W2 Reading Reflections Discussion: Hacking and Hacktivism

programming discussion question and need the explanation and answer to help me learn.

IMPORTANT: When posting, you should thoughtfully explain a theme from lecture, then incorporate and cite at least one of your readings in your original response to the prompt, including the author, title, publication date, and page if available. Best form is to include that information at the end of your narrative response/as a footnote. You may even relate current events, ask a question about a “hazy” concept, or share a personal experience related to the topic. The goal is to demonstrate you have read and reflected on the lessons, readings, and considered the perspectives of your classmates.
Generating responses using AI tools like Chat GPT for graded course work is a violation of the course academic policies.
You should aim to post an original response to my prompt and reply to two of your classmate’s posts on the discussion board each week.
Your original response to the discussion prompt is worth 2 points each week
Each reply to a classmate’s post is worth 1 point.
Thus, for full credit, you should aim to post an original response and then reply to yjtrrpeers each week, for a total of 5 possible points per week (up to 50 total points for the quarter).
Take a moment to consider how you frame your thoughts before posting, incorporate our course material, and your life experience.
Brief, superficial posts/replies to peer posts, posts that seem generated by AI/ChatGPT, or those that do not follow the instructions above, will be given partial or no credit.
In light of the materials this week, what are your thoughts about evaluating the legality of hacking as a crime based on the ethics – or motives – of the hacker? How do you view “hacktivism” for social movement or political reasons, versus hacking as a way to steal valuable information or money, i.e., for personal economic gain? Is this dichotomy useful? You might consider the rise in “Script Kiddies” vs. the “OG” hacktivists!
Given the proliferation of criminal acts online, especially hacking at the scale of the massive SolarWinds attack in 2021, Chinese cyber espionage or suspected “spy balloons” gathering sensitive data in 2022-2023, or in the alternative, the Ukrainian government calling on “underground” hacktivists to defend against Russia with an “IT Army” since the war began, how useful is John Perry Barlow’s idealistic “Declaration of the Independence of Cyberspace”? In what ways does it – and does it not – stand the test of time?
(Notably, the Russian government has also called upon its masses to set up an “IT Army” of hacktivists…)
For an updated list of Significant Cyber Incidents by CSIS, link here.
John Perry Barlow, “A Declaration of the Independence of Cyberspace”Links to an external site.
The Mentor, “Hacker’s ManiLinks to an external site.festoLinks to an external site.”
CDF, Ch 3 “Computer Hackers and Hacking” Attached a pdf file
CSIS, “Significant Cyber IncidentsLinks to an external site.” Timeline
Note: Do not complete the discussion until you have
completed the video above.
Step 2: Respond to the Reflection Q
In a “reply” below, respond to the following question(s):What do you think of Kevin Mitnick’s prison sentence?
Requirements: as long as it answers the question fully

Cybercrime and Digital ForensicsThis book offers a comprehensive and integrative introduction to cybercrime. It providesan authoritative synthesis of the disparate literature on the various types of cybercrime,the global investigation and detection of cybercrime and the role of digital information,and the wider role of technology as a facilitator for social relationships between deviantsand criminals. It includes coverage of:• key theoretical and methodological perspectives;• computer hacking and malicious software;• digital piracy and intellectual theft;• economic crime and online fraud;• pornography and online sex crime;• cyber-bullying and cyber-stalking;• cyber-terrorism and extremism;• digital forensic investigation and its legal context around the world;• the law enforcement response to cybercrime transnationally;• cybercrime policy and legislation across the globe.The new edition features two new chapters, the first looking at the law enforcementresponse to cybercrime and the second offering an extended discussion of online childpornography and sexual exploitation.This book includes lively and engaging features, such as discussion questions, boxedexamples of unique events and key figures in offending, quotes from interviews withactive offenders, and a full glossary of terms. This new edition includes QR codesthroughout to connect directly with relevant websites. It is supplemented by acompanion website that includes further exercises for students and instructor resources.This text is essential reading for courses on cybercrime, cyber-deviancy, digital forensics,cybercrime investigation, and the sociology of technology.Thomas J. Holt is a Professor in the School of Criminal Justice at Michigan StateUniversity, USA.Adam M. Bossler is a Professor of Criminal Justice and Criminology at GeorgiaSouthern University, USA.Kathryn C. Seigfried-Spellar is an Assistant Professor in the Department of Computerand Information Technology at Purdue University, USA.“The second and expanded edition of Cybercrime and Digital Forensics is a most welcome update on thispopular introductory text that covers the field, from the origins of computer hacking to the seizure andpreservation of digital data. Each chapter begins with a useful general overview of the relevant literature on the2
topic or issue covered, whether economic cybercrimes or online stalking, and then provides coverage of laws,cases, and problems not just in the US but pertinent to other jurisdictions. Additional chapters on childexploitation materials, the role of transnational police and private investigation of cybercrime, and expandedtreatment of cyber-terrorism, allow for more in depth treatment of these topics and, importantly, options forstreaming or modifying the content of taught courses on cybercrime and digital investigations. The authors haveagain provided numerous online sources in the text and cases for students to explore, and a supporting websitethat should help to keep readers and instructors in touch with this rapidly changing field.”— Roderic Broadhurst, Professor of Criminology, RegNet, Australian National University“It is unusual to find a book in this field that does not simply focus on the technical aspects of the subject area.This book brings together a wide range of literature, sources, and real case-studies to provide an in-depth look atthis ever-changing subject area. The book is rich in material and is a good read for those just starting to look atcyber-security, all the way through to those living and breathing it.”— Emlyn Butterfield, Course Director, School of Computing, Creative Technologies and Engineering, LeedsBeckett University“The style and organization of the book are ideal, not only for the introductory student, but also for the layreader. What’s more, the timeliness and detail of the issues discussed make it a useful resource for moreadvanced researchers. In this book, the authors have delivered something for everyone.”— Peter Grabosky, Professor Emeritus, RegNet, Australian National University“Cybercrime and Digital Forensics provides an excellent introduction to the theory and practice of cybercrime.This second edition introduces new chapters on law enforcement responses to cybercrime and an extendedsection on online child pornography and sexual exploitation. The authors have introduced new and recent casematerial making the subject relevant and accessible to academics and students interested in this new andexciting field of study. I used the first edition of this book extensively in teaching an undergraduate course oncybercrime. This new edition updates and expands on the topic. Both students and teachers will be attracted tothe clarity of presentation and extensive use of cases to focus discussion on challenging issues.”— Dr Lennon Chang, Lecturer in Criminology, School of Social Sciences, Monash University3
Cybercrime and Digital ForensicsAn IntroductionSecond EditionThomas J. Holt, Adam M. Bosslerand Kathryn C. Seigfried-Spellar4
Second edition published 2018by Routledge2 Park Square, Milton Park, Abingdon, Oxon, OX14 4RNand by Routledge711 Third Avenue, New York, NY 10017Routledge is an imprint of the Taylor & Francis Group, an informa business© 2018 Thomas J. Holt, Adam M. Bossler and Kathryn C. Seigfried-SpellarThe right of Thomas J. Holt, Adam M. Bossler and Kathryn Seigfried-Spellar to beidentified as authors of this work has been asserted by them in accordance with sections77 and 78 of the Copyright, Designs and Patents Act 1988.All rights reserved. No part of this book may be reprinted or reproduced or utilised inany form or by any electronic, mechanical, or other means, now known or hereafterinvented, including photocopying and recording, or in any information storage orretrieval system, without permission in writing from the publishers.Trademark notice: Product or corporate names may be trademarks or registeredtrademarks, and are used only for identification and explanation without intent toinfringe.First edition published by Routledge 2015British Library Cataloguing-in-Publication DataA catalogue record for this book is available from the British LibraryLibrary of Congress Cataloging-in-Publication DataNames: Holt, Thomas J., 1978– author. | Bossler, Adam M., author. | Seigfried-Spellar,Kathryn C., author.Title: Cybercrime and digital forensics : an introduction / Thomas J. Holt, Adam M.Bossler and Kathryn C. Seigfried-Spellar.Description: Second edition. | Abingdon, Oxon ; New York, NY : Routledge, 2018. |Includes bibliographical references and index.Identifiers: LCCN 2017017922 | ISBN 9781138238725 (hardback) | ISBN 9781138238732(pbk.) | ISBN 9781315296975 (ebook)Subjects: LCSH: Computer crimes. | Forensic sciences.Classification: LCC HV6773 .H648 2018 | DDC 363.25/968—dc23LC record available at https://lccn.loc.gov/2017017922ISBN: 978-1-138-23872-5 (hbk)5
ISBN: 978-1-138-23873-2 (pbk)ISBN: 978-1-315-29697-5 (ebk)Typeset in Bemboby Apex CoVantage, LLCVisit the companion website: www.routledge.com/cw/holt6
ContentsList of figuresList of tablesList of boxes1 TECHNOLOGY AND CYBERCRIMEIntroductionTechnology as a landscape for crimeA typology of cybercrimeThis text2 LAW ENFORCEMENT, PRIVACY, AND SECURITY IN DEALING WITHCYBERCRIMEIntroductionLocal police and sheriffs’ officesState agenciesFederal law enforcementCivil investigation and application of digital evidenceExtralegal agencies and non-governmental organizationsInternational enforcement challengesThe tension between security and privacySummary3 COMPUTER HACKERS AND HACKINGIntroductionDefining computer hackingVictims of hackingThe human aspects of the hacker subcultureHacking historyThe modern hacker subcultureLegal frameworks to prosecute hackingEnforcing and investigating hacker activitySummary4 MALWARE AND AUTOMATED COMPUTER ATTACKSIntroductionThe basics of malware7
Viruses, trojans, and wormsThe global impact of malwareHackers and malware writersThe market for malicious softwareLegal challenges in dealing with malwareCoordination and management in addressing malwareSummary5 DIGITAL PIRACY AND INTELLECTUAL PROPERTY THEFTIntroductionWhat is intellectual property?The evolution of piracy over timeThe subculture of piracyThe evolution of legislation to deal with piracyThe law enforcement and industry responseSummary6 ECONOMIC CRIMES AND ONLINE FRAUDIntroductionFraud and computer-mediated communicationsIdentity theftEmail-based scamsRomance scamsThe problem of carding and stolen data marketsIdentity theft and fraud lawsSummary7 PORNOGRAPHY, PROSTITUTION, AND SEX CRIMESIntroductionThe spectrum of sexuality onlinePornography in the digital ageProstitution and sex workDealing with obscenity and pornography onlineSelf-regulation by the pornography industrySummary8 CHILD PORNOGRAPHY AND SEXUAL EXPLOITATIONIntroductionDefining and differentiating child porn from obscene contentThe role of technology in child pornography and exploitation8
Explorations of the pedophile subculture onlineThe legal status of child pornography around the globeSummary9 CYBERBULLYING, ONLINE HARASSMENT, AND CYBERSTALKINGOnline threats, bullying, and harassmentDefining cyberbullyingPredictors of bullying online and offlineSummary10 ONLINE EXTREMISM, CYBERTERROR, AND CYBERWARFAREIntroductionDefining terror, hacktivism, and cyberterrorThe role of nation-state vs. non-nation-state attacksThe use of the Internet in the indoctrination and recruitment ofextremist groupsElectronic attacks by extremist groupsCyberwar and the nation-stateLegislating extremism and cyberterrorInvestigating and securing cyberspace from the threat of terror andwarCyberwar and responseSummary11 CYBERCRIME AND CRIMINOLOGICAL THEORIESIntroductionSubcultural theoriesSocial learning theory and cybercrimeGeneral theory of crimeAgnew’s general strain theoryTechniques of neutralizationDeterrence theoryTheories of cybercrime victimizationNeed for new cyberspace theories?Summary12 EVOLUTION OF DIGITAL FORENSICSIntroductionFrom computer forensics to digital forensicsStages of digital forensic investigation9
The role of digital evidenceTypes of hardware, peripherals, and electronic evidenceEvidence integritySummary13 ACQUISITION AND EXAMINATION OF FORENSIC EVIDENCEIntroductionData preservationDigital forensic imaging toolsUncovering digital evidenceData analysisData reduction and filteringReporting of findingsSummary14 LEGAL CHALLENGES IN DIGITAL FORENSIC INVESTIGATIONSIntroductionConstitutional issues in digital investigationsFederal Rules of Evidence 702Summary15 THE FUTURE OF CYBERCRIME, TERROR, AND POLICYIntroductionConsidering the future of cybercrimeHow technicways will shift with new technologiesSocial movements, technology, and social changeNeed for new cyber criminological theories?Shifting enforcement strategies in the age of the InternetConsidering the future of forensicsThe challenge to policy makers globallySummaryGlossaryIndex10
Figures1.1 Venn diagram of cybercrime, cyberterrorism, and cyberdeviance3.1 Venn diagram of computer hacking4.1 The SubSeven Attacker Graphical User Interface (GUI)4.2 An example of a Zeus Malware Variant GUI4.3 Botnet command and control distribution4.4 An example of the Illusion Bot Malware GUI12.1 Floppy disks12.2 An unmanned aircraft system (UAS), also known as a drone12.3a/b Hiding flash drives12.4 An older model computer12.5 The evolution of removable storage devices12.6 The evolving state of mobile phones12.7a/b Hidden media examples13.1a/b Write blockers13.2 Screenshot of EnCase created by Guidance Software13.3 Screenshot of Forensic Toolkit (FTK) created by AccessData13.4a/b Diagram of a hard drive, sectors, and clusters13.5 Keyword searching through forensic software13.6 Common file signatures13.7 File carving13.8a/b An example of encryption14.1 A pay phone booth14.2 Cellebrite device14.3 The scientific method11
Tables3.1 A timeline of notable events in the history of hacking3.2 A timeline of computer hacking conferences12
Boxes1.1 Getting around Russian extradition laws2.1 A local agency’s new cybercrime detective2.2 Assessing the credibility of a fusion center’s analysis of a cyber-attack2.3 The role of digital evidence in divorce cases2.4 An examination of why we should be concerned by government spyingcampaigns3.1 The Jargon File definition of hacking3.2 Mainframe computing systems3.3 A hacker talks about WarGames3.4 The criminal exploits of Kevin Mitnick3.5 The electronic disturbance theater and cyber-attacks3.6 The ongoing conflict between Indian and Pakistani hackers3.7 LulzSec hacks FBI affiliate, Infragard4.1 The debate over public or private vulnerability disclosures4.2 F-Secure report on virus W32/Concept malware4.3 Interview with MPack creator4.4 Interview with the malware writer Corpse4.5 One of the first modern prosecutions for malware distribution in the USA5.1 Friedman Wolverine review5.2 These were the top-14 illegally downloaded movies in 20155.3 Torrent downloads: Fiasco over three-year jail term shows absurdity ofIndia’s John Doe orders6.1 Follow Friday: where debit card numbers get stolen6.2 Nigerian email text6.3 Phishing example6.4 Work-at-home scheme6.5 Understanding the human dimensions of romance scams6.6 Pump-and-dump message6.7 Counterfeit luxury goods message6.8 The rise of virtual brand protection communities6.9 Counterfeit pharmaceutical message6.10 Albert Gonzales6.11 Using Japanese ATMs to defraud South African banks6.12 The overlapping role of the Secret Service and the Federal Bureau ofInvestigation7.1 The impact of revenge porn on its victims7.2 The rise of VR porn content7.3 The role of escort review sites13
7.4 The opinions of a hobbyist in Canada7.5 The vagaries of prosecuting obscene content online8.1 The practices of To Catch a Predator8.2 The 10-Point COPINE Scale8.3 Details on Operation Delego8.4 Live-streaming sexual abuse content8.5 Understanding attempts to solicit youth into documenting sexual acts8.6 The complex techniques required to investigate Dark Web child porn8.7 The Rogers Seigfried-Spellar Hybrid Model8.8 Immigration and Customs Enforcement operations in action8.9 The Virtual Global Taskforce in action9.1 Catfishing in the news9.2 Vickie Newton and negative outcomes of cyberstalking9.3 The unfortunate suicides resulting from bullying9.4 The Computer Fraud and Abuse Act applied to Megan Meier’s death9.5 The failure of the Megan Meier bullying legislation9.6 The suicide of Rehtaeh Parsons9.7 Facebook security suggestions for parents10.1 The use of technology in protest activities10.2 The use of encrypted chat applications by terrorists10.3 Ultimatum For DDoS attacks against US banks10.4 Anonymous open letter example10.5 The role of social media in recruitment and radicalization10.6 An example of Facebook live being used for terrorism10.7 Examples of cyber-attacks against SCADA systems in water treatment10.8 Questioning the reality of cyberterror10.9 Inside the Russian troll organization10.10 The tools created by the NSA for espionage and attack11.1 Examples of websites that provide information on hacking techniques11.2 Understanding the consequences of cyberbullying11.3 Justifications for hacking11.4 Self-protection while online11.5 Psychological theories of cybercrime12.1 The Flagler Dog Track incident12.2 Alexa a witness to murder? Prosecutor’s seek Amazon Echo data12.3 Video game systems and digital evidence12.4 Digital evidence and real-world crime13.1 An example of how the MD5 algorithm works13.2 The Adam Walsh Act13.3 State (Ohio) vs. Cook (2002)13.4 Example of partition recovery13.5 Data sectors14
13.6 Slack space13.7 An example of encryption14.1 A fictional search warrant14.2 A fictional search warrant14.3 Double jeopardy14.4 Excerpt from Apple’s “Message to Our Customers”14.5 An excerpt from the US Federal Rules of Evidence14.6 An excerpt from the Indian Evidence Act of 1972 (Section 65A and 65B)15.1 Understanding changes in ransomware15.2 Examining the harassment experienced by Leslie Jones on Twitter15.3 Understanding the Burgernet in the Netherlands15.4 Investigating Tor users15
Chapter 1Technology and CybercrimeChapter goals• Explain how technology has affected human behavior.• Identify the difference between digital natives and digital immigrants.• Discuss the three ways in which technology can be abused by individuals.• Recognize a subculture and their role in offending behaviors.• Identify the differences between cyberdeviance, cybercrime, andcyberterror.• Understand how computers and technology produce digital evidence andits value in criminal investigation .• Explain the factors that make cybercrimes attractive to certain people.• Explore the various forms of cybercrime that occur across the world.16
IntroductionThe Internet, computers, and mobile technologies have dramatically reshaped modernsociety. Although it is difficult to comprehend, less than two decades ago mostindividuals did not own a cell phone and personal computers were still somewhatexpensive pieces of equipment. Individuals could not text and email was uncommon.Internet connectivity was possible through dial-up modems or Ethernet cabling andpeople paid by the hour for access to the Web. Video game systems used 16-bit graphicsand did not connect to other devices. Global Positioning Systems (GPS) were largelyused in military applications only.Today, most of the world now depends on computers, the Internet, and cellulartechnology. Individuals now own laptops that are connected via Wi-Fi, cell phones thatmay also connect to the Internet, and one or more video game systems that may benetworked. In addition, people have multiple email accounts for personal and businessuse, as well as social networking profiles in multiple platforms. Cell phones have becomea preferred method of communication for most people, especially text messages. In fact,individuals under the age of 20 regularly send more texts than any other age group, andprefer to send texts rather than make phone calls (Zickuhr, 2011). Individuals alsofrequently purchase goods online and are increasingly using e-readers for books andnewspapers rather than traditional print media.It is amazing to consider that the world and human behavior have changed so quicklythrough the use of technology. In fact, there are now 3.4 billion Internet usersworldwide, comprising 46.1 percent of the world’s population (Internet Live Stats, 2016).China and India have the largest population of Internet users, though only 55 percentand 34 percent of their total populations have access (Internet Live Stats, 2016). The USA,Brazil, and Japan have the next largest populations, though a much greater proportion oftheir populations have access (88.5%, 66.4%, and 91.1% respectively: Internet Live Stats,2016).The proliferation of technology has led to distinct changes in how individuals engagewith the world around them. People now shop, communicate, and share information indigital formats, which was previously impossible. Additional changes in behavior arelikely to continue in the face of technological innovations as they are developed andimplemented. In fact, the sociologist Howard Odum referred to this process astechnicways, recognizing the ways in which behavior patterns change in response to, oras consequence of, technological innovations (Odum, 1937; Parker, 1943; Vance, 1972).From Odum’s perspective, technic-ways replace existing behavior patterns and forceinstitutional changes in society (Vance, 1972). For instance, if an individual 30 years agowanted to communicate with other people, he/she might call them, see them in person ifpossible, or more likely send a letter through postal mail. Now, however, that person17
would send a text, write an email, instant message, or poke them through Facebookrather than write a letter through “snail mail.”The impacts of technicways are evident across all demographic groups in modernsociety. For instance, 77 percent of Americans owned a smart phone as of 2016, withsubstantial access among younger populations: 92 percent of 18- to 29-year-olds have one(Smith, 2017). In addition, there are over 1 billion mobile phone subscribers each inChina and India (Rai, 2016). Importantly, China has over 500 million smartphone users,while India has only 125 million. As these rates continue to increase Internet use willchange, transforming social and economic interactions in unique ways from country tocountry (Rai, 2016).This is evident in the fact that many people around the world use social media as ameans to connect and engage with others in different ways. For instance, 79 percent ofAmerican adults use Facebook, though there has been a substantial increase in the use ofInstagram and LinkedIn as a means to communicate (Greenwood, Perrin, and Duggan,2016). Adults aged 65 and older are joining these sites at the highest rates compared toother age groups. In addition, Americans appear to use the Facebook messenger appmore than any other product available (Schwartz, 2016). WhatsApp is much morepopular in a global context, and is the number one messaging application across much ofSouth America, Western Europe, Africa, and Asia. Viber, however, is much morepopular across Eastern Europe, particularly Belarus, Ukraine, and other nations in theregion (Schwartz, 2016).Despite regional variations in use, technology has had a massive impact on youthpopulations who have never experienced life without the Internet and computer-mediated communications (CMCs) like email and texting. Today, youth in the USAacquire their first cell phones when they are between the ages of 12 and 13 (Lenhart,2010). Similar use patterns are evident across the globe, with children in the UKreceiving a phone by an average age of 11 (Gibbs, 2013), and 12 in a study of Japan,India, Indonesia, Egypt, and Chile (GSM Association, 2012).18
For more information on statistics of social media and technology use, goonline to:1. www.pewinternet.org/2. www.huffingtonpost.com/april-rudin/life-on-a-social-media-is_b_4600429.htmlTechnology has not simply shifted the behaviors of youth, but has actually shaped andmolded their behavior and worldview from the start. Most people born in the mid- tolate 1980s have never lived without computers, the Internet, or cell phones. As aconsequence, they do not know a world without these devices and what life was likewithout these resources. Thus, Prensky (2001) argued that these youth are digitalnatives, in that they were brought into a world that was already digital, spend largeamounts of time in digital environments, and use technological resources in their day-to-day lives. For instance, individuals between the ages of 18 and 34 are the most heavyInternet users worldwide (Statistica, 2015). Virtually everyone (96%) aged 16 to 24 in theUK accesses the Internet on a mobile device (Office for National Statistics, 2015). Youngpeople are also more likely to use auto-delete messaging applications like Snapchat,comprising 56 percent of Internet users in a recent US study (Greenwood et al., 2016). Infact, youth in India and Indonesia send an average of 51 text or application-basedmessages a day via a mobile device (GSM Association, 2012).By contrast, digital immigrants are those who were born prior to the creation of theInternet and digital technologies (Prenksy, 2001). These individuals quite often need toadapt to the digital environment, which changes much more rapidly than they may beprepared for otherwise. This is especially true for many older individuals who were borndecades before the creation and advent of these technologies. As a consequence, theymay be less willing to immediately adopt these resources or use them in diverse ways.For instance, only 45 percent of adults in the USA over the age of 65 own either a laptopor desktop computer (Zickuhr, 2011). In addition, some resources may be more difficultfor digital immigrants to understand because of the technologies employed or theirperceived utility. For example, only 9 percent of US adults aged 50 and older were likelyto use an app like Snapchat, and less than 1 percent accessed services like YikYak(Greenwood et al., 2016). Similarly, only 29 percent of people aged 65 years and older inthe UK used the Internet on a mobile device (Office for National Statistics, 2015). Thus,digital immigrants have a very different pattern of adoption and use of technologiesrelative to digital natives.The proliferation of technology in modern society has had a massive impact onhuman behavior. The world is being restructured around the use of CMCs, affecting theway in which we interact with governments, businesses, and one another. In addition,19
technology use is also creating a divide between generations based on the way in whichindividuals use technology in their day-to-day lives. In turn, individuals are adaptingtheir behavior in ways that subvert the original beneficial design and application ofcomputers and the Internet.20
Technology as a landscape for crimeThe continuing evolution of human behavior as a result of technological innovations hascreated unparalleled opportunities for crime and misuse. Over the past three decades,there has been a substantive increase in the use of technology by street criminals andnovel applications of technology to create new forms of crime that did not previouslyexist. The World Wide Web and the Internet also provide a venue for individuals whoengage in crime and deviance to communicate and share information, which is nototherwise possible in the real world. As a result, it is vital that we begin to understandhow these changes are occurring, and what this means for offending in the twenty-firstcentury. There are three key ways in which computer and cellular technologies may beabused or subverted by offenders:1. as a medium for communication and the development of subcultures online;2. as a mechanism to target sensitive resources and engage in crime and deviance;3. as an incidental device to facilitate the offense and provide evidence ofcriminal activity both online and offline.Technology as a communications mediumThe Internet, telephony, and digital media may be used as a means for communicationbetween individuals in a rapid and decentralized fashion across the globe. Computers,cell phones, and technological equipment may be obtained at minimal cost and usedwith a high degree of anonymity. For instance, major retailers and convenience storessell phones that may be used without a contract through a carrier like Sprint or Verizon.The ability to use the phone depends on the number of minutes purchased and it can bedisposed of after use.In turn, criminals can use these devices to connect with others and share informationthat may be of interest. For example, the customers of prostitutes use web forums andchatrooms to discuss where sex workers are located, services provided, pricing, and thepolice presence in a given area (Holt and Blevins, 2007; Holt, Blevins, and Kuhns, 2008;Sharp and Earle, 2003). This exchange of first-hand information is difficult to conduct inthe real world, as there are no outward signs to otherwise suggest that someone isinterested in or has visited a prostitute. In addition, there is a high degree of socialstigma and shame surrounding paying for sex, so it is unlikely that someone wouldadmit this behavior to another person in public (McKeganey and Barnard, 1996;O’Connell Davidson, 1998). The faceless, anonymous nature of the Internet, however,allows people to talk about such actions with little risk of harm or reprisal.The sale of illicit narcotics like cocaine, marijuana, and methamphetamines has also21
moved online with the development of markets where individuals buy and sell narcoticsthrough various methods. The primary resources used by sellers and buyers are forumsoperating on the so-called Dark Web, which is a portion of the Internet that can only beaccessed via the use of specialized encryption software and browser protocols.Individuals can only access these forums through the use of The Onion Router, or TORservice, which is a free proxy and encryption protocol that hides the IP address andlocation details of the user (Barratt, Ferris, and Winstock, 2014; Dolliver, 2015). Inaddition, the content of these sites cannot be indexed by google or other search engines.As a result, this technology limits the ability of law enforcement agencies to eliminateillicit content because the hosting source cannot be identified through traditional means(Dolliver, 2015; Estes, 2014).For more information on TOR, including how it operates, go online to:www.torproject.org/about/overview.html.en.One of the first Tor-based narcotics markets that gained prominence was called theSilk Road. The market gained attention from researchers and the popular media due tothe nature of the products sold, and the fact that transactions were paid using bitcoins, arelatively anonymous form of electronic currency (Franklin, 2013). The site was createdto enable individuals to buy various materials ranging from computer equipment toclothing, though sellers offered various narcotics from locations across the globe. In fact,its name was a reference to the trade routes used to transport goods between Europe,India, and Asia throughout history (Franklin, 2013).As the Silk Road gained prominence as a venue for the sale of various narcotics, lawenforcement agencies in both the USA and Australia conducted sting operations againstbuyers. In fact, since it opened in 2011 the Silk Road enabled over one milliontransactions worth an estimated $1.2 billion in revenue (Barratt, 2012). An FBIinvestigation into the site administrator, who used the handle Dread Pirate Roberts, ledto the arrest of Ross William Ulbricht in San Francisco, California on October 2, 2013(Gibbs, 2013). Ulbricht was charged with drug trafficking, soliciting murder, enablingcomputer hacking and money laundering, and had several million dollars’ worth ofbitcoins seized.22
For more information on the arrest of Dread Pirate Roberts, go online to:http://arstechnica.com/tech-policy/2013/10/how-the-feds-took-down-the-dread-pirate-roberts/.The Silk Road demonstrates that the distributed nature of the Internet and CMCsenables individuals to connect to other people and groups that share similar likes,dislikes, behaviors, opinions, and values. As a result, technology facilitates the creationof subcultures between individuals based on common behaviors and ideals regardless ofgeographic or social isolation. From a sociological and criminological perspective,subcultures are groups that have their own values, norms, traditions, and rituals whichset them apart from the dominant culture (Kornblum, 1997; Brake, 1980).Participants in subcultures generate their own codes of conduct to structure the waysin which they interact with other members of the subculture and different groups insociety (Foster, 1990). In addition, membership in a subculture influences individualbehavior by providing beliefs, goals, and values that approve of and justify activity(Herbert, 1998). For instance, a subculture may emphasize the development of skills andabilities that may find less value in the general culture, like an ability to use multipleprogramming languages and manipulate hardware and software among computerhackers (Holt, 2007; Jordan and Taylor, 1998; Taylor, 1999). Members of a subculture alsohave their own argot or slang to communicate with others and protect their discussionsfrom outsiders (Maurer, 1981). The use of this language can serve as a practicaldemonstration of membership in any subculture. Thus, subcultures provide memberswith a way to gauge their reputation, status, and adherence to the values and beliefs ofthe group.There are myriad subcultures in modern society, many involving both online andoffline experiences. However, not all subcultures are deviant, and you can also be amember of several subcultures at once. For instance, you may belong to a subculture ofsports team fans (whether football, basketball, or any athletics) if you: (1) enjoy watchingtheir games, (2) know the statistics for your favorite players, (3) know the historic eventsin your team’s previous seasons, and (4) you debate with others over who may be thebest players in certain positions. Similar subcultures exist for gardening, fashion, cars,movies, and other behaviors. Finding others who share your interests can be beneficial,as it allows for social connectivity and a way to channel your interests in positive ways.23
For examples of various subcultures with a heavy online presence, go online to:http://abcnews.go.com/ABC_Univision/Entertainment/subcultures-strong-online-presence/story?id=18511594#1.In much the same way, subcultures can emerge on and offline for those with aninterest in certain forms of crime and deviance (Quinn and Forsyth, 2005). Technologyallows individuals to connect to others without fear of reprisal or social rejection, andeven enables individuals who are curious about a behavior or activity to learn more inan online environment without fear of detection (Blevins and Holt, 2009; Holt, 2007;Quinn and Forsyth, 2005). New technologies also enable the formation of andparticipation in multiple subcultures with greater ease than is otherwise possible offline.In fact, individuals can readily communicate subcultural knowledge through email andother CMCs, such as techniques of offending, which may reduce their risk of detectionfrom victims and law enforcement (Holt et al., 2008; Holt and Copes, 2010). Because ofthe prominence of technology as a means to communicate with others, this book willfocus extensively on the role of online subcultures to facilitate crime and deviance invirtual and real-world environments.For more information on the current state of online subcultures, go online to:www.highsnobiety.com/2015/03/11/internet-subcultures-health-goth-seapunk/.Technology as a target of or means to engage in crimeThe second way in which technology can be misused is much more insidious – as a24
resource for individuals to attack and to cause harm to individuals, businesses, andgovernments both online and offline. Many devices in our daily lives have the capabilityto connect to the Internet, from mp3 players to desktop computers. These technologiescontain sensitive pieces of information, ranging from our shopping habits to usernamesand passwords for bank and email accounts. Since these devices can communicate withone another, individuals can potentially gain access to this information through variousmethods of computer hacking (see Chapter 3 for more details).While hacking is often thought to involve highly skilled individuals with a significantunderstanding of technology, the simple act of guessing someone’s email or computerpassword could be defined as a hack (Bossler and Burruss, 2011; Skinner and Fream,1997). Gaining unauthorized access to personal information online is often key todefinitions of hacking, as an individual is attempting to gain entry into protectedsystems or data (see Schell and Dodge, 2002; Wall, 2001). In turn, that information, suchas who a person talks to or which financial institution they choose for banking purposes,can be used to cause additional harm. In fact, research on college students suggests thatbetween 10 and 25 percent of undergraduates have tried to guess someone else’spassword (Holt, Burruss, and Bossler 2010; Rogers, Smoak, and Liu, 2006; Skinner andFream, 1997). Thus, the information that can be assembled about our activities onlinemay be compromised and used by others to cause financial or emotional harm.For more information on creating passwords, go online to:http://passwordsgenerator.net/.Similarly, some hackers target websites and resources in order to cause harm or toexpress a political or ideological message. Often, the hacker and activist community useweb defacement in order to spread a message and cause harm at the same time(Brenner, 2008; Denning, 2001, 2011; Kilger, 2011). Web defacements are an act of onlinevandalism wherein an individual replaces the existing HTML code for a web page withan image and message that they create. For example, a person may try to deface thewebsite for the White House (www.whitehouse.gov) and replace the content with amessage that they want others to see. Although this is an inconvenience andembarrassment to the site owner, it may be more malicious if the defacer chooses todelete the original content entirely.Defacements have become a regular tool for politically motivated hackers and actors25
to express their opinions, and have been used around many hot-button social events. Forinstance, the Turkish hacker community began a widespread campaign of webdefacements following the publication of a cartoon featuring an image of the prophetMohammed with a bomb in his turban (Holt, 2009; Ward, 2006). Many Muslims weredeeply offended by this image, and Turkish hackers began to deface websites owned bythe Danish newspaper which published the cartoon, along with any other site thatreposted the image. The defacements were conducted in support of the Islamic religionand to express outrage over the way in which their faith was being portrayed in thepopular media (Holt, 2009; Ward, 2006). Thus, motivated actors who want to cause harmor express an opinion may view various resources online as a target.For more on web defacements and images of such content, go online to:www.zone-h.org.Defining computer misuse and abuseSince technology may be used both as a communications medium and a target forattacks against digital targets and infrastructure, it is vital to delineate what constitutesthe abuse and misuse of technology. For instance, the term deviance is used to refer to abehavior that may not be illegal, though it is outside of the formal and informal normsor beliefs of the prevailing culture. There are many forms of deviance, depending onsocietal norms and societal contexts. For instance, texting and using Facebook while inclass may not be illegal, but it is disruptive and generally frowned upon by faculty andadministrators. The same is true in movie theaters and other public settings. Therefore,texting and using Facebook could be viewed as deviant in the context of certainsituations and locations, but may not be illegal otherwise. The fact that this activity isengendered by technology may allow it to be referred to as cyberdeviance.A more pertinent example of cyberdeviance is evident in the creation and use ofpornography. The Internet has made it exceedingly easy for individuals to viewpornographic images and videos, as well as to make these materials through the use ofwebcams, cell phone cameras, and digital photography. It is legal for anyone over theage of 18 to either access pornographic images or star in these films and media. If thelarger community shares the view that pornography is morally wrong, then viewing26
these materials may be considered deviant in that area. Therefore, it is not illegal toengage in this activity; rather it simply violates local norms and belief systems, making ita deviant behavior.Activities that violate codified legal statutes move from deviance to criminal acts. Inthe context of pornography, if an individual is under the age of 18 in the USA, they arenot legally allowed to either create or view pornographic images. Therefore, such an actis considered a crime because it carries legal sanctions. The criminal statutes in the USAat both the state and federal level recognize a variety of offenses in the real world.The rapid adoption and use of technology in order to facilitate criminal activity,however, have led to the creation of several terms in order to properly classify thesebehaviors. Specifically, cybercrime and computer crime emerged a few decades ago torefer to the unique way in which technology is used to facilitate criminal activity.Cybercrime refers to crimes “in which the perpetrator uses special knowledge ofcyberspace,” while computer crimes occur because “the perpetrator uses specialknowledge about computer technology” (Furnell, 2002: 21; Wall, 2001). In the early daysof computing, the difference between these terms was useful to clarify how technologywas incorporated into the offense. The fact that almost every computer is now connectedto the Internet in some way has diminished the need to segment these two acts (Wall,2007). In addition, they have become virtually synonymous in both academic circles andpopular media. As a result, this book will use the term “cybercrime” due to the range ofcrimes that can occur through the use of online environments and the massive numberof computers and mobile devices that are connected to the Internet.The borderless nature of the Internet complicates the criminal justice response tocrime and deviance, since the ways in which nations define an act do not generallyhinder individuals from accessing content. Using the example of pornography, it is legalto produce and access this content in the USA and in most other parts of the globe.Islamic majority nations like Iran and Saudi Arabia, however, have banned and made itillegal to access pornography due to their religious beliefs (Wall, 2001, 2007). Othercountries like Sweden, however, place minimal restrictions on the production ofpornographic content, including images of animals or “bestiality.” Although it is illegalto create or view this content in the USA and in most other nations, individuals canaccess bestiality, violent, or unusual pornographic material from across the globe,regardless of their nation’s laws, due to the connectivity afforded by the Internet(Brenner, 2008; Wall, 2007). Thus, it is difficult to restrict or enforce local laws onindividual conduct because of the ability to access content globally.27
Fig. 1.1 Venn diagram of cybercrime, cyberterrorism, and cyberdevianceThe intersection of cybercrime and cyberdeviance is also related to the emergingproblem of cyberterrorism (see Figure 1.1 for details). This term emerged in the mid-1990s as technology began to play an increasingly significant role in all aspects of society(Denning, 2001; Britz, 2010). There is no single accepted definition of cyberterrorism,though many recognize this behavior as the use of digital technology or computer-mediated communications to cause harm and force social change based on ideological orpolitical beliefs (Brenner, 2008; Britz, 2010). Although there are few known incidents ofcyberterrorism that have occurred over the past two decades, the ubiquity of technologycould allow extremist groups like Al Qaeda to target military systems containingsensitive information, financial service systems that engender commerce, power grids,switching stations, and other critical infrastructure necessary to maintain basic services.Criminals may also attack these targets using similar tactics, making it difficult toseparate acts of cyberterror from cybercrime (Brenner, 2008).For more information on the technologies supporting power grids, go online to:www.tofinosecurity.com/blog/scada-cyber-securityinternational-issue.In order to classify these phenomena, it is necessary to consider both the motive of theattacker and the scope of harm caused. For instance, criminal acts often target single28
individuals and may be motivated by economic or other objectives, whereas terroristattacks are often driven by a political motive and are designed to not only hurt or killinnocents but also to strike fear into the larger population (Brenner, 2008; Britz, 2010). Inaddition, the communications capability afforded by the Internet creates an interestingintersection between cyberdeviance and cyberterror. For example, members of extremistand hate groups increasingly depend on web forums and blogs to post their views toaudiences across the globe. In fact, the Islamic State of Iraq and the Levant (ISIS) usesTwitter and other social media platforms as a means to recruit and radicalize individuals,as well as to promote their agenda (see Chapter 10 for more details). The laws of a givencountry may not allow such language, as in Germany where it is illegal to post Nazi-related content (Wall, 2001). In the USA, though, such speech is protected under the FirstAmendment of the Constitution; therefore, the act of using online forums to express anopinion largely unsupported by society is deviant rather than illegal behavior.It is not always possible to identify cleanly and clearly the nature of somecyberattacks, as is evident in the substantial number of attacks by hackers around theworld who belong to the collective Anonymous. The origins of Anonymous stem fromthe image board 4chan, where people upload and share images with one another withoutrevealing any personal information about themselves (Olson, 2012). Individualscontinuously posting pictures without identifying themselves led to the popularity of theidea of Anonymous as a real person. This crystallized in 2004 when one of the 4chanadministrators implemented a “Forced_Anon” protocol signing all posts to Anonymous(Olson, 2012). As a result, this led to the acceptance of a collective identity ofAnonymous centering on the idea that the Internet is an outlet that has no limits orboundaries.The group encourages awareness and recognition of individuals who are engaging ineither illicit activities or unacceptable actions that harm society. There is no way toidentify a member of Anonymous; instead they are a collection of individuals whosupport an idea or goal without the need for individual recognition (Olson, 2012). Inmost of their online communications, they use the following language as an expressionof these values: “We are Anonymous. We are Legion. We do not forgive. We do notforget. Expect us.” The group also uses Guy Fawkes masks and a body wearing a blacksuit with a question mark for a head in representation of the anonymous nature of thegroup. There is also no necessary leadership of Anonymous.They are often perceived as hacktivists in the general media, since they use DDoSattacks, group-based research, email hacking, and other techniques in order to affect atarget. For instance, one of the first targets of the group was a white supremacist radioshow host named Hal Turner. Members of Anonymous DDoSed his site offline, causingthousands of dollars in losses (Olson, 2012). A subsequent attack by individualsassociated with Anonymous targeted the Support Online Hip Hop (SOHH) website andits forums. Individuals in the SOHH forum made disparaging comments againstAnonymous in June 2008. Their website was then attacked in two stages. The first attackused DDoS tools to knock out access followed by a series of web defacements adding29
Nazi images and racial language to change the site content (Reid, 2008). Shortlythereafter, Anonymous accessed and shared personal information for a teenage boy whoran the site “No Cussing Club” (Olson, 2012). The boy’s family was harassed byindividuals associated with the group, including hate mail and obscene phone calls.Following these attacks, the focus of Anonymous turned toward social activism insupport of free access to information. For instance, the group engaged in a DDoS attackagainst multiple targets in both the music and private industries in a campaign called“Operation Payback.” The attacks began in September 2010 as retaliation against anti-piracy initiatives started by media companies in order to reduce access to copyrightedmaterials online. The attacks expanded to include Sony and their PlayStation Network in2011. The company began to crack down on attempts to pirate games and media, such asa lawsuit against a hacker who released information on techniques to downloadPlayStation 2 video games (Olson, 2012). Anonymous members used the Low Orbit IonCannon attack tool to engage in a DDoS campaign that took down the Play-StationNetwork for hours and days at a time. They also accessed and released personalinformation of PlayStation users obtained by hacking (Olson, 2012). Their involvement ina variety of attacks and hacktivist operations has continued throughout the past fewyears, targeting governments, law enforcement, and industrial targets.Taken as a whole, Anonymous does not appear to hack for economic gain. Theabsence of consistent ideological justifications for their Anonymous actions makes itdifficult to classify their attacks as acts of cyberterrorism. Although scholars differ as towhether Anonymous constitutes cybercriminals or terrorists, their actions demonstratethat cybercrime, terror, and deviance are all interrelated and share common elementsdue to the nature of online environments.What makes cybercrime and deviance attractive?The rise of cyberdeviance, cybercrime, and cyberterror has led many to question whysome people choose to engage in wrongdoing in virtual environments. There are severalunique factors that may account for offending online, most especially the availability oftechnology in the modern world. First and foremost, the ubiquity of technology makes iteasy for individuals to gain access to the tools necessary to offend with relative ease. Theprices of laptop and desktop computers have dropped substantially over the past decade,making it easy to acquire this equipment. For instance, the price of laptop PCs decreasedfrom an average of $1,640 in 2001 to $1,000 in 2005 (Associated Press, 2005). The price hascontinued to drop, and these devices now compete with even smaller portablecomputers, like the iPad and smart phones, that can connect to the Internet throughcellular technology. As a result, offenders can readily acquire and access informationfrom anywhere through these resources. If a person cannot afford to buy these deviceson their own, they can always use computers in Internet cafés and public libraries forfree or for a small cost. Thus, there are minimal barriers to computer technology30
globally.In addition, there is a wide range of cybercrimes that can be performed dependentupon the individual’s technical skill. Some forms of cybercrime require a great deal ofskill and proficiency, though simple offenses may be performed with minimalinvestment on the part of the offender. For instance, anyone can download pirated musicor movies from online environments or post an ad for sexual encounters on craigslist oranother website.Technology also acts as a force multiplier in that computers and CMCs allow a singleperson to engage in crimes that otherwise involve multiple people or complex schemes inorder to target victims (Brenner, 2008; Taylor, Fritsch, Liederbach, and Holt, 2010). Forinstance, if a criminal attempts to rob a person in the real world, they must often targetsingle individuals due to the difficulty in intimidating and managing groups of people.The offender must also try to determine in advance if the individual he is attempting torob has money, jewelry, or other goods that are of value.In online environments, offenders can target thousands of victims at a time,worldwide, within seconds. For example, individuals regularly send out unsolicitedemails, called spam, to thousands of victims using addresses harvested from informationposted on public websites (Holt and Graves, 2007; King and Thomas, 2009; Wall, 2004).For instance, public universities often post the addresses of professors, faculty, and staffon their websites. In turn, individuals can copy and collate these addresses into lists anduse them to send a variety of different spam messages. In fact, one of the most commonforms of spam message appears to originate in part from Nigeria, where the senderclaims to be foreign royalty, bankers, or attorneys who need assistance in moving largesums of money (Holt and Graves, 2007; King and Thomas, 2009; Wall, 2004). Theyrequest information from the email recipients like names, addresses, phone numbers, andbank account details so that they can reuse the information to commit identity theft orbank fraud. Since few people fall for this sort of scheme, sending out thousands ofmessages increases the likelihood that a victim may respond. Thus, fraudsters increasethe likelihood of success by targeting thousands of victims simultaneously.For more information on the rate of spam distribution, go online to:https://securelist.com/all/?category=442.The risk of detection from law enforcement is much lower in online environments31
