collaborative effort. The mission involved other partners such as Eurojust with a dedicated Dark Web Team established by the European Cybercrime Centre (EC3) (Europol, 2021). The coordinated approach of Europol with agencies within the EU and other partners and organisation outside the formal institutions were able to address challenges poses by the dark web. This model could also be followed by the police in dealing with untraceable and inaccessible online websites by sharing and using specific software and search engines including peer-topeer (P2P) browsers or the Onion Router (Tor). Thus, the police’s integrated approach on the line of Europol could involve the National Crime Agency; Child Exploitation and Online Protection Command; charities such as NSPCC or Stalking; private organisations such as the Internet Watch Foundation, Childnet International, and Cybersmile Foundation; and the Surveillance groups. They could employ Open Source Intelligence enabling them digital evidence gathering lawfully searching open and publicly available resources such as web-based communities forums, user generated contacts, social networking sites, or blogs (Davies, 2020).

The actors in this approach, especially the police require specialised training and experience to police the dark web. Otherwise, it would have not been possible to catch Matthew Falder, a Paedophile who used to blackmail victims over the dark Web and encourage the rape of a child. Without the joint effort of the global taskforce, it would have taken more than four years to track him down (BBC, 2018). The UK seems to be going in the right enforcement direction with allocated funds to establish dedicated cybercrime units and to establish specialised capabilities to tackle. Developments such as the Cyber Aware campaign, a cross-Government initiative, is a positive initiative that could educate public and businesses about cybercrime (The Home Office, 2018). IT innovation such as the Police CyberAlarm to monitor internet traffic of suspicious activities supports government’s and police’s efforts.

Conclusion

Cybercrime is a complex phenomenon with the use of dark web making it even worse. Lee (2018) was right in stating that a universal approach cannot be applied to addressing dark web cybercrime. New criminological theories with a clearer and specific understanding of such crime should be developed. Similarly, a new specific legislative framework should be developed. This essay suggests that the solution presented now is relied on the enforcement agencies towards more or less curbing the problem. Such a fragmented approach both in understanding the criminological aspect and regulation cannot address this new domain of cybercrime.

Cybercrime conducted in the dark web cannot be generalised. It involves specific understanding and therefore needs specific criminological construct.

Bibliography

Agnew, R., Piquero, N. L. & Cullen, F. T., 2009. General Strain Theory and White-Collar Crime. In: S. S. Simpson & D. Weisburd, eds. The criminology of white-collar crime. New York: Springer, pp. 35-62.

Bandura, A. & Walters, R. L., 1963. Social learning and personality development. s.l.:Holt, Rinehart and Winston.

BBC, 2018. Dark Web Paedophile Matthew Falder’s Sentence Reduced’. [Online] Available at: https://www.bbc.co.uk/news/uk-england-45875275 [Accessed 14 01 2022].

Broadhurst, R., 2006. Developments in the global law enforcement of cyber‐crime. Policing: An International Journal of Police Strategies & Management.

Brunty, J., Miller, L. & Helenek, K., 2014. Social media investigation for law enforcement. Oxon: Routledge.

Carrington, C., Hogg, R. & Sozzo, M., 2016. Southern Criminology. British Journal of Criminology, 56(1), pp. 1-20.

Cornish, D. & Clarke, R. V., 1986. The reasoning criminal: Rational choice perspectives in offending. New York, NY : Springer-Verlag.

Crown Prosecution Services, 2019. Cybercrime - prosecution guidance. [Online] Available at: https://www.cps.gov.uk/legal-guidance/cybercrime-prosecution-guidance [Accessed 13 01 2022].

Davis, S. & Arrigo, B., 2021. The Dark Web and anonymizing technologies: legal pitfalls, ethical prospects, and policy directions from radical criminology. Crime, Law and Social Change , pp. 1-20.

Davies, G., 2020. Shining a Light on Policing of the Dark Web: An analysis of UK investigatory Powers. The Journal of Criminal Law , 84(5), pp. 407-426.

Dept. for Digital, Culture, Media & Sport; Home Office, 2020. Consultation outcome Online Harms White Paper. [Online] Available at: https://www.gov.uk/government/consultations/online-harms-white-paper/online-harms-white-paper [Accessed 14 01 2022].