than in the real world. Offenders in the real world must take several steps to reduce thelikelihood that their actual identity can be determined. For example, robbers may wear amask or baggy clothing to conceal their face and build (Miller, 1998; Wright and Decker,1997). They may also try to disguise their voice by speaking in a higher or lower tone.Victims may be able to recall information about the offender and video cameras maycapture the incident on film, making it harder to hide the offense from police.These issues are largely absent in online environments, since it is easier for offendersto conceal their real identity (Wall, 2001). The faceless nature of the Internet makes iteasy for individuals to hide their gender, age, or race in various ways. A profile in asocial networking site like Facebook or email account can be created using falseinformation through Google, Yahoo, or Hotmail. This false account may be used to sendthreatening or harassing messages to others to help conceal their true identity (Bocij,2004). Similarly, various technological resources are designed to hide a person’s locationfrom others. For example, Tor, the service used by individuals to access the Silk Road, isa form of proxy server that may be used to hide a computer’s location by acting as anintermediary between a computer and the servers and systems to which it connectsthrough the Internet. If we try to access Google from a PC using a proxy, the commandwill be routed through a service that will make the request on our behalf and send theinformation back to us. In turn, the servers at Google will not register our computer asthe one making the request, but rather associate it with the proxy server. Some offendersare even able to route their web and email traffic through other people’s computers inorder to minimize the likelihood that they are caught (see Chapter 4 for more details).For more on proxy servers, go online to:1. www.publicproxyservers.com.2. http://proxy4free.com.32
Cybercrimes are also attractive for some actors based on the laws of their nation.Since individuals can target victims across the world, local laws make a significantdifference to who and what an offender targets. Many industrialized nations have lawsagainst cybercrimes, increasing the risk of prosecution and investigation for offenders ifcaught (Brenner, 2008). Therefore, attacking people within that country may increase thelikelihood of being prosecuted. If, however, a country does not allow their citizens to beextradited to another country to face prosecution for crimes, then the actor cannot besuccessfully investigated (Brenner, 2008). For instance, there is no treaty allowingRussian citizens who engage in attacks against US citizens to be brought to the USA forprosecution. Russian criminals cannot be extradited for these offenses and may generallyreceive no punishment for their actions (see Box 1.1 for an example). In turn, it isextremely difficult to deter or sanction cybercriminals in foreign countries, which mayencourage attacks against certain countries with no consequences.Box 1.1 Getting around Russian extradition lawswww.nbcnews.com/id/3078784#.WNbZom_ytQI.FBI agent charged with hackingRussia alleges agent broke law by downloading evidenceIn a first in the rapidly evolving field of cyberspace law, Russia’s counterintelligence service on Thursdayfiled criminal charges against an FBI agent it says lured two Russian hackers to the United States, thenillegally seized evidence against them by downloading data from their computers in Chelyabinsk, Russia.This article provides interesting insights into the challenges posed by cybercrimeinvestigations that cross national boundaries.By contrast, some developing nations may not have laws against computer misuse. Ifthere are no laws, then the nation serves as a sort of “safe haven” for actors where theycan operate with minimal risk of legal sanctions (Brenner, 2008; Holt, 2003). This wasexemplified in the creation of the ILOVEYOU virus that spread around the world in 2000.This form of malware attacked millions of computers and spread through infected emailattachments, effectively crippling the Internet at the time (Poulsen, 2010). The program33
started in the Philippines on May 4, 2000 and spread across the world in a single day. It isthought to have been created by a Filipino college student named Onel de Guzman,based on the start of the program from Manila and his interest in hacking (Poulsen,2010). At the time, there were no laws against writing malware in the Philippines,making prosecutors unable to pursue de Guzman. Thus, the absence of laws can make itextremely difficult to combat cybercrimes internationally.Taken as a whole, the global reach of the Internet has created substantial difficultiesfor law enforcement agencies at home and abroad to enforce cybercrime laws globally.The structure of policing, especially in the USA, establishes guidelines for theinvestigation of crimes at the local, state, and federal level. Offenses that occur within asingle jurisdictional boundary are often the responsibility of local municipal policedepartments or sheriffs’ departments, while those that cross state or national boundariesare handled by state or federal agencies. Many cybercriminals may not live within thesame region as their victim (Holt, 2003; Wall, 1998), though, even if they were in thesame region, a victim may have no idea where the offender actually resides. This createssignificant confusion as to the appropriate agency to contact, and diminishes the amountof cybercrime reported to law enforcement (Goodman, 1997; Wall, 1998). In fact, thisunder-counting is referred to as “the dark figure” of cybercrime, in that the true numberof offenses is unknown.One reason for the lack of reporting is the inherent difficulty in recognizing whenillegal activities have taken place. Individuals may be completely unaware that they havebeen the victim of cybercrime until it is too late. For example, failures in computerhardware and software may be either the result of an error in the equipment, or a directresult of criminal activities designed to hide their occurrence. Many in the general publicdo not have the skills necessary to discern the root cause, making it hard to know whensome sort of compromise has taken place. Since cybercriminals attempt to target asmany victims as possible, it is also difficult to identify any patterns for risky behavioronline (Bossler and Holt, 2009). Finally, protective software programs designed to reduceindividual risk of victimization do not always work. Approximately 25 percent ofpersonal computers around the world that use a variety of security solutions havemalicious software, such as a virus, loaded into their memory (PandaLabs, 2007).The embarrassment, shame, or harm that may come from reporting cybercrimevictimization also reduces the likelihood of contacting law enforcement. For instance,Nigerian email scams often target naïve individuals who believe that an unlikely claimmay be valid. Reporting that they have been defrauded may be substantiallyembarrassing and thereby diminish the likelihood of reporting. Within corporate andgovernment computing environments, there are several issues that may reduce thelikelihood of reporting when a cybercrime has occurred. For instance, a company maylose customers or overall stock value if they report that their systems have beencompromised. Embarrassment over the loss of sensitive information may engendercover-ups or diminished reporting in order to reduce the loss of business.Taken as a whole, technology affords multiple unique advantages for offenders that34
are not necessarily present in the real world. Technology is readily available across theglobe, providing offenders with widespread access to resources. The number of peopleonline provides a wealth of prospective victims that can be affected with greater easethan is possible in the real world. Technology also offers people the ability to hide theiractual identity behind a variety of false names and locations, making it difficult todetermine who is responsible for a criminal incident. Finally, the different legalstructures and cooperative agreements in place across the globe make it difficult tosuccessfully prosecute cyber-crimes. As a result, individuals who engage in cybercrimeand deviance face a much lower risk of detection and arrest, and may experience greatermonetary or emotional rewards from cybercrime.For more information on the challenges of prosecuting cybercrimes, go onlineto: www.justice.gov/criminal/cybercrime/docs/ccmanual.pdf .Technology as evidenceThe third and final way that technology may be used in the course of an offense isthrough its incidental role or involvement in a crime. In this case, the computer mayeither be involved in the commission of a crime or is being used merely as a storagedevice (Maras, 2012). For instance, the presence of child pornography on a laptop or cellphone suggests that it is incidental to the offence. This information, wherever it is stored,constitutes digital evidence, defined as information that is either transferred or stored ina binary form (Casey, 2011). Digital evidence may be anything from the browser historyof an individual to the emails, chat logs, photos present on mobile phones, GPS devices,IoT devices, and cell phone cameras of both the victim and offenders (see Chapter 12).Computers, in the traditional sense, are no longer the only devices capable of sendingemails, chatting, and browsing the Internet. Tablets, music players, and various otherdevices can be connected to the Internet and provide some evidence of an individual’sbehaviors.There are several valuable examples that help clarify what is digital evidence andwhen it may be pertinent for various forms of crime both online and offline (Clifford,2006; Maras, 2012). For example, BTK (Bind, Torture, Kill) was a serial killer in Kansas(USA) from 1974 until 2005 when he was arrested and convicted of ten homicides35
(Williams and Landwehr, 2006). The killer murdered ten people in Kansas between 1974and 1991 and then went dormant, though he constantly wrote letters to the media andpolice describing his exploits. The investigation went cold, though the BTK Killerindicated that he had committed another murder that had not been attributed to him.Police then began communicating directly with BTK, when the killer asked if it waspossible to trace his identity on the basis of data on floppy disks. The agency erroneouslysaid that they could not, and BTK sent them a disk with a document discussing hisbehaviors. Using specialized computer forensic software to help process the data andevidence located on the disk, investigators determined the location of the computerwhere the disk had been opened, as well as the person who created the document. Inturn, they were able to develop detailed information about the killer and gather enoughcircumstantial evidence to suggest a prospective identity, which turned out to be a mannamed Dennis Rader. He was subsequently arrested and pled guilty to the murders,receiving ten consecutive life sentences, one for each murder (Williams and Landwehr,2006).Digital evidence may also be derived from online sources that may be present onwebsites and social media. In fact, digital evidence collected from social media sites, suchas Facebook and Twitter, has been influential in law enforcement over the past fewyears. Following the Vancouver Canucks’ loss to the Boston Bruins in the Stanley Cupfinals in 2011, a massive riot broke out in Vancouver with fans setting vehicles on fire,breaking windows, looting stores, and dancing atop overturned cars (CBC News, 2011).Within hours of the riot, police received over 3,500 emails that included videos, photos,and web links to various social media sites. In addition, a “Vancouver Riot Pics”Facebook page was created to identify those individuals involved in the riots by allowingthe public to “tag” the pictures and videos (Leger, 2011). More than 100 people werearrested through the assistance of social media.With virtually every crime incorporating some form of digital evidence, it is up to lawenforcement to be able to identify the possible sources of information and the locationswhere such information may be found. Various peripheral devices like flash drives, CDs,DVDs, and even gaming systems may contain digital evidence that can be collected.Some companies even produce removable storage media that are easily disguised, suchas a pair of sunglasses or a wristband that contains a flash drive. With digital devicesbeing increasingly used to target, act as a tool, or provide support for criminal activities,law enforcement and investigators must understand the nature of the digital crime scene.For more on hidden media devices, go online to:www.trendhunter.com/slideshow/disguised-usb-drives.36
37
A typology of cybercrimeIn light of the various ways in which technology engenders crime and deviance as wellas fostering unique tactics for offending, it is necessary to understand the wide range ofbehaviors that constitute cybercrime. David Wall (2001) created one of the mostrecognized typologies of cybercrime, which encapsulates behavior into one of fourcategories: (1) cyber-trespass; (2) cyber-deception and theft; (3) cyber-porn and obscenity;and (4) cyber-violence. These categories reference the wide range of deviant, criminal,and terrorist behaviors that have emerged using technology, as well as the subculturessupporting offenders throughout the world.Cyber-trespassThe first category is cyber-trespass, referring to the act of crossing boundaries ofownership in online environments. This may seem confusing at first. If you go to acoffee shop or restaurant, you may notice that they offer free Wi-Fi. Their networkprobably has a name they chose which identifies their network and indicates whomanages and is responsible for that space. In order to use the service, you must join theirnetwork and accept the terms of service that may come up when you open your webbrowser. In this instance, the coffee shop owns and manages this wireless network, butallows others to use the connectivity. By contrast, if the shop did not offer connectivityto customers, but you attempt to join and use their Wi-Fi anyway, you are trespassingbecause you are trying to break into the network that they own without the company’spermission.The issue of ownership is critical in instances of trespass, especially for computerhackers who often attempt to access computer systems, email accounts, or protectedsystems that they do not own (Furnell, 2002; Jordan and Taylor, 1998). Many in thegeneral public recognize hackers for their involvement in criminal acts of trespassingsensitive boundaries of ownership, contributing to the belief that hackers causesignificant harm to citizens, industry, and government alike. Although not all hackersengage in crime, those who do cost individuals and corporations a great deal of moneyeach year. Individuals who are interested in computer hacking operate within a largeonline subculture with participants from across the globe. They often come togetheronline to discuss various techniques of hacking and their attitudes toward hacking withor without permission from system owners. Because not all hackers engage in crime,there is a rift within the subculture based on an individual’s willingness to engage in actsof cyber-trespass in support of hacking (see Chapter 3 for more details).38
Cyber-deception and theftThe second category within Wall’s (2001) typology is cyber-deception and theft, whichcan extend from hacking and other forms of cyber-trespass. This category includes allthe ways in which individuals may illegally acquire information or resources online, andoften goes hand in hand with trespass. For instance, criminals can use email messages toacquire bank account information from victims through the use of phishing messages(James, 2005). In this case, a criminal sends a message claiming to be from a bank orfinancial institution which needs prospective consumers to validate their accountinformation by clicking on a web link provided in the message. The individuals are thensent to a fraudulent website that resembles the actual financial institution and are askedto enter their bank account username, login, and other sensitive information (James,2005). This data is then stored and used by the criminal to engage in fraud, or resold toothers through an online black market for stolen data. These crimes are particularlycostly for consumers and businesses; a recent study by the Ponemon Institute (2015)found that a single phishing attack can cost an organization approximately $3.7 milliondue to losses in equipment, employee productivity, and mitigation costs.The problem of digital piracy is also included in cyber-theft, encompassing the illegalcopying of digital media, such as computer software, digital sound recordings, anddigital video recordings, without the explicit permission of the copyright holder (Gopal,Saunders, Bhattacharjee, Agrawal, and Wagner, 2004). The financial losses stemmingfrom digital piracy are quite high. For instance, one company estimates that the USrecording industry loses over $12 billion each year from piracy (Siwek, 2007). This isbecause piracy is an extremely common activity, as evidenced by one study which foundthat between 50 and 90 percent of all broadband Internet traffic involved the transfer ofpirated media (Siwek, 2007). In addition, studies of college students in the USA find thatbetween 40 and 60 percent of respondents have engaged in piracy within the past year(Gunter, 2009; Higgins, 2005; Hinduja, 2003; Skinner and Fream, 1997).For more information on the problem of software piracy, go online to:http://globalstudy.bsa.org/2016/index.html.The problem of piracy appears to be facilitated in large part by the subculture ofpirates operating online. The participants in this subculture help break copyright39
protections on DVDs, Blu-ray disks, and software and distribute these materials online.In fact, individuals can access pirated media and software through various outlets,including file-sharing services, torrents, and websites (Cooper and Harrison, 2001; Holtand Copes, 2010). Participants in this subculture also encourage piracy by sharing theirattitudes toward copyright law and minimizing the harm caused by pirating media (seeChapter 5 for details). Many young people believe that piracy is an acceptable behaviorwhich has little impact on artists or private industry (Hinduja, 2003; Ingram andHinduja, 2008). Thus, cyber-deception and theft involves multiple activities that causesignificant financial harm.Cyber-porn and obscenityThe third category in Wall’s typology of cybercrime is cyber-porn and obscenity,representing the range of sexually expressive content online. As noted earlier, sexuallyexplicit content is defined differently based on location. Thus, porn and obscenity maybe deviant or criminal based on local laws. The relatively legal nature of adultpornography has enabled the development of an extremely lucrative industry, thanks inpart to the availability of streaming web content and high-speed connectivity (Edelman,2009; Lane, 2000). In addition, amateurs are increasingly active in the porn industry dueto the ease with which individuals can produce professional quality images and mediathrough HD digital cameras, web-enabled cameras, and other equipment (Lane, 2000).While viewing pornographic content is not illegal for individuals over the age of 18,accessing certain content, such as violent or animal-related material, may be criminaldepending on local laws.The ability to access pornographic content has also enabled the development of onlinesubcultures focused on various deviant sexual activities. Individuals with niche sexualfetishes can identify multiple outlets to discuss their interests with others in web forums,email lists, and online groups that engender the exchange of information in near realtime (DiMarco, 2003). In turn, these spaces help make people feel they are part of a largergroup that validates their beliefs and attitudes. Sexual subcultures can also move intocriminal activity when the actors victimize children and adults either online or offline.For instance, prostitutes increasingly use the Internet to advertise their services and keepin touch with clients (Cunningham and Kendall, 2010). The customers of sex workersalso use this technology in order to discuss their experiences, provide detailed accountsof their interactions, and warn others about police activities in a given area (Holt andBlevins, 2007; Sharp and Earle, 2003). Similarly, pedophiles who seek out sexualrelationships with children frequently use CMCs in order to identify and sharepornographic and sexual images (Jenkins, 2001; Quayle and Taylor, 2002). They may alsouse forums and instant messaging to connect with children in an attempt to move intooffline relationships (Wolak, Finkelhor, and Mitchell, 2004; Wolak, Mitchell, andFinkelhor, 2003).40
Cyber-violenceThe final form within Wall’s typology is cyber-violence, referring to the ability to sendor access injurious, hurtful, or dangerous materials online. This may encompassemotional harm such as embarrassment or shame, and in limited circumstances physicalharm through suicidal ideation (Hinduja and Patchin, 2009). For example, the volume ofinformation available through social networking sites, coupled with the frequent use ofCMCs, has increased the likelihood that individuals will be bullied, harassed, or stalkedonline (Finkelhor, Mitchell, and Wolak, 2000; Finn, 2004; Hinduja and Patchin, 2009; Holtand Bossler, 2009). Individuals from various age groups are increasingly receivingthreatening or sexual messages via email, instant message, or texts (Bocij, 2004; Finn,2004). People may also use CMCs to post embarrassing video, images, and text aboutanother person for the public to see. In fact, technology has greatly increased thelikelihood of emotional or psychological harm resulting from these messages (Finkelhoret al., 2000; Wolak et al., 2004).Political and social movements also use CMCs in order to spread information abouttheir causes or beliefs, as well as to engage in attacks against different targets online andoffline (Brenner, 2008; Cere, 2003; Denning, 2011). For instance, riots in England andArab states across the Middle East have organized through the use of social media, suchas Twitter and Facebook (Stepanova, 2011). In fact, CMCs may be used to form flashmobs, or mass organizations of people, to organize quickly and move rapidly throughthe use of online media without alerting local citizens or law enforcement (Taylor et al.,2010).Various extremist groups with their own subcultural norms and values use theInternet in order to promote their beliefs and connect interested parties (see Chapter 10for details). Social media sites like Facebook, video-sharing sites like YouTube, andvarious web forums are used by extremist groups to promote their ideological beliefs(Hegghammer, 2013; Holt, 2012; Weimann, 2011). For instance, Dylann Roof shot andkilled nine African Americans in a church in Charleston, South Carolina on June 17, 2015(Hankes, 2015). His attack was racially motivated, and it was discovered shortly after hisarrest that he operated a website where he posted pictures of himself with guns,Confederate flags, and neo-Nazi and white supremacist paraphernalia, along with amanifesto explaining his views. He also posted on a white supremacist web forum calledThe Daily Stormer and used it as a vehicle to express his racist beliefs (Hankes, 2015).In addition, extremist groups have used the Internet in order to engage in attacksagainst governmental targets worldwide. The hacker group Anonymous has engaged ina variety of distributed denial-of-service (DDoS) attacks against governments, therecording industry, and private businesses (Correll, 2010; Poulsen, 2011). In a DDoSattack, individuals send multiple requests to servers that house online content to thepoint where these servers become overloaded and are unable to be used by others. As aconsequence, these attacks can completely knock a service offline, causing companies tolose money and, potentially, customer confidence. The group Anonymous uses these41
attacks as a protest against attempts to reduce the distribution of pirated media online.Anonymous believes intellectual property laws are unfair, that governments are stiflingthe activities of consumers, so the group wishes to elicit a direct response from thegeneral public to stand up against this supposed tyranny (Correll, 2010; Poulsen, 2011).Thus, the use of technology has expanded the capability of extremist groups to affectpopulations and targets well beyond their overall capacity in the real world.42
This textGiven the range of criminal and deviant acts that are enabled by the Internet and CMCs,it is critical that we understand as much about these phenomena as possible. Thus, thisbook will explore the spectrum of cybercrimes in detail, considering how real-worldcrimes have incorporated technology, as well as the unique forms of offending that haveemerged as a direct result of technology. In addition, each chapter will consider theunique subcultures that have emerged in online environments around a form ofdeviance, crime, or a specific ideology. The subcultural norms of each group will beexplored in order to understand how involvement in this subculture affects behaviorboth online and offline, as well as its influence on attitudes toward crime and deviance.Finally, statutes in the USA and abroad that have been created to address these issueswill be covered, along with the local, state, national, and international law enforcementagencies that have responsibilities to investigate and enforce those laws.Chapter 2, “Law enforcement, privacy, and security in dealing with cybercrime,”provides an overview of the various entities involved in policing cyber-crimes. Thisincludes traditional local, state, and federal law enforcement, as well as organizationsand industry bodies that actively attempt to mitigate cyber-crimes without a legalmandate from the state.Chapter 3, “Computer hackers and hacking,” explores computer hacking in depth,including its role in attacks against individuals and corporations alike. Chapter 4,“Malware and automated computer attacks,” explores the problem of malicious softwareand its evolution over time. Chapter 5, “Digital piracy and intellectual property theft,”considers the issue of digital piracy, including the theft and release of software, music,movies, television, and other digital content. More serious forms of fraud and theft areexplored in Chapter 6, “Economic crimes and online fraud,” including the use of emailscams in order to acquire financial information from unsuspecting victims.Chapter 7, “Pornography, prostitution, and sex crimes,” covers a wide variety ofonline sexual behavior, including pornography, how the Internet has affected traditionalprostitution, and how the criminal justice system has attempted to evolve to addressthese issues. Chapter 8, “Child pornography and sexual exploitation,” considers sexualcrimes against children, including child pornography and child molestation, and theways in which these offenses are uniquely engendered by technology. Chapter 9,“Cyberbullying, online harassment, and cyberstalking,” investigates the problem ofonline harassment, bullying, and stalking, while Chapter 10, “Online extremism,cyberterror, and cyber warfare,” explores the use of technology to spread hate speechand extremism across the globe.Chapter 11, “Cybercrime and criminological theories,” will provide the reader with anin-depth examination of whether traditional criminological theories can help us43
understand why individuals commit the wide range of behaviors encompassed incybercrime. It will also explore the idea of whether new cybercrime theories are neededor whether our current stock of criminological theories is adequate in explaining these“new” forms of crime.Chapter 12, “Evolution of digital forensics,” will elaborate the concept of digitalforensics and the process of seizing evidence from various devices. Chapter 13,“Acquisition and examination of forensic evidence,” details the various tools used in theprocess of evidence analysis, as well as the techniques involved in data recovery andinvestigation generally. Chapter 14, “Legal challenges in digital forensic investigations,”focuses on the process of evidence presentation in court, and the laws that affect what isadmissible and when by an analyst. Finally, Chapter 15, “The future of cybercrime,terror, and policy,” considers the future of cybercrime with a discussion of the ways inwhich the global nature of technology hinders our ability to effectively regulate theseoffenses.Key termsAnonymousBitcoinComputer crimeComputer-mediated communications (CMCs)CybercrimeCyber-deceptionCyberdevianceCyber-pornCyberterrorismCyber-trespassCyber-violenceDevianceDigital evidenceDigital immigrantDigital nativeDistributed denial-of-service attackDread Pirate RobertsFlash mobIncidentalPhishingProxy serverSilk RoadSpamSubculture44
TechnicwaysThe Onion Router, or Tor ServiceWeb defacementDiscussion questions1. Think carefully about your current access to technology. How manylaptops, desktops, tablets, and mobile devices do you own? How muchtime do you spend online? How would you compare your use oftechnology to your peers’?2. Take a few moments to think critically about the way in which you shareinformation with the world through online environments. Do youcautiously share personal information? How much detail do you placeabout yourself into Facebook and other social networking sites? Do youuse the same credit card for all online purchases? How often do youpirate music and media? Keeping this in mind, detail the various ways inwhich you could become a victim of as many forms of cybercrime as ispossible.3. Do you belong to any subcultures, either online or offline? What arethey, and how do you think they affect your activities and attitudestoward the world around you?4. How much overlap do you see between real-world crimes and cyber-crimes? Should we have distinct terms to recognize crime or deviance inonline environments, or should all offenses just be classified as crimes,regardless of where and how they occur?45
ReferencesAssociated Press. (2005). Average price of laptops drops to $1,000 . Available at:www.msnbc.msn.com/id/9157036/ns/technology_and_science-tech_and_gadgets/t/average-price-laptops-drops/.Barratt, M. J. (2012). Silk Road: Ebay for drugs. Addiction, 107, 683.Barratt, M. J., Ferris, J. A., and Winstock, A. R. (2014). Use of the Silk Road, the onlinedrug marketplace, in the United Kingdom, Australia, and the United States.Addiction, 109, 774–783.Blevins, K., and Holt, T. J. (2009). Examining the virtual subculture of johns. Journal ofContemporary Ethnography, 38, 619–648.Bocij, P. (2004). Cyberstalking: Harassment in the Internet Age and How to Protect yourFamily. Westport, CT: Praeger.Bossler, A. M., and Burruss, G. W. (2011). The general theory of crime and computerhacking: Low self-control hackers? In T. J. Holt and B. H. Schell (eds), CorporateHacking and Technology-driven Crime: Social Dynamics and Implications (pp. 38–67). Hershey, PA: IGI Global.Bossler, A. M., and Holt, T. J. (2009). On-line activities, guardianship, and malwareinfection: An examination of routine activities theory. International Journal of CyberCriminology, 3, 400–420.Bossler, A. M., and Holt, T. J. (2012). Patrol officers’ perceived role in responding tocybercrime. Policing: An International Journal of Police Strategies & Management,35, 165–181.Brake, M. (1980). The Sociology of Youth Cultures and Youth Subcultures. London:Routledge and Kegan Paul.Brenner, S. W. (2008). Cyberthreats: The Emerging Fault Lines of the Nation State. NewYork: Oxford University Press.Britz, M. T. (2010). Terrorism and technology: Operationalizing cyberterrorism andidentifying concepts. In T. J. Holt (ed.), Crime On-line: Correlates, Causes, andContext (pp. 193–220). Raleigh, NC: Carolina Academic Press.Casey, E. (2011). Digital Evidence and Computer Crime: Forensic Science, Computers, andthe Internet (3rd edn). Waltham, MA: Academic Press.CBC News. (2011, June 16). Vancouver police arrest more than 100 in riot. CBC News.Available at: www.cbc.ca.Cere, R. (2003). Digital counter-cultures and the nature of electronic social and politicalmovements. In Y. Jewkes (ed.), Dot.cons: Crime, Deviance and Identity on the Internet(pp. 147–163). Portland, OR: Willan Publishing.Clifford, R. D. (ed.) (2006). Cybercrime: The Investigation, Prosecution, and Defense of aComputer-related Crime (2nd edn). Durham, NC: Carolina Academic Press.46
Cooper, J., and Harrison, D. M. (2001). The social organization of audio piracy on theInternet. Media, Culture, and Society, 23, 71–89.Correll, S. P. (2010). An interview with Anonymous. PandaLabs Blog. Available at:http://pandalabs.pandasecurity.com/an-interview-with-anonymous/.Cunningham, S., and Kendall, T. (2010). Sex for sale: Online commerce in the world’soldest profession. In T. J. Holt (ed.), Crime On-line: Correlates, Causes, and Context(pp. 40–75). Raleigh, NC: Carolina Academic Press.Denning, D. E. (2001). Activism, hacktivism, and cyberterrorism: The Internet as a toolfor influencing foreign policy. In J. Arquilla and D. F. Ronfeldt (eds), Networks andNetwars: The Future of Terror, Crime, and Militancy (pp. 239–288). Santa Monica,CA: Rand.Denning, D. E. (2011). Cyber-conflict as an emergent social problem. In T. J. Holt and B.Schell (eds), Corporate Hacking and Technology-driven Crime: Social Dynamics andImplications (pp. 170–186). Hershey, PA: IGI-Global.DiMarco, H. (2003). The electronic cloak: Secret sexual deviance in cybersociety. In Y.Jewkes (ed.), Dot.cons: Crime, Deviance, and Identity on the Internet (pp. 53–67).Portland, OR: Willan Publishing.Dolliver, D. S. (2015). Evaluating drug trafficking on the Tor Network: Silk Road 2, thesequel. International Journal of Drug Policy.Edelman, B. (2009). Red light states: Who buys online adult entertainment? Journal ofEconomic Perspectives, 23, 209–220.Estes, A. C. (2014). Mozilla is helping tor to get bigger and better. Gizmodo, November11, 2014. Available at: www.gizmodo.co.uk/2014/11/mozilla-is-helping-tor-to-get-bigger-and-better/.Finkelhor, D., Mitchell, K. J., and Wolak, J. (2000). Online Victimization: A Report on theNation’s Youth. Washington, DC: National Center for Missing and ExploitedChildren.Finn, J. (2004). A survey of online harassment at a university campus. Journal ofInterpersonal Violence, 19, 468–483.Foster, J. (1990). Villains: Crime and Community in the Inner City. London: Routledge.Franklin, O. (2013). Unravelling the dark web. British GQ. Available at: www.gq-magazine.co.uk/comment/articles/2013-02/07/silk-road-online-drugs-guns-black-market/viewall.Furnell, S. (2002). Cybercrime: Vandalizing the Information Society. London: Addison-Wesley.Gibbs, S. (2013). Silk Road underground market closed – but others will replace it. TheGuardian, October 3, 2013. Available at:www.theguardian.com/technology/2013/oct/03/silk-road-underground-market-closed-bitcoin.Goodman, M. D. (1997). Why the police don’t care about computer crime. HarvardJournal of Law and Technology, 10, 465–494.Gopal, R., Sanders, G. L., Bhattacharjee, S., Agrawal, M. K., and Wagner, S. C. (2004). A47
behavioral model of digital music piracy. Journal of Organizational Computing &Electronic Commerce, 14, 89–105.Greenwood, S., Perrin, A., and Duggan, M. (2016). Social media update 2016. PewResearch Center. Available at: www.pewinternet.org/2016/11/11/social-media-update-2016/.GSM Association. (2012). Children’s use of mobile phones: An international comparison2012. Available at: www.gsma.com/publicpolicy/wp-content/uploads/2012/03/GSMA_ChildrensMobilePhones2012WEB.pdf.Gunter, W. D. (2009). Internet scallywags: A comparative analysis of multiple forms andmeasurements of digital piracy. Western Criminology Review, 10, 15–28.Hankes, K. (2015). Dylann Roof may have been a regular commenter at neo-nazi websiteThe Daily Stormer. Hatewatch Blog, June 21, 2015. Available at:www.splcenter.org/hatewatch/2015/06/22/dylann-roof-may-have-been-regular-commenter-neo-nazi-website-daily-stormer.Hegghammer, T. (2013). Should I stay or should I go? Explaining variation in Westernjihadists’ choice between domestic and foreign fighting. American Political ScienceReview, 107, 1–15.Herbert, S. (1998). Police subculture reconsidered. Criminology, 36, 343–369.Higgins, G. E. (2005). Can low self-control help with the understanding of the softwarepiracy problem? Deviant Behavior, 26, 1–24.Hinduja, S. (2003). Trends and patterns among software pirates. Ethics and InformationTechnology, 5, 49–61.Hinduja, S., and Patchin, J. W. (2009). Bullying Beyond the Schoolyard: Preventing andResponding to Cyberbullying. New York: Corwin Press.Holt, T. J. (2003). Examining a transnational problem: An analysis of computer crimevictimization in eight countries from 1999 to 2001. International Journal ofComparative and Applied Criminal Justice, 27, 199–220.Holt, T. J. (2007). Subcultural evolution? Examining the influence of on- and off-lineexperiences on deviant subcultures. Deviant Behavior, 28, 171–198.Holt, T. J. (2009). The attack dynamics of political and religiously motivated hackers. InT. Saadawi and L. Jordan (eds), Cyber Infrastructure Protection (pp. 161–182). NewYork: Strategic Studies Institute.Holt, T. J. (2012). Exploring the intersections of technology, crime and terror. Terrorismand Political Violence, 24(2), 337–354.Holt, T. J., and Blevins, K. R. (2007). Examining sex work from the client’s perspective:Assessing johns using online data. Deviant Behavior, 28, 333–354.Holt, T. J., and Bossler, A. M. (2009). Examining the applicability of lifestyle-routineactivities theory for cybercrime victimization. Deviant Behavior, 30, 1–25.Holt, T. J., and Bossler, A. M. (2012). Police perceptions of computer crimes in twosoutheastern cities: An examination from the viewpoint of patrol officers. AmericanJournal of Criminal Justice, 37, 396–412.Holt, T. J., and Copes, H. (2010). Transferring subcultural knowledge online: Practices48
and beliefs of persistent digital pirates. Deviant Behavior, 31, 625–654.Holt, T. J., and Graves, D. C. (2007). A qualitative analysis of advanced fee fraudschemes. The International Journal of Cyber-Criminology, 1, 137–154.Holt, T. J., Blevins, K. R., and Kuhns, J. B. (2008). Examining the displacement practicesof johns with on-line data. Journal of Criminal Justice, 36, 522–528.Holt, T. J., Bossler, A. M., and Fitzgerald, S. (2010). Examining state and local lawenforcement perceptions of computer crime. In T. J.Holt (ed.), Crime On-line:Correlates, Causes, and Context (pp. 221–246). Raleigh: Carolina Academic.Holt, T. J., Burruss, G. W., and Bossler, A. M. (2010). Social learning and cyber deviance:Examining the importance of a full social learning model in the virtual world.Journal of Crime and Justice, 33: 15–30.Ingram, J. R., and Hinduja, S. (2008). Neutralizing music piracy: An empiricalexamination. Deviant Behavior, 29, 334–366.Internet Crime Complaint Center. (2008). IC3 2008 Internet Crime Report. Available at:www.ic3.gov/media/annualreport/2008_IC3Report.pdf. Internet Live Stats. (2016).Internet users by country, 2016. Available at: www.internetlivestats.com/internet-users-by-country/.James, L. (2005). Phishing Exposed. Rockland: Syngress.Jenkins, P. (2001). Beyond Tolerance: Child Pornography on the Internet. New York: NewYork University Press.Jordan, T., and Taylor, P. (1998). A sociology of hackers. The Sociological Review, 46,757–780.Kilger, M. (2011). Social dynamics and the future of technology-driven crime. In T. J.Holt and B. Schell (eds), Corporate Hacking and Technology-driven Crime: SocialDynamics and Implications (pp. 205–227). Hershey, PA: IGI-Global.King, A., and Thomas, J. (2009). You can’t cheat an honest man: Making ($$$s and) senseof the Nigerian e-mail scams. In F. Schmalleger and M. Pittaro (eds), Crime of theInternet (pp. 206–224). Saddle River, NJ: Prentice Hall.Kornblum, W. (1997). Sociology in a Changing World (4th edn). Fort Worth, TX:Harcourt Brace and Company.Lane, F. S. (2000). Obscene Profits: The Entrepreneurs of Pornography in the Cyber Age.New York: Routledge.Leger, D. L. (2011, June 23). Social media aid Vancouver police in identifying rioters. USAToday. Available at: www.usatoday.com.Lenhart, A. (2010). Is the age at which teens get cell phones getting younger? PewInternet and American Life Project. Available at:http://pewinternet.org/Commentary/2010/December/Is-the-age-at-which-kids-get-cell-phones-getting-younger.aspx.Maras, M. (2012). Computer Forensics: Cybercriminals, Laws, and Evidence. Sudbury,MA: Jones and Bartlett Learning.Maurer, D. W. (1981). Language of the Underworld. Louisville, KY: University ofKentucky Press.49
McKeganey, N. P., and Barnard, M. (1996). Sex Work on the Streets: Prostitutes and theirClients. Buckingham: Open University Press.Miller, J. (1998). Up it up: Gender and the accomplishment of street robbery.Criminology, 36, 37–66.O’Connell Davidson, J. (1998). Power, Prostitution, and Freedom. Ann Arbor, MI:University of Michigan Press.Odum, H. (1937). Notes on technicways in contemporary society. American SociologicalReview, 2, 336–346.Office for National Statistics. (2015). Internet Access – Households and Individuals, 2015.Available at: www.ons.gov.uk/ons/dcp171778_322713.pdf.Olson, P. (2012). We are Anonymous: Inside the Hacker World of LulzSec, Anonymous,and the Global Cyber Insurgency. New York: Little, Brown, and Company.PandaLabs. (2007). Malware infections in protected systems . Panda Labs Blog. Availableat:http://research.pandasecurity.com/blogs/images/wp_pb_malware_infections_in_protectedsystems.pdfParker, F. B. (1943). Social control and the technicways. Social Forces, 22, 163–168.Ponemon Institute. (2015). The cost of phishing & value of employee training. Availableat: https://info.wombatsecurity.com/hubfs/Ponemon_Institute_Cost_of_Phishing.pdf.Poulsen, K. (2010). This Day In Tech: May 3, 2010: Tainted “Love” Infects Computers.Wired This Day In Tech. Available at: www.wired.com/2010/05/0504i-love-you-virus/.Poulsen, K. (2011). In “Anonymous” Raids, Feds Work From List of Top 1,000 protesters.Wired Threat Level. Available at: www.wired.com/threatlevel/2011/07/op_payback/.Prensky, M. (2001). Digital natives, digital immigrants. On the Horizon, October 2001, 9(5). Lincoln: NCB University Press. Available at:www.marcprensky.com/writing/Prensky%20-%20Digital%20Natives,%20Digital%20Immigrants%20-%20Part1.pdf.Quayle, E., and Taylor, M. (2002). Child pornography and the Internet: Perpetuating acycle of abuse. Deviant Behavior, 23, 331–361.Quinn, J. F., and Forsyth, C. J. (2005). Describing sexual behavior in the era of theinternet: A typology for empirical research. Deviant Behavior, 26, 191–207.Rai, S. (2016). India just crossed 1 billion mobile subscribers milestone and theexcitement’s just beginning. Forbes. Available at:www.forbes.com/sites/saritharai/2016/01/06/india-just-crossed-1-billion-mobile-subscribers-milestone-and-the-excitements-just-beginning/#3abc28c55ac2.Reid, S. (2008). Hip-hop sites hacked by apparent hate group: SOHH, AllHipHoptemporarily suspect access. MTV. Available at:www.mtv.com/news/articles/1590117/hip-hop-sites-hacked-by-apparent-hate-group.jhtml.Rogers, M., Smoak, N. D., and Liu, J. (2006). Self-reported deviant computer behavior: Abig-5, moral choice, and manipulative exploitive behavior analysis. Deviant Behavior,27, 245–268.50
Schell, B. H., and Dodge, J. L. (2002). The Hacking of America: Who’s Doing it, Why, andHow. Westport, CT: Quorum Books.Schwartz, J. (2016). The most popular messaging app in every country. Available at:www.similarweb.com/blog/worldwide-messaging-apps.Senjo, S. R. (2004). An analysis of computer-related crime: Comparing police officerperceptions with empirical data. Security Journal, 17, 55–71.Sharp, K., and Earle, S. (2003). Cyberpunters and cyberwhores: Prostitution on theInternet. In Y. Jewkes, (ed.), Dot.cons: Crime, Deviance and Identity on the Internet(pp. 36–52). Portland, OR: Willan Publishing.Siwek, S. E. (2007). The true cost of sound recording piracy to the U.S. economy .Available at:www.ipi.org/ipi/IPIPublications.nsf/PublicationLookupFullText/5C2EE3D2107A4C228625733E0053A1F4Skinner, W. F., and Fream, A. M. (1997). A social learning theory analysis of computercrime among college students. Journal of Research in Crime and Delinquency, 34,495–518.Smith, A. (2017). Record shares of Americans now own smartphones, have homebroadband. Facttank. Available at: www.pewresearch.org/fact-tank/2017/01/12/evolution-of-technology.Statistica. (2015). Share of mobile internet users in selected countries who are activeWhatsApp users as of 4th quarter 2014. Available at:www.statistica.com/statistics/291540/mobile-internet-user-whatsapp/.Stepanova, E. (2011). The role of information communications technology in the “ArabSpring”: Implications beyond the region . PONARS Eurasia Policy Memo No. 159.Available at: www.gwu.edu/~ieresgwu/assets/docs/ponars/pepm_159.pdf.Taylor, P. (1999). Hackers: Crime in the Digital Sublime. London: Routledge.Taylor, R. W., Fritsch, E. J., Liederbach, J., and Holt, T. J. (2010). Digital Crime andDigital Terrorism (2nd ed.). Upper Saddle River, NJ: Pearson Prentice Hall.Vance, R. B. (1972). Howard Odum’s technicways: A neglected lead in Americansociology. Social Forces, 50, 456–461.Wall, D. S. (1998). Catching cybercriminals: Policing the Internet. International Review ofLaw, Computers & Technology, 12, 201–218.Wall, D. S. (2001). Cybercrimes and the Internet. In D. S. Wall (ed.), Crime and theInternet (pp. 1–17). New York: Routledge.Wall, D. S. (2004). Digital realism and the governance of spam as cybercrime. EuropeanJournal on Criminal Policy and Research, 10, 309–335.Wall, D. S. (2007). Cybercrime: The Transformation of Crime in the Information Age.Cambridge: Polity Press.Ward, M. (2006). Anti-cartoon protests go online . BBC News, February 8, 2006.Available at: http://news.bbc.co.uk/2/hi/technology/4691518.stm.Weimann, G. (2011). Cyber-Fatwas and terrorism. Studies in Conflict & Terrorism,34(10), 765–781.Williams, N. D., and Landwehr, K. (2006, December). Bind, Torture, Kill: The BTK51
investigation. The Police Chief, 73(12).Wolak, J., Finkelhor, D., and Mitchell, K. (2004). Internet-initiated sex crimes againstminors: Implications for prevention based on findings from a national study. Journalof Adolescent Health, 35, 424.Wolak, J., Mitchell, K., and Finkelhor, D. (2003). Internet Sex Crimes against Minors: TheResponse of Law Enforcement. Washington, DC: Office of Juvenile Justice andDelinquency Prevention.Wolak, J., Mitchell, K., and Finkelhor, D. (2006). Online Victimization of Youth: FiveYears Later. Washington, DC: National Center for Missing & Exploited Children.Wright, R. T., and Decker, S. H. (1997). Armed Robbers In Action: Stickups and StreetCulture. Boston, MA: Northeastern University Press.Yar, M. (2013). Cybercrime and Society (2nd edn). Thousand Oaks, CA: Sage.Zickuhr, K. (2011). Generations Online in 2010. Pew Internet and American Life Project.Available at: www.pewinternet.org/Reports/2010/Generations-2010/Overview.aspx.52
Chapter 2Law Enforcement, Privacy, and Security inDealing with CybercrimeChapter goals• Recognize the responsibilities of local, state, and federal police and lawenforcement agencies in responding to domestic and internationalcybercrimes• Understand the different agencies that respond to cyber-attacks againstmilitary or government systems compared to that of citizens• Differentiate between civil and criminal law, and the role of privateinvestigators in digital evidence handling and investigation for civilmatters• Understand the challenges that emerge in dealing with cybercrimeinvestigations that cross national borders• Consider why governments must balance intelligence collection strategiesto investigate national threats against the privacy rights of their citizens• Recognize how agencies and governments can diminish their perceivedlegitimacy based on their use of certain strategies to protect their nation53
IntroductionCybercrime presents a diverse and complicated threat that affects virtually everyone,whether individual, corporation, or government entity. As a result, individuals who arevictims may not know what agency to contact to report their experience. Most nationssocialize citizens to contact their local emergency service provider in the event of crime,as with 911 in the USA or 999 in the UK. The average person may assume that their localpolice agency is the appropriate point of contact in the event that they experiencecybercrime victimization, though this is unlikely to result in a successful interaction foreither the person or the agency.Policing and law enforcement agencies are complex bureaucracies with roles that arebound by jurisdiction. For instance, if a person is the victim of identity fraud or theft inwhich an offender living in another state or country uses their information to makeonline purchases, the limited jurisdiction of a local agency would mean that they cannotactually respond to the call for service (Walker and Katz, 2012). Instead, it would likelyhave to be reported to a federal or national law enforcement agency, and even then itmay not be resolved in a satisfactory way for the victim due to the difficulties intransnational investigations.Alternatively, the type of victimization an individual experiences may not be viewedas an incident that law enforcement can actually investigate. For instance, if an averagehome computer user’s machine is infected by a piece of malicious software, a local lawenforcement agency may say that this is not a crime they can investigate. If there is noevidence that their personal information was compromised or misused by the attacker,then the incident may not technically constitute a violation of local laws (see Chapter 4for more details on state malware laws). Similarly, receiving a single malicious orharassing message on Facebook or Twitter may not be sufficient to justify a criminalcomplaint to a police agency (see Chapter 9 for more information).These conditions may have consequences for the criminal justice system, as citizensmay become less willing to contact police or report their experiences with cybercrimevictimization, even if it is a serious offense (e.g. Cross, 2015; Furnell, 2002; Stambaugh etal., 2001). If underreporting becomes a normalized behavior, then we may never knowthe extent to which individuals are victimized or understand the extent of the problem ofcybercrimes. Such a concern is real, and has been an acknowledged problem by lawenforcement policy makers and researchers since the mid-1990s (e.g. Goodman, 1997;Stambaugh et al., 2001). Despite this recognition, police agencies have been relativelyslow to respond or adapt to the issue of cybercrime, especially local agencies. In fact,empirical research on the police response to cybercrime is scant, with little measurementof officer opinions and attitudes (see Holt, Burruss, and Bossler, 2015).This chapter will consider why police agencies have had issues responding to54
cybercrime at all levels. We will provide an overview of the local, state, and federal ornational agencies that investigate cybercrimes as well as attacks by nation-states andterror threats. The increasingly common role of civil law in digital forensic examinationand responses to technology misuse by corporations is also considered. We conclude thechapter by considering the growth of intelligence agencies’ use of data mining onlinebehavior as a mechanism to ensure national security, and the challenge this poses topersonal privacy.55
Local police and sheriffs’ officesJust as with traditional forms of crime, most individuals may think that the first entity tocontact in helping with a cybercrime is their local law enforcement agency. Local lawenforcement is responsible for responding to a wide variety of calls, helping citizens,investigating crimes, arresting offenders, preventing crime, increasing public feelings ofsafety, and generally responding to a wide range of citizen requests within their limitedjurisdiction. There is, however, a substantial degree of variation in the size and responsecapabilities of local law enforcement.In the USA, the majority of law enforcement agencies involve local police forcesserving a city, while sheriffs primarily handle entire counties (Walker and Katz, 2012).Sheriff Offices differ from police in that they handle citizen calls for service in primarilyrural areas such as unincorporated areas that are not part of a larger city. Sheriff Officesalso maintain jails, provide court security, and may enforce civil laws such as evictionsor the seizure of property depending on the state (Walker and Katz, 2012).Whether an agency is a police department or sheriff’s office, many serve smallpopulations in rural or suburban communities with populations under 50,000 (LEMAS,2010). As of 2013, 48 percent of all local agencies employed fewer than ten swornofficers; 71 percent of these agencies served fewer than 10,000 citizens in total (Reaves,2015). In the UK, territorial police forces are responsible for policing a specificjurisdictional region and comprise the majority of police agencies generally (Yar, 2013).In Canada, major urban centers, such as Toronto or Montreal, also have their own policeforces which serve the local population.Local law enforcement agencies in most countries, including the USA, do notcurrently play a large role in preventing and investigating many forms of cybercrimes.They are responsible, however, for investigating crimes in which a victim and offenderreside within their jurisdiction. For example, local law enforcement is primarilyresponsible for investigating most cases of online harassment or stalking (see Chapter 9).Person-based cybercrime cases such as the creation and consumption of child porn (seeChapter 8; also Jenkins, 2001), as well as sexual solicitation and prostitution cases in theUSA, may also be investigated by local police agencies (see Chapter 7; also Cunninghamand Kendall, 2010).Over the past three decades, both scholars and police administrators have created listsof reasons why cybercrime poses significant challenges for local law enforcement andwhy they are not more heavily involved (Burns, Whitworth, and Thompson, 2004;Goodman, 1997; Holt, Bossler, and Fitzgerald, 2010; Senjo, 2004; Stambaugh et al., 2001).As one can see from the following list, some of the challenges may be addressed byplacing more priority (i.e. funding) on these offenses. Others are not so easilyaddressable. The list includes but is not limited to:56
• jurisdictional issues caused by the victim and offender not living in the samemunicipality or county;• lack of a standard definition for cybercrime;• little public outcry in comparison to traditional crime, particularly violent crime;• difficulty in investigating an invisible crime;• difficulty in acquiring and maintaining the technologies required to investigatethese resources (see Chapters 12–14);• difficulty in training, retraining, and retaining trained officers;• lack of managerial and police support for the investigation of cybercrimes.Although the above list of reasons why local law enforcement has been challenged bycybercrime appears to be insurmountable to some, scholars and police administratorshave still argued that local law enforcement must play a larger role in investigatingcybercrimes (e.g. Bossler and Holt, 2012; Goodman, 1997; Stambaugh et al., 2001). Somehave argued for the development of more local cybercrime investigation units that coulddirectly respond to crimes involving digital evidence in order to decrease assistance fromstate and national/federal levels (Hinduja, 2007; Marcum, Higgins, Freiburger, andRicketts, 2010). A recent longitudinal analysis of law enforcement data within the USAdemonstrates that there has been an increase in the number of specialized cybercrimeunits at the local level (Willits and Nowacki, 2016). They are, however, more likely toappear in police agencies that serve a very large population, such as major cities andurban centers, have greater patrol duties, and possess greater general access totechnology (Willits and Nowacki, 2016).For more information on the challenges cybercrimes pose to local lawenforcement, go online to: www.ncjrs.gov/pdffiles1/nij/186276.pdf.Other scholars and commentators have focused on the need for improvement of patrolofficers’ actions in acting as first responders to crime scenes with computers or digitalevidence (Holt et al., 2010; National Institute of Justice, 2008; Stambaugh et al., 2001).Almost no data exists on how often patrol officers actually respond to cybercrime calls,although it seems quite rare (Bossler and Holt, 2012; Holt et al., 2010). Nevertheless,government documents and training manuals indicate that government officials expectthis not to be the case in the future. For example, in the USA, the National Institute of57
Justice (NIJ) published the second edition of Electronic Crime Scene Investigations: AGuide for First Responders in 2008. This guide was created primarily for patrol officersand provided both basic and more advanced information on how to properly respond toa digital crime scene, including how to recognize, seize, document, handle, package, andeven transport digital evidence. In addition, scholars and police administrators similarlyargue for more computer training for patrol officers, since patrol officers in the USA areill prepared to respond to digital evidence scenes (Hinduja, 2007; Holt et al., 2010;Stambaugh et al., 2001). It would seem to be a necessity that patrol officers have minimalcomputer literacy in order to know what to secure and to understand the lexicon ofwitnesses.For more information on ways that local agencies may move forward to betterrespond to cybercrime, go online to:www.policeforum.org/assets/docs/Critical_Issues_Series_2/the%20role%20of%20local%20law%20enforcement%20agencies%20in%20preventing%20and%20investigating%20cybercrime%202014.pdfInterestingly, it appears that police officers themselves do not view their future role indealing with cybercrime the same way as scholars and police administrators. Patrolofficers know that local law enforcement agencies generally place low priority on mostforms of cybercrime unless it is child pornography related (Hinduja, 2004; Holt andBossler, 2012; Senjo, 2004; Stambaugh et al., 2001). Local agencies may also be increasingtheir capabilities to investigate various forms of online economic crimes, but they barelyfocus on computer intrusion offenses (see Box 2.1; also Holt et al., 2010). In addition, theyfeel that police management, and prosecutors for that matter, have little knowledge ofcybercrime and do not have the appropriate resources to adequately investigate andprosecute most forms of cybercrime (Burns et al., 2004; Holt et al., 2010; Stambaugh etal., 2001). They therefore do not believe that local law enforcement should be primarilyresponsible for dealing with cybercrime (Bossler and Holt, 2012; Burns et al., 2004). Theyplace less emphasis than police administrators on the importance of creating localcybercrime investigative units and implementing additional computer training (Bosslerand Holt, 2012). Instead, they believe that the best strategies for dealing with cybercrimewould be for citizens to be more careful online and for changes to the legal system. Itwould seem that they would not prefer any substantial changes to their roles of dealingprimarily with traditional forms of crime and order maintenance.58
Box 2.1 A local agency’s new cybercrime detectiveLeland cyber-crime detective fights fraudwww.starnewsonline.com/news/20170129/leland-cyber-crime-detective-fights-fraud“It has caused cases on our end to be able to be investigated quicker because we don’t have to wait for thatinformation to come back and we don’t have to wait in line behind all the other agencies that havesubmitted equipment,” he said. “We have been fortunate to have someone here to do what our cybercrimes detective can do.”This article details the hiring of the first full-time cybercrime detective on theLeland, North Carolina Police Department in 2017. The story provides a goodexample of how a local police department establishing a dedicated individual toinvestigate cybercrime cases and handle digital evidence can make a dramaticdifference for the community.59
State agenciesThe next level of law enforcement that currently has any substantial responsibility inaddressing cybercrime is state (e.g. the USA, Australia) and provincial (e.g. Canada)police agencies (Walker and Katz, 2012). In the USA, state agencies can focus onhighway traffic control, state law enforcement, or provide laboratory services to smalleragencies depending on the state’s constitution and the mission of the state agency. Ingeneral, many states have a state law enforcement agency that can investigate crimeswhere a jurisdictional conflict exists or limited resources prevent a smaller agency frominvestigating the crime adequately (Walker and Katz, 2012).They may also simply provide forensic laboratory needs, including digital, for stateand local agencies. In many cases, the procedures and resources discussed in Chapters 12to 14 of this volume are not available to local law enforcement and instead are conductedby state and federal labs. As noted on p. 43, evidence suggests that the number ofspecialized cybercrime units has grown over the past two decades, particularly at thestate level (Willits and Nowacki, 2016). This may be due to the enhanced budgetsavailable to state agencies, and their role in supporting municipal and rural area lawenforcement (Holt et al., 2015; Willits and Nowacki, 2016). Thus, state agencies andresources are crucial in investigating cybercrimes that do not cross state boundaries.In addition to specialized cybercrime units, state agencies in the USA have developedtheir own intelligence sources, called fusion centers, to communicate and investigatethreat information to both local and federal agencies (Chermak et al., 2013; Coburn,2015). The concept of fusion centers was developed in 2003 as a collaborative effortbetween the Department of Homeland Security and the Office of Justice Programs toimprove communication of intelligence information in the wake of the 9/11 terrorattacks (Coburn, 2015). Fusion centers develop information and process leads that maybe of value for law enforcement at the local, state, or federal level. Initially, centersfocused on intelligence gathering on terror threats but many now develop informationon various crimes, including cyber-threats. Their utility in developing credibleintelligence, however, has been substantially criticized regarding both terror threats(Coburn, 2015) and cyber-threats (see Box 2.2 for details; also Zetter, 2012).Box 2.2 Assessing the credibility of a fusion center’sanalysis of a cyber-attackDHS issued false “water pump hack” report; called it a “success”www.wired.com/2012/10/dhs-false-water-pump-hack/.60
But while DHS was busy pointing a finger at the fusion center, its own Office of Intelligence and Analysishad been irresponsibly spreading the same false information privately in a report to Congress and theintelligence community.This excellent report by Kim Zetter details the story of an Illinois fusion center thatwrote up a detailed report suggesting that a failed water pump in a local waterdistrict’s SCADA system in 2011 was the result of Russian hackers. The initial reportwas invalidated by subsequent investigation of data by both DHS and the FBI,revealing that an Illinois contract employee logged into the system while onvacation in Russia. The impact of poor reporting, however, was viewed as a successby DHS because it focused attention on the work of fusion centers generally. Thus,this story reveals the potential challenges that may result from the work of statefusion centers.61
Federal law enforcementThe highest levels of law enforcement in the USA and Australia operate at the nationallevel. They are often the entities that are most frequently engaged in the investigation ofcybercrimes due to the transnational nature of these offenses. In many cases, the victimand offender may live in different states or even in different countries. In addition, manytypes of cybercrime are relatively complex and require highly technical investigations.Nations have generally provided more resources for federal or national law enforcementagencies to investigate these offenses rather than state or local agencies (Walker andKatz, 2012). Federal agencies may also play a major role in addressing crimes ormanaging catastrophic incidents which require cooperation among many agencies acrossseveral jurisdictions affecting large populations.The first federal law enforcement agency in the USA was the Coast Guard, whichbegan in 1790 in order to prevent smuggling and to properly collect import taxes andduties from incoming ships (Bowling and Sheptycki, 2012). Over time, additionalagencies were added due to the expansion of the nation and changes in theresponsibilities of the government. Students will read in upcoming chapters about theprominent roles that federal or national law enforcement agencies have when dealingwith a wide variety of cybercrime. Many of these agencies serve multiple roles rangingfrom the prevention, investigation, and apprehension of cyber-offenders to intelligencegathering and sharing. Readers of this volume will discover the Federal Bureau ofInvestigation’s (FBI) role in investigating computer intrusion (Chapter 3), piracy andintellectual theft (Chapter 5), economic crimes (Chapter 6), child pornography (Chapter8), serious forms of stalking that cross state boundaries (Chapter 9), and cyberterror(Chapter 10).Readers will also see that there is considerable jurisdictional overlap at the federallevel, considering that several agencies are responsible for investigating the samecategories of cybercrime. For example, the United States Secret Service also investigatescomputer intrusions affecting financial institutions (Chapter 3) and economic crimes(Chapter 6). U.S. Customs and Border Protection (CBP) may play a role in investigationsof intellectual theft (Chapter 5) and economic crimes (Chapter 6), while Immigration andCustoms Enforcement (ICE) may also be involved with intellectual theft (Chapter 5),economic crime (Chapter 6), and child pornography (Chapter 8) cases.The highest levels of law enforcement in nations such as Canada, South Korea, andthe UK are national police forces, though they serve the same function as federal lawenforcement in the USA. The UK operates “special police forces” that serve acrossmultiple jurisdictions, such as the National Domestic Extremism and DisorderIntelligence Unit which responds to incidents of extremist activity within the UK, andthe National Crime Agency (NCA) which contains multiple commands, including62
Border Policing and the National Cyber Crime Unit (National Crime Agency, 2017). InCanada, the Royal Canadian Mounted Police (RCMP) serves as the national policeforce and also patrols seven of the ten provinces and three territories within the nation.The RCMP operates in a similar fashion to the US FBI or Australian Federal Police andis responsible for the investigation of both traditional crime and cybercrimes (Bowlingand Sheptycki, 2012).When problems escalate to the level of national safety, non-law enforcement agenciesmay become involved in addition to the above-mentioned agencies (Andress andWinterfeld, 2013). For example, the Department of Defense’s US Cyber Command andthe National Security Agency (NSA) are involved in any investigation thatcompromises a military computer network or system, as well as cases of cyberterror andwarfare. The Ministry of Defense and Government Communications Headquarters(GCHQ) plays a similar role in the UK, as does the Cyber Security Agency (CSA) inSingapore and the Communications Security Establishment (CSE) in Canada. Thus,there is some separation of investigative responsibilities, depending on the target of anattack.63
Civil investigation and application of digital evidenceEverything discussed thus far in the chapter involves violations of criminal law andstatute, though this is not the only mechanism available to deal with cyber-crimes. Inmost nations, there is both criminal law and civil law. Criminal cases pursue chargesagainst an individual on behalf of the state and the victim, and recognize that a personhas violated rules governing our behavior expressive of moral guidelines for action thatprotect others in society from harm (Kerley, Walter, and Banker Hames, 2011). Civil lawinvolves disputes between private parties, including individuals, groups, andorganizations, that entail a violation of laws regarding private rights and protectionsrather than morality.In a civil case, a party can file a suit against another on the basis of a contractualviolation or injury. The entity who files the suit is referred to as the plaintiff, while theperson being sued is the defendant (Kerley et al., 2011). Civil cases focus primarily onmonetary compensation to the plaintiff which may be to replace losses suffered, calledcompensatory damages. A plaintiff may also seek punitive damages, or money as ameans to punish the defendant for wrongful actions due to negligence, deceptivepractices, or malicious activity (Kerley et al, 2011).Civil suits are largely handled via out-of-court settlements negotiated betweenattorneys representing each party in order to settle the dispute. Such processes arethought to be more efficient and less public than a court appearance as the proceedingsare private, and final settlements may not be disclosed to the general public. If the partiescannot reach an agreement, then the plaintiff and defendant must go to court for thecase to be heard by a judge and/or a jury depending on the jurisdiction. The outcome ofthe court proceeding is meant to determine if the defendant is or is not liable for theclaims made by the plaintiff. If they are found liable, then the court can move to awardthe plaintiff with whatever damages were deemed appropriate (Kerley et al., 2011).It is important to note that, unlike criminal cases, the burden of proof in civil law is ona preponderance of evidence. Specifically, the plaintiff must present evidence thatsupports more than half of their claims regarding the defendant (Kerley et al., 2011). Incriminal cases, the state must prove their claims with evidence that demonstrates theguilt of the accused beyond a reasonable doubt. The lower burden in civil cases meansthat it may be more efficient to pursue such cases in court. However, the expenseinvolved may limit the ability of individuals or small businesses to pursue civil casescompared to large organizations or wealthy individuals. In addition, being found liablefor claims in a civil suit does not infer guilt on the part of the defendant, nor does itrequire admission of criminal conduct. As such, these cases frequently wind up beingpursued for restitution rather than achieving justice for a victim or injured party (Kerleyet al., 2011).64
There are various circumstances where civil cases may be pursued, such as individualsgetting a divorce, individuals suing a company due to injury, a business suing a personover issues associated with either a breach of contract or criminal activity, orcorporations suing one another over contractual violations (Barbara, 2009). Evidencegenerated from digital forensic investigations can play a pivotal role in support of aplaintiff’s claims. For instance, a spouse may be able to use digital evidence todemonstrate that their significant other engaged in an extramarital affair, includingemails, text messages, and images (see Box 2.3 for more details). An employer may alsouse evidence culled from an employee’s computer to demonstrate that the employeeviolated the company’s fair-use policies for online behavior on the job. This may includeweb browser histories, email, various system files, executable programs, and other data.Box 2.3 The role of digital evidence in divorce casesDigital evidence outmodes physical evidence in divorce caseswww.ctlawtribune.com/id=1202772209450/Digital-Evidence-Outmodes-Physical-Evidence-in-Divorce-Cases?mcode=0&curindex=0.[M]any litigants are also surprised – and alarmed – to learn that the deletion of emails does not actuallydestroy them, and that they can often be recovered by forensic experts if given access to the computer orother electronic device in which they were generated.This article provides an overview of the increasingly common role of digitalevidence in support of divorce cases, some of which may be brought by a spouse toan attorney without the need for traditional private investigative (PI) services. Theauthor goes on to demonstrate why and how the private investigator plays a role indigital evidence handling and the extent to which the role of PIs is expanding withthe growth of social media and data.The process of digital forensic investigations in support of a civil suit is the same asthose used by law enforcement for criminal cases (see Chapters 12 to 14). Lawenforcement agencies, however, do not conduct investigations in civil cases; they areperformed by forensic examiners who work in private practice, either for business orindependently as private investigators or private detectives. An individual who is a65
private investigator may operate on their own, through a company, or throughattorneys’ offices to support either criminal or civil cases (Lonardo, Rea, and White,2015).Private investigators may be found in many countries, though the rules governingtheir conduct and relationship to law enforcement and the government vary from placeto place. Within the USA, many states require an individual to be registered with, orlicensed by, the state in order to operate (Lonardo et al., 2015). Since each state candictate the conditions needed in order to serve as an investigator, there is substantialvariation in the experience and skills an individual must have in order to be licensed.Interestingly, 30 states in the USA have laws requiring that an individual who is not inlaw enforcement but engages in digital forensic investigations for civil or criminal casesupport must be a licensed private investigator (Lonardo et al., 2015). Only four of thesestates, however, specify that there is a distinction between being a forensic examiner anda private investigator. Of the remaining states, 15 have no PI licensing requirements byeither statute or interpretation of existing law, while five states have no licensingstatutes related to private investigation whatsoever (Lonardo et al., 2015).For more information on the various state laws related to private investigators’role as forensic examiners, go online to:http://ojs.jdfsl.org/index.php/jdfsl/article/view/294/241.There is some debate over the need for licensing digital forensic examiners within thefield. Some argue that licensing is needed to ensure that a standard of professionalismcan be implemented across the field and oversight provided by each state (Lonardo et al.,2015). For instance, Florida’s statutes recognize that licensing provides a necessary checkbecause “untrained persons, unlicensed persons or businesses, or persons who are not ofgood moral character [.] are a threat to the welfare of the public if placed in positions oftrust.”The PI license, however, does nothing to necessarily ensure the competency of aforensic investigator. Instead, the certifications which an individual receives fromvarious accrediting bodies ensure that an individual is fully trained in the properhandling, processing, and reporting of evidence (Barbara, 2009). In fact, a recent surveyof 100 forensic examiners found that a proportion of respondents were privateinvestigators with no actual certifications in digital forensics or were active duty law66
enforcement officers using their organization’s equipment to perform investigations(Kessler International, 2017). As a result, care must be taken when discussing the issue ofprivate investigators and their credentials to actually conduct digital forensicinvestigations.Private investigators are not the only non-criminal justice system actors who nowplay a role in civil actions against cybercrime. Various corporations and organizationsare increasingly taking steps to sanction cybercriminals or the infrastructure supportingtheir activities via civil suits. For instance, the Recording Industry Association ofAmerica (RIAA) and the UK’s Federation Against Copyright Theft (FACT) work inconjunction with ISPs to send cease-and-desist letters to individuals who are thought tohave illegally downloaded media without payment through various online sources (seeChapter 5 for more details; also Nhan, 2013). This is a relatively simple strategy that islegally justified on the basis of the copyright holders’ financial interests which areharmed by people attempting to pirate their products. Sending out letters indicating thatthe person should not engage in further attempts to pirate media is thought to serve as adeterrent by demonstrating that an individual’s online activities are not anonymous, andmay lead to further sanctions.Similarly, Microsoft has engaged in civil actions against various malware operators,including the individual creators and the web-hosting services that may be associatedwith operation of the tools. For example, the company filed a civil lawsuit against twomen, Naser Al Mutairi from Kuwait and Mohamed Benabdellah from Algeria, in 2014.They claimed that the men were responsible for infecting millions of computers withkeylogging software called Blababindi and Jenxcus (Athow, 2014). The suit also named aDomain Name Service provider called No-IP for their role in facilitating the infections onthe basis that it did not secure its infrastructure from compromise. Specifically, the DNSservice provider makes sure that a specific domain name, like malwarehosting.net,always goes to their computer, even if it gets a different IP address at some point(Athow, 2014). The hackers used this infrastructure to manage infected systems andobtain data from them over time.Through the suit’s claims, Microsoft was able to seize the domains hosted by No-IP inorder to block the infected computers from accessing the Internet, rendering themunusable to the attackers. This move led to over 1.8 million customers unaffected by themalware to lose access to the company’s services. No-IP claimed that they were notcontacted by Microsoft but were instead sued, making them unable to respond to whatwould have otherwise been an easily mitigated problem (Munson, 2014). Eventually bothcompanies settled out of court, but the criticisms of Microsoft’s activities have led someto question whether such efforts are appropriate given that Microsoft is neither a lawenforcement agency nor does it have a necessary duty or legal authority to protect thegeneral public. In addition, Microsoft was able to identify the IP addresses of privatecitizens, which may constitute a violation of user agreements and individual privacy(Adhikari, 2013). Further research is needed to understand the ethical implications ofcorporate civil strategies to combat cybercrime.67
For more details on the potential legal and social risks posed by civil actionsagainst cybercriminals by companies like Microsoft, go online to:http://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=1592&context=chtlj.68
Extralegal agencies and non-governmental organizationsThe scope of cybercrime is substantial, but it is clear that law enforcement agencies havelimitations that make it difficult for them to respond sufficiently to these offenses. As aresult, there are a range of public and private entities that operate outside of lawenforcement and government agencies which exist to respond to and investigatecybercrimes. Such groups are typically referred to as non-governmental organizations(NGOs) because they have no legal responsibility to enforce the law or respond tocriminal activity, though they may work in conjunction with law enforcement agenciesto provide assistance or information (Wall, 2007). NGOs who respond to cybercrimes arelargely gatekeepers for victims or consumers and facilitate linkages to the criminaljustice system generally. We will provide three examples of NGOs here, though readerswill note that NGOs are mentioned throughout each chapter of the book.The Internet Crime Complaint Center (IC3)One of the prominent non-governmental agencies dealing with cybercrime in the USA isthe Internet Crime Complaint Center (IC3), which was created in 2000. The IC3 wasestablished in 2000 as a publicly funded, joint operation of the FBI, the Bureau of JusticeAssistance (BJA), and the National White Collar Crime Center (NWC3) to provide areporting mechanism for cybercrime complaints (see Chapter 6 for more details). TheIC3 serves as a coordinating agency for the FBI and local law enforcement to respond tovarious forms of cybercrime, with a specific emphasis on economically motivatedoffenses. In fact, the Center was originally called the Internet Fraud Complaint Center,though it was changed from Fraud to Crime in 2003 to better recognize the range ofoffenses reported by victims (Internet Crime Complaint Center, 2017).The primary role of the IC3 is to offer cybercrime victims a reporting mechanismthrough an online complaint form. Respondents must complete questions concerning theincident, the offenders (if known), and the response from the victim, including when andwho may have received information about the incident. Complaints are then processedby the IC3 staff, and forwarded to the appropriate local, state, or federal agency whennecessary (Internet Crime Complaint Center, 2017). The trends and statistics developedfrom reports are also published by the IC3 as an aggregated yearly report on cybercrimeincidents.Computer emergency response teams (CERTs)Although the IC3 operates as a venue for cybercrime reporting, there are other NGOs69
operating which provide information about cybercrime threats. One of the largest groupsof NGOs is computer emergency response teams (CERTs), which may be publiclyfunded and operate to support the community, or run by private industry to facilitateinformation sharing (see Chapter 4 for more details). There are 369 CERTs operatingaround the globe, located in universities, government agencies, and private industry(FIRST, 2017). Although CERTs play somewhat different roles depending on where theyare housed, their primary functions are to provide information on emerging hardwareand software vulnerabilities, malware threats, and security tools to insulate systems fromcompromise. Some CERTs are also able to engage in incident response for governmentagencies, organizations, and businesses to determine how an attack took place (US-CERT, 2017).Working to Halt Online Abuse (WHOA)An additional form of NGOs operates via private citizens who have come together for aspecific cause. A notable example of such an NGO is Working to Halt Online Abuse(WHOA), which is a volunteer-driven organization established in 1997 as a resource toassist individuals who experience harassment or stalking (see Chapter 9 for more details;WHOA, 2015). WHOA takes reports of cyberstalking directly from victims, and employsadvocates who live in countries around the world to aid individuals (WHOA, 2015).Since WHOA is not a law enforcement agency, it cannot bring charges against aprospective offender. Instead, when a victim contacts WHOA, the staff of volunteerInternet Safety Advocates assist the victim in maintaining evidence of their experiences,and assist in contacting law enforcement and industrial sources such as ISPs (WHOA,2015).70
International enforcement challengesThe scope of cybercrimes presents a substantial challenge to law enforcement agencies,particularly those operating at the federal or national level. Agencies such as the FederalBureau of Investigation and Secret Service in the USA have a remit to investigate bothdomestic and international cybercrime (Andress and Winterfeld, 2013; Brenner, 2008;Holt and Bossler, 2016). They are limited, however, by existing legislation andcooperative agreements with other countries. Although virtually all industrializednations have criminalized various forms of trespass and fraud, there is limited parity inthe language of statutes (Brenner, 2011).The problem is exacerbated by a lack of extradition agreements between the USA,China, Russia, and the Ukraine. These conditions make the USA an attractive target foroffenders living in these nations, making it difficult to deter actors on the basis of legalsanctions alone (Brenner, 2008). In addition, federal prosecutors may choose not to take acase if the suspects reside in these nations, as there will be no real likelihood of arrest(Brenner, 2008; Holt and Bossler, 2016). As a result, US law enforcement agencies havebecome reliant on existing extradition relationships with friendly nations in the hope ofdetaining cybercriminals in the event that they travel abroad (Holt and Bossler, 2016).One key avenue to improve law enforcement agencies’ capacity is through theexpansion of the existing criminal code to include various acts not currentlycriminalized, or to increase punishments for existing offenses (Brenner, 2008; Holt andBossler, 2016). There are currently federal statutes regarding the compromise ofcomputers, the use of malware to facilitate attacks, the acquisition or theft of personalinformation and the use of such information to engage in identity fraud (Brenner, 2011).There is no language within these statutes relating to the sale of financial information ifthe individual does not actually acquire personal information on their own (Holt andBossler, 2016; Tucker, 2014). In this respect, the range of markets set up to sell personalinformation to others may be able to operate while in a legal gray area because thevendors are not necessarily in violation of federal statutes. The Department of Justicerecently lobbied Congress in an attempt to close this gap through the creation or revisionof legislation to criminalize the sale, purchase, or possession of credit and debit cardinformation issued from a US bank regardless of where the transactions were completed(Tucker, 2014). Thus, there are clear gaps in the capacity of federal law enforcementagencies to respond to cyber-trespass, deception, and theft.71
The tension between security and privacyIn a post-9/11 world, the need to identify actionable intelligence on threats has becomeparamount for virtually all nations. Terrorist groups have the capacity to spread theirideologies via social media and various websites, making susceptible individuals willingto engage in acts of extreme violence against people either in their home city or inanother nation (see Chapter 10 for more details; also Britz, 2010; Denning, 2010). Inaddition, governments must also address the increasingly common threats posed byserious cyber-attacks by terrorists, nation-states, and criminals (Andress and Winterfeld,2013; Rid, 2013).All of these threats have raised substantial concerns across the globe as how to bestprotect people and infrastructure from harm. Physical barriers, police, and intelligenceagency staff play an important role in the protection of a nation, but there is also a needfor tools and infrastructure to proactively develop intelligence on threats, and theindividuals and groups planning to do harm. Prior to the Internet, law enforcementagencies could reasonably monitor a group of interest to national security viawiretapping, or covertly listening in to phone conversation and other methods tosurreptitiously observe and capture information on threats (Andress and Winterfeld,2013). The growth of social media and online communications through variousapplications such as Whatsapp, Periscope, and Yik-Yak have exponentially increased theways in which offenders can connect and share information in clear text and encryptedmethods.As a result, many nations have increased their information collection mechanisms togain access to both online information and real world communications to identifythreats in advance and to foil potential attacks. The nature of these methods is largelykept secret from the general public on the basis that knowledge of the processes couldlead them to be defeated by savvy actors (Rid, 2013). This creates a challenge for freesocieties, as the public has a reasonable right to their personal privacy, or the ability tokeep aspects of their lives secret from others (Rid, 2013). Any attempt by the governmentto violate individual privacy should be made known to the public, as it could be againstthe law. This creates a tension between individuals’ rights to privacy and thegovernment’s need to protect the safety of the general public.This was evident in the USA following a massive domestic terror incident, when SyedRizwan Farook and Tashfeen Malik shot and killed 14 people and wounded another 22during a holiday party at the San Bernardino, California Department of Health onDecember 2, 2015 (Keneally and Shapiro, 2015). Both Farook and Malik fled from thescene of the shooting in an SUV, which was eventually located by police. Following ahigh-speed pursuit, the pair were killed in a shootout with police. Subsequent searches oftheir home led police to discover a cache of weapons and homemade explosives,72
suggesting they had planned to engage in further attacks.The FBI took charge of the investigation in the wake of the incident, which eventuallybecame known as the San Bernardino Shooter Case. Agents came to realize that bothFarook and Malik were motivated by radical Islamic beliefs and accessed a range ofonline content produced by terrorist organizations overseas. Farook’s iPhone 5c, whichwas owned by the county, was also recovered by agents. The FBI stated that it wasunable to unlock the phone and decrypt its contents for investigators because of thesecurity features in the iOS software. The USA does not have any encryption keydisclosure laws to mandate individuals to give passwords or access information to lawenforcement, making it difficult to compel suspects to provide access to their devices (seeChapter 14 for more details).As a result, the federal magistrate hearing the case ordered Apple to provide resourcesto enable the FBI to access the phone’s contents. Apple refused on the basis that it wouldviolate the Fifth Amendment rights of the general public, as whatever protocols weredeveloped for this case could be used against any of their customers (Benner, Lichtblau,and Wingfield, 2016). Eventually, the FBI revealed that they no longer needed Apple tointervene as they were able to pay a third party for a solution to decrypt the phone(Barrett, 2016). This led to public outrage, as the FBI gave very little information as tohow this solution was developed or what this means for individual privacy rights andthe safety of their electronic information (see Chapter 14 for more discussion).The difficulty maintaining the balance between safety and privacy was also evident inthe revelations made by Edward Snowden regarding the information collectionprocesses of both the NSA and the GCHQ in the UK. Snowden was an NSA contractorwho publicly disclosed thousands of classified documents to journalists detailing theexistence of various active intelligence programs designed to mine electroniccommunications data maintained by technology companies and service providers,including Apple, Facebook, Google, Microsoft, Skype, and Verison (Gidda, 2013; Rid,2013). One of the largest of these programs was called PRISM, which was set up in 2007and combined machine-learning techniques with massive data streams of email, text,and other electronic communications data from at least nine major service providers todevelop intelligence on terror threats (Gidda, 2013). The data collected wereindiscriminately targeted, meaning anyone’s information may have been included, butideally could only be queried by PRISM analysts as a means to identify networks ofterrorists or threats. Evidence suggested, however, that the data could have been used byNSA employees with minimal legal justification to search for private information(Gidda, 2013). The data and analyses could also be shared with the USA’s Five Eyespartners: Australia, Canada, New Zealand, and the UK (Andress and Winterfeld, 2013).This news outraged many other nations, as their citizens may have been unfairlyaffected by this program.Snowden also revealed a program called KARMA POLICE which was implementedby the UK’s GCHQ. The program was designed to create profiles of the Internet use ofevery public person online using various pieces of data that could be surreptitiously73
collected (Gallagher, 2015). It began in earnest in 2009 through the use of hardware tapsinstalled on the fiber-optic cables used to provide transnational Internet connectivity.Approximately 25 percent of the world’s Internet traffic is routed through these cables inthe UK, enabling GCHQ to capture sensitive data from global users as it passed throughthe wires without notification to the user (Gallagher, 2015). Their taps capture specificdetails about individual Internet users through their web browser meta-data, includingthe individual IP address of the computer, the last web pages visited through thatbrowser, the time stamp for pages visited compared to the IP address, and the searchqueries used. Additional data were also eventually captured on individuals’ use of email,instant messaging systems, search engines, social media, as well as the use of proxies orother anonymity tools (Gallagher, 2015).The massive amount of information collected by GCHQ analysts could enablesubstantial profiling of not only individual computer users but potentially also entirecountries. The process of data collection enabled GCHQ to collect 50 billion meta-datarecords per day, capturing user behaviors worldwide. At the individual level, the meta-data captured from browsers could be used to track a person’s entire online footprint atany time of day and collate this information to patterns of email and other onlinecommunications platforms. In the aggregate, GCHQ argued that it had the potential todetect shifts in an entire country’s user behaviors and to identify suspicious patterns inweb traffic that could indicate online or offline threats. They used this data to examineboth foreign threats, as well as those within the UK which was supported through a legalloophole that allowed investigators to profile UK citizens without notification(Gallagher, 2015).The emergence of information on KARMA POLICE through the Snowden leak led toan investigation of the processes of GCHQ by the UK Parliament. The study found thatthe program operated with minimal government oversight or court rulings to justify datacollection. This led to a substantial overhaul of the laws concerning spy techniques andthe need for mass data collection (Gallagher, 2015).This program, however, has not attracted the same global attention as PRISM, eventhough it had much broader consequences for many more nations. This begs thequestion as to why such programs have not produced greater outrage from citizens overgovernmental attempts to ensure public safety (see Box 2.4 for details). A proportion ofthe general population may feel that such concerns are trivial, as we must ensure publicsafety at any cost. Others recognize that when a nation’s security forces actively exceedthe rule of law, or intrude on their citizens’ rights, then their efforts are unlawful(Godwin, 2003; Yar, 2013).Box 2.4 An examination of why we should be concernedby government spying campaigns74
Nine reasons you should care about NSA’s PRISM surveillancehttp://theconversation.com/nine-reasons-you-should-care-about-nsas-prism-surveillance-15075.Mass surveillance and data retention overturn the foundation of the modern legal system: the presumptionof innocence. Not only is the presumption lost for gathering evidence, it also weakens the effect of thatpresumption throughout the rest of the legal process.This article provides a clear and succinct explanation of the reasons why the averageperson should be concerned about government-spying programs like PRISM.Although it may seem like a problem only for those who are engaged in illicitbehavior, these programs effectively erode our civil rights and require greaterconsideration.Engaging in illegal activity or behaviors that the general public views as beingillegitimate can erode public confidence in the agencies and the officials who demandthey be performed. Should that occur, government agencies and officials run the risk oflosing the trust, support, and cooperation of the general public, as well as the likelihoodthat citizens will comply with laws (Sunshine and Tyler, 2003; Tyler, 2004). ManyWestern nations are now in the midst of struggles over the perceived legitimacy of theirgovernments and their use of authority. In any free nation, the public has a right toquestion how the state uses its power, the extent to which that power can be checked bylegislators or the judiciary, and how abuses of power can be identified and resolved. Thisis a delicate balance which can be easily upset through authoritarian tendencies oroverzealous demands that could benefit a nation’s enemies (Yar, 2013). As aconsequence, we must keep these tensions in mind when considering efforts to securecyberspace.75
SummaryThe problem of cybercrime is complex, requiring a clear and coordinated response frompolice agencies and law enforcement. At present, the local, state, and federal levels eachhave their own role, but they differ in terms of their capacity to fully investigate civiliancalls for service. These issues are exacerbated at the international level due to thelimitations of extradition relationships and investigative resources. Corporations andnon-governmental agencies have emerged as an important resource to combat orinvestigate cybercrimes in the absence of a more robust law enforcement strategy. Thestrengths and weaknesses of all of these entities (police, NGOs, and industry) arediscussed in subsequent chapters of this volume to demonstrate the ways in whichcybercrimes are dealt with around the world.Key termsAustralian Federal PoliceBeyond a reasonable doubtCivil lawCommunications Security Establishment (CSE)Computer emergency response teams (CERTs)Criminal lawCyber Security Agency (CSA)DefendantEdward SnowdenFederal law enforcementFive EyesFusion centerGovernment Communications Headquarters (GCHQ)Internet Crime Complaint Center (IC3)Internet usersKARMA POLICEKey Disclosure LawsLiableLocal policeNational Crime AgencyNational Domestic Extremism and Disorder Intelligence UnitNational police forcesNon-governmental organization (NGO)76
PlaintiffPreponderance of evidencePRISM ProgramPrivacyPrivate detectivePrivate investigatorProvincial police agencyRoyal Canadian Mounted Police (RCMP)San Bernardino Shooter CaseSheriffsState police agencyTerritorial police forcesWiretappingWorking to Halt Online Abuse (WHOA)Discussion questions1. How can police agencies improve their response to cybercrime, especiallyin light of the continuous evolution of technology and communicationsapplications?2. If federal agencies have the greatest responsibility to investigatecybercrime but have difficulties arresting offenders due to limitedextradition relationships, how can we improve their ability to deal withthese offenses?3. What issues can you see in having corporations play a more prominentrole in combatting cybercrime through the use of civil lawsuits?4. How do we balance security and privacy? Should Edward Snowden beviewed as a traitor who diminished national security or a hero protectingindividual rights of privacy?77
ReferencesAdhikari, R. (2013). Microsoft’s ZeroAccess botnet takedown no “mission accomplished.”TechNewsWorld, December 9, 2013. Available at:www.technewsworld.com/story/79586.html.Andress, J., and Winterfeld, S. (2013). Cyber Warfare: Techniques, Tactics, and Tools forSecurity Practitioners (2nd edn). Waltham, MA: Syngress.Athow, D. (2014). Microsoft seizes 22 No-IP domains in malware crackdown. TechRadar,July 1. Available at: www.techradar.com/news/software/security-software/microsoft-seizes-22-no-ip-domains-in-malware-crackdown-1255625.Barbara, J. L. (2009). The case against licensing for digital forensic examiners. Availableat: http://www.forensicmag.com/article/2009/04/case-against-pi-licensing-digital-forensic-examiners.Barrett, D. (2016, April 21). FBI paid more than $1 million to hack San Bernardino iPhone:FBI Director James Comey says government “paid a lot” for tool, but “it was worth it.”Retrieved December 18, 2016 from www.wsj.com.Benner, K., Lichtblau, E., and Wingfield, N. (2016, February 25). Apple goes to court, andF.B.I. presses Congress to settle iPhone privacy fight. Retrieved December 16, 2016from www.nytimes.com.Bossler, A. M., and Holt, T. J. (2012). Patrol officers’ perceived role in responding tocybercrime. Policing: An International Journal of Police Strategies & Management,35, 165–181.Bowling, B., and Sheptycki, J. (2012). Global Policing. Thousand Oaks, CA: Sage.Brenner, S. W. (2008). Cyberthreats: The Emerging Fault Lines of the Nation State. NewYork: Oxford University Press.Brenner, S. W. (2011). Defining cybercrime: A review of federal and state law. In R. D.Clifford (ed.), Cybercrime: The Investigation, Prosecution, and Defense of aComputer-related Crime (3rd edn) (pp. 15–104). Raleigh, NC: Carolina AcademicPress.Britz, M. T. (2010). Terrorism and technology: Operationalizing cyberterrorism andidentifying concepts. In T. J. Holt (ed.), Crime On-line: Correlates, Causes, andContext (pp. 193–220). Raleigh, NC: Carolina Academic Press.Burns, R. G., Whitworth, K. H., and Thompson, C. Y. (2004). Assessing law enforcementpreparedness to address Internet fraud. Journal of Criminal Justice, 32, 477–493.Chermak, S., Carter, J., Carter, D., McGarrell, E. F., and Drew, J. (2013). Lawenforcement’s information sharing infrastructure: A national assessment. PoliceQuarterly, 2, 211–244.Coburn, T. (2015). A Review of the Department of Homeland Security’s Missions andPerformance. Washington, DC: US Senate.78
Cross, C. (2015). No laughing matter: Blaming the victim of online fraud. InternationalReview of Victimology, 21: 187–204.Cunningham, S., and Kendall, T. (2010). Sex for sale: Online commerce in the world’soldest profession. In T. J. Holt (ed.), Crime Online: Correlates, Causes, and Context(pp. 114–140). Raleigh, NC: Carolina Academic Press.Denning, D. E. (2010). Cyber-conflict as an emergent social problem. In T. J. Holt and B.Schell (eds), Corporate Hacking and Technology-driven Crime: Social Dynamics andImplications (pp. 170–186). Hershey, PA: IGI-Global.FIRST. (2017). Global Initiatives. Available at: www.first.org/global.Furnell, S. (2002). Cybercrime: Vandalizing the Information Society. London: Addison-Wesley.Gallagher, R. (2015). Profiled: From radio to porn, British spies track web users’ onlineidentities. The Intercept, September 25. Available at:https://theintercept.com/2015/09/25/gchq-radio-porn-spies-track-web-users-online-identities/.Gidda, M. (2013). Edward Snowden and the NSA files – Timeline. Guardian, July 25.Available at: www.theguardian.com/world/2013/jun/23/edward-snowden-nsa-files-timeline.Godwin, M. (2003). Cyber Rights: Defending Free Speech in the Digital Age. Boston, MA:MIT Press.Goodman, M. D. (1997). Why the police don’t care about computer crime. HarvardJournal of Law and Technology, 10, 465–494.Hinduja, S. (2004). Perceptions of local and state law enforcement concerning the role ofcomputer crime investigative teams. Policing: An International Journal of PoliceStrategies & Management, 27, 341–357.Hinduja, S. (2007). Computer crime investigations in the United States: Leveragingknowledge from the past to address the future. International Journal of CyberCriminology, 1, 1–26.Holt, T. J., and Bossler, A. M. (2012). Police perceptions of computer crimes in twosoutheastern cities: An examination from the viewpoint of patrol officers. AmericanJournal of Criminal Justice, 37, 396–412.Holt, T. J., and Bossler, A. M. (2016). Cybercrime in Progress: Theory and Prevention ofTechnology-enabled Offenses. London: Routledge.Holt, T. J., Bossler, A. M., and Fitzgerald, S. (2010). Examining state and local lawenforcement perceptions of computer crime. In T. J. Holt, (ed.), Crime on-line:Correlates, Causes, and Context (pp. 221–246). Raleigh, NC: Carolina AcademicPress.Holt, T. J., Burruss, G. W., and Bossler, A. M. (2015). Policing Cybercrime andCyberterror. Raleigh, NC: Carolina Academic Press.Internet Crime Complaint Center. (2017). About us. Available at: www.ic3.gov/.Jenkins, P. (2001). Beyond Tolerance: Child Pornography on the Internet. New York: NewYork University Press.79
Keneally, M., and Shapiro, E. (2015, December 18). Detailed San Bernardino DocumentsReveal Timeline, Shooter and Neighbor’s Years-Long Friendship. Retrieved December16, 2016 from abcnews.com.Kerley, P., Walter, J., and Banker Hames, J. (2011). Civil Litigation (6th edn). Clifton Park,NY: Cengage.Kessler International. (2017). Computer forensics and forensic accounting licensingsurvey. Available at: https://investigation.com/the-knowledge-center/kessler-survey-2/.LEMAS. (2010). Law Enforcement Management and Administrative Statistics 2010.Washington DC: United States Department of Justice, Office of Justice Statistics.Lonardo, T., Rea, A., and White, D. (2015). To license or not to license reexamined: Anupdated report on state statutes regarding private investigators and digitalexaminers. Journal of Digital Forensics, Security and Law, 10(1), 45–56.Marcum, C., Higgins, G. E., Freiburger, T. L., and Ricketts, M. L. (2010). Policingpossession of child pornography online: Investigating the training and resourcesdedicated to the investigation of cyber crime. International Journal of Police Science& Management, 12, 516–525.Munson, L. (2014). Microsoft and No-IP reach settlement over malware takedown. NakedSecurity by Sophos, July 11. Available at:https://nakedsecurity.sophos.com/2014/07/11/microsoft-and-no-ip-reach-settlement-over-malware-takedown/.National Crime Agency. (2017). About us. Available at:www.nationalcrimeagency.gov.uk/about-us.National Institute of Justice. (2008). Electronic Crime Scene Investigations: A Guide forFirst Responders (2nd edn). NCJ 219941, Washington, DC.Nhan, J. (2013). The evolution of online piracy: Challenge and response. In T. J. Holt(ed.), Crime on-line: Causes, Correlates, and Context (pp. 61–80). Raleigh, NC:Carolina Academic Press.Reaves, B. A. (2015). Local Police Departments, 2013: Personnel, Policies and Practices. USDepartment of Justice; Office of Justice Programs. Available at:www.bjs.gov/content/pub/pdf/lpd13ppp.pdf.Rid, T. (2013). Cyber War Will Not Take Place. London: Hurst & Company.Senjo, S. R. (2004). An analysis of computer-related crime: Comparing police officerperceptions with empirical data. Security Journal, 17, 55–71.Stambaugh, H., Beaupre, D. S., Icove, D. J., Baker, R., Cassady, W., and Williams, W. P.(2001). Electronic Crime Needs Assessment for State and Local Law Enforcement.Washington, DC: National Institute of Justice, U.S. Department of Justice.Sunshine, J., and Tyler, T. R. (2003). The role of procedural justice and legitimacy inshaping public support for policing. Law & Society Review, 37 (3), 513–548.Tucker, E. (2014). One simple legal fix could help fight overseas credit card fraud, claimsDOJ. PBS Newshour. Available at: www.pbs.org/newshour/rundown/one-simple-legal-fix-help-justice-department-fight-overseas-credit-card-fraud/.80
Tyler, T. R. (2004). Enhancing police legitimacy. The Annals of the American Academy ofPolitical and Social Science, 593 (1), 84–99.US-CERT. (2017). About us. Available at: www.us-cert.gov/about-us.Walker, S., and Katz, C. M. (2012). The Police in America (8th edn). New York: McGrawHill.Wall, D. S. (2007). Cybercrime: The Transformation of Crime in the Information Age.Cambridge: Polity Press.Willits, D., and Nowacki, J. (2016). The use of specialized cybercrime policing units: Anorganizational analysis. Criminal Justice Studies, 29, 105–124.Working to Halt Online Abuse. (2015). About WHOA. Available at: www.haltabuse.org.Yar, M. (2013). Cybercrime and Society (2nd edn). London: Sage.Zetter, K. (2012). DHS issued false “water pump hack” report; Called it a “success.”Wired, October 2. Available at: www.wired.com/2012/10/dhs-false-water-pump-hack/.81
Chapter 3Computer Hackers and HackingChapter goals• Define a “hack” and a “hacker.”• Identify the ways in which both people and technology can becompromised by hackers.• Differentiate between nation-state and non-nation-state hackers.• Explain the key norms and values of the hacker subculture.• Identify the various terms used to define and differentiate hackers.• Consider the evolution of hacking in tandem with technology over the past60 years.• Assess the legal frameworks used to prosecute hackers and the ability oflaw enforcement agencies to address computer hacking.82