Europol, 2021. Darkmarket: World’s largest illegal dark market place was taken down. [Online] Available at: https://www.europol.europa.eu/media-press/newsroom/news/darkmarket-worlds-largest-illegal-dark-web-marketplacetaken-down [Accessed 14 01 2022].

Gee, J. et al., 2018. The Dark Web for Bad for Business: Research into the planning and monetisation of fraud and cybercrime against organisations on the Dark Web, s.l.: Crowe.

Harvey, K., 2014. Encyclopedia of social media and politics. Los Angeles: SAGE .

Hayward, K., 2007. Situational crime prevention and its discontents: rational choice theory versus the ‘culture of now’. Social Policy & Administration , 41(3), pp. 232-250.

Holt, T. J., 2013. Cybercrime and Criminological Theory: Fundamental Readings on Hacking, Piracy, Theft, and Harrassment. s.l.:Cognella.

Jaffar, A. A., Ghareb, M. I. & Sharif, K. H., 2016. The Challenges of Implementing E-Commerce in Kurdistan of Iraq. Journal of University of Human Development , 2(3), pp. 528-533.

Ladegaard, I., 2017. We know where you are, what you are doing and we will catch you: Testing deterrence theory in digital drug markets. British Journal of Criminology, 58(2), pp. 414-433.

Lee, M., 2018. Crime and the Cyber Periphery: Criminological Theory Beyond Time and Space. In: J. Scott, K. Carrington, M. Sozzo & R. Hogg, eds. The Palgrave Handbook of Criminology and the Global South . s.l.:Springer International Publishing.

Lusthaus, J. & Varese, F., 2021. Offline and local: The hidden face of cybercrime. Policing: A Journal of Policy and Practice , 15(1), pp. 4-14.

Mazur, J. E., 2015. Learning and Behavior: Seventh Edition. Oxon: Routledge.

NCSC; CISA, 2020. Advisory: COVID-19 exploited by malicious cyber actors. [Online] Available at: https://www.ncsc.gov.uk/news/covid-19-exploited-by-cyber-actors-advisory [Accessed 14 01 2022].

Ozkaya, E. & Islam, R., 2019. Inside the Dark Web By. s.l.:CRC Press.

Pranggono, B. & Arabo, A., 2021. COVID‐19 pandemic cybersecurity issues. Internet Technology Letters, 4(2), p. e247.

Pratt, T. C. & Turanovic, J. J., 2016. Lifestyle and Routine Activity Theories Revisited: The Importance of “Risk” to the Study of Victimization. Victims & Offenders , 11(3), pp. 335-354.

Schmalleger, F., 1996. Criminology today. Englewood Cliffs: Prentice Hall.

Shinder, D. L. & Cross, M., 2008. Scene of the Cybercrime. s.l.:Elsevier Science.

Tankard, C., 2011. Advanced Persistent Threats and How to Monitor and Deter Them. Netw. Secur.,, p. 16–19.

The Crown Prosecution Services, 2019. https://www.cps.gov.uk/legal-guidance/cybercrime-prosecution-guidance. [Online] Available at: https://www.cps.gov.uk/legal-guidance/cybercrime-prosecution-guidance [Accessed 14 01 2022].

The Home Office Police, 2019. Crime in England and Wales: Additional tables on fraud and cybercrime. [Online] Available at: https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/datasets/crimeinenglandandwalesexperimentaltables [Accessed 13 01 2022].

The Home Office, 2018. Home Secretary announces law enforcement crackdown on dark web. [Online] Available at: https://www.gov.uk/government/news/home-secretary-announces-law-enforcement-crackdown-on-dark-web [Accessed 14 01 2022].

The Home Office, 2010. Cyber Crime Strategy. [Online] Available at: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/228826/7842.pdf [Accessed 13 01 2022].

The National Crime Agency, 2021. Cyber Crime. [Online] Available at: https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/cyber-crime [Accessed 13 01 2022].

Wall, D., 2007. Cybercrime: The transformation of crime in the information age. s.l.:Polity.