IntroductionMany in the general public conceive of hackers as skilled technological wizards whobreak into the Department of Defense, financial institutions, and other protectednetworks with the intent to do harm. The notion of a hacker may also conjure up imagesof various characters from television and movies, such as Neo from the Matrix Trilogy,who had the ability to “see” in programming language code and bend “virtual” reality.These stories and representations have become the dominant model for hackers inpopular media and news organizations. Although there are a number of hackers whoengage in malicious activities, and some who are amazingly sophisticated technologyusers, they do not accurately represent the entire population of hackers. Instead, hackersalso operate to defend computer networks and expand the utility of technology. Inaddition, an increasing proportion of the hacker community has a relatively low level oftechnological sophistication; only a small group has expert-level knowledge of computerhardware and software. The global hacker community is also driven by a wide range ofmotivations which leads them to engage in both legal and illegal hacks.This chapter is designed to present the subculture of hackers in a realistic light devoidof the glitz and flash of what may be portrayed in films. By the end of this chapter, youwill be able to understand the variations in the legal and ethical perspectives of hackers,as well as the norms and values of the hacker subculture. The history of hacking over thepast 60 years will also be explored to ground your understanding of the actions ofhackers over time, including the ways in which individual motives for hacking havechanged with the explosion in computer technology. In turn, you will be able to considerthe activities of hackers from their point of view rather than from stereotypes and mediahype. Finally, we will explore the various legal frameworks that have been created toaddress illegal computer hacking and the capabilities of law enforcement agencies toactually make an impact.83
Defining computer hackingWhile many in the general public equate computer hacking with criminal activity,hacking is actually a skill that may be applied in a variety of ways depending on theethical perspective of the actor. A hack involves the modification of technology, such asthe alteration of computer hardware or software, in order to allow it to be used ininnovative ways, whether for legitimate or illegitimate purposes (Holt, 2007; Levy, 2001;Schell and Dodge, 2002; Steinmetz, 2015; Turkle, 1984). There are myriad applications ofhacking for beneficial uses that are not in fact illegal. For instance, iPhones and iPods aredesigned to run only Apple-approved software and applications. Any “app,” ringtone, orwallpaper design that the company has deemed unacceptable due to risqué orinappropriate content will not work on their devices (Kravets, 2010). If a user wanted touse these resources, or even change the appearance of the icons and applications on theirApple device, they would have to find a way to work around these limitations. Thus,programmers have created “jailbreaking” programs that enable users to install thirdparty designers’ programs to be used on an iPhone or other Apple product. The use ofjailbreaking programs constitutes a hack, as they enable actors to use their devices inways that were not initially allowed by the designer. The use of these programs is notillegal, though they can void the product warranty, making the user accountable for theiruse of hacking programs (Kravets, 2010).Hacks that modify programs and subvert security protocols, however, are illegal andmay be used to obtain information or gain access to computer systems and protectedresources in furtherance of illegal acts, ranging from stealing credit cards to acts of terror(Brenner, 2008; Chu, Holt, and Ahn, 2010; Kilger, 2010; see Figure 3.1 for details). Inmany cases, hackers use very basic non-technical strategies rather than sophisticatedattacks to obtain information. For instance, individuals can steal someone’s passwordsfor email accounts or access to a system by looking over the victim’s shoulder andwatching their keystrokes. This act, called shoulder surfing, is simple, and can beperformed by anyone in order to obtain sensitive information (Mitnick and Simon, 2002;Wall, 2007). Similarly, hackers can employ social engineering tactics to try to fool orconvince people to provide them with information that may be used to access differentresources (Furnell, 2002; Huang and Brockman, 2010; Mitnick and Simon, 2002). Theseattacks often involve making simple requests and acting clueless in order to prey uponpeople’s willingness to help others (Mitnick and Simon, 2002). These sorts of non-technical attacks are invaluable to attackers because it is extremely difficult to protectindividuals from being compromised, unlike computer systems and physical buildings(Huang and Brockman, 2010; Mitnick and Simon, 2002). Often the most easily exploitedvulnerability for a person, organization, or a business is not a flaw in hardware orsoftware, but rather the individuals themselves. In fact, more than half of all investigated84
data breaches in a sample of businesses and universities were completed through the useof techniques that required little or no skill (Verison, 2016).Fig. 3.1 Venn diagram of computer hackingFor more on social engineering, go online to: www.sans.org/reading-room/whitepapers/critical/methods-understanding-reducing-social-engineering-attacks-36972.The information which victims provide in non-technical attacks frequently includesusernames and passwords for different resources like email. In turn, the attacker cangain access to personal or corporate information sources that they may not own or havepermission to access. The issue of ownership and access is why David Wall (2001)conceived of computer hacking as an act of cyber-trespass in keeping with burglary inthe real world. A hacker must cross network boundaries without approval from theowner or operator in much the same way as a burglar enters a dwelling withoutpermission. In order to compromise a computer system or network, the hacker must85
utilize vulnerabilities, or flaws, in computer software or hardware, or people in the caseof social engineering (Furnell, 2002; Taylor, 1999). There are hundreds of vulnerabilitiesthat have been identified in all manner of software, from the Microsoft operating systemWindows, to the web browsers we use every day (Wang, 2006). In much the same waythat burglars in the real world attempt to identify weaknesses in the design of homes,entrances, exits, and residents’ behaviors and activities in order to find ways to get insidea location (e.g. Wright and Decker, 1994), hackers’ first steps in developing a hack usingtechnical means is identifying these vulnerabilities.For more information on vulnerabilities, go online to: https://nvd.nist.gov.Once a vulnerability has been identified in a piece of technology, a hacker can thendevelop or use an exploit, a program that can take advantage of vulnerabilities to givethe attacker deeper access to a system or network (Furnell, 2002; Taylor, 1999; Wang,2006). There are many tools available online for hackers to use in order to exploitexisting vulnerabilities in computer software (Chu et al., 2010; Wang, 2006) and variousforms of malicious software which can be acquired for free from web forums orpurchased from vendors in online black markets (see Chapter 4 for details; Chu et al.,2010). Similarly, burglars can use tools, such as crowbars and keys, to gain access to aresidence through vulnerable points of entry (Wright and Decker, 1994).In the context of hacking, vulnerabilities and their attendant exploits may be used byanyone regardless of their ethical beliefs. For instance, there are vulnerability scanningtools available online, such as Nessus, which allow individuals to easily determine all thevulnerabilities present on a computer system (Wang, 2006). This tool may be used byhackers working on “red teams” or “tiger teams” hired by corporations to identify andpenetrate their networks in order to better secure their resources. Red teams areauthorized by system owners to engage in these acts; thus they are not violating the law.The same scanner could be used as a first step in an attack to identify vulnerabilities on asystem to determine what exploits should be used to compromise the system. Runningsuch a scan without permission from the system owners would be viewed as an illegalform of hacking (Wall, 2001).86
Victims of hackingDespite misconceptions about who and what is a hacker, it is clear that the use ofhacking for malicious purposes can have severe economic and social consequences forcomputer users. The most common targets for attack by malicious hackers are individualcomputer users, private industry, and governments (Brenner, 2008). In fact, the generalpublic present an excellent target for the majority of hackers since they may havesensitive information stored on their computers and can serve as a launch point forsubsequent attacks against different targets (discussed in Chapter 4). A malicious hackcan often affect multiple groups at the same time, and may be performed by individualsacting alone, in small groups, or in conjunction with a foreign military or government.When individuals act without any sort of state backing, they are referred to as non-nation-state-sponsored actors because they have no immediate affiliation to anorganization (Brenner, 2008; Denning, 2010).For more information on cyberthreats at the nation-state level, go online to:www.baesystems.com/en/cybersecurity/feature/the-nationstate-actor.Non-nation-state actors who engage in hacking frequently target individuals andinstitutions in order to steal sensitive information that can be resold or used in somefashion for a profit (Franklin, Paxson, Perrig, and Savage, 2007; Holt and Lampke, 2010;Peretti, 2009). For instance, credit and debit card numbers are a regular target forhackers, as this information can be used by the hacker to obtain funds or sold to othersto facilitate fraud (Franklin et al., 2007; Holt and Lampke, 2010; Thomas and Martin,2006). These attacks negatively affect both the cardholders and the financial institutionswho manage customer accounts (Peretti, 2009).One of the most extreme examples of this sort of compromise took place in January2009 against the Heartland Payment Systems company (Vijayan, 2010). This companyprocessed credit card transactions for over 250,000 companies across the USA and wascompromised by a piece of malicious software planted inside the company’s network inorder to record payment data as it was sent by retail clients (Krebs, 2009). As a87
consequence, hackers were able to acquire information from 130 million credit and debitcards processed by 100,000 businesses (Vijayan, 2010). The economic impact of such theftfrom hacking can be staggering. Based on some of the most recent available data, theInternet Crime Complaint Center (2015) reported that in 2015 credit card fraud andidentity theft cost US consumers over $41 million and $57 million respectively. Inaddition, corporate data breaches in which business data were stolen cost the companies$39 million, while personal data breaches, which were defined as security incidentsinvolving an individual’s sensitive, protected, or confidential data is copied, transmitted,viewed, stolen, or used by an unauthorized individual, cost US citizens $43 million.By contrast, hackers who engage in attacks at the behest of or in cooperation with agovernment or military entity may be referred to as nation-state actors (Brenner, 2008;Denning, 2010). Although it is unclear how many nation-state hackers there areinternationally, they are most likely a small number relative to the larger population ofnon-nation-state actors. The targets of nation-state actors’ attacks differ substantially.They frequently target government agencies, corporations, and universities using hacksto engage in both espionage and theft of intellectual property (Brenner, 2008).An excellent example of nation-state sponsored hacking involves the creation anddissemination of a piece of malicious software called Flame (see Chapter 4 for moredetails on malware). It is thought that hackers working for the US National SecurityAgency and/or the Israeli government were responsible for the development of thismalware, which was identified in May 2012 by security researchers (Symantec, 2012;Zetter, 2012). The program was found to have infected computers in governmentagencies, universities, and home computers, primarily in the Middle East, including Iran.There were, however, infections identified in Europe and North America.The malware was designed to target specific computers and serve as an espionagetool, enabling backdoor access to any system files, the ability to remotely record audio,capture keystrokes and network traffic, and even record Skype conversations (Cohen,2012; Zetter, 2012). One of the most unusual features of this code was that it couldremotely turn on the infected computer’s Bluetooth functions in order to log the contactdata from any nearby Bluetooth-enabled device, such as a mobile phone or tablet(Symantec, 2012). The malware was also remotely wiped from all of these systems afterit was made public, eliminating any evidence of the infections.The complexity and utility of the tool suggested to researchers that it could have onlybeen produced through the resources of a nation-state. In addition, the malware sharedsome common attack points with another well-known piece of malware called Stuxnetthat has been heavily associated with the USA and Israel (see Chapter 10 for details onthis program; Cohen, 2012; Zetter, 2012). The computers targeted are also indicative ofthe interests of a nation-state due to the fact that it was originally identified on IranianOil Ministry computers and other systems across Iran, Syria, Saudi Arabia, and variousMiddle Eastern nations. Finally, evidence from security analysts at Kasperskydemonstrated that the majority of infections were targeted within Iran to specificallyacquire schematics, PDFs, text files, and technical diagrams (Lee, 2012). The purpose of88
these attacks was to acquire information about the Iranian nuclear program and spysurreptitiously on any actors associated with its development.Over the past two decades, there have been an increasing number of attacksperformed by non-nation-state actors against government and industry targets due tosocial conflicts both online and offline (Brenner, 2008; Denning, 2010; Kilger, 2010). Thiswas exemplified by the recent international conflict between Russia and Estonia over theremoval of a Russian war monument from a national memorial garden in Estonia inApril 2006 (Brenner, 2008; Jaffe, 2006; Landler and Markoff, 2008). This action enragedRussian citizens living in Estonia and elsewhere, leading to protests and violence in thestreets of both nations. Hackers soon began to target government and private resourcesin both nations, and co-opted actors outside of the hacker community to participate intheir attacks (Brenner, 2008; Jaffe, 2006). The attacks became so severe that portions ofthe Estonian government and financial service sector were completely shut down,causing substantive economic harm (Brenner, 2008; Landler and Markoff, 2008).For more information on the Russia/Estonia cyber conflict, go online to:www.youtube.com/watch?v=fzFc1HH6Z_k.89
The human aspects of the hacker subcultureIn light of the various targets affected by hacks, it is necessary to understand theindividuals responsible for these attacks (see Box 3.1 for details). Individuals who utilizehacks may be referred to as hackers, though this term has different meanings fordifferent groups (Jordan and Taylor, 1998; Schell and Dodge, 2002; Taylor, 1999; Turkle,1984). Individuals within the hacker community may argue that a person can only be ahacker dependent on their level of skill or interest in technology (Holt, 2007; Jordan andTaylor, 1998). Individuals in the general public may often define a hacker, however, as ayoung, antisocial nerd who can only relate to others via their computer (Furnell, 2002;Schell and Dodge, 2002). Hackers may also be viewed as misfits who are involved incriminal or illicit activities, or perhaps computer technicians within corporations or atelectronics retailers (Furnell, 2002; Schell and Dodge, 2002).Box 3.1 The Jargon File definition of hackinghttp://catb.org/jargon/html/H/hacker.html1. A person who enjoys exploring the details of programmable systems andhow to stretch their capabilities, as opposed to most users, who prefer tolearn only the minimum necessary.The Jargon File provides a very distinct and well-accepted set of definitions for whatconstitutes a hacker. The definition also recognizes the differences between a hackerwho is motivated by curiosity and intellect relative to malicious intent.Empirical studies conducted on the hacker community suggest that hackers arepredominantly under the age of 30, although there are older hackers as well working inthe security community (Bachmann, 2010; Gilboa, 1996; Jordan and Taylor, 1998; Schelland Dodge, 2002). Younger people may be attracted to hacking because they have greateraccess and exposure to technology, as well as the time to explore technology at deep90
levels. Older hackers appear to be gainfully employed, working primarily in thecomputer security industry (Bachmann, 2010; Schell and Dodge, 2002). Younger hackersmay or may not be employed; some may be students in high school or universities. Infact, hackers tend to have a mix of both formal education and knowledge acquired ontheir own through reading and experiential learning (Bachmann, 2010; Holt, 2007).Limited evidence suggests that a proportion of skilled actors may have at least acommunity college education, while a small number have degrees from four-yearinstitutions (Bachmann, 2010; Holt, Soles, and Leslie, 2008; Holt, Kilger, Strumsky, andSmirnova, 2009; Schell and Dodge, 2002).Hackers also appear to be predominantly male, though it is unknown what constitutesthe true gender composition of the subculture (Gilboa, 1996; Jordan and Taylor, 1998;Schell and Dodge, 2002; Taylor, 1999). This is because most hackers conceal theiridentities from others online and are especially resistant to being interviewed orparticipating in research studies (Gilboa, 1996; Holt, 2007). Thus, it is difficult to identifythe overall composition of the hacker community at any given point in time.There is also substantive evidence that hackers have a number of social relationshipsthat influence their willingness to engage in different forms of behavior over time(Bossler and Burruss, 2011; Holt, Bossler, and May, 2012; Leukfeldt, Kleemans, and Stol,2017; Skinner and Fream, 1997). Peer relationships often emerge online throughinvolvement in forums, IRC channels, and other forms of computer-mediatedcommunication (Holt, 2009a; Jordan and Taylor, 1998; Skinner and Fream, 1997), thougha portion may involve social relationships cultivated in the real world (Leukfeldt et al.,2017). This is true not only for those interested in legitimate hacking, but also forcriminal hacks. In fact, recent research on international networks of individuals involvedin phishing and malware schemes suggests that the actors depended on technicalexpertise cultivated from web forums where technically proficient hackerscommunicated (Leuk-feldt et al., 2017)These associations are invaluable, as friends and relatives can provide models toimitate hacks (Morris and Blackburn, 2009; Leukfeldt et al., 2017), positiveencouragement and praise for unique hacks, and justifications for behavior, includingexcuses and beliefs about the utility of malicious hacks (Bossler and Burruss, 2011;Morris, 2011; Skinner and Fream, 1997). In fact, many hackers deny any harm resultingfrom their actions (Gordon and Ma, 2003), or blame their victims for having inadequatecomputer skills or systems to prevent victimization (Jordan and Taylor, 1998).There are many communities operating via CMCs across the globe for hackers atevery skill level to identify others who share their interests. In fact, there are hacker-related discussions in social groups via Internet Relay Chat (IRC), forums, blogs, andother online environments (Holt, 2007, 2009a, 2009b; Leukfeldt et al., 2017). Hackers haveoperated in bulletin board systems (BBSs) since the late 1970s and early 1980s toprovide information, tools, and techniques on hacking (Meyer, 1989; Scott, 2005). Thecontent was posted in plain text and occasionally featured images and art made fromASCII text, in keeping with the limitations of the technology at the time (see91
www.asciiworld.com for examples). These sites allowed asynchronous communicationsbetween users, meaning that they could post a message and respond to others. Inaddition, individuals hosted downloadable content including text files and tutorials,though some also hosted pirated software and material, called warez (Meyer, 1989; formore on piracy, see Chapter 5). The BBS became an important resource for new hackers,since experienced technology users and budding hackers could share detailedinformation about systems they explored and discuss their exploits (Landreth, 1985).The BBS allowed hackers to form groups with private networks based on password-protected boards intended to keep out the uninitiated and maintain privacy (Landreth,1985; Meyer, 1989). Closed BBSs were initially local in nature based on telephone areacodes, but changed with time as more individuals obtained computers and sought outothers online. Local hacker groups grew to prominence as a result of BBSs based on theirexploits and intrusions into sensitive computer systems, such as the Masters of Disasterand the Legion of Doom (Slatalla and Quittner, 1995). As a result, it is common forindividuals to belong to multiple forums and websites in order to gain access to pivotalresources online.For more information on what hacker BBSs looked like in the 1980s, go onlineto: http://hackers.applearchives.com/pirate-BBSs.html.In addition to online relationships, hackers often report close peer associations withindividuals in the real world who are interested in hacking (Holt, 2009a, 2009b; Meyer,1989; Schell and Dodge, 2002; Steinmetz, 2015). These networks may form in schools orthrough casual associations in local clubs. There are also local chapters of nationalhacker conferences, like the DefCon or DC groups (Holt, 2009a). For example, local 2600groups began to form around the publication of the underground hacker/phreakermagazine of the same name in the early 1980s (2600, 2011). These chapters operate inorder to bring interested individuals together to share their knowledge of computers andtechnology with others.Similarly, hacker spaces have emerged over the past decade as a way for individualswith knowledge of technology to come together in order to share what they know withothers (Hackerspaces, 2017). There are now 2,138 hacker spaces listed, with 1,327 markedas active and 357 as planned. They are often located in warehouses or large buildingsrented by non-profit groups in order to give individuals a chance to play with various92
technologies in an open and encouraging environment (Hackerspaces, 2017). Thisstimulates interest in technology and expands individual social networks to relate to alarger number of people who share their interests.For more information regarding hacker spaces, go online to:www.hackerspaces.org/.There are also a number of regional and national conferences in the USA and Europefocusing on hacking and computer security. They range from regional cons organized bylocal groups, such as PhreakNIC in Nashville, Tennessee, and CarolinaCon in Raleigh,North Carolina, to high-profile organized meetings arranged by for-profit industries likeDefCon. DefCon has been held since 1993 and is now one of the pre-eminent computersecurity and hacking conferences in the world (DefCon, 2017). The conference draws inspeakers and attendees from law enforcement, the intelligence community, computersecurity professionals, attorneys, and hackers of all skill levels for discussions on a rangeof topics covering hardware hacking, phreaking, cryptography, privacy laws, and thelatest exploits and vulnerabilities in everything from ATMs to cell phone operatingsystems (Holt, 2007).Similar cons are held around the world, such as the Chaos Communication Congress(CCC), which is the oldest hacker conference in Europe. The CCC has been held since1984 in various locations across Germany, with more than 9,000 attendees in 2013(Kinkade, Bachmann, and Bachmann, 2013). Thus, cons play an important role in sharinginformation about technology and connecting hackers in the real world which might nototherwise happen in online environments.93
Hacking historyThe 1950s: the originsIn order to understand the hacker community, it is important to explain its historicalevolution in the context of computing technology since its infancy in the late 1950s (seeTable 3.1 for details). Some researchers argue that the term “hacking” emerged fromengineering students at the Massachusetts Institute of Technology (MIT) in the 1950s(Levy, 2001). This phrase was used by students to refer to playful, but skilled, tinkeringwith electronics and was largely synonymous with “goofing off” or “fooling around.” Infact, the MIT model railroad club (TMRC) used the term to describe their work on theclub’s railroad systems (Levy, 2001). They perceived hacking as a way to solve problemsin spite of conventional techniques for engineering and electronics.The emergence of computing in the 1950s in university settings like MIT, Cornell, andHarvard also facilitated the emergence of hacking. At the time, computing mainframeswere massive systems encompassing whole climate-controlled rooms with relativelylimited memory and overall processing power (Levy, 2001; see Box 3.2 for details). Thesedevices were not linked together in any networked fashion as is the case with currentcomputers, and individuals working with these systems had to develop their own uniquesolutions to problems experienced by programmers and users. Computer programmerswho managed the systems of the time were often pressed to find ways to speed up theotherwise slow processing of their mainframe computers. The elegant and innovativesolutions to these problems were referred to as “hacks,” and the programmersresponsible were identified as “hackers” in keeping with the original concept asgenerated among the student body at MIT (Levy, 2001).Table 3.1 A timeline of notable events in the history of hacking1955• The first computer hackers emerge at MIT. Members try their hand in rigging thenew mainframe computing systems being studied and developed on campus.1968• The UNIX operating system is developed by Dennis Ritchie and Keith Thompson.1971• Phone hackers or phreaks break into regional and international phone networksto make free calls. John Draper discovers that a toy whistle found inside a Cap’nCrunch cereal box generates a 2600 Hz tone. By building a “blue box” using the toywhistle, resulting in free calls, John Draper and other phreaks land feature story inEsquire magazine entitled “Secrets of the Little Blue Box.”• The first email program is created by Ray Tomlinson.1975• Microsoft is created by Bill Gates and Paul Allen.1976• The Apple Computer is created by Steve Jobs, Stephen Wozniak, and Ron Wayne.• Phone phreaks move into computer hacking.94
1980-1982• Message boards called electronic bulletin board systems (BBSs) are created toexchange information and tactics with other phreaks.• Emergence of many hacking groups, including Legion of Doom and TheWarelords in the USA, and the Chaos Computer Club in Germany.1981• Ian Murphy becomes the first hacker to be tried and convicted as a felon forcomputer hacking.1983• WarGames sheds light on the capabilities that hackers could have. Generates fearamong the public.• “414” gang arrested for allegedly breaking into 60 computer systems, from LosAngeles to Manhattan. As a result the story gets mass coverage and the US Houseof Representatives holds hearings to discuss cyber-security.1984• The Hacker Magazine or Hagazine called 2600, and the online ‘zine Phrack a yearlater, are created to give tips to upcoming hackers and phone phreaks.• The Comprehensive Crime Control Act of 1984 is passed, giving the SecretService jurisdiction over computer fraud.1985• The first PC virus, called the Brain, is created. The virus used stealth techniquesfor the first time and originated in Pakistan.1986• As a result of numerous break-ins on government and corporate computersystems, Congress passes the Computer Fraud and Abuse Act, which makes it acrime to break into computer systems. The law did not apply to juveniles.1988• The Morris Worm incident is caused by Robert T. Morris, the son of a chiefscientist of a division of the National Security Agency, and a graduate student atCornell University. Morris plants a self-replicating worm on the government’sArpanet in order to test what effect it would have on the UNIX system. The wormspread and clogged 6,000 networked computers belonging to the government andthe university. As a result, Morris was expelled from Cornell, given probation, andfined $10,000.• The Computer Emergency Response Team (CERT) is created by DARPA(Defense Advanced Research Projects Agency), an agency of the United StatesDepartment of Defense responsible for the development of new technologies foruse by the military. DARPA would address network security.1989• The Hacker’s Manifesto is published by The Mentor and The Cuckoo’s Egg ispublished by Clifford Stoll.• Herbert Zinn becomes the first juvenile to be convicted under the ComputerFraud Act.1990• The Electronic Frontier Foundation is founded in order to protect and defend therights of those investigated for computer hacking.• Operation Sundevil commences, a prolonged sting operation where SecretService agents arrested prominent members of the BBSs in 14 US cities duringearly-morning raids and arrests. The arrests were aimed at cracking down oncredit card theft and telephone and wire fraud. This resulted in the breakdown inthe hacking community, whereby members were informing on each other inexchange for immunity.1993• DefCon hacking conference held in Las Vegas to say goodbye to BBSs. Popularityof event resulted in a meeting every year thereafter.1994-• Emergence of the World Wide Web. Hackers adapt and transfer all information95
2000to websites; as a result, the face of hacking changes.1994• Russian crackers siphon $10 million from Citibank and transfer money to bankaccounts around the world, led by Vladimir Levin who transferred funds toaccounts in Finland and Israel using his laptop. Levin was sentenced to three yearsin prison. All but $400,000 was recovered.1995• Kevin Mitnik is charged with illegally accessing computers belonging tonumerous computer software and computer operating system manufacturers,cellular telephone manufacturers, Internet service providers, and educationalinstitutions. Mitnik was also responsible for the theft, copying, andmisappropriation of proprietary computer software from Motorola, Fujitsu, Nokia,Sun, Novell, and NEC. Mitnick was also in possession of 20,000 credit cardnumbers once captured.• Chris Pile becomes the first person to be jailed for writing and distributing acomputer virus.1995• AOHell, a freeware application that allows unskilled script kiddies to wreakhavoc on America Online or AOL, is released, resulting in hundreds of thousandsof mailboxes being flooded with email bombs and spam.1996• Hackers alter the websites of the United States Department ofJustice, the CIA,and the US Air Force. Reports by the General Accounting Office state that hackersattempted to break into Defense Department computer files approximately 250,000times, 65 percent of which were successful.1998• NASA, the US Navy, and universities across the country are targeted by denial-of-service attacks on computers running Microsoft Windows NT and Windows 95.• Carl Fredrik Neikter, leader of the Cult of the Dead Cow, releases the TrojanHorse program Black Orifice, which allows hackers remote access to computersonce installed.1999• Napster is created by Shawn Fanning and Sean Parker, attracting millions ofusers, before being shut down in July 2001.• The first series of mainstream security software is released for use on personalcomputers.• Bill Clinton announces a billion-dollar initiative to improve computer securityand the establishment of a network of intrusion detection monitors for certainfederal agencies.• The Melissa virus is released causing the most costly malware outbreak to date.• The Cult of the Dead Cow releases an updated version of Black Orifice.2000• Hackers launch denial-of-service (DoS) attacks, shutting down Yahoo, Buy. com,Amazon, eBay, and CNN.2001• The Department of Energy’s computer system at Sandia National Laboratories inAlbuquerque is compromised.• Microsoft’s main server is hacked by DDoS attacks.2002• Internal training and quality control campaign started by Bill Gates in order toensure the security of Microsoft.• George W. Bush’s administration submits a bill that would create the Departmentof Homeland Security, which would have, as one of its many roles, theresponsibility of protecting the nation’s critical information technology (IT)infrastructure.• The CIA warns of an impending launch of cyber-attacks on US computer96
networks by Chinese hackers funded by the Chinese government.• Shatter Attacks is published by Chris Paget, showing how the Windowsmessaging system could be used to take control of a machine and questioning thesecurity of the Windows system itself.2003• Anonymous is formed.• The United States Department of Commerce allows hacker groups to exportencrypted software.2004• Myron Tereshchuk is taken into police custody for an attempt to extort millionsfrom Micropatent.• North Korea claims to attempt to break into South Korea’s computer systems.2005• Rafael Nunez, member of “World of Hell,” is taken into custody for cracking intothe Defense Information Systems Agency.• Cameron Lacroix is convicted for hacking into T-Mobile’s USA network.• Jeanson James Ancheta, member of “Botmaster Underground,” is arrested by theFBI.2006• Kama Sutra, a worm specializing in the destruction of data, is discovered andfound to replicate itself through email contacts, disrupting documents and folders.The threat turned out to be minimal.• Jeanson James Ancheta is convicted for his role in hacking systems of the NavalAir Warfare Center and the Defense Information Systems Agency, sentenced toprison, and ordered to pay damages in addition to handing over his property.• Iskorpitx hacks more than 20,000 websites.• Robert Moore and Edwin Pena, hackers featured on America’s Most Wanted, areconvicted, and ordered to pay restitution.• FairUse4WM is released by Viodentia, removing DRM from music servicewebsites.2007• Estonia recovers from DDoS attacks.• During Operation “Bot Roast,” the FBI locates over a million botnet victims; thesecond botnet operation uncovers a million infected computers, and results in aloss of millions of dollars and several indictments.• The Office of the Secretary of Defense undergoes a spear-phishing scheme,resulting in the loss of US Defense information as well as causing communicationand identification systems to be altered.• The United Nations website is hacked.2008• Project Chanology occurs on a Scientology website by Anonymous, resulting inthe loss and release of confidential information.2009• The Conficker worm hacks into the computer networks of personal computersand government.2010• “Operation Aurora”: Google admits to attacks on its infrastructure from China,resulting in the loss of intellectual property.• Stuxnet worm is discovered by VirusBlockAda, deemed to be a cyber-attack onthe nuclear facilities of Iran.• MALCON conference held in India, founded by Rajshekhar Murthy. The eventoffers an opportunity to display the techniques of malware coders from around theworld.• The website of Bank of America is hacked by Jeopardy, who is accused ofstealing credit card information by the FBI.97
2011• The PlayStation Network is compromised, revealing personal information of itsconsumers, recognized as one of the largest data breaches to date. YouTubechannel of Sesame Street hacked.• Palestinian Territories’ Internet networks and phone lines are hacked frommultiple locations around the world.2012• Hundreds of thousands of credit card numbers from Israel are released by a Saudihacker named OxOmar. As a result, Israel releases hundreds of credit cardnumbers from Saudi Arabia.• Team Appunity, a Norwegian hacker group, is taken into custody for releasingthe user database for the largest prostitution ring in Norway.• Foxconn is hacked by Swagg Security, compromising information.• WHMCS and MyBB are hacked by UGNazi due to the use of its software.• Government sites, including Farmers Insurance, MasterCard, and others, arehacked by Swagg Security, resulting in the release of personal information.2013• Burger King Twitter account is hacked by McDonald’s.• The Syrian Electronic Army attack various media outlets because of articles theyviewed as being sympathetic to Syrian rebel forces.• Chinese hackers attack the New York Times over a story published regardingChina’s prime minister.• The Montana Emergency Alert System is hacked and broadcasts messagesregarding a zombie apocalypse.• Target and other retailers are compromised by point-of-sale (PoS) malware thatsteals tens of millions of customer records, leading to the largest data breaches onrecord.• Anonymous hacks the official Twitter and Flickr accounts of North Korea to postmalicious messages about Kim Jong-un.2014• Sony Pictures is hacked by a hacker group called the Guardians of Peace. Theydump substantial quantities of intellectual property and sensitive email exchangesonline and threaten violence if the film The Interview is not pulled from theaters.• A vulnerability in the OpenSSL software used to encrypt online communicationsis identified, called Heartbleed. It allows users to capture sensitive data from webservers with little to no detection.• Multiple retailers and financial service providers are hacked, including J. P.Morgan Chase and Home Depot.• Evidence emerges that the USA and UK are responsible for the release ofmalware called Regin that surreptitiously collects data from infected systems, andis viewed as the most sophisticated espionage malware created to date.• Major celebrities are the target of a phishing scheme to acquire their AppleiCloud usernames and passwords in order to gain access to their personal photosand videos. Several high-profile female celebrities’ nude photos are released online.2015• The website Ashley Madison, designed to facilitate extramarital affairs, is hackedby the “Impact Team” who leak their customer database online.• The Ukraine’s power grid is compromised by hackers, coinciding with Russianincursions into the country to seize territory.• The US Office of Personnel Management (OPM) is compromised, leading to abreach of over 21 million individuals’ personal data, particularly their securityclearance information and fingerprint details. Experts speculate that it wasperformed by Chinese hackers, as none of the information acquired was resold to98
others.• Anthem Health Care, a major insurance provider in the USA, is compromised byhackers, leading to the loss of 80 million customers’ sensitive information.2016• Yahoo reveals that a series of compromises have occurred since 2013, leading tothe loss of 500 million users’ data.• The 2016 Democratic National Committee is hacked by someone using thehandle Guciffer 2.0. The information acquired from the hack, including sensitiveemail exchanges, is posted online by Wikileaks. The US government declares thatthis hack was enabled by the Russian government as part of a larger campaign toaffect the US elections.• A hacker group calling itself The Shadow Brokers try to sell hacking tools andprograms they acquired from an NSA hacking team, sometimes referred to as theEquation Group.• Major websites, including Netflix, undergo a DDoS attack using Internet ofThings (IoT) devices, such as wireless security cameras, infected by Mirai botnetmalware.Sources:1http://steel.lcc.gatech.edu/~mcordell/lcc6316/Hacker%20Group%20Project%20FINAL.pdf.2 http://en.wikipedia.org/wiki/Timeline_of_computer_security_hacker_history.3 http://edition.cnn.com/2001/TECH/internet/11/19/hack.history.idg/index.html.4 www.symantec.com/about/news/resources/press_kits/securityintelligence/media/SSR-Timeline.pdf.Box 3.2 Mainframe computing systemshttp://now.uiowa.edu/2013/03/hello-maui-goodnight-mainframe.What’s a mainframe? Sometimes called “big iron,” a mainframe is a large-scale computer that can supportthousands of users simultaneously and run vital operations reliably and securely. The mainframe probablygot its name from massive metal frames that once housed it, often occupying thousands of square feet.This article describes the early phases of mainframe computing and the eventualtransition from these room-sized devices to the laptops of today.99
For more information on the history of hacking at MIT, go online to:http://tmrc.mit.edu/hackers-ref.html.The 1960s and 1970s: the hacker ethicThe perception of the hacker as a skilled programmer and tinkerer continued through the1960s. The social upheaval and civil unrest experienced during this decade, however,would affect the ways in which hackers viewed their relationship with technology andthe larger world. As computer technology moved from universities into militaryapplications, the number of programmers and “hackers” began to expand. As aconsequence, a culture of programmers emerged based on a series of ideas called thehacker ethic by Steven Levy (2001):1. Access to computers – and anything that might teach you something about theway the world works – should be unlimited and total.2. All information should be free.3. Mistrust authority – promote decentralization.4. Hackers should be judged by their hacking, not bogus criteria such as degrees,age, race, or position.5. You can create art and beauty on a computer.6. Computers can change your life for the better.Although these six ideas are interrelated, the core belief within the hacker ethic is thatinformation should be open and free to all so that individuals can understand how thingswork and identify ways in which they could be improved (Thomas, 2002).The importance of transparency through technology became even more salient in the1970s with the introduction of two activities: phreaking and homebrew computing. Theemergence of phone phreaking, or tampering with phone technology to understand andcontrol telephone systems, was espoused by elements of the 1960s’ and 1970s’counterculture movement (Landreth, 1985; Wang, 2006). Individuals like Abbie Hoffman,an activist and protestor who wrote Steal This Book, advised people to engage inphreaking as a way to strike out against telephone companies for profiteering from a100
wonderful service. Hoffman and other groups wanted people to phreak because theycould make free calls to anyone in the world by controlling telephone system switchesthrough various devices and tones. The novel application and manipulation of telephonythrough phreaking led this activity to be the first form of hacking to gain a broaderaudience outside of traditional computing.The act of phreaking gained national attention in the mainstream media through anarticle published in Esquire magazine on John Draper and various other “phreaks” in1971 (Wang, 2006). Subsequently, law enforcement and telephone security begancollaborative crackdowns to eliminate phreaks from penetrating telephony. The absenceof laws pertaining to the exploration and manipulation of computers and telephonymade it difficult for police agencies until the late 1970s, when the first legal statutes weredeveloped (Wang, 2006). In fact, one of the first computer crime laws in the USA waspassed in Florida in 1978 making all unauthorized access to computer systems a third-degree felony (Hollinger and Lanza-Kaduce, 1988).For more information on blue boxes and phreaking, go online to:www.lospadres.info/thorg/lbb.html.The 1970s also saw the emergence of hobbyist groups focused on the development ofcomputer hardware and software. These groups operated through informal meetingsconducted in garages and other settings to facilitate conversations on the design andconstruction of personal computers (PCs). These hobbyists often used a combination ofcommercial computer kits sold through magazines, as well as their own innovativedesigns and “hacks” of existing resources. Their practices helped advance the state ofpersonal computing, though they did not typically refer to themselves or their activitiesas hacking (Ceruzzi, 1998).101
The 1980s: PCs, entertainment, and The Hacker ManifestoThe adoption of PC technology was initially slow, and did not take hold until the early1980s when middle-income families began to purchase computers. The concurrentexplosion of video games and home electronic entertainment systems exposed youngpeople to technology as never before. Young people, particularly males, wereincreasingly attracted to these devices and began to explore and use computers beyondtheir advertised value as learning tools. Similarly, modem technology, which connectscomputers to other computers and networks via telephone lines, improved and becameaccessible to the common home user. Individuals who had never before had access tocomputer technology could now identify and explore connected computer networks(Furnell, 2002). This led to the rise of the bulletin board systems (BBS) culture wherelocal groups and hackers across the country could connect and share information withothers (Slatalla and Quittner, 1995). At the same time, a growing underground mediabegan to publish homemade magazines on computers, hacking, and phreaking, such asPhrack and 2600. These publications helped propel individual interests in hacking andconnect the burgeoning computer-using community together.The increasing popularity of technology among the general public led to increasedmedia attention around computers and youth. This was due, in part, to the theatricalrelease of the movie WarGames, which featured a teenage hacker played by MatthewBroderick who unsuspectingly gains access to military computer systems and nearlycauses a nuclear holocaust (Schneider, 2008). The film piqued the curiosity of some youthand increased interest in hacking and computer use in general (see Box 3.3 for details).Media outlets quickly published stories on malicious hacker groups in order tocapitalize on the public interest in computer misuse stemming from the film (Marbach,1983a, 1983b). For instance, the FBI began raiding and filing suits against the members ofa local group of hackers known as the “414s” based on their Milwaukee area code(Krance, Murphy, and Elmer-Dewitt, 1983). The teen boys compromised protectednetworks but did not cause harm to systems or data (Hollinger and Lanza-Kaduce, 1988).Their acts drew attention from both federal law enforcement and the media to thegrowing perceived use of hacking for criminal purposes. Thus, this marked a distinctdivergence in the concept of hacking and hackers from the notion in the 1950s and 1960sof ethical computer tinkerers to a more criminal orientation.For more information on 1980s hacker groups, go online to:http://archive.wired.com/wired/archive/2.12/hacker_pr.html.102
Box 3.3 A hacker talks about WarGamesWhen WarGames came out, that was probably the biggest boon to the modern hacker that there ever was.Because right after that war dialers came out [.] programs that you could download to your computer thatwere all over the BBS that you could download that would call up people’s computers and just look formodem tones. And then, they’d record the greetings that the computers gave. Everybody was friendlyback then so when you dialed into a computer, it gave you the identification of who the computer was and[.] if it was governmental or something like that. It would either tell you, you know this is so and so’scomputer or simply would not tell you anything and that would be a flag that hey, this is, you know, issomething worth looking at. If it just asked you for your username and password, then maybe I need to goin here. Most of ’em didn’t even ask for user-names. They just wanted passwords. [.] So you start doingthings and when I got my first modem, WarGames came out as a movie and I saw all these dialers and Ithought you know, this is cool. And so you download one of the dialers and you run it. You check everyphone number in your neighborhood and after it had checked for five days and like come up with fournumbers or whatever and you would take those numbers and call ’em and you would get the greetingprotocols. And from that point in time you’d bring in your second program which was just, it would dialup, connect, and then it would randomly generate a password. Try to get through and it would keep doingit [.] so you would take this wardialer and you would tell it, okay I’m going to dial every phone number inthere looking for a modem and hang up. And you know if I don’t get a modem in so much time, hang up,go to the next one. So the people think they get a hang-up phone call, it’s annoying, but that’s it. Whenyou finally do get one, it sends across its I-identification which was usually a welcome greeting, “welcometo blah-blah blah-blah-blah” and [.] it would record that and then you’d go through at the end of, youknow, after you’d let it sit for however long it took to go through that exchange and for the ten thousandnumbers in the exchange it might take eight hours. You’d come back at the end of eight hours you’d lookat all your greetings and see if any of ’em were what you were looking for. Once you knew they werewhat you were looking for then it was a matter of brute forcing the passwords.Interview conducted with Mac Diesel by Thomas J. Holt.The criminalization of hacking and the growing schism in the hacker community wasexacerbated by the publication of a brief text called The Conscience of a Hacker, or TheHacker Manifesto (Furnell, 2002). The document was written by “The Mentor” in 1986and was first published in the magazine Phrack. “The Mentor” railed against adults, lawenforcement, and schools, arguing that hackers seek knowledge even if that meansbreaking into or gaining access to protected computer systems. These activities do notmake hackers criminals according to “The Mentor,” but rather misunderstood andunappreciated by adults who have no concept of the value of technology. He alsoencouraged hackers to engage in phreaking because telephone companies were “run byprofiteering gluttons.” This document supported some of the criminal aspects of hackingthat were in opposition to the 1960s’ concept of hacking and the broader hacker ethic. Asa consequence, a rift began to form among hackers based on their support of either theManifesto or the hacker ethic, as well as their perception of malicious and exploratory103
hacks.In fact, there are two terms used by some to attempt to differentiate between hackerswho seek to harm or destroy systems and those who do not. The term crack emergedwithin the hacker subculture to recognize and separate malicious hacks from those actssupported by the hacker ethic (Furnell, 2002; Holt, 2010). Those who engage in deviant orcriminal applications of hacking could be labeled crackers, since true hackers considerdestructive hackers to be “a lower form of life” (Furnell, 2002). Thus, the act of crackingis thought to be different from hacking based on the outcome of the attack and not thetechniques applied by the actor.For the full text of The Hacker Manifesto, go online to:www.phrack.org/issues/7/3.html#article.The criminalization of hacking continued through the creation of the federalCounterfeit Access Device and Computer Fraud and Abuse Act of 1984, and itssubsequent revision in 1986. The 1984 law focused initially on the use and abuse of creditcard information and established that any criminal incident involving a loss of $5,000 ormore was a federal offense to be handled by the Secret Service (Hollinger and Lanza-Kaduce, 1988). The 1986 revision of this Act, however, expanded legal protections to allcomputerized information maintained by banks and financial institutions.Furthermore, the law added three new violations: (1) unauthorized access to computersystems with the intent to defraud; (2) unauthorized access with intent to causemalicious damage; and (3) the trafficking of computer passwords with the intent todefraud (Taylor, Fritsch, Lieberbach, and Holt, 2010). These laws not only codifiedcriminal applications of hacking, but also afforded police agencies with better tools toprosecute the activities of hackers across the country (Hollinger and Lanza-Kaduce, 1988;Sterling, 1992; Taylor et al., 2010). In turn, multiple high-profile law enforcementinvestigations developed during the late 1980s and early 1990s, such as the pursuit ofKevin Mitnick (Shimomura and Markoff, 1996; see Box 3.4 for details) and Kevin Poulsen(Littman, 1997).104
Box 3.4 The criminal exploits of Kevin MitnickMitnick’s own words about his “hacking” – forbes.cominterview5/99www.forbes.com/1999/04/05/feat.html.FORBES.COM [F]: How would you characterize the media coverage of you?MITNICK [M]: When I read about myself in the media even I don’t recognizeme. The myth of Kevin Mitnick is much more interesting than the reality ofKevin Mitnick. If they told the reality, no one would care [.]In this article, Kevin Mitnick discusses his hacks and his life during incarceration forviolations of the Computer Fraud and Abuse Act. He also discusses his thoughts onthe post-release conditions he would have to live with once he completed his prisonsentence.As technology became increasingly user friendly and affordable in the early 1990s, thehacker population continued to expand. The hacker subculture became more segmentedbased on the use of perceived unethical hacking techniques by the increasing number ofyoung hackers (Taylor, 1999). For instance, modern hackers would typically attempt togather internal documents after accessing a system, both for bragging rights and to allowfor the free exchange of information through the hacker network. This desire to spreadinformation and discuss attack techniques afforded a mechanism for law enforcement togather evidence of illegal activities (Holt, 2007). As a consequence, the free exchange ofinformation within the hacker community began to evolve into trying to diminish thelikelihood of detection and prosecution (Kilger, 2010; Taylor, 1999). Local hacker groupsbegan to support conferences on the topic of hacking in the USA, including DefCon,Hackers On Planet Earth (HOPE), and PumpCon (see Table 3.2 for details). Similarconferences have been held since the mid-1980s in Germany, such as the ChaosCommunication Congress (CCC), which began in 1984 in Hamburg, then moved toBerlin in 1998 (Kinkade et al., 2013). These meetings afforded the opportunity to connectin the real world and gave the hacker population an air of respectability in the face ofincreasing criminal prosecutions of hacker groups (Holt, 2007).105
Table 3.2 A timeline of computer hacking conferences1984• Chaos Communication Congress, Europe’s largest hacker conference, began inBerlin and was held by the Chaos Computer Club. There are four sections of theevent, including: the Conference, the HackCenter, Art and Beauty, and the PhoneOperation Center. The main topic categories of the event include: Hacking, Science,Community, Society, and Culture.1987• SummerCon, one of the oldest conventions in the USA, began and was run byPhrack in St. Louis, Missouri until 1995. The SummerCon conference influenced theHOPE and DefCon conferences. The Legion of Doom took over in 1995 and movedthe conference to Atlanta, Georgia. After this, the conference was held in numerouslocations such as Washington, DC, Pittsburgh, Pennsylvania, and Austin, Texas.1990• HoHoCon Conference began in Houston, Texas during Christmas from 1990 to1994. The event was sponsored by Drunkfux, Dead Cow, and Phrack. Theconference, being one of the largest and most influential gatherings, influenced theDefCon and HOPE conferences.1993• DefCon, held initially in Las Vegas, Nevada, began; it is the world’s largest annualhacker convention to this day. Conference participants include average citizens,interest groups, federal employees, and hackers. The conference focuses on avariety of topics, from computers to social events and contests. The conference isusually held in the summer from June to August.1994• HOPE (Hackers On Planet Earth) conference began. The event is sponsored byhacker magazine 2600: The Hacker Quarterly, and continues to this day. Theconference is also diverse in who attends. The individuals range from hackers andphreaks to net activists and government spooks. The conference is held for threedays, usually during the summer, at the Hotel Pennsylvania in New York City. TheHOPE conferences invest in social and political agendas advocating hacker activity.• PumpCon conference is held in Philadelphia, PA from the mid-1990s to thepresent. The conference is held in October before Halloween.1997• Black Hat Briefings was started in 1997 by Jeff Moss. The company sought toprovide education to security professionals in global corporations and the federalgovernment. The event is held in Las Vegas, Nevada, and Washington, DC, as wellas internationally in locations such as Tokyo and Singapore. The training alsoincludes hands-on experience with recent security threats and countermeasures.• PhreakNIC was created by the Nashville 2600 organization. The conference is heldannually in Nashville, Tennessee and focuses on technical presentations. Popularculture is also a focus in the conference. The conference attracts individuals fromall around the USA as well as regional states, including Washington, DC, Georgia,Kentucky, Alabama, Missouri, and Ohio.1999• ToorCon was started by the 2600 user group but was founded by Ben Greenbergand David Hulton. The hacker conference is held annually in September andfocuses on topics of hacking and security.2003• Notacon (Northern Ohio Technological Advancement Conference) was created by”FTS Conventures” to fill the void left by the Detroit, Michigan Rubi-Con. Theconference focuses on the art of hacking as a technique and how to apply the ideato art and music. “Community through Technology” is a main focus of the event.The conference was last held in April 2009 in Cleveland, Ohio.106
2004• T2 infosec conference began. The conference is held annually in Helsinki, Finland,focusing on information security research and topics from security and defense toauditing.2005• CarolinaCon conference began and is held annually in North Carolina. Theconference is dedicated to sharing information about technology, security, andinformation rights. It also seeks to create local and international awareness abouttechnology issues and developments.• SchmooCon conference was created. The conference is held annually on the eastcoast in Washington, DC for three days. The conference focuses on technologyexploitation and inventive software and hardware solutions, and has opendiscussions about critical infosec issues.• Ekoparty was created by Juan Pablo Daniel Borgna, Leonardo Pigner, FedericoKirschbaum, Jeronimo Basaldua, and Francisco Amato. The security conference isheld annually in Argentina and focuses on information security.2007• Kiwicon began in Wellington, New Zealand. The conference is open to all agesand focuses on a variety of subjects, including modern exploit techniques, securityphilosophy, and New Zealand law.2009• AthCon conference was created by Cyberdefend Limited. AthCon is an annual ITsecurity conference held in Athens, Greece. The conference focuses on givingtechnical insight.• BSides conference was created by individuals whose presentations were rejectedfor acceptance at the Black Hat conference as an alternative event to showcaseresearch that may not be present at larger events.2010• Malcon was created by Rajshekhar Murthy. The international technology securityconference is held in India, bringing together malware and information securityresearchers.• THOTCON was created by Nicholas J. Percoco, Zack Fasel, Matt Jakubowski,Jonathan Tomek, and other DefCon volunteers in Chicago, Illinois. The conferencefocuses on information security and hacking.2011• DerbyCon conference began in Louisville, Kentucky. The conference invitessecurity professionals from around the world to share ideas.• INFILTRATE was founded. The security conference is hosted by Immunity, Inc.annually in Miami, Florida. The conference focuses on offensive technical issues.2012• SkyDogCon (New) was founded by a group of volunteers with a wealth ofconference participation experience in Nashville, Tennessee. The event was createdby hackers for hackers to share knowledge and facilitate learning.• HackInTheBox security conference is held annually in the Netherlands andMalaysia. The conference provides hands-on technical training.• The Hackers conference is held annually in New Delhi, and is one of India’sbiggest hacker conventions. The conference focuses on addressing the most topicalissues of the Internet security space.y• GrrCon is a Midwestern informationsecurity conference held in Grand Rapids, Michigan. The conference is aninformation hub for sharing ideas and building relationships.• Hackers 2 Hackers conference is a security research event held in Latin America.• Hactivity is an informal information security conference held annually inBudapest, Hungary.• Hackfest is a bilingual conference held annually in Quebec, Canada that focuses107
on hacking games.• Nuit Du Hack is a hacker conference held in Paris, France during the month ofJune.• ROOTCON is a premier hacker conference, held annually in the Philippinesbetween the months of September and October.• QUAHOGON is a hacker conference, held annually in Providence, Rhode Islandat the end of April.2014• CircleCity Con is an annual hacker conference held in Indianapolis, Indiana.Sources:www.cse.wustl.edu/~jain/cse571-07/ftp/hacking_orgs.pdfhttp://en.wikipedia.org/wiki/Computer_security_conferencehttp://carolinacon.org/#Aboutwww.shmoocon.org/shmooconhttp://hackercons.org/index.htmlhttp://en.wikipedia.org/wiki/Notaconhttp://en.wikipedia.org/wiki/PhreakNIChttp://www.derbycon.com/http://blog.pumpcon.org/www.athcon.org/about.phpwww.thehackersconference.com/about.htmlhttp://grrcon.org/The 1990s: affordable technology, the computer security community, andfinancial gainAt the same time, the computer security community began to emerge in the 1990s withthe incorporation of skilled hackers who understood the process of identifying andsecuring vulnerable software and hardware. This created a new tension within thehacker community between supposedly ethical hackers who worked for private industryand unethical hackers who used the same techniques to explore and exploit systems(Jordan and Taylor, 1998; Taylor, 1999). Some believed that this was an importanttransition back to the origins of the hacker ethic, while others viewed the change from108
hacker to security professional as a process of selling out and betraying the very natureof open exchange within the hacker community (Taylor, 1999).The prosecution and detention of Kevin Mitnick exacerbated this issue in the mid-1990s. Mitnick was viewed as a hero by the hacker community because of his substantialskill and the overly harsh treatment of him at the hands of law enforcement andprosecutors (Taylor et al., 2010). In fact, federal prosecutors barred Mitnick from using acomputer or Internet-connected device for several years following his release from afederal prison due to fears that he might cause substantial harm to telephony or privateindustry (Painter, 2001). Many hackers donated to Mitnick’s legal defense fund andbelieved that he was a scapegoat of fearmongering by legislators and law enforcement(Taylor et al., 2010). Shortly after his release from prison, Mitnick began a computersecurity consulting business and angered those in the subculture who viewed this as abetrayal of the basic principles of the hacker community. As a result, he lost a great dealof respect but provided a model for others to transition from known criminal to securityinsider in an increasingly technologically driven society.For more information on Mitnick’s prison experience, go online to:www.youtube.com/watch?v=lJFCbrhLojA.By the late 1990s, the World Wide Web and PC had radically altered the nature ofbusiness and communications. The global expansion of connectivity afforded by theInternet led to the digitization of sensitive financial and government information andmassive databases accessible online. Financial service providers and business platformsmoved to online environments to provide services directly to home computer users,offering convenient modes of communication and shopping. As a consequence, thelandscape and dynamics of computer hacking and the computer security industrychanged.The motives for hacking also shifted during this period from acquiring status andacceptance from the social groups that dominated hacking in the 1980s and 1990s towardeconomic gain (Chu et al., 2010; Kilger, 2010; Holt and Lampke, 2010). The complexity ofthe tools used by hackers increased, and their functionality changed from infecting anddegrading global networks to attacking and stealing sensitive informationsurreptitiously. In fact, the problem of phishing, where consumers are tricked intotransmitting financial information to fraudulent websites where the information is109
housed for later fraud, grew in the late 1990s and early 2000s (James, 2005; Wall, 2007).These crimes are particularly costly for both the individual victim and financialinstitutions alike. According to the Anti-Phishing Working Group (2016), there were466,065 unique phishing websites detected in the second quarter of 2016 and another364,424 phishing websites found in the third quarter. In addition, 353 brands weretargeted by phishing campaigns on average each month in the third quarter of 2016.During this time, individuals began to apply hacking techniques and skills in attacksbased on political and social agendas against government and private industry targets.For instance, members of the hacker collective, the “Electronic Disturbance Theater,”created and released an attack tool called Flood-Net (Denning, 2010; Jordan and Taylor,2004). This program was designed as a standalone tool to enable unskilled actors toengage in denial-of-service attacks against various government services as a form of“civil disobedience” (Cere, 2003; Schell and Dodge, 2002). Such an attack preventsindividuals from being able to use communications services, thereby rendering themuseless. This tool was first employed in an attack against the Mexican governmentbecause of their treatment of Zapatista separatists who were fighting against what theyperceived to be governmental repression (Denning, 2010).Box 3.5 The electronic disturbance theater and cyber-attacksTactical poetics: FloodNet’s virtual sit-inshttp://rhizome.org/editorial/2016/dec/01/tactical-poetics-floodnets-early-1990s-virtual-sit-ins/.It was a simple Java applet designed to rapidly reload a given webpage, but in the hands of these artists,it became a powerful “weapon of collective presence” and conceptual artwork – an exercise in “tacticalpoetics.”In this essay, the role of FloodNet as a tool of protest and its association with thecorporeal and virtual is discussed in detail. Examining the use of FloodNet as a toolfor attacks in the 1990s demonstrates the thoughtful nature of hacking dependingon the motive of the attacker.110
Similarly, hackers in India and Pakistan engaged in a series of defacement attacks overa four-year period from 1998 to 2001 due to the use of nuclear weapons testing anddevelopment in India (Denning, 2010). Web defacements allow an actor to replace theoriginal web page with content of their own design, including text and images. Such anattack is an ideal mechanism for politically motivated attackers to express their attitudesand beliefs to the larger world. Thus, the number of defacements increased dramaticallyduring this period as more countries became connected to the Internet and saw thisenvironment as a means to express their political and religious ideologies (Denning,2010). To understand how hacking is used as a method for both legitimate and maliciousactivities that affect individuals and governments around the world, it is necessary toexamine the modern hacker subculture and its influence on structuring the hackeridentity.For more information on web defacements, go online to: www.zone-h.org/.Box 3.6 The ongoing conflict between Indian andPakistani hackersHackers from India, Pakistan in full-blown online war – gadgetsnow.com10-14www.gadgetsnow.com/tech-news/Hackers-from-India-Pakistan-in-full-blown-online-war/articleshow/44766898.cms.111
Even as gunfire continues to be traded across the Indo–Pak border, a full-blown hacking and defacementwar has erupted in cyberspace. On Thursday, over a dozen Indian and Pakistani websites were defaced byhackers from either side of the fence.In this article, the various attacks between hacker crews in both India and Pakistanare detailed. This includes targeted defacements against government, industry, andeducational institution websites, due in part to physical conflict between the twonations.112
The modern hacker subcultureThe activities of hackers are driven, in large part, by the values and beliefs of the modernhacker subculture. Three primary norms within the hacker community have beenidentified across multiple studies: (1) technology; (2) knowledge; and (3) secrecy (Holt,2007; Jordan and Taylor, 1998; Meyer, 1989; Steinmetz, 2015; Taylor, 1999; Thomas, 2002).These norms structure the activities and interests of hackers regardless of theirinvolvement in ethical or malicious hacks; they are highly interconnected and importantin understanding the overall hacker subculture.TechnologyThe act of hacking has been directly and intimately tied to technology since thedevelopment of the term “hack” in the 1950s (Holt, 2007; Jordan and Taylor, 1998; Meyer,1989; Steinmetz, 2015; Taylor, 1999; Thomas, 2002). The interests and activities of hackerscenter on computer software and hardware, as well as associated devices like electronics,video games, and cell phones (Holt, 2007; Jordan and Taylor, 1998; Turkle, 1984). Theseinterests are interrelated, since understanding hardware can improve an individual’sunderstanding of software and vice versa. Thus, an individual’s connection totechnology and their sense of ownership over the tools of their “craft” (Steinmetz, 2015)increases their ability to hack (Holt, 2007; Jordan and Taylor, 1998; Taylor, 1999; Thomas,2002).To generate such a connection, hackers must develop a deep appreciation ofcomputers and be willing to explore and apply their knowledge in new ways (Jordan andTaylor, 1998). Hackers must be curious and explore technology often through creativeplay with devices, hardware, and software. For instance, one of the most well-knownhackers is John Draper, also known as Cap’n Crunch. He was very active in the 1970sand 1980s in the hacker community and is known for having blown a giveaway whistlefound in a box of Cap’n Crunch cereal into his phone receiver (Furnell, 2002; Wang,2006). The whistle created the perfect 2600 Hz tone that was necessary to enable anindividual to connect to long-distance lines at that time. Such an act of hacking thetelephone system is known as phreaking, combining the notion of “phone” and “hack-ing” (Furnell, 2002; Holt, 2010; Wang, 2006). Draper’s unique application of phreakingknowledge through the use of a simple children’s toy garnered a great deal of respectand attention from the phreaking community and popular media. In turn, this actdemonstrates the importance of exploration and creativity in the hacker community.The importance of technology for hackers often emerges early in youth. Many whobecome involved in the hacker community report developing an interest in technology at113
an early age. Many hackers report gaining access to computers in their early teens oreven younger (Bachmann, 2010; Holt, 2007). Simply using computers in public cafés andschools can also help pique a hacker’s interest in technology (Holt, 2010). Identifyingpeers who share their affinity for technology online or offline is also extremely valuablebecause it helps maintain their interests. Hackers maintain loose peer associations withindividuals in online environments that may be useful in the development of their skilland ability (Holt, 2009a, 2009b; Holt and Kilger, 2008; Meyer, 1989; Schell and Dodge,2002; Taylor, 1999).KnowledgeThe central importance of technology in this subculture drives individuals to form a deepcommitment to having knowledge and mastery of a variety of technological tools,including hardware and software (Meyer 1989; Holt, 2007; Steinmetz, 2015; Thomas,2002). Hackers spend a significant amount of time learning about technology in order tounderstand how devices work at deep levels. The hacker community stresses thatindividuals need to learn on their own rather than ask others to teach them how to dothings (Holt, 2007; Jordan and Taylor, 1998; Taylor, 1999). Although social connectionsprovide access to information and accumulated knowledge, the idea of being a hacker isdriven in part by curiosity and experiential knowledge that can only be developedthrough personal experience.An individual interested in hacking cannot simply ask others to teach them how tohack (Holt, 2007; Jordan and Taylor, 1998; Taylor, 1999). Such a request would lead to aperson being ridiculed or mocked and embarrassed publicly by others. Instead, mosthackers learn by spending hours every day reading manuals, tutorials, and forum postsin order to learn new things (Holt, 2007, 2009a; Jordan and Taylor, 1998; Taylor, 1999).Hackers also belong to multiple forums, mailing lists, and groups in order to gain accessto resources and information (Holt, 2007, 2009a; Holt and Kilger, 2008; Meyer, 1989;Taylor, 1999). The increasing importance of video-sharing sites has also enabled peopleto create tutorials that describe in explicit detail and demonstrate how to hack. Forinstance, Turkish hackers regularly post videos on YouTube and hacker forums thatexplain in detail how certain hacks work so that they can help others learn abouttechnology (Holt, 2009b). Constant changes in technology also require hackers to stay onthe cutting edge of innovations in computer hardware and software in order to improvetheir overall understanding of the field.Individuals who can apply their knowledge of technology in a practical fashion oftengarner respect from others within the subculture. The hacker subculture is a meritocracywhere individuals are judged on the basis of their knowledge of computer hardware andsoftware. Those with the greatest skill have the most status, while those with little to noability but a desire to hack receive the least respect from others. Hackers who create newtools, identify unknown exploits, and find novel applications of technology often114
generate media attention and respect from their peers in forums and blogs.Demonstrations of technological mastery provide cues that they are a hacker with someskill and ability. By contrast, individuals who engage in poorly executed hacks or haveminimal skills but try to brag about their activities may be ostracized by others (Holt,2007; Jordan and Taylor, 1998; Meyer, 1989; Steinmetz, 2015).One of the most salient demonstrations of mastery of technology may be seen at cons,where individuals can compete in hacking challenges and competitions. For example,DefCon and some regional cons hold Capture the Flag (CTF) competitions wherehackers compete against each other individually or in teams to hack one another, whileat the same time defending their resources from others. This demonstrates the dualnature of hacking techniques for both attack and defense. Many cons also hold triviacompetitions with questions about computer hardware, software, programming, videogames, and the exploits of well-known hackers. These games allow individuals todemonstrate their understanding of and connection to the social history of hacking, aswell as their technical knowledge. The winners of these competitions are usuallyrecognized at the end of the con and are given prizes for their accomplishment. Suchrecognition from the general public helps validate an individual’s knowledge and skilland demonstrate their mastery over social and technical challenges (Holt, 2009a).For more information on CTFs, go online to: www.youtube.com/watch?v=giAe7wU4r2o.The importance of knowledge is also reflected in the way in which hackers refer toindividuals within the hacker subculture, as well as those who operate outside of it(Furnell, 2002; Holt, 2007, 2010; Jordan and Taylor, 1998; Taylor, 1999). There are avariety of terms used to describe hackers. Individuals who are new to hacking and haveminimal knowledge of technology may be referred to as a noob or newbie (Holt, 2010).This may be used derogatorily in order to embarrass that person, although many simplyidentify themselves as noobs in order to clearly delineate the fact that they may notknow much about technology. Regardless, those who are considered noobs generallyhave no status within the hacker community (Furnell, 2002; Holt, 2010).As hackers learn and gain an understanding of computer software and hardware, theymay attempt to apply their knowledge with limited success. One of the key ways inwhich a person may hack early on involves the use of tools and kits found on hacker115
websites and forums (Bachmann, 2010; Furnell, 2002; Holt, 2010). The proliferation ofhacker tools over the past two decades has made it relatively easy for individuals toengage in various hacks because these resources automate the use of exploits againstknown vulnerabilities. The ability to hack a target quickly and easily is enticing forindividuals who are new to the subculture because they may feel that such an act willgarner status or respect from others (Furnell, 2002; Holt, 2007; Taylor, 1999). They do not,however, understand the way in which these tools actually affect computer systems, sotheir attacks often fail or cause greater harm than initially intended. As a consequence,many within the hacker subculture use the term script kiddies to refer to suchindividuals and their acts (Furnell, 2002; Holt, 2007, 2010; Taylor, 1999). This derogatoryterm is meant to shame individuals by recognizing their use of pre-made scripts or tools,their lack of skill, and the concurrent harm they may cause. In addition, older membersof the hacker community may also refer to noobs or script kiddies as lamers orwannabes, referencing their limited capacity and skills (Furnell, 2002).Those hackers who spend a great deal of time developing a connection to technologyand robust understanding of computers may be able to demonstrate that they are morethan just a noob or script kiddie (see Holt, 2010). Eventually, they may be able todemonstrate enough capacity to be viewed as a hacker, or even a leet (1337), by others inthe subculture. There is no single way, however, to determine when a person is“officially” considered a hacker or a leet (Holt, 2007). For instance, some people may notrefer to themselves as hackers because they feel that being a hacker is something thatothers must apply to you, rather than something you can bestow upon yourself (Holt,2007). Thus, they may simply allow others to call them a hacker rather than use the termon their own. Others argue that becoming a hacker is based on experience, such that youare only a hacker after you can use various programming languages, repair your owncomputer, and create your own tools and scripts (Holt, 2007; Taylor, 1999).Within the community of skilled hackers, some use the terms white hat, black hat, orgray hat to refer to an actor based on the way they apply their knowledge (see Furnell,2002; Holt, 2007, 2010; Thomas, 2002). White hats are thought to be “ethical” hackers whowork to find errors in computer systems and programs to benefit general computersecurity (Furnell, 2002; Holt, 2007, 2010). Black-hat hackers use the same techniques andvulnerabilities in order to gain access to information or harm systems (Furnell, 2002;Holt, 2007, 2010). Thus, black hats may sometimes argue that they are no different fromwhite hats; instead it is a perceptual difference among security professionals (Holt, 2007).Gray-hat hackers fall somewhere between these two camps, as their motives shift orchange depending on the specific situation (Furnell, 2002; Holt, 2010). The ambiguousnature of hacker ethics, however, makes it difficult to clearly identify when someone isacting purely in a black or white context. A term like “gray hat” is used to identify theethical flexibility and lack of consistency in individual hackers’ actions (Furnell, 2002;Holt, 2007, 2010; Jordan and Taylor, 1998). A gray-hat hacker may use their knowledgefor beneficial purposes one day, while breaking into a computer system to stealinformation the following day. Thus, there is significant variation in the actions of116
skilled hackers.SecrecyThe importance which hackers place on demonstrations of knowledge and deepcommitment to technology creates a unique tension within the hacker subculture: theneed for secrecy (Jordan and Taylor, 1998; Taylor, 1999; Thomas, 2002). Since some formsof hacking are illegal, an individual who attempts to brag about their activities to otherscan place themselves at risk of arrest or legal sanctions (Kilger, 2010; Taylor, 1999). Thisdoes not stop hackers talking about or engaging in illicit activities in relatively publicarenas online. Instead, they use various techniques to reduce the likelihood that their realidentity is compromised, such as handles or nicknames in online and offlineenvironments in order to establish an identity separate from their real identity (seeFurnell, 2002; Jordan and Taylor, 1998). Handles serve as a digital representation of self.They may be humorous or serious, depending on the individual. For example, one hackeradopted the handle TweetyFish under the assumption that no judge would ever takeseriously criminal hacks associated with that name (Furnell, 2002). Others take namesthat are associated with scofflaws and villains, like the group the Legion of Doom in the1980s, or that represent violence and pillaging, like Erik Bloodaxe (Furnell, 2002).Regardless of the handle an individual chooses, its use helps create a persona that can beresponsible for successful hacks and activities and diminish the likelihood of reprisalsfrom law enforcement (Furnell, 2002; Jordan and Taylor, 1998; Taylor et al., 2010).Some hackers also attempt to segment themselves and to shield their activities fromthe general public through the use of closed web forums and private message boards.Requiring individuals to register with a website or forum helps give some modicum ofprivacy for posters and diminishes the likelihood that anyone in the general public maystumble upon their conversations (Meyer, 1989). Law enforcement officers and computersecurity researchers can still gain access to these forums and generate information aboutserious hacks and attacks, though it is harder to identify these resources when they areclosely guarded secrets. In fact, some hacker groups prevent their sites from appearing insearch engine results like Google by turning off the feature “robots.txt” in the htmlcoding (Chu et al., 2010). This prevents web spiders from logging the site and reduces thelikelihood that outsiders may access their resources. Individuals within the hackersubculture can still identify and gain access to these resources. Hackers, therefore, treada fine line between sharing information and keeping certain knowledge private (Jordanand Taylor, 1998).The issue of secrecy has also affected the way in which individuals engage with oneanother at conferences and in public settings. The substantive increase in lawenforcement investigations of hackers and the concurrent incorporation of hackers intogovernment and private industry to secure resources means that individual attendeesmay be surrounded by people who are focused on identifying malicious hackers (Holt,117
2007, 2010; Schell and Dodge, 2002). Conferences like DefCon have actively attempted tosingle out when an individual is in such a position through their “Spot the Fed” contest(Holt, 2007). The game involves pulling an attendee out of the crowd who peopleperceive to be a federal agent and asking them a series of questions about their life andjob. If the person is, in fact, a federal agent, both the fed and the spotter receive T-shirtsto commemorate the experience (Holt, 2007).To see “Spot the Fed” in action, go online to: www.youtube.com/watch?v=oMHZ4qQuYyE.The Spot the Fed game was initially designed to draw attention to the presence of lawenforcement at the con, and to stress the need to carefully manage what is shared withstrangers in the open. The game also helps demonstrate the boundaries between hackersand law enforcement, and sheds light on the role of law enforcement in the hackersubculture. Over time, however, the game has become much more playful, and hasoccurred with less frequency as the conference has become a more established part of thecomputer security community. The presence of such a game still emphasizes the need forsecrecy in managing how hackers interact with others online and offline.118
Legal frameworks to prosecute hackingThe federal government within the USA is the primary level of government thatattempts to curtail computer-hacking activities by passing and enforcing legislationthrough various agencies. At the federal level, the primary statutes used to prosecutehacking cases are referred to as the Computer Fraud and Abuse Act (CFAA), discussedpreviously. This Act, listed as Section 1030 of Title 18 of the US Criminal Code, was firstpassed in 1986 and has been revised multiple times over the past three decades. Theselaws prosecute attacks against a “protected computer,” which is defined as anycomputer used exclusively or non-exclusively by a financial institution or the federalgovernment, as well as any computer used to engage in interstate or foreign commerceor communication generally (Brenner, 2011). This broad definition was adopted in 1996in order to provide protection to virtually any computer connected to the Internet and toincrease the efficacy of federal statutes to prosecute hacking crimes (Brenner, 2011).The CFAA stipulates seven applications of hacking as violations of federal law, thoughhere we will focus on four of these statutes (18 USC § 1030). The other three statutes arediscussed in Chapter 4 because they pertain more to malicious software and certainattacks that may extend beyond or can be completed without the use of computerhacking. With that in mind, there are four offenses that immediately pertain to hackingas discussed thus far:1. Knowingly accessing a computer without authorization or by exceedingauthorized access and obtaining information protected against disclosurewhich could be used to the disadvantage of the USA or to the advantage of aforeign nation and willfully deliver that information to another person notentitled to receive it or retain the information and refuse to deliver it to theperson entitled to receive it (18 USC § 1030 Sect. (a)(1)).2. Knowingly accessing a computer without authorization or by exceedingauthorized access to:a. Obtain information contained in a financial record of a financialinstitution or of a card issuer or contained in a file of a consumerreporting agency on a consumer;b. Obtain information from any federal department or agency;c. Information from any protected computer (18 USC § 1030 Sect. (a)(2)).3. To intentionally and without authorization access any non-public computer ofa US department or agency that is exclusively for the use of the governmentand affects the use of that computer (18 USC § 1030 Sect. (a)(3)).119
4. To knowingly and with the intent to defraud access a protected computerwithout authorization or by exceeding authorized access and thereby furtherthe intended fraud and obtaining anything of value (18 USC § 1030 Sect. (a)(4)).These acts cover a wide range of offenses and are written broadly enough to prosecutehackers regardless of whether they are internal or external attackers (Brenner, 2008;Furnell, 2002). Specifically, an internal attacker is an individual who is authorized to useand has legitimate access to computers, networks, and certain data stored on thesesystems. For example, college students are typically allowed to use online registrationsystems, access course content hosted on Blackboard or other learning sites, and to usecomputer systems on campus through a username and password sign-in system. Theyare not, however, allowed to enter grades or use sensitive systems reserved for facultyand administrators. If a student wanted to change their grades electronically, they wouldhave to exceed their authorized use by guessing a password or exploiting a system’svulnerability in order to gain access to grading systems. Thus, their use of existinginternal resources makes them an internal attacker. Someone who attempts to changegrades or access sensitive systems, but is not a student or an authorized user, would bedefined as an external attacker (Brenner, 2008; Furnell, 2002). This is because they haveno existing relationship with the network owners and are completely outside of thenetwork.To learn more about the insider threat problem and how it may be mitigated,go online to:www.ncsc.gov/issues/docs/Common_Sense_Guide_to_Mitigating_Insider_Threats.pdf.The punishments for these acts vary based largely on the harm caused by the incident.For example, the minimum sentence for these crimes can be a 10- to 20-year sentencerelated to acts of trespass designed to obtain national security information (Sect. (a)(1)),while simply accessing a computer and obtaining information of value (Sect. (a)(2))varies from one year in prison and/or a fine, to up to ten years if the offender has eithermultiple charges brought against them or if they engaged in the offense for commercialor private gain (18 USC § 1030). Individuals who trespass on government-controlledcomputers (Sect. (a)(3)) can receive both a fine and imprisonment for not more than oneyear, though if it is part of another offense it may be up to ten years.120
The greatest sentencing range involves attempts to access a computer in order toengage in fraud and obtain information (Sect. (a)(4)). If the object of the fraud and thething obtained consists only of the use of the computer and the value of that use doesnot exceed $5,000 in any one-year period, then the maximum penalty is a fine and up tofive years in prison. If the incident involves harm that exceeds $5,000, affects more thanten computers, affects medical data, causes physical injury to a person, poses a threat topublic health or safety, or affects the US government’s administration of justice, defense,or national security, then the punishments can start at ten years and/or a fine (18 USC §1030). If the hack either attempts to cause or results in serious bodily injury, the actorcan receive up to 20 years in prison, and he or she can be eligible for a life sentence if thehack either knowingly or recklessly caused death. These changes were a direct result ofthe Cyber Security Enhancement Act, which was a subsection of the Homeland SecurityAct of 2002 (Brenner, 2011; 18 USC § 1030; see also Chapter 10). This Act amended thepunishments available to federal judges when dealing with cybercrime cases in order tomore accurately reflect the severity of harm that may result from hackers’ attacksagainst computer systems and data.The CFAA also allows victims of hacking cases to pursue civil suits against theattacker (18 USC § 1030). Specifically, the statute allows any person who suffers eitherdamage or losses due to a violation of the CFAA the opportunity to seek compensatorydamages within two years of the date of the complaint or discovery of damages. It doesnot place limits on the amount of damages an individual may seek, though the statutestipulates that computer software and hardware manufacturers cannot be held liable fornegligent designs or manufacturing (Brenner, 2011). As a result, this essentially releases avendor from any civil responsibility for the presence of vulnerabilities within theirproducts. Instead, it is the attacker who is held liable for the identification and use ofexploits against those vulnerabilities.An additional federal statute pertaining to hacking is 18 USC § 1030 Sect. 2701(a),referencing unlawful access to stored communications. Given that so much personalinformation is now stored in email accounts hosted on web servers that are protectedthrough limited security protocols, like passwords that can be easily hacked, there is aneed to protect this information at all points. This statute makes it an offense tointentionally either (1) access without authorization a facility through which anelectronic communication is provided; or (2) exceed an authorization to access such afacility and then obtain, alter, or prevent authorized access to a wire or electroniccommunication while it is in electronic storage. This law is designed to help securepersonal communications and information, particularly against nation-state attackerswho may attempt to use email or communications to better understand a target(Brenner, 2011).Initially, the punishments for these offenses involved a fine and/or imprisonment fornot more than one year for the first offense, and up to five years for a subsequentoffense. This statute was amended by the Homeland Security Act of 2002 to increase thepenalties if the offense was completed for “purposes of commercial advantage, malicious121
destruction or damage, or private commercial gain, or in furtherance of any criminal ortortuous act in violation of the Constitution or laws of the United States or any State”(Cybersecurity Enhancement Act, 2002). If the attacks occurs for these reasons, an actormay receive a fine and up to five years in prison for the first offense, and then up to tenyears’ imprisonment for multiple offenses.In addition to federal statutes, all states have laws against computer hacking in someshape or form (Brenner, 2011). In fact, the first state to pass a law related to hacking wasFlorida in 1978, with the creation of the Computer Crimes Act. Although each state isdifferent, they largely define hacking in one of two ways:1. unauthorized access to computers or computer systems;2. unauthorized access leading to the acquisition, theft, deletion, or corruption ofdata.The terminology used to define hacking is varied, ranging from “unauthorized access” to“computer trespass” to “computer tampering.” In addition, some states place computerhacking laws under existing criminal statutes pertaining to burglary, theft, and robbery(Brenner, 2011). For instance, Missouri defines computer hacking as “tampering” witheither computers or data and has placed these offenses under Chapter 569, which include“Robbery, Burglary, and Related Offenses.” Others, like North Carolina, place computerhacking and related cybercrimes under their own statutes in order to encapsulate theunique nature of cybercrimes (Brenner, 2011). Regardless of the term used, many statesconsider unauthorized access on its own as a misdemeanor, while access andmanipulation of data is typically defined as a felony.To learn more about the incident that spawned the first state-level computercrime law in the US, go online to: http://repository.jmls.edu/cgi/viewcontent.cgi?article=1414&context=jitpl .Similar legislation is present in countries around the world, though there are somevariations in the way in which these statutes can be applied or the punishmentsassociated with the offense. For instance, the UK Computer Misuse Act of 1990 definesthree behaviors as offenses:122
1. unauthorized access to computer material (whether data or a program);2. unauthorized access to a computer system with intent to commit or facilitatethe commission of a serious crime;3. unauthorized modification of computer material.The structure of this Act recognizes variations in the way in which hackers operate, suchas the fact that only some hackers may attempt to gain access to systems, while othersmay attempt to maliciously use or modify data. Any individual found guilty of aviolation of the first statute can face a maximum sentence of six months or a fine of£2,000, or both. Subsequent charges under the second and third statutes are associatedwith more severe sanctions, including up to five years in prison, a fine, or both.Several researchers hold this legislation up as a model for other nations because of itsapplicability to various forms of hacking and compromise (see Brenner, 2011; Furnell,2002). The law itself, however, emerged because of the absence of existing laws thatcould be used to prosecute the crimes performed by Robert Schifreen and Steven Gold in1984 and 1985. Specifically, Schifreen noticed the username and password of a systemengineer at the British Telecom firm Prestel, and he and Gold used this information toaccess various parts of the network and gain access to sensitive account information(Furnell, 2002). The two were then caught by Prestel administrators and arrested, butthere was no legislation against the activities they performed. Thus, prosecutors chargedthe pair under the Forgery and Counterfeiting Act of 1981, under the auspices that theyhad “forged” the user credentials of others (Furnell, 2002).Although both Schifreen and Gold were found guilty, they appealed their case,claiming that they had caused no actual harm and had been charged under inappropriatestatutes (Furnell, 2002). The two were acquitted based on the conclusion that forgerylaws were misapplied and their actions were not, in fact, a violation of existing criminallaw. As a result, the English Law Commission recommended that new legislation bedeveloped to criminalize various forms of hacking (Furnell, 2002). The law wasintroduced and passed in 1990, though subsequent revisions have been introduced overthe past 25 years to increase sanctions, apply the law to offenses involving smart phones,and cover offenses involving malicious software (Brenner, 2011; Furnell, 2002).Other nations define hacking more narrowly, as with the Indian InformationTechnology Act, 2000, which specifically criminalizes and references a hack as a personwho “destroys or deletes or alters any information residing in a computer resource ordiminishes its value or utility or affects it injuriously by any means” (Department ofElectronics and Information Technology, 2008). Engaging in such an act can lead to afine of up to 500,000 rupees and/or up to three years’ imprisonment. There are othersubsections of the hacking law related to (1) receiving a stolen computer orcommunications device, (2) using a fraudulently obtained password, digital signature, orother unique identification, and (3) cheating using a computer resource (Department ofElectronics and Information Technology, 2008). While cheating is not specifically definedwithin the law, this is a unique addition that is largely absent from other nations’123
criminal codes. These subsections recognize the role of hacking as a facilitator for othercriminal acts, extending the utility of the law in a similar fashion to the US CFAA.At a broader level, the Convention on Cybercrime (CoC), also known as theBudapest Convention on Cybercrime, is the first international treaty designed to addresscybercrime and synchronize national laws on these offenses (Weismann, 2011). ThisConvention was developed in conjunction with the Council of Europe, Canada, andJapan in 2001, and came into force in 2004. The language of the treaty specificallyaddresses a number of cybercrimes (illegal access, illegal interceptions, data interference,system interference, misuse of devices, computer-related forgery, computer-relatedfraud, child pornography, and copyright infringements), with the intent to createcommon criminal policies and encourage international cooperation in the investigationand prosecution of these offenses. The CoC does not, however, encourage extradition,which limits its value in enforcement. In addition, those states that sign and ratify theCoC are under no obligation to accept all parameters of the Convention. Instead they canselect which provisions they choose to enforce, further limiting its utility. Some of theprimary offenses detailed in the Convention include illegal access and illegal interceptionof data and communications, as well as data interference, system interference, andmisuse of devices (Weismann, 2011). Thus, the CoC has inherent value for thedevelopment of consistent legal frameworks and definitions for hacking-related crimesin a global context (Weismann, 2011).At present, 50 nations have ratified the treaty and another five have signed but notratified the Convention. The majority of the ratifiers are members of the Council ofEurope and European Union generally, including Italy, Germany, Turkey, the Ukraine,and the United Kingdom. Several nations that are not members of the Council have alsoratified the CoC, including Australia, Canada, Dominican Republic, Israel, Japan,Mauritius, Panama, Sri Lanka, and the United States. The language of the CoC hasserved as a model for a number of nations’ cybercrime laws, particularly in a number ofSouth American and African nations (Riquert, 2013; Weismann, 2011). Thus, theConvention on Cybercrime may be invaluable in structuring consistent laws regardingcybercrime.124
Enforcing and investigating hacker activityIt is important to note that federal agencies are responsible for cases where the victimand offender reside in different states or countries. We will focus our discussion on theprimary federal agencies responsible for the investigation of computer hacking, sincethere are few local law enforcement agencies investigating computer hacking. Thisappears to stem from the fact that these cases are often very technically complex. Inaddition, these crimes involve local victims compromised by offenders living incompletely separate jurisdictions that cannot be affected by a police or sheriff’s office(Holt, Burruss, and Bossler, 2015).One of the most prominent federal law enforcement bodies involved in theinvestigation of hacking cases is the United States Secret Service (USSS). The SecretService was initially part of the Department of the Treasury, dating back to its creationin 1865 in order to combat the production and use of counterfeit currency following theCivil War (USSS, 2017). Now, however, the Secret Service is housed under theDepartment of Homeland Security (DHS). The Secret Service was initially tasked withhacking cases through the CFAA because of their mandate to investigate crimes againstfinancial institutions and counterfeit currency (18 USC § 1030). The growth oftechnology and Internet connectivity among banks and financial service providers madethe Secret Service seem like an experienced agency, capable of investigating hacking andonline fraud.Today, the Secret Service investigates cybercrimes through its Criminal InvestigativeDivision, specifically through its Financial Crimes Unit with three primary investigativeresponsibilities concerning cybercrime (USSS, 2017). The first involves financialinstitution fraud (FIF) against banks, savings and loan institutions, and credit unions (seeChapter 6 for additional details). The second includes access device fraud, such as the useof passwords in order to engage in fraud or hacks against various targets. The finalresponsibility involves acts of fraud that affect computers of “federal interest,” thatdirectly facilitate interstate or international commerce and government informationtransfers.The US Secret Service also has two task forces that investigate cyber-intrusions:Electronic Crimes Task Forces and Financial Crimes Task Forces. The Secret Serviceoperates 39 Electronic Crimes Task Forces that use the resources of academia, the privatesector, and law enforcement at all levels to meet Congressional mandate for the SecretService to create a national network to “prevent, detect, and investigate electroniccrimes, including potential terrorist attacks against critical infrastructure and financialpayment systems” (USSS, 2017). The Secret Service also operates 46 Financial CrimesTask Forces that “combine the resources of the private sector and other law enforcementagencies in an organized effort to combat threats to U.S. financial payment systems and125
critical infrastructure” (USSS, 2017).The other prominent agency involved in the investigation of hacking cases is theFederal Bureau of Investigation (FBI). Cybercrime is one of the FBI’s top threeinvestigative priorities, in part by legal mandate in the CFAA. The law stipulates that theFBI has the primary authority to investigate hacking cases that involve espionage,foreign nation-states, counterintelligence, and classified sensitive data that affectsnational defense or foreign relations.In order to address that mandate, the FBI has established several capabilities andpartnerships. The FBI operates a Cyber Division at its headquarters to coordinate theircyber strategy. They also run 93 Computer Crimes Task Forces that can investigatecybercrimes and work with other law enforcement agencies at the local, state, andfederal levels (FBI, 2017a). These task forces are focused on investigating attacks againstcritical infrastructure, hacks that target private industry or financial systems, and othercybercrimes. The CTFs in each region are also responsible for developing andmaintaining relationships with public and private industry partners in order to improvetheir response capabilities (FBI, 2017a).For more information on the FBI, go online to: www.fbi.gov/investigate/cyber.The FBI also operates the National Cyber Investigative Joint Task Force (NCIJTF)in partnership with the Department of Defense Cyber Crime Center (DoD DC3), aspecialized agency run by the Air Force to perform forensic analyses and training forattacks against DoD computers and defense contractors, referred to as the DefenseIndustrial Base (DIB) (DC3, 2017). The NCIJTF was created in 2008 by presidentialmandate in order to serve as the coordinating response agency for all domestic cyber-threat investigations. This group is not focused on reducing vulnerabilities, but ratherpursuing the actors responsible for various attacks (FBI, 2017b). In addition, theirdomestic focus does not mean they are centered only on US-based actors, but also onany individual interested in attacking the nation’s infrastructure. In fact, the NCI-JTFcoordinates with each CTF in order to provide investigative resources and assistance tofacilitate their mission (FBI, 2017b).The Bureau also operates Cyber Action Teams (CATs), which are highly trained smallgroups of agents, analysts, and forensic investigators who can respond to incidentsaround the world. These teams are designed to collect data and serve as rapid first126
responders to any incident, no matter where it occurs around the world. In addition, theFBI serves as the coordinating agency for the global Strategic Alliance Cyber CrimeWorking Group. This international partnership includes the Australian Federal Police,Royal Canadian Mounted Police (RCMP), New Zealand Police, and the UK’s NationalCrime Agency. This five-way partnership is designed to facilitate investigations, shareintelligence on threats, and synchronize laws in order to promote more successfulpartnerships against both organized criminal groups and cybercrimes. In fact, thispartnership has led to a shared Internet portal designed to share information amongthese countries, joint international task forces, and shared training programs in order tostandardize investigative techniques and training (FBI, 2017a).To see the global scope of the FBI’s Working Group, go online to:www.fbi.gov/news/stories/2008/march/cybergroup_031708.In addition, the FBI operates the InfraGard project, a non-profit public– privatepartnership designed to facilitate information sharing among academics, industry, andlaw enforcement (InfraGard, 2017). The group is designed to aid in collaborations inorder to better protect critical infrastructure and reduce attacks against US resources.InfraGard operates in chapters across the USA, which hold regular meetings to discussthreats and issues of interest with members. InfraGard has 84 chapters and over 54,000members, all of whom must go through a vetting process in order to participate(InfraGard, 2017). In turn, members gain access to a secured web portal whereintelligence on threats, vulnerabilities, and general information is shared. Thispartnership has been very successful, though members of the hacker group LulzSecattacked InfraGard chapter websites in order to embarrass the FBI (see Satter, 2011; alsoBox 3.7 for more details). This attack, however, appears to be an isolated incident in theotherwise positive partnerships afforded by InfraGard.127
Box 3.7 LulzSec hacks FBI affiliate, Infragardwww.digitaltrends.com/computing/lulzsec-hacks-fbi-affiliate-infragard/.Nearly 180 passwords belonging to members of an Atlanta-based FBI affiliate have been stolen and leakedto the Internet, the group confirmed Sunday. [.] Copies of the passwords [.] were posted to the Internet byonline hacking collective Lulz Security, which has claimed credit for a string of attacks in the past week.This article provides an overview of the hacks performed by the Anonymousoffshoot hacking group LulzSec against Infragard. In addition, the article illustratessome of the tensions between Anonymous and security specialists.While the FBI and Secret Service focus on the investigation of cybercrimes, they mustwork in close concert with the United States Attorney’s Office, which is a part of the USDepartment of Justice (DOJ) focused on the prosecution of federal criminal cases.Although the FBI is part of the DOJ, they operate as an investigative arm, while theAttorney’s Office represents the federal government in court to prosecute suspects. Infact, the investigation of cybercrimes is largely handled by the Criminal Division’sComputer Crime and Intellectual Property Section (CCIPS). Initially, violations of theCFAA were prosecuted at the federal level through the Computer Crime Unit, firstestablished in 1991 (US DOJ, 2017). The expansion of the Internet and the resulting rangeof cybercrimes that became possible led to a restructuring of the unit to a full Sectionwith the enactment of the National Information and Infrastructure Protection Act of1996. The unit now deals exclusively with the investigation and prosecution ofcybercrime cases and intellectual property crimes, through close collaboration with lawenforcement agencies and private industry. The CCIPS division also provides support forprosecutors handling similar cases at the federal, state, and local levels, and works withlegislators to develop new policies and legal statutes to deal with cybercrime generally.Recently, the Criminal division created the Cybersecurity Unit within the ComputerCrime and Intellectual Property Section “to serve as a central hub for expert advice andlegal guidance regarding how the criminal electronic surveillance and computer fraudand abuse statutes impact cybersecurity” (US DOJ, 2017).For more information on the DOJ’s Computer Crime and Intellectual PropertySection, go online to: www.justice.gov/criminal-ccips/about-ccips.128
In addition, there is now a Computer Hacking and Intellectual Property (CHIP) Unitwithin the DOJ which first appeared in the Northern District of California in 2000 (USDOJ, 2015). The section was established in order to provide prosecutors to handlecybercrime cases related to the massive technology industries operating in Silicon Valley,California. This unit was almost immediately successful and was involved inprosecutions related to economic espionage, piracy cases, spam, and other hacking cases.The success of this unit has led to its replication across the country with more than 260operating prosecutors, including one in each of the 94 US attorney’s offices (US DOJ,2015). In addition, there are 25 CHIP units across the country, with representation inmost regions in the USA, though the majority are in California, Texas, Florida, Virginia,and most states on the northeastern seaboard.Specialized law enforcement agencies also operate around the world to investigatecybercrimes that may violate local or federal laws. For example, the National CrimeAgency’s (NCA) National Cyber Crime Unit (NCCU) is responsible for leading theUnited Kingdom’s response to serious forms of cybercrime, provide cyber-specialistsupport, and to coordinate the nation’s cyber-response with Regional Organized CrimeUnits, the Metropolitan Police Cyber Crime Unit, industry, and international lawenforcement agencies. As part of this coordination, they share intelligence and expertiseto increase the knowledge of cyber-threat in order to more effectively disrupt cybercrimeactivity. Thus this unit serves a similar role to that of the FBI in the response to seriouscybercrimes (NCA, 2017). Similar structures are present in the Korean National Policeand the Royal Canadian Mounted Police through their Integrated Technological CrimeUnit (Andress and Winterfeld, 2011).129
SummaryThe computer hacker subculture is distinctive and provides justifications for individualsto develop a deep understanding of technology and the ability to apply their knowledgein innovative ways. Some hackers use their skills for malicious purposes, while othersuse them to protect computer systems. Both ethical and malicious hackers may have touse the same skill sets to complete an activity. In fact, hackers judge one another on thebasis of their skills, connection to technology, and depth of knowledge. Those withdemonstrable skills garner more respect from their peers, while those with minimal skillsmay be derided by others.The perception of hackers as malicious actors stems directly from the evolution ofhacking and technology. The criminalization of hacking in the late 1970s and 1980s,coupled with the development of the personal computer, enabled a shift in the hackersubculture and the expansion of hacking to new populations. As technology becamemore user friendly, the hacker culture changed, creating significant variations in the skilland ability of hackers. These factors have produced the current population of skilled andsemi-skilled hackers with various motives and ethical orientations. Thus, there is nosingle way to deal with hackers who use their skills for criminal gain. Instead, it iscritical to understand that script kiddies and noobs present a different threat than thoseblack-hat hackers who can successfully penetrate systems without detection.Key termsBlack-hat hackerBulletin board system (BBS)Capture the FlagChaos Communication Congress (CCC)Computer Crime and Intellectual Property Section (CCIPS)Computer Fraud and Abuse Act (CFAA)ConConvention on Cybercrime (CoC)CrackCrackerDefConDefense Industrial Base (DIB)Denial of serviceDepartment of Defense Cyber Crime CenterExploit130
External attackerFederal Bureau of Investigation (FBI)Gray-hat hackerHackHackerHacker ethicThe Hacker ManifestoHacker SpaceHandleInfraGardInternal attackerLamerLeetNation-state actorNational Crime AgencyNational Cyber Crime Unit (NCCU)National Cyber Investigative Joint Task Force (NCIJTF)Non-nation-state actorNoobPhishingPhreakPhreakingProtected computerScript kiddieShoulder surfingSocial engineeringUK Computer Misuse ActUnited States Department of Justice (US DOJ)United States Secret Service (USSS)VulnerabilityWannabeWarezWhite-hat hackerDiscussion questions1. Think about the various ways in which you have seen hackers portrayedin popular media over the past few years. Are they heroic characters ordangerous criminals? Do the representations conform to any of the131
realities of the hacker subculture, or do they simply further stereotypesabout hackers as a whole?2. If hacking is a skill or ability, does it share any similarities with otherreal-world activities that may be applied in malicious or ethical ways?3. Compare the ideas expressed in the hacker ethic with the commentsmade by the Mentor in The Hacker Manifesto. Do they make similarpoints, or are they very different documents? If there are commonthemes, what do they suggest about hacking and the complexities of thehacker subculture?4. Given the range of actors evident in the hacker subculture, is it possiblethat ethical and unethical hackers may share similar motives? If so, whatmight those motives be, and is it possible to identify an individual’sethical stance based solely on their motives?5. What were the weaknesses of using “traditional” legislation to prosecutehackers? How did newer legislation address those problems?132
References18 USC § 1030. 2600. (2011). 2600: The Hacker Quarterly. Available at: www.2600.com/.Andress, J., and Winterfeld, S. (2011). Cyber Warfare: Techniques, Tactics, and Tools forSecurity Practitioners. Waltham, MA: Syngress.Anti-Phishing Working Group. (2016). Phishing Activity Trends Report: 3rd Quarter 2016.Anti-Phishing Working Group. Available at:http://docs.apwg.org/reports/apwg_trends_report_q3_2016.pdf.Bachmann, M. (2010). The risk propensity and rationality of computer hackers. TheInternational Journal of Cyber Criminology, 4, 643–656.Bossler, A. M., and Burruss, G. W. (2011). The general theory of crime and computerhacking: Low self-control hackers? In T. J. Holt and B. H. Schell (eds), CorporateHacking and Technology-driven Crime: Social Dynamics and Implications (pp. 38–67). Hershey, PA: ISI-Global.Brenner, S. W. (2008). Cyberthreats: The Emerging Fault Lines of the Nation State. NewYork: Oxford University Press.Brenner, S. W. (2011). Defining cybercrime: A review of federal and state law. In R. D.Clifford (ed.), Cybercrime: The Investigation, Prosecution, and Defense of aComputer-related Crime (3rd edn) (pp. 15–104). Raleigh, NC: Carolina AcademicPress.Cere, R. (2003). Digital counter-cultures and the nature of electronic social and politicalmovements. In Y. Jewkes (ed.), Dot.cons: Crime, Deviance and Identity on the Internet(pp. 147–163). Portland, OR: Willan Publishing.Ceruzzi, P. (1998). A History of Modern Computing. Cambridge, MA: MIT Press.Chu, B., Holt, T.J., and Ahn, G.J. (2010). Examining the Creation, Distribution, andFunction of Malware On-line. Washington, DC: National Institute of Justice.Available at: www.ncjrs.gov/pdffiles1/nij/grants/230112.pdf.Cohen, R. (2012). New massive cyber attack an “industrial vacuum cleaner for sensitiveinformation.” Forbes, May 28, 2012. [Online] Available at:http://www.forbes.com/sites/reuvencohen/2012/05/28/new-massive-cyber-attack-an-industrial-vacuum-cleaner-for-sensitive-information/#37a55e68f907.DefCon. (2017). What is Defcon? Available at: http://defcon.org/html/links/dc-about.html.Denning, D. E. (2010). Cyber-conflict as an emergent social problem. In T.J. Holt and B.Schell (eds), Corporate Hacking and Technology-driven Crime: Social Dynamics andImplications (pp. 170–186). Hershey, PA: IGI-Global.Department of Defense Cyber Crime Center. (2017). Fact Sheet: Department of the AirForce. Available at: www.dc3.mil/data/uploads/dc3-fact-sheet-fy14-2015-02-20.pdf.Department of Electronics and Information Technology. (2008). Information Technology133
Act, 2000. Available at:http://meity.gov.in/sites/upload_files/dit/files/downloads/itact2000/itbill2000.pdf.Federal Bureau of Investigation. (2008). Cyber Solidarity: Five Nations, One Mission.Available at: www.fbi.gov/news/stories/2008/march/cybergroup_031708.Federal Bureau of Investigation. (2017a). Cyber Crime. Available at:www.fbi.gov/investigate/cyber.Federal Bureau of Investigation. (2017b). National Cyber Investigative Joint Task Force.Available at: www.fbi.gov/investigate/cyber/national-cyber-investigativejoint-task-force.Franklin, J., Paxson, V., Perrig, A., and Savage, S. (2007). An inquiry into the nature andcause of the wealth of internet miscreants. Paper presented at CCS07, October 29–November 2, in Alexandria, VA.Furnell, S. (2002). Cybercrime: Vandalizing the Information Society. London: Addison-Wesley.Gilboa, N. (1996). Elites, lamers, narcs, and whores: Exploring the computerunderground. In L. Cherny and E. R. Weise (eds), Wired_Women (pp. 98–113).Seattle: Seal Press.Gordon, S., and Ma, Q. (2003). Convergence of virus writers and hackers: Factor orfantasy. Cupertino, CA: Symantec Security White Paper.Hackerspaces. (2017). About Hackerspaces. Available at: https://wiki.hackerspaces.org/.Hollinger, R., and Lanza-Kaduce, L. (1988). The process of criminalization: The case ofcomputer crime laws. Criminology, 26, 101–126.Holt, T.J. (2007). Subcultural evolution? Examining the influence of on- and off-lineexperiences on deviant subcultures. Deviant Behavior, 28, 171–198.Holt, T.J. (2009a). Lone hacks or group cracks: Examining the social organization ofcomputer hackers. In F. Schmalleger and M. Pittaro (eds), Crimes of the Internet (pp.336–355). Upper Saddle River, NJ: Pearson Prentice Hall.Holt, T.J. (2009b). The attack dynamics of political and religiously motivated hackers. InT. Saadawi and L. Jordan (eds), Cyber Infrastructure Protection (pp. 161–182). NewYork: Strategic Studies Institute.Holt, T.J. (2010). Examining the role of technology in the formation of deviantsubcultures. Social Science Computer Review, 28, 466–481.Holt, T.J., and Kilger, M. (2008). Techcrafters and makecrafters: A comparison of twopopulations of hackers. 2008 WOMBAT Workshop on Information Security ThreatsData Collection and Sharing (pp. 67–78).Holt, T.J., and Lampke, E. (2010). Exploring stolen data markets on-line: Products andmarket forces. Criminal Justice Studies, 23, 33–50.Holt, T.J., Bossler, A. M., and May, D. C. (2012). Low self-control, deviant peerassociations, and juvenile cyberdeviance. American Journal of Criminal Justice,37(3), 378–395.Holt, T.J., Burruss, G. W., and Bossler, A. M. (2015). Policing Cybercrime andCyberterror. Raleigh, NC: Carolina Academic Press.134
Holt, T.J., Kilger, M., Strumsky, D., and Smirnova, O. (2009). Identifying, Exploring, andPredicting Threats in the Russian Hacker Community. Presented at the Defcon 17Convention, Las Vegas, Nevada.Holt, T.J., Soles, J., and Leslie, L. (2008). Characterizing malware writers and computerattackers in their own words. Paper presented at the third International Conferenceon Information Warfare and Security, April 24–25, Omaha, Nebraska.Huang, W., and Brockman, A. (2010). Social engineering exploitations in onlinecommunications: Examining persuasions used in fraudulent e-mails. In T.J. Holt(ed.), Crime On-line: Causes, Correlates, and Context (pp. 87–112). Raleigh, NC:Carolina Academic Press.InfraGard. (2017). InfraGard: Partnership for Protection. Available at:www.infragard.org/Application/Account/Login.Internet Crime Complaint Center. (2015). IC3 2015 Internet Crime Report. Available at:https://pdf.ic3.gov/2015_IC3Report.pdf.Jaffe, G. (2006). Gates urges NATO ministers to defend against cyber attacks. The WallStreet Journal On-line, June 15, 2006. Available at:http://online.wsj.com/article/SB118190166163536578.html?mod=googlenews_wsj.James, L. (2005). Phishing Exposed. Rockland: Syngress.Jordan, T., and Taylor, P. (1998). A sociology of hackers. The Sociological Review, 46,757–780.Jordan, T., and Taylor, P. (2004). Hacktivism and Cyber Wars. London: RoutledgeKilger, M. (2010). Social dynamics and the future of technology-driven crime. In T.J. Holtand B. Schell (eds), Corporate Hacking and Technology-driven Crime: SocialDynamics and Implications (pp. 205–227). Hershey, PA: IGI-Global.Kinkade, P.T., Bachmann, M., and Bachmann, B.S. (2013). Hacker Woodstock:Observations on an off-line Cyber Culture at the Chaos Communication Camp 2011.In T.J. Holt (ed.), Crime On-line: Correlates, Causes, and Context (2nd edn) (pp. 19–60). Raleigh, NC: Carolina Academic Press.Krance, M., Murphy, J., and Elmer-Dewitt, P. (1983). The 414 Gang strikes again. Time.Available at: www.time.com/time/magazine/article/0,9171,949797,00.Kravets, D. (2010). U.S. declares iPhone jailbreaking legal, over Apple’s objections. WiredThreat Level. Available at: www.wired.com/threatlevel/2010/07/feds-ok-iphone-jailbreaking/.Krebs, B. (2009). Payment processor breach may be largest ever. The Washington Post.Available at:http://voices.washingtonpost.com/securityfix/2009/01/payment_processor_breach_may_b.htmlLandler, M., and Markoff, J. (2008). Digital fears emerge after data siege in Estonia. TheNew York Times, May 24, 2007. Available at:www.nytimes.com/2007/05/29/technology/29estonia.html.Landreth, B. (1985). Out of the Inner Circle. Seattle, WA: Microsoft Press.Lee, D. (2012). Flame: Attackers sought confidential Iran data. BBC News, May 29.Available at: www.bbc.com/news/technology-18324234.135
Leukfeldt, R., Kleemans, E. R., and Stol, W. (2017). Origin, growth, and criminalcapabilities of cybercriminal networks. An international empirical analysis. CrimeLaw and Social Change, 67, 39–53.Levy, S. (2001). Hackers: Heroes of the Computer Revolution. New York: Penguin.Littman, J. (1997). The Watchman: The Twisted Life and Crimes of Serial Hacker KevinPoulsen. New York: Little Brown.Marbach, W. (1983a). Beware: Hackers at play. Newsweek, 42.Marbach, W. (1983b). Cracking down on hackers. Newsweek, 34.Meyer, G.R. (1989). The Social Organization of the Computer Underground. Master’sthesis, Northern Illinois University.Mitnick, K.D., and Simon, W.L. (2002). The Art of Deception: Controlling the HumanElement of Security. New York: Wiley Publishing.Morris, R.G. (2011). Computer hacking and the techniques of neutralization: Anempirical assessment. In T.J. Holt and B.H. Schell (eds), Corporate Hacking andTechnology-driven Crime: Social Dynamics and Implications (pp. 1–17). Hershey, PA:ISI-Global.Morris, R. G., and Blackburn, A. G. (2009). Cracking the code: An empirical explorationof social learning theory and computer crime. Journal of Crime and Justice, 32, 1–32.National Crime Agency. (2017). National Cyber Crime Unit. Available at:www.nationalcrimeagency.gov.uk/about-us/what-we-do/national-cybercrime-unit.Painter, C.M.E. (2001). Supervised release and probation restrictions in hacker cases.United States Attorneys’ USA Bulletin, 49. Available at:www.cybercrime.gov/usamarch2001_7.htm.Peretti, K. K. (2009). Data breaches: What the underground world of “carding” reveals.Santa Clara Computer and High Technology Law Journal, 25, 375–413.Riquert, M. A. (2013). Rethinking how criminal law works in cyberspace. Paper presentedat the Criminal Cybercrime Research Conference, October 14, Elche, Spain.Satter, R. G. (2011). LulzSec hackers claim breach of FBI affiliate in Atlanta. HuffingtonPost: Tech. Available at: www.huffingtonpost.com/2011/06/05/lulzsec-hack-fbi-infragard-atlanta_n_871545.html?view=print&comm_ref=false.Schell, B.H., and Dodge, J.L. (2002). The Hacking of America: Who’s Doing it, Why, andHow. Westport, CT: Quorum Books.Schneider, H. (2008). Wargames. United Artists.Scott, J. (2005). BBS: The Documentary. Available at: www.bbsdocumentary.com.Shimomura, T., and Markoff, J. (1996). Takedown: The Pursuit and Capture of KevinMitnick, America’s Most Wanted Computer Outlaw – by the Man Who Did It. NewYork: Hyperion.Skinner, W. F., and Fream, A. M. (1997). A social learning theory analysis of computercrime among college students. Journal of Research in Crime and Delinquency, 34,495–518.Slatalla, M., and Quittner, J. (1995). Masters of Deception: The Gang that RuledCyberspace. New York: Harper Collins.136
Steinmetz, K. F. (2015). Craft(y)ness: An ethnographic study of hacking. British Journalof Criminology, 55, 125–145.Sterling, B. (1992). The Hacker Crackdown: Law and Disorder on the Electronic Frontier.New York: Bantam Books.Symantec. (2012). Flamer: Highly sophisticated and discreet threat targets the MiddleEast. Available at: www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet-threat-targets-middle-east.Taylor, P. (1999). Hackers: Crime in the Digital Sublime. London: Routledge.Taylor, R. W., Fritsch, E.J., Liederbach, J., and Holt, T.J. (2010). Digital Crime and DigitalTerrorism (2nd edn). Upper Saddle River, NJ: Pearson Prentice Hall.Thomas, D. (2002). Hacker Culture. Minneapolis, MN: University of Minnesota Press.Thomas, R., and Martin, J. (2006). The underground economy: Priceless. login, 31, 7–16.Turkle, S. (1984). The Second Self: Computers and the Human Spirit. New York: Simonand Schuster.United States Department of Justice. (2015). The Northern District of California and theFirst CHIP Unit. Available at: www.justice.gov/usao/priority-areas/cyber-crime/chip-units.United States Department of Justice. (2017). About CCIPS. Available at:www.justice.gov/criminal-ccips/about-ccips.United States Secret Service. (2017). The Investigative Mission. Available at:www.secretservice.gov/investigation/.Verison. (2016). 2016 Data Breach Investigations Report. Available at:www.verizonenterprise.com/verizon-insights-lab/dbir/2016/.Vijayan, J. (2010). Update: Heartland breach shows why compliance is not enough.Computerworld. Available at:www.computerworld.com/s/article/9143158/Update_Heartland_breach_shows_why_compliance_is_not_enoughWall, D.S. (2001). Cybercrimes and the Internet. In D.S. Wall (ed.), Crime and theInternet (pp. 1–17). New York: Routledge.Wall, D.S. (2007). Cybercrime: The Transformation of Crime in the Information Age.Cambridge: Polity Press.Wang, W. (2006). Steal This Computer Book 4.0: What They Won’t Tell You About theInternet. Boston, MA: No Starch Press.Weismann, M. F. (2011). International cybercrime: Recent developments in the law. In R.D. Clifford (ed.), Cybercrime: The Investigation, Prosecution, and Defense of aComputer-related Crime (3rd edn) (pp. 257–294). Raleigh, NC: Carolina AcademicPress.Wright, R. T., and Decker, S.H. (1994). Burglars on the Job: Streetlife and ResidentialBreak-ins. Boston, MA: Northeastern University Press.Zetter, K. (2010). “Google” hackers had ability to alter source code. Wired. Available at:www.wired.com/threatlevel/2010/03/source-code-hacks/82.Zetter, K. (2012). Meet “Flame” the massive spy malware infiltrating Iranian computers.Wired, May 28, 2012. Available at: www.wired.com/2012/05/flame/.137
Chapter 4Malware and Automated Computer AttacksChapter goals• Define malware and the role of vulnerabilities and exploits in theiractivation.• Identify the differences between viruses, trojans, worms, and blendedthreats.• Understand why individuals write and distribute malicious software.• Identify the role of malware markets in facilitating attacks and the normsof these market participants.• Assess the legal frameworks used to pursue cyber-attacks facilitated bymalicious software.• Recognize the role of law enforcement agencies and the security industry tomitigate malware in the wild.138
IntroductionSimilar to the threat posed by computer hackers explored in Chapter 3, there is a greatdeal of confusion and misunderstanding around the issue of malware or malicioussoftware. Many in the general public have heard the term “virus” or perhaps “Trojan” incomputing, though they may neither understand what they actually do nor how theyoperate. The lack of understanding is compounded by the number of security toolsavailable to protect computer systems from malware. Although most laptops and desktopcomputers are sold with some form of antivirus software pre-installed, owners may notknow how, when, or why to properly use these tools. In addition, most mobile phonesand tablet computers, such as iPads or Kindles, do not have this software, even thoughthey can be infected by malware.Computer users who understand the value and necessity of antivirus software andsecurity tools to minimize the likelihood of infections may not realize that they are stillvulnerable to attacks from new code that has just been identified. Although that mayseem like a relatively minor dilemma, consider that there were at least 431 million newpieces of malware identified in 2015, a 36 percent increase from the previous year(Symantec, 2016)! In addition, the behavior of malware can often be so subtle that anindividual may not know that they have been affected.For examples of vulnerabilities and malware, go online to:www.foxbusiness.com/politics/2013/08/07/cyber-hackers-on-course-for-one-million-malware-apps.htmlThis chapter is designed to provide a basic understanding of malware, including themost common forms of malware that are active in the wild. Due to the substantivetechnical details involved in the classification and operation of malware, this chapterwill provide descriptions of each form without going into overly technical explorationsof their functionality. Instead, a summary description will be provided using minimaltechnical jargon in order to give readers a basic appreciation for the range of malwarecurrently operating, its role in attacks, and any historical evolution of these tools in the139
hacker and computer security community generally. Visual examples of the userinterfaces associated with malware will also be provided to demonstrate the ease withwhich some tools can be used. The legal frameworks used to prosecute malware-relatedcybercrimes and their relationship to hacking will also be discussed. Finally, we willconsider the legal and computer security entities operating to protect users frommalware threats.140
The basics of malwareMalicious software, or malware, is largely an umbrella term used to encapsulate therange of destructive programs that can be used to harm computer systems, gain access tosensitive information, or engage in different forms of cybercrime. Malware can serve acountless number of different functions, but are generally designed to automate attacksagainst systems and simplify the process of hacking overall. Various forms of malwarehave increased in complexity, in keeping with the evolution of technology over the pasttwo decades (BitDefender, 2009; Symantec, 2016). Malware, however, exists in anebulous legal space, as there are no specific laws against the creation of malicioussoftware (Brenner, 2011). It is simply computer code, which writers will argue isnecessary in order to better understand the limits of computer and network security. Theuse of these tools in or to access computers without permission from the system owneris, however, illegal. Thus, individuals who write malicious code may have minimal legalculpability for the way that others use their creations so long as they are not the onesutilizing it on networks without authorization (Brenner, 2011).Malicious software programs operate by exploiting vulnerabilities, or flaws, incomputer software or hardware (Symantec, 2016). Every program has design flaws.There are literally thousands of vulnerabilities that have been identified in systemswhich individuals use every day, such as Microsoft Windows and popular web browsers.In fact, Symantec (2016) identified 5,585 new vulnerabilities in 2015 alone, which wasactually a decrease from the 6,549 identified in 2014. The presence of a vulnerabilityallows an attacker to understand and gain initial access to a target system in some way.Many security professionals attempt to identify vulnerabilities in order to help securecomputer systems, though this information is typically released to the public throughopen forums or email lists like BugTraq (see Box 4.1; also Taylor, 1999). As a result,attackers can immediately use information on vulnerabilities to their advantage.Box 4.1 The debate over public or private vulnerabilitydisclosures141
http://web.archive.org/web/20100102144837/http://spirit.com/Network/net0800.html.Vulnerability disclosure debateToday, there are appeals to put the genie back into the bottle. That is, to stop the publishing of newvulnerabilities. There is even a proposed law that would make some forms of vulnerability testing illegal inthe US.This article provides an interesting debate on the issue of vulnerability disclosuresand the relationship between black-hat and white-hat hackers who identify andprovide this information to the public for free, or to companies and security vendorsfor a profit. This work helps give context to the difficult need to balance privacy andfree information exchange in the security community.Once a vulnerability is identified, malware writers then create an exploit, or a piece ofcode, that can take advantage of vulnerabilities to give the attacker deeper access to asystem or network (Symantec, 2016). These exploits are often built into malware tocompromise and influence the victim machine more efficiently. The changes that a pieceof malware causes to a computer system are affected by what is commonly called itspayload. When a piece of malware is activated and executes the program it contains, theresulting impact on the system can range from benign to highly destructive, dependingprimarily on the skills of the writer and their interests. In fact, early malware typicallycaused no actual harm to the system or its contents, but annoyed the victim bypresenting them with messages or playing music at a high volume. Many variants ofmalware today often delete or change system files, causing harm to the user’s documentsand files, or collect information that users input or store on their system, causing a lossof personally identifiable information. Some malware can even disrupt the basicfunctions of an operating system, thereby rendering a computer unusable.Malware is generally used to disrupt email and network operations, access privatefiles, steal sensitive information, delete or corrupt files, or generally damage computersoftware and hardware (Kaspersky, 2003; Nazario, 2003; Symantec, 2016). As a result, thedissemination of malware across computer networks can be costly for several reasons,including, but not limited to: (1) the loss of data and copyrighted information; (2)identity theft; (3) loss of revenue due to customer apprehension about the safety of acompany’s website; (4) time spent removing the programs; and (5) losses in personalproductivity and system functions. The interconnected nature of modern computernetworks and the Internet of Things (IoT) also allows an infected system in one countryto spread malicious software across the globe and cause even greater damage. Thus,malware infection poses a significant threat to Internet users around the globe.142
Viruses, trojans, and wormsMalicious software is a problem that many individuals in the general public withminimal technical proficiency do not understand. Part of the confusion lies in identifyingthe diverse range of current malware. The most common forms of malware includecomputer viruses, worms, and trojan horse programs that alter functions withincomputer programs and files. These programs have some distinctive features thatseparate them from one another, though more recent forms of malware combine aspectsof these programs to create what are commonly called blended threats. We will explorethe most common forms of malware here and differentiate them based on their uniquefeatures and utility in an attack.VirusesViruses are perhaps the oldest form of malware, operating since the earliest days ofcomputing (Szor, 2005). This form of malware can neither be activated nor execute itspayload without some user intervention, such as opening a file or clicking on anattachment. The target must execute the code in some fashion so that the virus will beinstalled in either existing programs, data files, or the boot sector of a hard drive (Szor,2005). In addition, many viruses may access sensitive data, corrupt files, steal space onthe hard drive, or generally disrupt system processes.Viruses can install themselves in data files or existing programs and operate based onthe parameters of a specific operating system, whether Windows, Linux, or Mac OS.These viruses will attempt to install themselves in any executable file so as to ensuretheir success. Some viruses can overwrite the contents of their target file with maliciouscode which renders the original file unusable. Such a tactic is, however, easy to identifybecause the error or failure that results may be immediately obvious to the user. Otherviruses can insert their code into the file, but leave it operational so that it will not beidentified by the user. Finally, some viruses can clone an existing file so that it runsinstead of the original program (Szor, 2005).Boot sector viruses operate by attempting to install their code into the boot sector ofeither a form of storage media like a flash drive or into the hard disk of the targetedcomputer (Szor, 2005). A boot sector is a region of any sort of storage media or the harddisk of a computer that can hold code which is loaded into memory by a computer’sfirmware. There are a range of boot sectors, but the operating system loader of mostdevices is stored starting in the first boot sector so that it is the first thing that the systemloads. As a result, virus writers create boot sector viruses so that they can load the codeof their virus into the Random Access Memory (RAM) of the computer. This ensures that143
the virus will always be present in the system from the start to finish of each session. Infact, a boot virus can gain control of the entire system by installing itself in a specificregion and then changing the boot record so that the original code is no longer in controlof the system. The malware then becomes extremely difficult to identify and eradicate,and can severely impact the functionality of the system (Szor, 2005).Some of the first viruses observed in the home PC market during the 1980s were bootsector viruses that spread to other machines via floppy disks. These viruses generally hadlimited functionality and malicious utility. For example, they might often play music ordelete letters in documents. For instance, one of the first viruses observed in homecomputers was called Elk Cloner and was designed to infect Apple II computers via afloppy disk (Manjoo, 2007). The code was written as a prank by Rich Skrenta, a 15-year-old boy who liked to play and share computer games. He wrote Elk Cloner in order toplay a practical joke on his friends without clueing them in to the presence of the code(Manjoo, 2007). The virus was attached to a game which when played 50 times woulddisplay the following poem:Elk Cloner: The program with a personality It will get on all your disks It will infiltrate your chips Yes, it’s Cloner! It will stick to you like glue It will modify RAM too Send in the Cloner!Although the program caused no actual harm, the code was difficult to remove andinfected many machines because the virus would install locally on any computer andthen infect other floppy disks inserted into the infected system (Manjoo, 2007).Macro viruses are also a popular way to infect systems by using a common weaknessin a variety of popular programs like Excel, Word, and PDFs (Szor, 2005; F-Secure, 2017).Virus writers can write a program using the macro programming languages associatedwith specific applications and embed the code into the appropriate file, such as aPowerPoint presentation. Opening the file actually executes the virus, enabling theinfection payload to be activated and subsequently embed the code into other documentsof the same type so that any attempt to share a file will lead to other systems beinginfected. Macro viruses designed to target Microsoft Outlook can infect a user’scomputer by including infected files, or even by the user previewing an infected email.In the early 1990s, virus writers began to employ encryption protocols in order tomake the code more difficult to detect and remove (Szor, 2005). This novel tactic wasfurther adapted through the development of MuTation Engine (MtE) in 1991, apolymorphic generator that not only encrypted the virus but randomized the routineused so that it varied with each replication. The term “polymorphic” references theability to assume multiple forms or go through various phases. In the context ofmalware, this term references the use of code to hide viruses from detection by changingtheir structure in order to not match existing signatures. Thus, the emergence of144
polymorphic engines led to an increase in the number of these viruses in the wild in1993.For a deeper explanation of polymorphic engines in malware, go online to:www.dailymotion.com/video/xcetxj_avg-tutorials-what-ispolymorphic-v_tech.During this period, the Microsoft Windows operating system emerged and becametremendously popular among home computer users for its easy use and various features.As a result, virus writers began to target Windows users and incorporated the use ofmacros in order to compromise the system. The first macro virus, called Concept, wasfound in 1995 (see Box 4.2 for more details; Paquette, 2010). This code would onlyreplicate itself and displayed the following message: “That’s enough to prove my point.”This was not necessarily malicious, but demonstrated that macros were a weakness thatcould be exploited. As a result, a number of macro-based viruses were released, affectingboth Windows and Mac OS computers, since both operating systems could run theMicrosoft Office software suite (Paquette, 2010). This common business-based softwareincludes Excel and Word, which could both be easily affected by macro-based viruses asthey support a macro programming language.Box 4.2 F-Secure report on virus W32/Concept malwarewww.f-secure.com/v-descs/concept.shtml.Virus W32/Concept145
The virus gets executed every time an infected document is opened. It tries to infect Word’s globaldocument template, NORMAL.DOT (which is also capable of holding macros). If it finds either the macro“PayLoad” or “FileSaveAs” already on the template, it assumes that the template is already infected.This technical brief provides an in-depth analysis of how a macro virus operates in aWindows system, including a breakdown of how it infects programs overall.Around the same time, viruses began to spread through the Internet as the WorldWide Web was becoming popular among home users and more easily accessible throughan increase in Internet service providers. In fact, one of the most prominent viruses ofthis period, the Melissa virus, which was first identified in 1999, spread through theWeb and used macros to infect users’ computers (F-Secure, 2014). The Melissa virus wasdistributed through an online discussion group titled alt.sex by sending an infected fileentitled “List.DOC” which contained passwords for pornographic websites. Anyone whoopened the file using Microsoft Word 97 or 2000 was infected. The macro code thenattempted to email itself out to 50 people using the email client in Microsoft Outlook (F-Secure, 2014). Given that it would send 50 emails per infected system, the infection ratewas quite substantial. In addition, the code altered the Word program to infect any newdocument created.The virus payload was not necessarily harmful in that it did not delete files or corruptsystems, but it clogged email servers because of its distribution pattern. In the end, it wasestimated that approximately 1.2 million computers were infected in the USA with $80million in damages worldwide due to system outages and the costs to remove themalware (Szor, 2005). Based on the success of the Melissa virus and others, malwarewriters quickly began to adopt the Web as a means to spread their code as widely and aseasily as possible. They not only targeted common OS products like Microsoft Office, butalso programming languages commonly used in web-browsing software and tools suchas Java.TrojansIn addition to viruses, trojans are a prevalent form of malware. This form of malware issimilar to viruses in that it cannot replicate on its own, but requires some userinteraction in order to execute the code. It got its name from the Trojan horse of ancientGreece, which was a giant wooden horse concealing soldiers inside (Dunham, 2008). Thehorse was brought inside fortified city walls under the belief that it was a gift; thisenabled the warriors to sack the city. Computer-based trojans share a similar structure inthat they appear to be a downloadable file or attachment that people would be inclinedto open, such as photos, videos, or documents with misleading titles such as “XXX Porn”or “Receipt of Purchase” (Dunham, 2008). When the file is opened, it executes someportion of its code and delivers its payload on the system. Thus, trojan writers use socialengineering principles in order to entice users to open their files (see Chapter 3 for more146
details).Trojans do not typically replicate themselves on the infected system or attempt topropagate across systems. Instead, trojans most often serve to establish back doors thatcan be used to gain continuous unauthorized access to an infected system (Dunham,2008). Specifically, the code can open ports and establish remote controls between theinfected system and the operator’s computer, allowing them to invisibly executecommands on that system. This is achieved through the use of a client and serversystem, where the victim executes the trojan and establishes a server on their computerthat can be remotely accessed by a client program on the attacker’s computer (Dunham,2008). The commands sent between the client and server are largely invisible to theinfected user, though if the attacker uses too much of the available processing power itmay slow down the infected system.The benefit of trojan programs to an attacker are that they can configure the tool toperform a range of functions, including keystroke logging, access to sensitive files, use ofthe webcam or other system tools, use of the infected system as a launch point forattacks against other systems, and even send additional forms of malware to the systemto engage in secondary infections. Many trojans also allow the attacker to restart acomputer remotely and manage its activities without the victim’s knowledge. Some evengive the attacker the power to uninstall or deactivate security tools and firewalls,rendering the system unable to protect itself from harm (Dunham, 2008).One of the more noteworthy trojans that combined all of these functions into a singletool was called Sub7 or Subseven, a piece of malware initially written by a hacker calledMobman (Crapanzano, 2003). The program functions on virtually all variations of theWindows operating system and acts as a sort of remote control program in that theattacker can remotely command the system to perform a variety of functions. To achievethis, the program has three components: the server, client, and server editor. The serverportion runs on the victim machine, enabling the client machine, operated by anattacker, to use the system remotely. The server editor allows the attacker to define theoperating functions and utilities of the infection, making it possible for the attacker tohave clear control over their victim (Crapanzano, 2003).Sub7 has a range of functions, including giving the attacker remote access to systemfiles, the ability to control the system camera and microphone, access to cachedpasswords, and the ability to change desktop colors, open disk drives, and capturesensitive data (see Figure 4.1 for an example of the attacker interface; also Crapanzano,2003). In addition, the server editor function allows the attacker to receive email orinstant message alerts when their victim system is online for more careful management.It is also very easy to attempt to infect user systems, as Sub7 can be sent via email orother attachments. These factors may account for the popularity of Sub7 among hackers,particularly script kiddies (see Chapter 3 for details on script kiddies).147
Fig. 4.1 The SubSeven Attacker Graphical User Interface (GUI)For more information on Sub7 attacks in the wild, go online to:1. www.symantec.com/security_response/writeup.jsp?docid=2001-020114-5445-99, and2. www.cert.org/historical/incident_notes/IN-2001-07.cfm.148
The utility of trojans has led them to become one of the most popular forms ofmalware available (BitDefender, 2009; Panda Security, 2015). In fact, one of the mostdangerous and common trojans currently active today is commonly called Zeus. Thismalware targets Microsoft Windows systems and is often sent through spam messagesand phishing campaigns in which the sender either sends attachments or directs therecipient to a link that can infect the user (see Chapter 6 for more details). Once installed,the trojan creates a back door in the system so that it can be remotely controlled. It alsoaffects the web browser in order to capture sensitive data entered by a user (see Figure4.2 for an example of Zeus GUI; also Symantec, 2014). In addition, Zeus can collectpasswords stored locally on the infected system and act as a traditional keyloggingprogram.Fig. 4.2 An example of a Zeus Malware Variant GUITo see Zeus malware distribution patterns, go online to:www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/64/zeus-and-its-continuing-drive-towards-stealing-online-data.This trojan is extremely adaptable and has been used as the basis for a range ofmalware in attacks against various financial institutions across the globe. In fact, a form149
of Zeus has been identified that infects the Google Android operating systems commonon smart phones and tablets (Leyden, 2012). This malware acts as a banking app thatmay be downloaded and installed on a phone to capture SMS messages sent to bankcustomers from financial institutions in order to authenticate transactions. The use ofSMS messaging is common in European banking in order to authenticate accountinformation and transactions made by a customer. Obtaining this information allowsattackers to engage in fraudulent transfers between accounts and verify that they arecorrect without the need for victim interaction. As a result, a group of cybercriminalswas able to obtain 36 million euros from over 30,000 customers in Italy, Germany, Spain,and Holland using this malware (Leyden, 2012).A Zeus variant was also used in a series of attacks against hundreds of victims acrossthe USA, leading to losses of over $70 million during 2009 (FBI, 2010). This campaign wasoperated by multiple individuals living in Eastern Europe, the USA, and the UK. The ringof thieves was disrupted by a multinational investigation spearheaded by the FederalBureau of Investigation in 2010. There were over 100 arrests in this case. The majority ofthe arrests were in the USA for violations of fraud and money-laundering statutes.WormsWorms are a unique form of malware that can spread autonomously, though they donot necessarily have a payload (Nazario, 2003). Instead, they use system memory tospread, self-replicate, and deteriorate system functionality. Worms are written as stand-alone programs in that they do not need to attach to existing system files or modify anycode. Once activated, it copies itself into the system memory and attempts to spread toother systems through email address books or other mechanisms. Should anunsuspecting recipient click on an attachment sent from a worm-infected system, thecode will execute and infect that system, replicating the process.As a result, worms can spread rapidly and, depending on their functionality, causemassive network outages. For example, the Code-Red worm, activated online on July13, 2001, began infecting any web server using Microsoft’s IIS web server software. Theinitial growth of the worm was small, but by July 19 it had exploded and infected morethan 359,000 computer systems worldwide within a 14-hour period (CAIDA, 2001). Theinfection rate was so fast that it was infecting 2,000 hosts per minute during its peakspread that day. The sheer number of the worm’s attempts at replication caused a virtualdenial-of-service attack across most of the industrialized world as the worm’s trafficabsorbed almost all available bandwidth.To see a video of the spread of the Code-Red worm, go online to:www.caida.org/research/security/code-red/coderedv2_analysis.xml.150
In addition to network degradation, some worms contain secondary payloads to affectcomputer systems or servers. For instance, the Code-Red worm contained code to displaythe following message on any web page hosted on a server infected by the worm:“HELLO! Welcome to http://www.worm.com! Hacked by Chinese!” In addition, theworm contained a secondary payload to engage in denial-of-service attacks againstvarious websites, including the White House. The infected systems, however, seeminglyterminated all activities within 28 days, suggesting that there may have been some codewithin the worm that triggered it to shut down independently (CAIDA, 2001).Beyond payloads, it is critical to note that worms can cause tremendous harm on theirown by crashing email servers, overloading networks with floods of requests, andseverely diminishing the functionality of infected systems by forcing them to constantlyscan and attempt to replicate the code to other systems (Nazario, 2003). The first exampleof a worm in the wild was created by Robert Tappan Morris and became known as theMorris worm. The worm went active on November 2, 1988 after being released byMorris through a computer at MIT. Morris, a student at Cornell University, claimed hedesigned the worm to assess the size of the Internet by copying the worm code on eachcomputer connected online at that time (Eisenberg, Gries, Hartmanis, Holcomb, Lynn,and Santoro, 1989). The code was improperly written and malfunctioned, establishingmultiple copies of itself on each system which caused them to slow down dramaticallydue to the copies trying to replicate themselves and spread to other systems. Morris’serrors caused an estimated 6,000 UNIX computer systems to be infected multiple timesover and become effectively unusable (Eisenberg et al., 1989).For more information on the Morris worm, go online to:www.welivesecurity.com/2013/11/06/five-interesting-facts-about-the-morris-worm-for-its-25th-anniversary/.151
Morris was prosecuted and convicted in federal court for violating the ComputerFraud and Abuse Act. Interestingly, Morris was the first person to be convicted underthis law. He eventually received three years’ probation, 400 hours of community service,and a substantial fine (Markoff, 1990).This incident also demonstrated the need for a coordinated response to a large-scaleonline threat. Researchers at MIT, Berkeley, Purdue, and other institutions pooled theirresources in order to determine the best solution to mitigate the worm (Eisenberg et al.,1989). It was, however, a substantial investment of time and resources due to thedistributed nature of the teams and the attack itself. Thus, DARPA (Defense AdvancedResearch Projects Agency of the U.S. Department of Defense), one of the founders of theInternet itself, sponsored the foundation of the first Computer Emergency ResponseTeam (CERT) at Carnegie Mellon University in order to serve as a coordinating pointfor responses to major network emergencies (Eisenberg et al., 1989). This CERT nowserves a pivotal role in the dissemination of information related to serious cyber-threatsand determining large-scale responses to vulnerabilities and security threats.Blended threats and ancillary toolsIn addition to these three forms of malware, there are now blended threats operatingonline that combine the distinct aspects of these codes into a single functional tool. Acommon blended threat is botnet malware, which combines aspects of trojan horseprograms and viruses into a single program. Botnet malware is often sent to a victimthrough an attachment or other mechanism (Bacher, Holz, Kotter, and Wicherski, 2005;Symantec, 2016). Once the program is executed, it then installs a “bot” program, meaningthat the computer can now receive commands and be controlled by another user throughIRC channels or the Web via http protocols. The infected machine then surreptitiouslycontacts a pre-programmed IRC channel to wait for commands from the bot operator.Multiple machines that are infected with this malware will contact the channel, creatinga “botnet,” or network of zombie machines (see Figure 4.3). This form of malware isoften very easy to control through the use of sophisticated interfaces that make sendingcommands to the network relatively easy to accomplish. According to Symantec (2016),there has been a decrease in the number of bots over the past few years. They identified1.1 million bots in 2015, down from 1.9 million in 2014, and 2.3 million in 2013.For more information on botnets, go online to: www.youtube. com/watch?v=Soe3b6sXuVI.152
Fig. 4.3 Botnet command and control distribution Source: Wikimedia Commons/ Tom-bThe size of botnets enables their operators to engage in a wide range of cybercrimes,including the distribution of spam and other malware. Botnets may also be used toperform distributed denial-of-service (DDoS) attacks. In a DDoS attack, eachcomputer in the network attempts to contact the same computer or server (Bacher et al.,2005). The target system becomes flooded with requests and cannot handle the volume,resulting in a loss of services to users (see Figure 4.4 for an example of a botnet userinterface). This is an extremely costly form of cybercrime for companies, as they can losemillions of dollars in revenue if customers cannot access their services. “Bot masters”may therefore attempt DDoS attacks against specific websites to cause financial andreputation problems for the website owner, but they may also blackmail the organizationto pay a ransom to stop the DDoS attack. In other cases, it may also serve as a way todistract IT teams so that they do not notice stealthier intrusions into the system(Symantec, 2016).Botnets are now a common form of malware as indicated by active infections andoperations around the world. These types of attacks are growing in both number andintensity, although most last for under 30 minutes (Symantec, 2016). For example, the153
BBC in the UK experienced a recent attack in 2015 in which its website and serviceswere down for several hours, leading some experts to believe that it was possibly thelargest DDoS attack ever. The US FBI has engaged in two separate investigativecrackdowns against botnet operators under the code name “ Operation: Bot Roast”between 2005 and 2010 (Hedquist, 2008). These operations led to the arrests ofindividuals in the USA and New Zealand (Goodin, 2007; Hedquist, 2008).Fig. 4.4 An example of the Illusion Bot Malware GUIThere have been a number of recent high-profile arrests of botnet operators aroundthe globe for their role in various cybercrime schemes. For instance, two Greek menwere arrested in 2014 for operating a botnet called Lecpetex that used Facebook andemail spam to contact potential victims (Sparkes, 2014). The botnet affected over 250,000computers in North and South America, as well as in Europe and the UK. Once anindividual’s system was infected, it would install a tool designed to mine an onlinecurrency called Litecoin and send any funds accrued back to the operators (see Chapter 6for more details on cryptocurrencies). This unique example demonstrates the diverseutility of botnet malware. In addition, the insecurity of the Internet of Things (IoT),including thermostats, security systems, refrigerators, and many other householdappliances, has led these devices to become infected with malware to enable DDoSattacks. A specialized piece of malware called Mirai was used by attackers in the fall of2016 to DDoS Twitter, Spotify, and other services depending on the Dyn protocol (F-154
Secure, 2017). This malware infected both regular computer systems and IoT devices,enabling them to be used as a stable attack platform for cybercrime. We will return tothe IoT threat issue in the final chapter of this book.Similarly, malware writers have recently developed tools that can infect web browsersand thereby enable remote takeovers of computer systems. These programs are calledexploit packs and must be installed on a web server in order to attack individualsvisiting a website. The exploit pack malware contains multiple common vulnerabilitiesfor the most prevalent web browsers and its associated exploits. The program thendetects the type and version of browser software an individual is using to go to thatwebsite, and cycles through these vulnerabilities and exploits until it can infect the user(Symantec, 2016).This type of attack exponentially increases the ease of infection by operatingsurreptitiously and without the need for true user interaction to activate the maliciouscode (see Box 4.3 for an interview with the creator of the exploit pack MPack; alsoSymantec, 2016). An individual must (unknowingly) direct their web browser to a sitehosted on a server with the toolkit in order to begin the process of infection, which ismuch simpler than trying to get someone to open an attachment or file. This is why suchattacks are commonly known as “drive-by downloads” in that a victim need only visitthe site without clicking on anything in order to be infected (Symantec, 2009). Inaddition, web browsers often store sensitive information about a user such as passwordsand common sites visited, thereby increasing the risk of identity theft, data loss, andcomputer misuse. Once the infection payload is executed, the attacker can then sendadditional malware to the system, including rootkits and trojans to gain further controlover the system (Symantec, 2009).Symantec (2016) reports that vulnerabilities in websites remain a critical issue, aswebsite administrators fail to properly secure websites. They found that more than 75percent of all websites have unpatched vulnerabilities. One out of every seven websites(15%) have critical vulnerabilities, allowing individuals to use minimal effort to gainaccess and manipulate these websites.Box 4.3 Interview with MPack creatorwww.theregister.co.uk/2007/07/23/mpack_developer_interview.MPack developer on automated infection kitIn late June, SecurityFocus answered an online advertisement for the MPack infection kit, sending an ICQmessage to the identifier listed in the ad. A few days later, a person contacted SecurityFocus through ICQ.[.] What follows is the result of two weeks of interviews that took place.This article provides an interview with one of the developers of the well-known andhighly profitable exploit pack called MPack. This interview provides insights into155
the nature of malware creation, distribution, and the individuals responsible fortheir development.An additional blended threat that has gained a great deal of popularity over the pastdecade is called ransomware or scareware. These threats demand that the operator ofthe infected system pay in order to have their system’s functionality restored (PandaSecurity, 2015; Russinovich, 2013). Ransomware is similar to a trojan in that it spreadsthrough downloadable files or through websites. Once the prospective target executesthe file, it will then deploy its payload which either encrypts files on the user’s harddrive or may modify the boot record of the system (similar to a virus) to restrict whatthe user can access (Russinovich, 2013). The payload may also include messages that aredisplayed to the victim indicating that their computer has been used for illegal activitieslike child pornography and has been shut down by law enforcement. Some also indicatethat the operating system of the infected computer has been corrupted or is counterfeitand will not work until the user pays a fee (Russinovich, 2013). These messages requirethe user to pay so that the functionality or files will be restored. Once payment isreceived, the victim receives a program to either decrypt the file or unlock the affectedportions of the system.There have been several notable examples of ransomware, including the recentCryptolocker program which was first identified in September 2013 (Ferguson, 2013; F-Secure, 2017; Panda Security, 2015). The program spreads via attachments in eitheremails or as downloadable malware online and targets Microsoft Windows systems.Once it is executed, the code encrypts data on any hard drives attached to the infectedsystem using a very strong encryption protocol (Ferguson, 2013). The key to decrypt thefile is sent to a command-and-control structure (similar to a botnet) and the victim istold that they have to pay a specific fee, often in bitcoins, or the key will be deletedwithin three days (Ferguson, 2013).Although the malware itself can be removed with some ease, the encrypted filescannot be readily repaired, which makes this a very challenging threat for computerusers. In fact, Panda Security (2015) named ransomware the most dangerous form ofcyber-attack of the first quarter of 2015. Although this attack can affect all users,cybercriminals appear to prefer to attack companies rather than citizens, since they havemore valuable data to which they need access.Victims of ransomware have often been encouraged to simply pay the ransom in order156
to minimize the potential harm caused by an infection, especially large organizations ifthey did not have backup systems to protect their data. A recent IBM (2016) study foundthat 70 percent of businesses infected with ransomware paid the ransom; half of thebusinesses paid over $10,000 and 20 percent paid over $40,000. Multiple hospitals acrossthe USA were affected by ransomware in 2015 and 2016, and paid their attackers in orderto avoid the loss of sensitive operational systems and patient files (Zetter, 2016).Similarly, at least three banks, a pharmaceutical company, a US police department, andmultiple government agencies in India were affected by ransomware in 2016 (IANS,2016; Panda Security, 2015).We should continue to see ransomware as a serious problem moving forward,partially because of the business model that is being employed by these offenders (F-Secure, 2017). Criminals set the prices for individuals and organizations at levels wherepaying the ransom is a more efficient and possibly even more effective means to retrievethe data. They are also starting to provide assistance in the form of web pages indifferent languages, FAQs sections, support channels to directly contact thecybercriminals for assistance, help with making bitcoin payments, and even free trialdecryption of a file (F-Secure, 2017).For more details on the ways in which victims should respond to ransomware,go online to: www.wired.com/wp-content/uploads/2016/03/RansomwareManual-1.pdf.157
The global impact of malwareComputer security experts continue to express alarm about the current number ofmalicious software programs and the increases they expect to see in the future.Unfortunately, the statistics over the past several years have not improved. Beforeproviding additional statistics and insights, it should be pointed out that these companiesprofit by selling computer security services to individuals and corporations. Thus, itbehooves them to discuss this issue as a crisis, though all available statistics appear tosupport their concerns.The number of new malicious software programs introduced into the wild each year istremendous. Although the figures provided by different security companies vary widely,they demonstrate the magnitude of the malware problem. Symantec (2016) reported thatthey found over 431 million new pieces of malware in 2015; this was a 36 percentincrease from the previous year. F-Secure (2017) added over 127 million new malwareprograms in 2016 to their database that now consists of 600 million malware samples.Panda Security noted in their 2015 annual report that 84 million variations of malwarewere released into the wild in 2015, making an average of 230,000 samples identifiedeach day (Panda Security, 2015). These additional 84 million strains bring their totaldatabase of malware to approximately 304 million! This also means that 27.36 percent ofall malware that has ever existed was actually created in 2015 alone. More than half(51.45%) of the new malware strains released in 2015 were trojans (Panda Security, 2015).Trojans were responsible for 60.30 percent of new infections (Panda Security, 2015).Viruses were the second most common form of malware released (22.79 percent; PandaSecurity, 2015), but caused only 2.55 percent of all infections. The second most commonmalware that caused infections were Potentially Unwanted Programs (PUPs) at 28.98percent (Panda Security, 2015).Malware infections may clearly be viewed as a global problem, considering thepercentage of computers around the world that have experienced malware encounters.Panda Security (2015) estimated that almost one out of every three computers around theworld (32.13 percent) are infected with some form of malware. They found that thisestimate is partially driven by the existence of potentially unwanted programs onpeople’s computers. They also note that although they refer to the estimate as “infectedcomputers,” the figure really focuses on the percentage of computers that had malwareencounters and that it does not necessarily mean they were infected. This estimate mayalso be high considering that their sample consists of individuals using their free onlinescanning program. Many of the individuals who used this free scan may have done soout of fears that their computer was infected.Based on Panda Security’s (2015) free scanning tool, we see that Asian and LatinAmerican nations comprise the highest proportion of nations with infected systems:158
1. China (57.24%);2. Taiwan (49.15%);3. Turkey (42.52%);4. Guatemala (39.0%);5. Russia (36.01%);6. Ecuador (35.51%);7. Mexico (34.52%);8. Peru (34.23%);9. Poland (34.13%);10. Brazil (33.34%).Aside from Japan, the top ten countries with the smallest percentage of computersinfected are all in Europe:1. Finland (20.32%);2. Norway (20.51%);3. Sweden (20.88%);4. United Kingdom (21.34%);5. Germany (22.78%);6. Switzerland (23.16%);7. Belgium (23.46%);8. Denmark (24.84%);9. Japan (25.34%);10. Netherlands (26.51%).Note that the country with the least percentage of computers infected (Sweden) stillhas one out of every five computers infected with malware, or at least had an encounterwith malware. Three other countries of interest to our readers all had infection ratesbelow the international rate: Australia (26.87%); Canada (29.03%); and the USA (29.48%).For more details on the emergent threat of malware to various nations, goonline to: https://securityintelligence.com/news/singapore-an-emerging-target-for-cyberthreats-and-banking-trojans.159
A review of US-CERT weekly vulnerability summaries, released by a governmentalagency and part of the National Cyber Alert System, illustrates that the identification ofvulnerabilities is a constant challenge. Each Cyber Security Bulletin provides a summaryof the new vulnerabilities recorded during the past week by the National Institute ofStandards and Technology (NIST) National Vulnerability Database (NVD). This databaseis sponsored by the Department of Homeland Security (DHS) National Cybersecurityand Communications Integration Center (NCCIC)/United States Computer EmergencyReadiness Team (US-CERT). The vulnerabilities are categorized by severity (high,medium, and low) based on the Common Vulnerability Scoring System (CVSS) standard.For example, a vulnerability will be categorized as high if its CVSS score is between 7.0and 10.0, medium if between 4.0 to 6.9, and low if between 0.0 and 3.9. This informationis made more informative by organizations and US-CERT providing additionalinformation, including identifying information, values, definitions, related links, andpatches if available.Any examination of two of these weekly vulnerability reports shows how manyserious vulnerabilities are identified and reported on a weekly basis. In Cyber SecurityBulletin SB17–051 (US-CERT, 2017a), which covers the week of February 13, 2017, therewere 39 high-threat vulnerabilities, 98 medium vulnerabilities, 8 low vulnerabilities, andover 100 vulnerabilities whose severity was not yet ranked. For the week of February 6,2017, reported in Cyber Security Bulletin SB17–044 (US-CERT, 2017a), there were 61 highvulnerabilities, 52 medium, 12 low, and over 100 not yet ranked.Although this chapter focuses primarily on computer systems and their users, scholarsand security experts also warn about the vulnerabilities of smart phones, particularlyAndroid operating systems, and personal digital assistants (PDAs). Although mobileattacks are still less common relative to PC attacks, there is an expectation that mobileattacks will increase substantially in the near future (F-Secure, 2017; Panda Security,2015; Ruggiero and Foote, 2011; Symantec, 2016). F-Secure (2017) reports that there areover 19 million malware programs developed specifically for the Android system.Symantec (2016) reported the finding of 528 new mobile vulnerabilities in 2015, a 214percent increase from the prior year, and 3,944 malware variants for the Android system.It is expected that there will be an increase in attacks against Android operating systemsbecause smart phones and PDAs have some of the same advanced computing abilities astraditional computer systems. They give the user access to the Internet and email, haveaddress books, and have GPS navigation. They also allow people to purchase items usingwireless networks, access bank accounts, set alarms on houses, and make purchasesthrough various online retailers. Thus, Android running devices are already at risk of thefull spectrum of malware that affects PCs, including viruses, worms, trojans,ransomware, and others (F-Secure, 2017).The issue that separates mobile devices from computers is their use of securityprotections. Smart phones and tablets have lax or poor security, as they do not come pre-installed with firewalls or antivirus programs. These tools are available for purchase,though it is unclear how many individuals actually install antivirus protection on their160
mobile devices. In addition, operating systems for mobile phones are updated lessfrequently than those for computers, creating greater opportunities for attackers toexploit known vulnerabilities. This problem is compounded by the fact that smart phoneand mobile device users are generally unaware of these problems but believe that theirdevices are just as secure as their computers. Thus, many computer security expertsbelieve that as smart phones become more prevalent and have more of the samecapabilities and data files as PCs, they will become a more lucrative venture for malwarewriters (F-Secure, 2017).It is difficult to even create rough estimates on the amounts that hackers andmalicious programs have cost citizens, organizations, government agencies, and theglobal economy. When considering the financial costs, one has to not only count theactual direct damage of the malware, such as having to replace a computer, but also theamount of time, money, and manpower spent trying to prevent an infection and thenfixing the problem if an infection occurs. Malware can disrupt network operations,delete, steal, or manipulate files, allow access to confidential files, and generally damagecomputer systems and hardware. In addition, there are the indirect costs to businessesthat arise from consumer lack of confidence in online purchases or credit card use. Ifconsumers lose confidence in the security and privacy of their online purchases, theywill be less likely to spend money online in general and with specific companies that hadreported particular problems. On the other hand, vendors themselves may also fearonline transactions if they are unsure that the person on the other side is really who theysay they are. In order to address these problems, companies and financial institutionsspend billions of dollars on verification and other computer security programs to ensuresafety. In the end, these costs increase the cost of doing business, which is handed downto the consumer.Over the past decade, various experts and companies have estimated that hack attackscost the world economy over $1 trillion per year. Considering that (1) more malicioussoftware is created each year; (2) the number of specialized hacks occurring throughoutthe world has increased; (3) more individuals around the world are connected to theInternet; (4) more companies conduct online business transactions; and (5) morecompanies and governments spend additional funds on computer security to addressthese problems, it is safe to say that the cost of malware must be higher than what isotherwise spent to mitigate and prevent malicious software infections and hacks. In fact,the total cost of cybercrime may reach $2 trillion globally by 2019 (Forbes, 2016). It isextremely difficult, however, to create total costs of cybercrime estimates due to thedisparity in available loss metrics. To that end, some companies and vendors estimatethe average cost of cybercrime per company or consumer. For example, Ponemon (2016)estimated that hacking costs the average US firm over $15 million per year, twice that ofthe global average. In addition, over 58 million Americans had at least one malwareinfection over the previous year, amounting to over $4 billion in repair or replacementcosts (Consumer Reports, 2013).The costs of hacking and malware infection, however, are not only financial. There161
are also potential emotional consequences for victims, though there is littlecriminological research on how victims of malware infection and hacking incidents feelafterward. For many people, malware infection is nothing more than a minor nuisancethat can be fixed easily. Some, however, may feel that their personal space was violatedand personal privacy lost forever. Victims may not be able to identify the source of theinfection, whether from a website, bad attachment, or other medium. As a result, somemay change their online habits in order to reduce their perceived risk of futureinfections.In addition, some victims may feel that they are to blame for their victimizationexperience. Since computer security principles currently revolve around self-protectionpractices, like the use of protective software, hard passwords, and careful onlinebehavior, victims may see themselves as the source of their financial and emotionalharm resulting from an infection.162
Hackers and malware writersAlthough hackers are often associated with the use of malware, not all hackers have theability to create these programs. It takes some degree of skill and knowledge ofprogramming languages, vulnerabilities, and exploits in order to create effectivemalware. There is a high demand for malicious code among hackers of all types, as theycan make an attack much easier to complete. As a result, the demand for malware canfar surpass the capacities present in the current hacker community.The very limited body of research considering the activities and interests of malwarewriters suggests that they generally operate within and share the norms and values ofthe larger hacker subculture (see Chapter 3 for details). Malware writers have a deepinterest in technology, which is an absolute necessity in order to identify distinctvulnerabilities in software or hardware and to find innovative ways to exploit them.Writing malicious code can therefore be an exercise in creativity, as the individuals mustchallenge themselves and their understanding of the limits of an operating system andtheir own coding capabilities. For instance, the Elk Cloner virus (see p. 133) is anexcellent example of creative malware coding, as the author liked to play pranks andcreatively apply his knowledge to computer systems.They may also be motivated by the desire to cause harm or get revenge againstsomeone who they perceive to have wronged them (Bissett and Shipton, 2000; Gordon,2000). For instance, a system administrator named Andy Lin was sentenced to 30 monthsin a US federal prison in 2008 for planting a form of malicious code called a “logic bomb”on the servers of Medco Health Solutions where he worked for some time (Noyes, 2008).Lin installed a program in 2003 that would execute its payload and wipe out all datastored on over 70 servers in the company’s network in the event that he was laid off.When it appeared possible that he would lose his job, he set the code to activate on April23, 2004. The program, however, was unsuccessful. He therefore kept it in place and resetthe deployment date to April 2005. A system administrator within the company foundthe bomb code in the system and was able to neutralize the code. While this scheme wasunsuccessful, it demonstrates the inherent danger malware can cause in the hands of theright actor.Writers may also develop a piece of malware because they believe they may garnerfame or notoriety in the hacker community (Bissett and Shipton, 2000; Gordon, 2000;Holt and Kilger, 2012). In the late 1990s and early 2000s, the preponderance of wormsand viruses led their creators to generate worldwide attention because of the harm theycould cause to the majority of computer users around the world. That kind of attentioncould easily serve as an individual’s calling card and help them demonstrate their levelof skill in order to gain a legitimate job in the security industry (Taylor, 1999).Alternatively, the author may simply be able to show everyone what they are capable of163
doing with enough careful planning and execution.As patterns of technology use have changed and individuals are increasingly usingtechnology in all facets of everyday life, malware writers have begun to target theseusers to set up stable attack platforms based on networks of infected computers (Holtand Kilger, 2012). Virus writers and creators now recognize that not everyone has theability to write such code, but if the actor is proficient enough as a hacker they willunderstand how to leverage a tool to their own benefit. As a result, malware writers areincreasingly motivated by economic gain through sales of tools and code to others in thecommunity (Holt, 2013; Holt and Kilger, 2012). Typically, tools are advertised throughforums and IRC channels, and then direct negotiations occur between buyers and sellers.Direct sales of programs to others can generate a relatively healthy income that exceedswhat may otherwise be available as a salary through existing jobs (see Box 4.4 fordetails). Thus, malware writers share some common ideas with the larger hackercommunity, though the skill and sophistication involved in the creation of malwaredifferentiates them from the larger population of unskilled or semiskilled hackers.Box 4.4 Interview with the malware writer Corpsehttp://computersweden.idg.se/2.2683/1.93344.Meeting the Swedish bank hackerFor the price of 3,000 dollars, our reporter was offered his personal bank Trojan. In an interview withComputer Sweden, the hacker behind the recent Internet frauds against Sweden’s Nordea bank claimsresponsibility for more intrusions. “99 percent of all bank intrusions are kept secret,” he insists.This in-depth interview with Corpse, the creator of a well-known trojan, describeswhy he made it. The account demonstrates that some hackers are clearly aware ofhow their programs have malicious application and will harm individuals on aglobal scale.164
The market for malicious softwareThe range of currently active malware is staggering and appears to increase every year.Even new devices and platforms, such as tablet computers and mobile phones, are beingtargeted by malware writers. The continuing evolution of malware raises a fundamentalquestion about the true capability of malware users and creators. Are malware userswriting these codes primarily on their own or are they gaining access to these resourcesthrough others? There is sufficient evidence that the skills needed to identifyvulnerabilities and devise malware around that weakness are limited in the hackercommunity (see Chapter 3 for details). Unskilled hackers, therefore, must acquiremalware for their personal use from other sources.In the 1990s, hackers would share their resources for free through direct downloadshosted on forums and file-sharing sites (Taylor, 1999). The global proliferation of theInternet and computer technology expanded the number of available targets forcompromise. As personal information became more prevalent in online spaces, the use ofattacks to gain monetary advantage also increased (Holt, 2013). As a result, some hackersrecognized the monetary value of their attack tools and resources, and began to sell themto others through online markets operating in forums and IRC. The emergence of botnetswas a critical factor in the facilitation of cybercrime markets, as bot owners andoperators realized that they could lease out their infrastructure to others who wereunable to develop similar resources on their own (Bacher et al., 2005). Since botnetscould be used for DDoS attacks, spam distribution, and as a mechanism to route attacktraffic through victim systems, the operators began to offer these services to others at arelatively low price. This is why some in the cyber-security community refer to botnetsas “crimeware” in that it can be used as a stable platform for cybercrime (Bacher et al.,2005).For more information on the market for malware, go online to:www.youtube.com/watch?v=bVo5ihJoQek.In order to understand the normative orders that shape cybercrime markets, it is165
necessary to first consider the structure of the market as a whole. Forums and IRCchannels constitute an interconnected marketplace where sellers advertise productsopenly for others to buy, or alternatively describe the products they are seeking fromother vendors (see Chu, Holt, and Ahn, 2010; Holt, 2013; Motoyama, McCoy, Levchenko,Savage, and Voelker, 2011). Both buyers and sellers provide as thorough a description oftheir products or tools as possible, including the costs and preferred paymentmechanisms and their contact information. For example, the following is an ad posted bya botnet operator who would lease out his infrastructure to others:Lease of bot networks!, $100 a month (volume 6.9k online from 300 [nodes])I’m leasing the admin console of a bot network! – there are ~9,000 bots in the network (200–1,500 onlineregularly) – Countries: RU,US,TR, UE,KI,TH,RO,CZ,IN,SK,UA (upon request countries can be added!) – OS:winXP/NT functionality: [+] list of bot socks [known proxies] type: ip:port time (when it appeared the lasttime) Country|City [allows you to] load [.] files on the [infected] bot machines (trojans/grabbers [.]) [the] adminconsole quite simple, convenient and functional, even a school kid can figure it out. Today 1,000 more (mix) botswere added with good speed indicators + every 3,4 days 2k fresh machines are added (the person who workswith the reports receives a unique service with unique and constantly new machines) Super price-100wmz[Web Money in US currency] a month! all questions to icq: [number removed] Spammers are in shock oversuch an offer (: ps: we also make networks for individual requests/orders.This post illustrates the functionality of the malware, the global spread of this botnetwith infected systems throughout the world, and the costs to lease their services. It alsoindicates that the user prefers to be paid though the online currency system Web Money(Holt, 2013). The preference for electronic payment systems is driven in part by the factthat they allow relatively immediate payments between buyers and sellers with no needfor face-to-face interactions. This provides a modicum of privacy and anonymity forparticipants and rapid dissemination of the goods (Holt, 2013). At the same time,however, buyers are disadvantaged because a seller may not deliver the goods for whichthey provided payment. In addition, individuals could advertise their products directly toothers with little regulation or constraint. Thus, buyers must carefully consider who theypurchase goods and services from and in what quantities, to reduce their risk of loss.Social forces within cybercrime marketsThe forums that support the market for malware provide a unique interactive experiencedriven by exchanges between buyers and sellers. The behavior of participants is,however, structured by the needs and risks they face. Research by Holt (2013) suggeststhat there are three factors that affect the practices of market actors: (1) price; (2)customer service; and (3) trust.The cost of goods and services played an important role in the vetting of goods andservices within the market. Price may be one of the most pertinent factors in cybercrimemarkets to draw in potential customers because they may have limited funds or seek thegreatest value for their investments (Holt, 2013; Motoyama et al., 2011). Individuals whooffered a service or form of malware were subject to scrutiny based on the price of a166
product, particularly if it was perceived to be too high or too low. The active questioningof costs helped clarify the acceptable price for a given product and reduce the likelihoodthat individuals would pay exorbitant fees for specific services (Holt, 2013).The importance of price in the decision-making process led some advertisers to offerdiscounts and deals to attract prospective customers. One of the most commontechniques involved offering bulk discounts to sell products in large quantities. Forinstance, a DDoS service provider used the following language in one of their ads:“When ordering the DDoS service for 3–6 days, discount is 10%, with a DDoS service ofmore than 7 days, discount is 20%, and with a DDoS service for 3 sites, gives a freeservice for the 4th site.” The pricing and discount structures suggest that the prices ofgoods and services are variable, but those making large purchases receive the greatestoverall value (Holt, 2013). In addition, price serves as an important first step inestablishing a relationship between buyers and sellers.The second and interrelated factor affecting market actors was customer service.Although competitive pricing may help entice prospective customers, individuals alsosought the most satisfactory experience possible. The outcome of a purchase wassignificantly influenced by the ways in which sellers cater to their customers,particularly those individuals without substantive technological skills (Holt, 2013;Motoyama et al., 2011). Since the market allows less proficient hackers to acquire goodsand services that increase their overall attack efficacy, individual sellers took steps toensure that all buyers would be satisfied with their products and services.One of the most critical indicators of customer services lies in the speed with whichsellers respond to requests from potential buyers. Sellers who were regularly online andcould be easily contacted were more likely to generate positive reviews and feedbackfrom customers (Holt, 2013). Those who did not respond quickly to messages fromprospective buyers or were difficult to reach received negative comments from forumusers.The quality of the product or service a seller offered was also critical for theirprospective buyers. This was exemplified in a post from the malware installer cryptor,who noted: “our price may look to you not so adequate, but the quality will cancel thisout, do not forget, that the cheap one pays twice.” If a tool was ineffective or data wasinsufficient, a buyer may post bad reviews or not recommend that provider. Theimportance of quality was particularly evident in posts from DDoS vendors who notedregularly that they would give customers a free ten-minute test to measure the efficacyof their services against a particular target (Holt, 2013).The final factor affecting participant relations in the market for malware was trustbetween participants. Buyers sought out commodities that they valued and wererequired to pay for goods without actually interacting with a seller in person (Holt, 2013;Motoyama et al., 2011). As a result, they may not receive the goods they paid for or mayreceive bogus products with no value. In addition, most data and services sold wereeither illegally acquired or a violation of the law. Buyers therefore could not pursue civilor criminal claims against a less than reputable seller. As a result, three informal167
mechanisms emerged within the market to ensure a degree of trust between participantsand reduce the likelihood of loss.The first mechanism available to validate a seller’s claims was the use of checks ortests by the forum administration as a means to validate the quality of a product sold inthe forum. For instance, one forum described its checking process through this simpledescription: “[The] Administration [of the forum] has the right to ask any seller topresent his/her product for check. You present the product in the form that it is beingsold, so that it can be checked for a test. No videos, audio, screens.” Going through achecking process demonstrates that a vendor is willing to demonstrate that their servicesare reliable and trustworthy. In turn, prospective clients can feel comfortable with anassessment of the individual’s level of trust based on their product or services (Holt,2013).The second method employed in malware markets to build trust was the use ofguarantor programs (Holt, 2013). Given that the majority of the products and servicesoffered in these markets are illegal or can be used to break the law, participants havelittle legal recourse if they are slighted at some point in their exchange. Guarantorsserved as a specialized payment mechanism that can be used to deal with individualswho may or may not be trustworthy. The following quote is from a well-knownmarket’s description of their guarantor service process:The seller and the buyer get in touch with one of the representatives of the guarantor service by icq and theycome to agreement on the EXACT terms of the transaction. When agreement has been reached, the buyer givesthe guarantor the amount of the transaction (or as it was shown in the contract).[.] The Seller gives the goods tothe buyer, after examining the quality of the goods, the buyer advises that the seller can give the money, and theguarantor gives the money. Commission is not charged by the guarantor.This post demonstrates the value of guarantors to minimize the potential risk of loss anindividual may incur. The use of guarantors is not consistent across the various marketsoperating, but those which operate such a service may be better organized and moresophisticated than others.The third way in which individuals could gain or demonstrate trust within the forumswas through customer feedback. Feedback was directly impacted by fair pricing andstrong customer service (Holt, 2013). Individuals who purchased a product or servicecould provide detailed comments about their experience with a seller for other users sothat they may understand how that person operates. Posts that gave favorable reviews orpositive comments demonstrated that an individual is trustworthy. Such informationhelps build a solid and trustworthy reputation for a seller and may potentially increasetheir market share and customer base over time. At the same time, individuals whoprovided bad services or were untrustworthy received negative feedback. As a whole, themarket for malicious software and attack services provides unique insights into theprocess of acquiring the resources needed to engage in cybercrime.168
Legal challenges in dealing with malwareDespite the substantial harm malware can cause, many nations have not criminalized itscreation. The process of creating malware is an exercise in creative thinking andinnovation, which can be inherently valuable to the computer security community tobetter secure systems. Instead, most nations choose to prosecute malware use underexisting statutes regarding computer hacking. The direct connection between malwareuse and hacking outcomes, such as data loss or manipulation, makes intuitive sense andcreates a more streamlined criminal code without the addition of statutes that may nototherwise exist.A few nations, however, have specifically defined malware in their criminal codes.The USA’s Computer Fraud and Abuse Act includes malware-related offenses inaddition to specific hacking-related offenses. The fifth statue of this act (18 USC §1030(a)5) involves the use of malware, making it illegal to:1. knowingly cause the transmission of a program, information, code, orcommand and thereby intentionally cause damage to a protected computer;2. intentionally access a protected computer without authorization and therebyrecklessly cause damage;3. intentionally access a protected computer without authorization and therebycause damage or loss.The first part of this statute recognizes the distribution of malware, though that term isnot used in favor of the terms program, information, or code, as it provides greaterlatitude in the identification of viruses, worms, and forms of software (see Box 4.5 fordetails on the arrest and prosecution of the creator of the Melissa Virus). The remainingtwo items involve ways in which malware may be used in the course of either recklessor intentional damage. If an individual is found guilty of violating this act, they mayreceive a fine and a prison sentence of between two years and life, depending on theseverity of their actions (see also Chapter 3). For instance, if the use of malware leads tothe death of another human being, they may be eligible for a life sentence. Although thelikelihood of such an outcome is low, the recognition by legislators that malware may beused – intentionally or unintentionally – to cause harm in a real-world context is a clearstep forward for federal prosecutors to fully pursue justice for the actions ofcybercriminals.Box 4.5 One of the first modern prosecutions formalware distribution in the USA169
http://usatoday30.usatoday.com/tech/news/2002/05/01/melissa-virus.htm.Creator of “Melissa” virus will get jail timeThe creator of the “Melissa” computer virus was sentenced Wednesday to 20 months in federal prison forcausing millions of dollars of damage by disrupting e-mail systems worldwide in 1999.This article provides a good roundup of the rationale for prosecuting David L. Smithfor his role in the distribution of the well-known malware program called theMelissa virus, as well as the relative absence of arrests otherwise for similaractivities across the globe.Since malware may be used to acquire sensitive passwords and other data, the CFAAnow includes language criminalizing the sale or exchange of user information.Specifically, 18 USC § 1030(a)6 makes it illegal to knowingly sell, buy, or trade passwordsor other information used to access a computer with the intent to defraud the victims.For instance, if an individual used a keylogging trojan to gather passwords and then soldthat information to others, he may be prosecuted under this statute. Importantly, thecomputers harmed must be either: (1) involved in interstate or foreign commerce, or (2)operated by or for the federal government. This language is quite broad and may beinterpreted to include a wide range of computers connected to the Internet owned oroperated by civilians (Brenner, 2011). Currently, any individual found guilty of thiscrime may be fined and imprisoned for between one and five years depending onwhether the offender gained commercially or financially through their actions orwhether the value of the data exceeds $5,000. If, however, the individual is found guiltyon multiple counts, they are eligible for up to ten years in prison (Brenner, 2011).The use of malware in order to extort funds from victims also led to the creation ofCFAA language to criminalize threats to computer systems. 18 USC § 1030(a)7 made itillegal for an individual to extort money or anything of value on the basis of: (1) threatsto cause damage to a protected computer; (2) threats to obtain information or affect theconfidentiality of information from a computer without authorization or exceedingauthorized access; or (3) damage to a computer when caused to enable the extortion.Anyone found guilty of this offense can be sentenced using the same guidelines fortrafficking in passwords, namely up to five years in prison and/or a fine, or up to tenyears in the event that the offender has prior convictions. These laws may be used to170
prosecute the use of ransomware, as well as DDoS attack ransom attempts.In addition to these statutes at the federal level, there are currently at least 29 states inthe USA that have outlawed the creation or distribution of malware. It is important tonote that these statutes do not typically use the term virus or malware, but “computercontaminants” designed to damage, destroy, or transmit information within a systemwithout the permission of the owner (Brenner, 2011). The use of malware may constituteeither a misdemeanor or felony depending on the harm caused and the individual’saccess to sensitive data or information of a monetary value. In addition, 25 states havespecific language criminalizing either DDoS or DoS attacks, and two states (Californiaand Wyoming) have added language to their criminal code regarding the use ofransomware (National Conference of State Legislatures, 2016). These two states areinteresting examples of how individual states may adapt to cyber-threats, though statesmay still be able to sanction offenders who use ransomware under existing malware ortrespassing statutes.Many other nations share similar legal frameworks regarding malware in that existingstatutes concerning hacking may also be used to pursue malicious software cases. Fewnations specifically criminalize the use of malware but rather apply existing lawsregarding hacking in these incidents. Australia, Canada, and India are examples of thisstrategy. In the UK, the UK Computer Misuse Act 1990 has some utility to account formalware-related offenses as it criminalized unauthorized access to computer materialand unauthorized modification of computer material (see Chapter 3). This is a directoutcome of the use of malware, though the law did not allow for direct cases againstmalware writers. As a result, the Police and Justice Act 2006 extended and revised thissection of the law to account for malware distribution. The Act added three offensesrelated to “making, supplying, or obtaining articles for use in computer misuse offenses,”including:1. Making, adapting, supplying, or offering to supply any article intending it to beused to commit, or to assist in the commission of, an offense under theComputer Misuse Act.2. Supplying or offering to supply any article believing that it is likely to be usedin the commission of offenses under the Computer Misuse Act.3. Obtaining any article with a view to its being supplied for use to commit orassist in the commission of offenses under the Computer Misuse Act.These offenses carry a maximum sentence of two years and a fine, though it has drawncriticism for its potential use to prosecute professionals and legitimate security tooldevelopers (Brenner, 2011).The Council of Europe’s Convention on Cybercrime does not specifically includelanguage on malware in order to avoid the use of terms that may become dated orirrelevant over time (Council of Europe, 2013). Instead, the existing articles of theConvention may be applied in some way to malware used in the course of cybercrime.171
The most relevant language is currently included in Article 6 regarding misuse ofdevices. Specifically, this article makes it a violation of law to produce, sell, or otherwisemake available a program or device designed to access computer systems, intercept orharm data, and interfere with computer systems generally (Council of Europe, 2013).This article is not designed for use in prosecuting cases where individuals havepenetration-testing tools or codes designed to protect computer systems. In addition, thisarticle allows flexibility for each nation to decide whether they want to include thislanguage in their own criminal codes (Council of Europe, 2013). However, the use ofmalware can be criminally prosecuted under laws designed to pursue the illegal access ofsystems.172
Coordination and management in addressing malwareSince malware is prosecuted using similar legislation to computer hacking, many of thesame agencies are responsible for the investigation of these offenses (see Chapter 3). TheFederal Bureau of Investigation in the USA, the Metropolitan Police Central e-crime Unit(PCeU) in the UK, and other agencies all investigate these crimes. There is, however, amuch larger body of private agencies and commercial entities involved in the detectionand mitigation of malicious software.One of the most prominent resources available for industry and businesses to helpmitigate the threat of malware and insulate them from future attack are computeremergency response teams (CERTs). As noted (see p. 140), the first CERT was born out ofthe Morris worm, which demonstrated the need to develop a coordinated response tocyber-threats. As malware became more prevalent and damaging to the rapidlyexpanding population of Internet users in the mid-1990s, the need for coordinatedresponses to threats increased substantially.For more information on CERTs, go online to: www.cert.org.There are now 369 publicly identified response teams in 79 nations around the world(FIRST, 2017). They may go by different names depending on location. Some nations orlocations may use the term CERTs while others use the name Computer SecurityIncident Response Teams (CSIRTs), but they serve generally similar purposes. Thereare 78 CERT or CSIRT groups in the USA alone. Some are housed in financialinstitutions like Bank of America and Scot-trade, technology companies like IBM andYahoo, while others are located in government agencies such as the NationalAeronautics and Space Administration (NASA). The primary CERT within the USA (USCERT-Coordination Center) is housed at Carnegie Mellon University. It providesreporting mechanisms for vulnerabilities and threats to systems, as well as security toolsto help patch and protect systems from attack (US-CERT, 2017c). The CERT can alsoserve to analyze and track threats as they evolve for virtually any branch of governmentand civilian networks, including threats for both home users and businesses. They act as173
a focal point for the coordination of information concerning cyber-attacks that threatencivilian infrastructure (US-CERT, 2017b).At a global level, there are now CERTs or CSIRTs on every continent. The greatestrepresentations of units are within industrialized nations. Given the wide distribution ofteams and threats based on the resources within a given nation, there is a need for aunifying body to help connect all these groups together. The global Forum for IncidentResponse and Security Teams (FIRST) serves to coordinate information sharing andconnections among all teams worldwide (FIRST, 2017). FIRST offers security courses,annual conferences for incident responses, best practice documents for all forms ofincident response, and a full reference library of security research and materials fromacross the globe. The Forum also creates working groups based on common interests orspecific needs, such as their Special Interest Group (SIG) which links respondentstogether to discuss common interests in order to explore a topic of specific technologyand share expertise. There is even an arm of FIRST connected to the InternationalStandards Organization (ISO) in order to help inform policies and standards for cyber-security incident management, evidence handling, and vulnerability disclosure in thefield (FIRST, 2017).Perhaps the most identifiable entities involved in the response to malware andhacking incidents are members of the antivirus and cyber-security industry. There aredozens of companies offering security tools to protect desktop, laptop, tablet, and mobilecomputer systems either for a fee or at no cost to the user to secure various operatingsystems, whether Mac OS, Windows, Linux, or mobile OSs. You may know some of themore prominent companies in the field, and use some of their products, includingBitDefender, Kaspersky, McAfee, Symantec, and Trend Micro. Most of these companiesoffer some type of antivirus software which protects the user by checking incoming filesand data requests to guard against active infection attempts in real time and/or scanningexisting files to detect and remove malware that may already be installed. Antivirussoftware works through the use of heuristics, or signature-based detection, where allsystem files on a computer are compared against known signatures or definitions ofmalware to determine whether an infection has taken place. Similarly, any attempteddownload is compared against known definitions of malware in order to eliminate thelikelihood of being actively infected.The benefit of antivirus software is that it can help reduce the risk of mal-ware beingable to actively infect a protected system. The use of heuristic detection systems is,however, limited by their available knowledge. The definitions that the software has onfile run the risk of being outdated every day, as new variants of malicious code are beingproduced all the time. Antivirus vendors have to create signatures for any new malwarevariant identified; thus they are constantly updating definitions. In addition, there is nonecessary agreement between security companies as to the name or classification for aspecific form of malware. Some vendors may tag something as a trojan, while anotherlabels it a virus, making it difficult to standardize the identification of malwaregenerally. If users do not have an up-to-date definitions file for their antivirus software174
before it starts to scan for infections, the risk of infection from new malware is increased(Symantec, 2016). If an individual never updates this information, then his or herantivirus software can do very little to protect the system from new threats. As a result,the value of protective software is severely limited by the knowledge and skills of boththe end user operating the software and the continual advancements in malware in thewild.For more information on antivirus vendors, go online to:1. www.norton.com,2. www.sophos.com,3. www.avg.com.In light of the limitations of antivirus software and the challenges posed by malwaregenerally, a non-profit organization called the Anti-Malware Testing StandardsOrganization (AMTSO) was formed in 2008 (AMTSO, 2017). The organization exists toprovide a forum to improve the process of malware identification and product testing,the design of software and methodologies for analysis, and to identify standards andpractices that can be implemented across the security industry. In fact, they havepublished a range of documents describing testing guidelines and standards for theanalysis of malware and testing of security products. The AMTSO comprise primarilymajor security vendors, which is sensible given that they have a vested interest indeveloping sound products. Some have questioned whether this is a good thing, as the175
vendors may have little interest in truly assessing the quality of their products orrevealing the limits of what their tools can do (Townsend, 2010). Thus, the AMTSO isone of the few entities that attempts to police the antivirus industry, though there arelimits to its capabilities.176
SummaryThe threat of malware is diverse and ever-changing, affecting virtually all forms ofcomputer technology. Malicious software takes many forms, though the use of programsthat blend various attack techniques into a single platform is increasingly common. Thecreation of malware is, however, a skill that only a few have and can implement in thewild. As a result, some have taken to selling their resources in open markets operatingonline, which increases the capability of less skilled attackers while enriching talentedprogrammers. The criminal laws available to prosecute malware users are substantive,though there are no necessary laws against actually writing malware. Thus, lawenforcement agencies are not necessarily able to mitigate the threat of malware. Insteadthe computer security industry has generally become the pertinent resource to minimizethe threat of malware for the general public, governments, and industry.Key termsAnti-Malware Testing Standards Organization (AMTSO)Blended threatBoot sectorBoot sector virusBotnetCode-Red wormComputer contaminantsComputer Emergency Response Team (CERT)Computer Security Incident Response Teams (CSIRT)Concept virusCrimewareCryptolockerDistributed denial-of-service (DDoS) attackElk ClonerExploitExploit packsForum for Incident Response and Security Teams (FIRST)Law Enforcement and CSIRT Cooperation (LECC–BoF)Macro programming languageMacro virusMalicious software (malware)Melissa virus177
Morris wormMuTation Engine (MtE)Operation: Bot RoastPayloadPolice and Justice Act 2006Ransomware/scarewareSpecial Interest Group for Vendors (SIG Vendors)Sub7TrojanUK Computer Misuse Act 1990US Computer Fraud and Abuse ActVirusVulnerabilityWormsZeus trojanDiscussion questions1. Since malware writers tend to target popular software and resources,what do you think will be the likely targets for infection over the nextfive years? Please explain why you think a certain target may be selectedover another.2. If malware markets are making it easy to obtain malware and engage insophisticated attacks, what impact will this have on the hackersubculture over time? How can we protect networks in light of thesechanges?3. Why do you think nations have not criminalized the creation ofmalicious software generally? Should the legal code be amended toreflect this activity? Why?4. If the antivirus software industry has grown since the 1990s but malwarecontinues to evolve and expand, is it reasonable to say that they areeffective in reducing infections? If vendors are not technically stoppinginfections, then how can we assess their real value?178
ReferencesAMTSO. (2017). AMSTO website . Available at: www.amtso.org/.Bacher, P., Holz, T., Kotter, M., and Wicherski, G. (2005). Tracking botnets: Usinghoneynets to learn more about bots . The Honeynet Project and Research Alliance.Retrieved July 23, 2006 from www.honeynet.org/papers/bots/.Bissett, A., and Shipton, G. (2000). Some human dimensions of computer virus creationand infection. International Journal of Human-Computer Studies, 52, 899–913.BitDefender. (2009). Trojans continue to dominate BitDefender’s top ten e-threats.BitDefender. Available at: www.bitdefender.com/news/trojans-continue-to-dominate-bitdefender%E2%96%93s-top-ten-e-threats-for-october-1208.html.Brenner, S. W. (2011). Defining cybercrime: A review of federal and state law. In R. D.Clifford (ed.), Cybercrime: The Investigation, Prosecution, and Defense of aComputer-Related Crime (3rd edn) (pp. 15–104). Raleigh, NC: Carolina AcademicPress.CAIDA. (2001). CAIDA analysis of Code-Red . Available at:www.caida.org/research/security/code-red/.Chu, B., Holt, T. J., and Ahn, G. J. (2010). Examining the Creation, Distribution, andFunction of Malware On-Line. Washington, DC: National Institute of Justice.Available at: www.ncjrs.gov/pdffiles1/nij/grants/230112.pdf.Consumer Reports. (2013). Consumer Reports: 58.2 million Americans had a malwareinfection on their home PC last year. Available at: www.consumerreports.org/media-room/press-releases/2013/05/my-entry/.Council of Europe. (2013). T-CY Guidance Note #7: New Forms of Malware. Available at:www.coe.int/t/dghl/cooperation/economiccrime/Source/Cybercrime/TCY/TCY%202013/T-CY%282013%2912rev_GN7_Malware_V4adopted.pdf.Crapanzano, J. (2003). Deconstructing SubSeven, the Trojan horse of choice. SANSReading Room. Available at: www.sans.org/reading-room/whitepapers/malicious/deconstructing-subseven-the-trojan-horse-of-choice-953.Dunham, K. (2008). Mobile Malware Attacks and Defense. Burlington, MA: Syngress.Eisenberg, T., Gries, D., Hartmanis, J., Holcomb, D., Lynn, M. S., and Santoro, T. (1989).The Cornell Commission: On Morris and the Worm. Communications of the ACM,32, 706–709.Federal Bureau of Investigation. (2010). Cyber banking fraud: Global partnerships lead tomajor arrests. Available at: www.fbi.gov/news/stories/2010/october/cyber-banking-fraud.Ferguson, D. (2013). CryptoLocker attacks that hold your computer to ransom. Guardian,October 18, 2013. Available at:179
www.theguardian.com/money/2013/oct/19/cryptolocker-attacks-computer-ransomeware.FIRST. (2017). FIRST members around the world . Available at: https://first.org/members/map.Forbes. (2016). Cyber crime costs projects to reach $2 trillion by 2019. Available at:www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#5276a06e3a91.F-Secure. (2014). Virus: W32/Melissa . Available at: www.f-secure.com/v-descs/melissa.shtml.F-Secure. (2017). State of cyber security. Available at: https://business.f-secure.com/the-state-of-cyber-security-2017.Goodin, D. (2007). FBI logs its millionth zombie address. The Register, June 13, 2007.Available at: www.theregister.co.uk/2007/06/13/millionth_botnet_address/.Gordon, S. (2000). Virus Writers: The End of the Innocence? Available at:http://vxheaven.org/lib/asg12.html (accessed June 1, 2007).Hedquist, U. (2008). Akill pleads guilty to all charges. Computer World, 31, March, 2008.Available at:www.computerworld.co.nz/article/495751/akill_pleads_guilty_all_charges/.Holt, T. J. (2013). Examining the forces shaping cybercrime markets online. Social ScienceComputer Review, 31, 165–177.Holt, T. J., and Kilger, M. (2012). Examining willingness to attack critical infrastructureon and off-line. Crime and Delinquency, 58(5), 798–822.IANS. (2016). India among top five countries attacked by ransomware: Kaspersky. IndiaToday, June 6, 2016. Available at: http://indiatoday.intoday.in/technology/story/india-among-top-five-countries-attacked-by-ransomware-kaspersky/1/683853.html.IBM. (2016). IBM study: Businesses more likely to pay ransomware than consumers.Available at: www-03.ibm.com/press/us/en/pressrelease/51230.wss.Kaspersky, E. V. (2003). The classification of computer viruses. Metropolitan NetworkBBS Inc., Bern, Switzerland. Available at: www.avp.ch/avpve/classes/classes.stm(accessed June 3, 2004).Leyden, J. (2012). Major £30m cyberheist pulled off using MOBILE malware. TheRegister, December 7, 2012. Available at: www.theregister.co.uk/2012/12/07/eurograbber_mobile_malware_scam/.Manjoo, F. (2007). The computer virus turns 25. Salon, July 21, 2007. Available at:www.salon.com/2007/07/12/virus_birthday/.Markoff, J. (1990). Computer intruder is put on probation and fined $10,000. New YorkTimes, May 5, 1990. Available at: www.nytimes.com/1990/05/05/us/computer-intruder-is-put-on-probation-and-fined-10000.html.Motoyama, M., McCoy, D., Levchenko, K., Savage, S., and Voelker, G. M. (2011). Ananalysis of underground forums. In Proceedings of the 2011 ACM SIGCOMM InternetMeasurement Conference, 71–79.180
National Conference of State Legislatures. (2016). Computer Crime Statutes. Available at:http://www.ncsl.org/research/telecommunications-and-information-technology/computer-hacking-and-unauthorized-access-laws.aspx.Nazario, J. (2003). Defense and Detection Strategies against Internet Worms. Boston:Artech House.Noyes, K. (2008). Logic bomb dud sends medco sysadmin to jail. TechNewsWorld,January 9, 2008. Available at: www.technewsworld.com/story/61126.html.Panda Security. (2015). Annual Report PandaLabs 2015 Summary. Available at:www.pandasecurity.com/mediacenter/src/uploads/2014/07/Pandalabs-2015-anual-EN.pdf.Paquette, J. (2010). A History of Viruses. Symantec. Available at:www.symantec.com/connect/articles/history-viruses.Ponemon. (2016). 2016 Cost of Cyber Crime Study. Available at:www8.hp.com/us/en/software-solutions/ponemon-cyber-security-report/.Rantala, R. R. (2008). Cybercrime against Businesses, 2005 (NCJ 221943). Bureau of JusticeStatistics. Available at: www.bjs.gov/content/pub/pdf/cb05.pdf.Ruggiero, P., and Foote, J. (2011). Cyber Threats to Mobile Phones. Available at: www.us-cert.gov/reading_room/cyber_threats_to_mobile_phones.pdf.Russinovich, M. (2013). Hunting down and killing ransomware (scareware). MicrosoftTechNet Blog. Available at:http://blogs.technet.com/b/markrussinovich/archive/2013/01/07/3543763.aspx.Sparkes, M. (2014). Arrests as Facebook spam botnet is shut down. Telegraph, July 10,2014. Available at: www.telegraph.co.uk/technology/internet-security/10959158/Arrests-as-Facebook-spam-botnet-is-shut-down.html.Symantec. (2009). Fragus Exploit Kit Changes the Business Model. Available at:www.symantec.com/connect/blogs/fragus-exploit-kit-changes-businessmodel.Symantec. (2014). Trojan.Zbot. Available at:www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99.Symantec. (2016). 2016 Internet Security Threat Report. Available at:www.symantec.com/security-center/threat-report?inid=globalnav_scflyout_istr.Szor, P. (2005). The Art of Computer Virus Research and Defense. New York: Addison-Wesley.Taylor, P. (1999). Hackers: Crime in the Digital Sublime. London: Routledge.Townsend, K. (2010). AMTSO: A serious attempt to clean up anti-malware testing or justa great big con? Available at: http://kevtownsend.wordpress.com/2010/06/15/amtso-a-serious-attempt-to-clean-up-anti-malware-testing-orjust-a-great-big-con/.US-CERT. (2017a). Cyber Bulletins. Available at: www.us-cert.gov/ncas/bulletins.US-CERT. (2017b). About Us. Available at: www.us-cert.gov/about-us.US-CERT. (2017c). US-CERT Incident Reporting System. Available at: www.us-cert.gov/forms/report.Zetter, K. (2016). Why hospitals are the perfect targets for ransomware. Wired, March 30,2016. Available at: www.wired.com/2016/03/ransomware-why-hospitals-are-the-181
perfect-targets/.182
Chapter 5Digital Piracy and Intellectual Property TheftChapter goals• Understand intellectual property and how piracy affects property owners.• Identify the ways in which piracy has changed over time.• Examine the ways in which pirates justify their theft of intellectualproperty.• Know the legal protections afforded to intellectual property and thelegislation designed to protect digital media.• Recognize the methods employed by property owners to deter or sanctionpirates.183
IntroductionOver the past two decades, high-speed Internet connectivity and the World Wide Webhave transformed the way in which individuals access music, movies, television, andother forms of entertainment content. The ability to stream traditional terrestrial radiostations online allows individuals to access content from anywhere around the world. Atthe same time, streaming music services like Pandora and Spotify allow individuals tolisten to only the content they most prefer and to share with friends. Netflix, Hulu,YouTube, and other streaming video services allow individuals to watch television,movies, and clips on demand. Even e-reader devices like the Kindle and Nook tabletsprovide wireless access to digital copies of books and magazines, allowing a virtuallibrary to be transported and enjoyed anywhere. All of this content may even be enjoyedvia smart phone applications, meaning that you are no longer tethered to a television setin order to view certain content.The technologies that sustain the media-saturated environment we now live inprovide unparalleled access to any and all forms of entertainment. At the same time,they can be readily subverted in order to acquire, copy, and unlawfully distribute mediathat was illegally obtained. These activities are commonly referred to as digital piracy, aform of cybercrime encompassing the illegal copying of digital media such as computersoftware, digital sound recordings, and digital video recordings without the explicitpermission of the copyright holder. Digital piracy is a common form of cybercrime, somuch so that between 10 and 40 percent of college students appear to have engaged insome form of piracy (Gunter, 2009; Higgins, 2006; Higgins, Wolfe, and Ricketts, 2009;Hinduja, 2003; Skinner and Fream, 1997). In fact, one of the most unusual examples ofthe prevalence of pirated materials occurred in 2009 with the release of the film X-MenOrigins: Wolverine (see Box 5.1). This sci-fi action film was set to be released in the earlysummer in the hopes that it would be a blockbuster hit. One film critic, Roger Friedman,decided to publish a review of a pirated version of the film that was available onlineprior to its cinematic release. The version was incomplete, missing many computer-generated elements that had yet to be completed, though Friedman felt that he couldgain advantage over his peers by publishing this early review. As a consequence, he wasfired and roundly criticized by the press for his efforts.Box 5.1 Friedman Wolverine reviewFox fired up over “Wolverine” reviewFriedman came under fire for posting a review of a pirated version of 20th Century Fox’s “X-Men Origins:Wolverine.” Friedman posted a review of the film Thursday, one day after an incomplete version of the184
tentpole was leaked on the Internet.This article provides an interesting discussion of the controversy surrounding aprofessional film critic’s review of a pirated version of the film X-Men Origins:Wolverine prior to its actual box office release. This incident highlights the problemof digital piracy and the ethical dilemmas created by the availability of piratedmaterial.http://variety.com/2009/biz/markets-festivals/fox-fired-up-over-wolverine-review-1118002128/.Although this is an odd occurrence, Friedman’s behavior conforms to many of thearguments made by individuals who frequently pirate materials. Many suggest thatdownloading a movie, song, or piece of software does not cause any substantive harmbecause the economic loss should be relatively small by comparison to the millions orbillions of dollars that are otherwise made. In fact, the superhero film The Avengersmade over $600 million in theaters, despite the fact that several high-quality piratedversions of the film were available online within days of its theatrical release.For more information on the rates of software piracy, go online to:http://globalstudy.bsa.org/2016/.The distribution and acquisition of pirated materials has been and will continue to bea high concern for companies due to their investment costs to produce new products.The music industry claimed a 20 percent reduction in worldwide sales between 1998 and2002 (Peitz and Waelbroeck, 2004). In the early 2000s, the International Federation ofPhonographic Industries (2004) argued that the frequency of music piracy had increased185
by 25 times over the previous three years.Current estimates that are favorable to the music industry place the amount thatdigital piracy costs the US music industry at staggering numbers, possibly about $12.5billion worth of economic losses per year, which would include 71,000 jobs and $422million in tax revenue (Music Business Worldwide, 2014). It is also estimated that onlyabout one-third of music acquired is actually paid for and that digital music piracy maytake up to a quarter of the Internet bandwidth globally (17.5 percent in the USA). Theseestimates, however, are usually not considered to be valid outside of the music industry,as the estimates, including jobs lost, are based on questionable or unprovidedmethodologies.Regarding software piracy, the Business Software Alliance (BSA) (2016) reports that 39percent of software globally is pirated, down 4 percent from 2013. Evidence suggests thatsoftware piracy is especially high in low-income countries where the ability to acquiremedia is limited relative to its cost. The BSA suggests that piracy is highest and remainshigh in Central and Eastern Europe, Latin America, and Asia relative to Canada, Europe,and the USA.At the same time, piracy is not limited to individuals. The company Bitman-agementSoftware has filed a federal lawsuit for $600 million in damages against the United StatesNavy, claiming that it pirated over 558,000 copies of a virtual reality software programthey produce (Kravets, 2016). In response to the suit, the federal government indicatedthat it installed the software across hundreds of thousands of systems, but received nolimits as to how many machines these licenses applied to. As a result, the softwareproducer may be entitled to literally billions of dollars in damages under the existing USCopyright law (Kravets, 2016).As such, some have begun to question the value of pursuing piracy as a criminal act. Ifcopyright holders still profit from their efforts despite individuals being able to accessideas and media for free, can any harm truly result from piracy? In fact, would theability to access any and all information improve the open nature of society andstimulate creativity as a whole? The recently formed political group Pirate PartiesInternational believes that reforming copyright laws to favor more open distributionwould be a boon to society and foster transparency in governments across the world.This group has found success throughout the Americas, Europe, and Asia, and may havefar-reaching consequences for society over the next decade.For more information on Pirate Parties International, go online to:www.youtube.com/watch?v=QeJ_1kwrkTg.186
In order to understand the current climate toward piracy, it is important to identifythe changes in technology, the law, and societal perceptions of media. This chapter willprovide a focused discussion of intellectual property and the evolution of piracytechniques over the past 30 years. In addition, the laws and tactics used to pursue piratesinternationally will be explored so that readers understand the challenges posed by thisoffense in a globally connected world.187
What is intellectual property?Before discussing piracy, it is important to understand how ideas and intellectual worksare legally protected. For instance, this book has value because it is useful to readers asan assembled document with information synthesized from works, ideas, andinformation that already exist. Similarly, music, movies, art, and creative endeavors allhave value to their developer, as well as prospective economic value. When an originalidea that involves some creative expression is put into a fixed medium, such as beingwritten down on paper or drafted on canvas using paint, it may be defined asintellectual property. Ideas become “property” because they are physically tangibleworks that may be viewed by others. Thus, any work of art, novel, design, blueprint,invention, or song can be intellectual property.To protect an idea or work from being stolen, and to ensure that an individual receivesappropriate credit for a creation, many people try to copyright, trademark, or patent anidea. These are all forms of legal protection for intellectual property that provideexclusive use of an idea or design to a specific person or company, the right to controlhow it may be used, and legal entitlement to payment for its use for a limited period oftime. For instance, the logos and branding for a product like Coca-Cola or Apple areimportant symbols that link a product to a company and have been trademarked toensure that they are not misused by other companies or individuals for their own gain.Similarly, copyright protections are automatically granted to an individual who creates aliterary, musical, or artistic work of some type from the moment it is created in a fixedformat like a recording or a typed and printed medium (Yar, 2013).It is important to note that while copyright protections are available in a cross-national context, there is a distinction with regard to US law. Individuals are givencopyright protections from the time a work is created, though they must register theircopyright with the government to ensure that they are given all necessary protectionunder the law. Specifically, an individual can only pursue criminal or civil actionsthrough the state if the content creator has acquired a registered copyright or other legalprotection. As a result, legal protection for intellectual property requires someforethought on the part of the creators to secure their ideas in the USA.188
For more information on copyright laws, go online to:1. www.copyright.gov,2. www.ipo.gov.uk/types/copy.htm.The ability to maintain and enforce copyrights and legal protections over intellectualproperty in the Digital Age, however, is extremely difficult due to the transitory natureof an idea and the ability to access information from anywhere at any given point intime. This is where the problem of intellectual property theft, or piracy, has emerged as asubstantive economic threat to artists and copyright holders. Our ability to access anywork, be it cinematic, musical, or literary, through the Web, television, or streamingmedia has made it much easier to reproduce works without notifying the original creatorof our intentions. This means that copyright holders do not receive appropriatereimbursement and must find ways to ensure that their rights are upheld. As a result,copyright laws have evolved substantially over the past 30 years to ensure thatindividuals and corporations with legal rights to a piece of intellectual property are giventheir appropriate due. In addition, those who wish to circumvent legal protectionscontinuously change their behaviors in order to reduce the likelihood of detection andrisk of arrest.The evolution of both piracy and legislation to protect intellectual property will beexplored in detail to contextualize the current state of this problem.189
The evolution of piracy over timeThe theft of music and video recordings existed prior to the emergence of the Internet.The development of affordable audio and video recording equipment in the 1970s and1980s enabled individuals to easily record music or videos during live concerts as well asradio and television broadcasts. For example, the audiotape allowed individuals to recordsongs and programming on the radio while it played live. This allowed individuals tocreate “mix tapes” with content that was aired for free. Similarly, the VHS tape andhome video cassette recorder (VCR) allowed individuals to record content from theirtelevisions and replay it at a time of their choosing. In turn, those with multiple VCRscould connect them together in order to create “bootleg” tapes by playing content ontheir television while recording it on another VCR at the same time. This method couldbe applied in order to obtain free copies of films which were still prohibitively expensivefor purchase, but inexpensive to rent from various retail outlets.Moving into the 1990s, the emergence of the compact disc (CD) helped usher in achange in the way in which media were recorded, formatted, and handled. Vinyl recordsand cassette tapes were the standard media format of choice for many; these were analogformats, meaning that the sound-waves produced by musicians, while playing, arereproduced in an analogous electrical signal that is then replicated into variations in therecording medium, such as the grooves on a record. The CD, however, was a digitalmedium, whereby sound-waves were converted into a sequence of numbers that werethen stored electronically. This format was thought to be of superior quality totraditional analog recordings and had the potential to be much less expensive to producethan other formats. As a result, media companies could obtain a higher rate of return oninvestments for their intellectual property.In 1996, the Motion Picture Experts Group (MPEG) was actively working with theInternational Organization for Standardization (ISO) to develop a mechanism tocompress large audio and media files into a smaller size for distribution over theInternet. Since most users at this time used dial-up Internet connectivity, the connectionspeeds and volume of data that could be downloaded were relatively slow and small.Thus, they developed the MP3 format in order to compress audio files, which becamethe industry standard for compression and media formatting.For more information on the evolution of MP3, go online to:www.npr.org/blogs/therecord/2011/03/23/134622940/the-mp3-a-history-of-innovation-and-betrayal.190
The release of the MP3 format led to the creation of MP3 players, like Winamp, fordesktop computers. These programs became extremely popular, and the first portableMP3 player was produced and marketed just three years later, in 1999. In turn,individuals were able to use this compression standard to their advantage in order topirate media and share it with others through various services. In fact, the production ofdesktop computers with CD drives that could both read and write onto CDs made ittremendously easy to duplicate and pirate materials with immediate gratification andminimal risk.The same may be said for DVDs and BluRay media, which provide high-quality imageand sound in a format that can now be readily cracked and shared. There are nowvarious “ripping” software programs that allow users to remove Digital RightsManagement (DRM) protection from media in order to copy content to a storage device.In fact, the company 321 Studios in the USA developed a software product called DVD XCopy that allowed users to copy any DVD movie to a blank DVD (Karagiannis et al.,2004). This program required no technical knowledge; rather, the user simply installedthe software and followed the prompts in order to copy the media. An injunction wasbrought against the company that forced them to shut down the service in 2004, butvarious programs are available that provide the same facilities. Thus, the evolution ofmedia presentation and recording technology is innately tied to the problem of piracy.The changing methods of piratesThe availability of pirated materials has been intimately tied to the evolution oftechnology and the role of computer hackers who develop tools to enable piracy. Mediaand software companies have always utilized tools to minimize the likelihood of theirintellectual property being copied. In fact, hackers in the early 1980s began to subvertprotections on software in order to share programs with others. The individuals whoposted and shared programs were commonly referred to as warez doodz, which is acombination of the words “software” and “dudes.” Their warez, or pirated files, wereinitially distributed through password-protected BBSs, and individuals could gain statusby providing access to new or hard-to-find files. Thus, warez doodz were importantplayers in the early days of the hacker scene.For more information on the early days of piracy, go online to:http://arstechnica.com/gadgets/2014/01/modems-warez-and-ansi-art-remembering-191
bbs-life-at-2400bps/.As technology became more user friendly, and the cost of Internet connectivitydecreased, warez creation and sharing became more prominent. The techniques to sharefiles, however, began to change with innovations in technology and creative computerengineering. For instance, the risk associated with sharing cracked or pirated filesthrough single servers or web-based repositories increased because a law enforcementagency could take out that one server and eliminate all access to the files. Thus, thedevelopment of various peer-to-peer (P2P) file-sharing protocols in the late 1990senabled file sharing directly between users, which dramatically reduced the likelihoodof detection. For instance, the development of IRC channels in 1998 allowed users toconnect and communicate with others in literally thousands of chatrooms establishedand run by various individuals. This was, and still is, a communications vehicle fortechnologically savvy users and was initially populated by those involved in the hackingand warez scenes.The social nature of IRC coupled with its global reach led many to use it as a means toengage in direct file sharing, particularly for software and music (Cooper and Harrison,2001). Typically, individuals would enter a chatroom and specify what they were lookingfor, and a user with those materials would negotiate with that person in order to receivesome files in return. The reciprocal relationships that developed in IRC fostered theformation of a piracy subculture where individuals were judged on their ability to findand access programs or files and share them with others (Cooper and Harrison, 2001).While the technical nature of IRC limited its use as a file-sharing service to moretechnically literate populations, the larger population of Internet users was able toengage in piracy through the development of the program Napster in 1999. This freelyavailable specialized software was developed by Shawn Fanning and others in order toprovide an easy-to-use program to share MP3-encoded music files between computersystems. Specifically, a user needed to download the Napster program, which wouldconnect that computer to the larger network of user systems that also had the programinstalled. Users would then select a folder or folders they wanted to share with others,which would then be indexed onto servers maintained by the Napster Corporation. Thisallowed users within the network to quickly identify media that they wanted and bedirectly connected to the appropriate computer to complete the download.Napster became an extremely popular file-sharing service in a short amount of time.192
In fact, over 2.7 billion music files were traded among Napster users in February 2001.The development and adoption of high-speed Internet connectivity for home users alsostimulated involvement in piracy. Individuals could download several complete songs inthe time it took to obtain one file through traditional dial-up connectivity. Thus, Napsterplayed a pivotal role in the growth of the piracy problem.For more information on the government debates over Napster, go online to:www.c-span.org/video/?159534–1/records-v-napster.The popularity of Napster, however, was stymied by lawsuits brought against thecorporation by the heavy metal band Metallica and A&M Records in 2001. These suitsargued that the service was facilitating piracy and negatively impacting the financialwell-being of artists and recording companies (McCourt and Burkart, 2003). Theselawsuits forced Napster to become a paid service, which quickly declined in popularity.Several other P2P services quickly took its place, such as LimeWire and Kazaa, whichused similar protocols in order to connect users and distribute media.Shortly after the decline of Napster, a new file-sharing protocol called Bit-Torrent emerged that became extremely popular. The use of torrent- sharing software allowsconcurrent uploads and downloads of media through multiple sources. Specifically, usersmust download a torrent client, which connects them to the larger network of users.From there, a person can search for a piece of media he or she wants to downloadthrough various indexing services. Once they find that movie or music, they then beginto download the file by connecting to a series of user computers which have that file,referred to as “seeders.” The torrent protocol links the downloader to an indexed list ofall seeders and captures bits of the full file from multiple users at once. This processmakes downloading much faster and decentralized in order to make it more difficult todisrupt the network of file sharing. As a result, the torrent protocol is a true P2Pmechanism owing to the ability to access the required file directly from dozens of usersat once.For more information on torrents, go online to: www.bittorrent.com/.193
Torrent clients became extremely popular in the mid-2000s and were thought to haveaccounted for over half of all pirated materials online by 2004 (Pouwelse, Garbacki,Epema, and Sips, 2005). In fact, one of the most popular resources in the torrentcommunity is The Pirate Bay (TPB), which maintains indexed torrent files for music,software, video games, and newly released movies. The group operates out of Swedenand has been in existence for years, despite being raided by police and having three of itskey operators convicted of copyright law violations requiring one year in jail andmillions of dollars in fines (Nhan, 2013). As a result, torrents appear to be the latest file-sharing mechanism available to pirates (see Box 5.2 for details on the most commonfilms shared), though this may change in the next few years with innovations intechnology as a whole.Box 5.2 These were the top-14 illegally downloadedmovies in 2015www.businessinsider.com/top-pirated-movies-2015–12.Though the box office had a banner year in 2015, the movie business still has to vigorously combat piracyand, according to data, it’s on the rise. Variety released a list of the 14 titles that were pirated the most thisyear.This article provides an overview of the most pirated movies based on a trackingreport published by the firm Excipio. The results are surprising, as the evidencesuggests that films released during the previous year were still frequentlydownloaded, while rates of piracy were down.To that end, there has been a trend in piracy practices based on the proliferation ofhigh-speed Internet connectivity and streaming media consumption. The use ofstreaming media services like Netflix, Hulu, and other applications has become194
extremely popular, and a standard way to consume television and film content.Interestingly, there is some evidence that pirates are now streaming pirated content toconsume it rather than downloading it and viewing it offline (MUSO, 2016). A 2016report from the MUSO Corporation found that 57.84 billion visits to film and televisionpiracy sites were to streaming sites in 2015. This figure comprised 73 percent of all visitsfor this form of content in their analyzed sample of over 73 billion searches across 200million different devices (MUSO, 2016). Direct downloads of content via torrents werestill popular at 17 percent, though this figure represents a decrease from 2014. Thus, it isnecessary to constantly monitor the practices of pirates as they continue to change theirmethods due to shifts in entertainment consumption habits and technology.195
The subculture of piracyDue to the global spread of the Internet and the diverse nature of digital media andformats, there are now multiple piracy subcultures that may be present, consisting of: (1)persistent downloaders who obtain large quantities of pirated materials, and (2) thosewho have the capacity to create, distribute, and share pirated materials. Research onpersistent pirates suggests that they place significant value on high-speed Internetconnectivity and the ability to host significant amounts of data (see Hinduja, 2001). Thisis due to the main goal of piracy – to rapidly disseminate electronic media in largequantities to people around the globe (Cooper and Harrison, 2001). At the same time,individuals who occasionally engage in piracy find it easier to access files when they cando so through high-speed connections (Downing, 2011; Holt and Copes, 2010). This mayaccount for the extreme popularity of sites like The Pirate Bay, because they enableindividuals to search through virtually any torrent for pirated material currently online.In fact, repeated attempts to take down TPB have been regularly defeated, as the sitereturns on a different web address within hours if not minutes.Furthermore, persistent pirates appear to develop large collections of media or contentin order to have complete discographies or works by an artist or television show (Cooperand Harrison, 2001; Downing, 2011). As a result, those pirates who can share unusual orexotic materials with others are able to generate status within the subculture. Theirability to distribute these materials allows them to develop a reputation for file sharingthat leads to respect from both casual and persistent pirates (Cooper and Harrison, 2001;Downing, 2011). The desire for exotic materials may have influenced TPB’s decision tocontinue to host torrent files that had fewer than ten people sharing it, despite no longerhosting torrent files generally in February 2012. The operators indicated that theywanted to keep content available to all, regardless of the form of torrent software theyused, while also keeping their own costs down (Van Der Sar, 2012). Thus, there are somecommonalities between the beliefs of persistent and casual pirates.Within the existing research on piracy, there are a few specific justifications thatpirates use to support their behaviors, regardless of the materials they acquire.Specifically, the benefits of piracy are quite high, as a person can obtain what they wantwith no cost and minimal risk of detection. The immediate material benefits alsofacilitate larger individual interests in certain artists, genres, or gaming systems. Forinstance, persistent media pirates reported that they may download a single episode of atelevision show or piece of music to determine if they enjoy the product (Holt andCopes, 2010). If they find it entertaining, then they may actually buy the full season ofthat show or pay for other music by an artist so that they can enjoy the product in abetter format. Similarly, individuals who pirate older video games indicate that theirdownloading helps maintain their interest in older consoles and gaming systems196
(Downing, 2011). In fact, Downing (2011) argues that video game piracy may be aconsequence of the general success and popularity of video games rather than a source ofmarket failures.At the same time, there are certain risks that arise as a consequence of engaging inpiracy that cannot be ignored. There are clear legal risks that may come from violatingcopyright laws, such as fines or potential arrests depending on the depth of one’sinvolvement in piracy. The decision-making processes of pirates, however, do not appearto be impacted by the deterrent influence of legal sanctions (Al-Rafee and Cronan, 2006;Gillespie, 2006; Holt and Copes, 2010). This is clearly evident in the continuous attemptsto take down The Pirate Bay and other torrent groups. Almost all of these sites,particularly TPB, persist, suggesting that they can withstand any attempt to removepirated content from the Internet.Similarly, a persistent pirate noted: “I think the govt/companies pick people to makean example out of them [.] I think they take someone who they know cannot pay for itor is a regular person and try to make an example out of them to scare people” (Holt andCopes, 2010: 638). In fact, most individuals are able to justify their piracy based on thenotion that they do not otherwise shoplift or steal CDs, software, and games from bricks-and-mortar stores. For instance, one individual involved in gaming piracy suggested,“Piracy is not Theft. It’s piracy” (Downing, 2011: 765). Thus, the subculture of piracyappears to support and justify these behaviors in a variety of ways.197
The evolution of legislation to deal with piracyAlthough digital piracy is a recent phenomenon, the larger issue of protection forintellectual property is relatively old. In fact, there have been laws pertaining tocopyright in existence in England since the mid-1600s. These laws were primarilydesigned to restrict the ability to reproduce materials at a time when printed type andthe ability to read were still highly restricted to the wealthy classes. As technologiesrelated to printing, recording, and photography evolved, so too did laws pertaining to theownership and management of intellectual property.The recognition of a need for consistent international protections for intellectualproperty came to the fore in the late 1800s. At that time, copyright protections were onlyafforded in the nation where they were published. A book published in France could becopied and sold in other countries with no concern for either the existing copyright orthe author. This was particularly important owing to the differences in the Anglo-Saxonconcept of “copyright” which focused on economic issues with the French concern of the“right of the author.” Thus, nations became concerned about the ways in whichintellectual property would be handled and protected internationally. These concerns ledto an international agreement on copyright laws at the Berne Convention for theProtection of Literary and Artistic Works, also known at the Berne Convention, inBerne, Switzerland in 1886. The original signees of the Berne Convention were theUnited Kingdom (although much of it was not implemented in the UK until the passageof the Copyright, Designs and Patents Act of 1988), France, Belgium, Germany, Italy,Spain, Switzerland, Haiti, Liberia, and Tunisia (WIPO, 2017a).In addition to the important copyright agreements discussed below, the BerneConvention set up bureaus to handle various administrative tasks and to developprotections and frameworks for intellectual property. Two of these bureaus merged andbecame the United International Bureaux for the Protection of Intellectual Property,which later became the World Intellectual Property Organization (WIPO) in 1967. In1974, WIPO was integrated as an organization within the United Nations (WIPO, 2017b).Today, the World Intellectual Property Organization (WIPO) has 189 nation members. Itis a self-funding agency of the United Nations that provides a “global forum forintellectual property services, policy, information and cooperation” (WIPO, 2017b). Theirmission is “to lead the development of a balanced and effective international intellectualproperty (IP) system that enables innovation and creativity for the benefit of all” (WIPO,2017b).The Berne Convention’s primary focus was to protect authors’ works and rights byensuring that copyright laws of one nation were recognized and applied in other places(WIPO, 2017a). It accomplished this by focusing on three basic principles. The firstprinciple is the principle of national treatment, which states that works created in any of198
the signatory nations must be afforded the same protection as that of works originatingin that nation. Second, the principle of automatic protection states that protection mustnot be conditioned upon compliance with any formality. This means that works areautomatically protected when they are “fixed,” or recorded on a physical medium, andthat authors must not be required to register their work. Third, the principle ofindependence of protection holds that protection is independent of any existence ofprotection in the work’s country of origin (WIPO, 2017a).In addition, the Berne Convention provided the minimum standard of protection thatmust exist to protect authors’ works and rights. For instance, Article 2(1) of theConvention holds that protections have to be made for all works, including “everyproduction in the literary, scientific and artistic domain, whatever the mode or form ofits expression.” In addition, the following rights were recognized as exclusive rights ofauthorization: (1) the right to translate; (2) the right to make adaptations andarrangements of the work; (3) the right to perform in public dramatic, dramatico-musicaland musical works; (4) the right to recite literary work in public; (5) the right tocommunicate to the public the performance of such works; (6) the right to broadcast; and(7) the right to use the work as a basis for an audiovisual work, and the right toreproduce, distribute, perform in public, or communicate to the public that audiovisualwork. Finally, the Convention provided for “moral rights,” meaning that authors havethe right to claim ownership of their work and object to any action that may beconsidered prejudicial to the author’s reputation (WIPO, 2017a).The Berne Convention also clarified the duration of the copyright protection. For mostworks, the general rule is that protections be granted until 50 years after the author’sdeath. There are several exceptions. For example, anonymous work is protected for 50years after the work was lawfully made available to the public unless the author’sidentity becomes known, in which case the general rule would apply. Audiovisual workmust be protected for a minimum of 50 years after being made available to the public, or,if never released, 50 years after being created. Applied art and photographic works mustbe protected for a minimum of 25 years after the work was created (WIPO, 2017a).Finally, copyrighted work cannot be protected longer internationally than it is in thecountry of origin, referred to as the “rule of the shorter term.”Although the Berne Convention concluded in 1886, it was later revised in 1896 in Parisand in 1908 in Berlin, finally being completed in Berne in 1914. The Conventioncontinued to see many revisions and amendments over the next century, as it wasrevised in 1928 (Rome), 1948 (Brussels), 1967 (Stockholm), and in 1971 (Paris), andamended in 1979. The Appendix to the Paris Act of the Convention importantly alloweddeveloping countries to translate and reproduce works in certain cases connected toeducation (WIPO, 2017a).As of the end of 2016, 172 nations were parties to the Berne Convention. The scope ofthe Berne Convention, however, is much greater. All members of the World TradeOrganization who are not party to the Berne Convention are still bound by the principlesof the Berne Convention under the Agreement on Trade-Related Aspects of Intellectual199
Property Rights (TRIPS Agreement), although they are not bound to the moral rightsprovisions of the Convention (WIPO, 2017a).The United States, however, did not enter into force in the Berne Convention until1989. The USA’s primary concern with ratifying the treaty was its reluctance to changeits copyright laws which require copyright works to be registered. The USA had insteadratified other Conventions throughout the twentieth century, such as the UniversalCopyright Convention in 1952, to address some of the other issues regarding copyrights.Even with the USA ratifying the Berne Convention, citizens who create a work that theywant to be protected in US courts have to obtain a copyright within the USA to ensurethey receive equal protection under the law. For instance, if a US citizen or organizationdevelops intellectual property and feels that their idea has been infringed, they cannotlegally file suit unless they have received a copyright there (Brenner, 2011).The USA has had criminal penalties for the infringement of protected intellectualproperty, however, since 1909 (Copyright Act of 1909). Interestingly, the USA alsoremoved the power to prosecute copyright infringement cases from state courts in 1976with the introduction of the revised Copyright Act of 1976, which introduced newcriminal sanctions under Titles 17 and 18 of the US Criminal Code (Brenner, 2011).Currently, the most stringent legal statutes in the US pertaining to copyrightinfringement are contained under Title 17 of the US Criminal Code (506), which make ita federal crime for someone to willfully infringe an existing copyright for eithercommercial advantage, private gain, or by reproducing or distributing one or morecopies of a copyrighted work with a value of more than $1,000 during a 180-day period(Brenner, 2011). In fact, distributing or reproducing one or more copyrighted works witha value of at least $1,000 during a 180-day period can lead to misdemeanor charges. Afelony charge requires that a person reproduce or distribute at least ten copies of one ormore copyrighted works with a total value of more than $2,500 within 180 days(Brenner, 2011). As such, persistent pirates would be more likely prosecuted with felonycharges, such as the members of The Pirate Bay.This statute is commonly used to prosecute software piracy due to the high costsassociated with certain forms of commercial software. For instance, a single copy of thepopular media manipulation software Photoshop can cost $599 off the shelf. Thus, anindividual who makes two copies of this program could easily be charged with amisdemeanor under this law. The low cost of music and movies makes it much moredifficult to successfully prosecute an individual under these statutes due to the massivevolume of materials they would have to reproduce.Even with the multiple revisions to the Berne Convention over the twentieth century,copyright owners did not feel that the Convention appropriately protected the rights ofauthors in a new digital age. Thus, the WIPO Copyright Treaty (WCT) was passed in1996 and entered into force in 2002 to provide further copyright protections to two typesof works: (1) computer programs; and (2) databases, or compilations or data or othermaterial, in which the selection or arrangement of the contents constitute intellectualcreations (WIPO, 2017c).200
The WIPO Copyright Treaty also granted three additional rights to authors: (1)distribution, (2) rental, and (3) communication to the public. The right of distributionincludes the authorization to make available to the public the original and copies of thework through either sale or transfer of ownership. The right of rental providesauthorization for the owner to rent to the public the original and copies of computerprograms, cinematographic work, and works embodied in phonograms. The right ofcommunication to the public includes the right to authorize any communication to thepublic, regardless of it being wired or not, to allow the public access to the work fromany place at any time, such as on-demand and interactive services.Consistent with the Berne Convention, the duration of these rights must be protectedfor at least 50 years for any work. The treaty also required the signatories to:provide legal remedies against the circumvention of technological measures (e.g., encryption) used by authors inconnection with the exercise of their rights, and against the removal or altering of information, such certain datathat identify works or their authors, necessary for the management (e.g., licensing, collecting and distribution ofroyalties) of their rights (“rights management information”).(WIPO, 2017c)The WIPO Copyright Treaty was implemented in the USA via the passage of theDigital Millennium Copyright Act (DMCA) and in the European Union by Decision2000/278/EC, more specifically Directive 91/250/EC (covering software copyrightprotection), Directive 96/9/EC (database copyright protection), and Directive 2001/29/EC(prohibition of circumventing devices).Media conglomerates began to pressure the US Congress in the 1990s to changeexisting copyright laws and increase protections for intellectual property. Their effortsled to the creation of several laws, including the No Electronic Theft (NET) Act of1997, which increased the penalties for the duplication of copyrighted materials(Brenner, 2011). Specifically, this law revised the language of the copyright act torecognize infringement when an individual receives or expects to receive a copyrightedwork, including through electronic means, regardless of whether they receivecommercial or private financial gain. Up until this point, criminal infringement had toinvolve some sort of economic advantage. Thus, the expected receipt of uploaded and/ ordownloaded copyrighted materials online was made illegal, making it possible to pursueindividuals who acquired pirated materials through file sharing rather than paying forthese items (Brenner, 2011). In addition, these revisions introduced sanctions for thereproduction or distribution of one or more copies of “phonorecords,” making it possibleto legally pursue music piracy. Finally, the Act increased the penalties for piracy to up tofive years in prison and $250,000 in fines, and increased the statutory damages thatcopyright holders could receive.Shortly after the adoption of the NET Act, the US Congress also approved the DigitalMillennium Copyright Act (DMCA) in 1998 (Brenner, 2011). This law was designed todirectly affect media piracy online through further revisions to the Copyright Act.Specifically, this law extended protection to various music and performances that havebeen recorded in some fashion. The second section under this title added section 1201 to201
the Copyright Act, making it illegal to circumvent any protective technologies placed oncopyrighted works, and section 1202 making it illegal to tamper with copyrightmanagement software or protections (Brenner, 2011). While this law was intended toapply to computer software, it may be extended to DVDs and music with protections onthe disc that provide a modicum of protection from infringement or copy. Criminalsanctions for these behaviors were also added under section 1204 of the Copyright Act.Title II of the DMCA is entitled the Online Copyright Infringement LiabilityLimitation Act, which gives extended protections to ISPs against copyright infringementliability (Brenner, 2011). In order to qualify for these protections, ISPs must block accessto infringing materials or remove them from their systems once a complaint is receivedfrom a copyright holder or their agent. This Title also enables copyright holders tosubpoena ISPs for the IP addresses, names, and home addresses of customers who haveengaged in the distribution of copyrighted materials (Brenner, 2011). These changesenabled copyright holders to pursue civil or criminal suits against those sharing piratedmaterials with others, rather than the services making it possible to engage in filesharing overall.While US laws may seem particularly punitive, European legislation is equallypunitive in some cases. For instance, the European Union also has a series of directivesdesigned to protect intellectual property in various forms. European Union Directive91/250/EEC/2009/24/EC provides legal protection for computer programs andharmonized copyright protection across the EU. This Directive was first implemented in1991 and afforded copyright protection to computer programs in the same way asliterary works, such as books or poems. The Directive also gives the copyright owner theright to temporary or permanent copying of the program, any translations of theprogram, or the right to distribute it by any means. The life of the copyright extends forthe lifetime of the software creator plus 50 years, though it has been extended to 70 yearsthrough a subsequent Directive in 2009. This Directive also affords the personpurchasing software the right to back up the software for their personal use, though theymust have a license for the program itself. Similar protections are also afforded todatabases of distinct information under Directive 96/9/EC.In addition, European Union Directive 2001/29/EC, or the Copyright Directive,establishes guidelines concerning the adequate legal protection of copyrighted materialsthrough technological means. This Directive defines rights to copyright holders,including the right to reproduce their materials, and to make them available to the publicthrough publication and transmission of products over the Internet, including music,media, and software. This Directive also requires all Member States to provide legalprotections against attempts to circumvent technologies that prevent copying ofintellectual property and databases. In addition, Member States must provide protectionagainst products and services designed to circumvent protective measures on intellectualproperty for illegal purposes or limited commercial goals. As a result of this language,this Directive is more stringent than the US DMCA.Not all nations share these punitive sanctions, as is evident in India which is a202
member of the Berne Convention but not in the WIPO Copyright Treaty. Indiancopyright law provides similar protective structures for copyright holders as the USAand the EU, but it is less restrictive for some forms of media and intellectual works. Forinstance, a suit was brought to the Delhi High Court by multiple academic publishersagainst a copyshop at Delhi University because it was selling photocopies of textbookchapters directly to students (Masnick, 2016). The Court ruled that there had been nocopyright infringement against the publishers because copyright law does not providethe creator of intellectual property with ownership, but rather to “stimulate activity andprogress in the arts for intellectual enrichment of the public [.] and not to impede theharvest of knowledge” (Masnick, 2016). Thus, the use of copier technology, which isavailable in libraries as well as cell phone cameras and other equipment readily availableto students, constituted fair use of their intellectual property.203
The law enforcement and industry responseAlthough there are myriad laws designed to protect intellectual property, there arerelatively few law enforcement agencies that pursue cases against those who piratematerials. For instance, the USA removed the power to prosecute copyright infringementcases from state courts in 1976 with the introduction of the revised Copyright Act of 1976(Brenner, 2011). As a result, the Federal Bureau of Investigation (FBI) tends toprosecute active investigations against piracy groups (Haberman, 2010). In addition, theU.S. Customs and Border Protection (CBP) and Immigration and CustomsEnforcement (ICE) investigate and seize imported goods that infringe existingintellectual property rights. This includes digital transfers of pirated goods, as individualswho attempt to bring these materials from outside servers onto their home computer aretechnically importing pirated goods (Haberman, 2010). These three agencies haveoperated in concert to take down various groups and individuals involved in thedistribution of pirated materials, for example, in Operation Buccaneer in 2001. Thisinvestigation affected 62 people involved in software piracy in six countries as part of thepiracy ring DrinkorDie (Nhan, 2013).Similarly, the City of London Police has launched the Police Intellectual PropertyCrime Unit (PIPCU) in order to investigate and handle various forms of piracy (City ofLondon, 2013). This unit works as an independent group designed to handle seriousforms of intellectual property crime, including counterfeit products and pirated materialsonline and offline. Its goal is to integrate with various international enforcement andindustry agencies and become a hub for investigations to disrupt organized piracy andfraud, as well as develop strategies to deter and reduce piracy generally (City of London,2013).One of the greatest challenges law enforcement agencies face in dealing withintellectual property laws is the fact that it is exceedingly difficult for intellectualproperty owners to identify when and how their materials are shared illegally. Copyrightholders must scour sites across the globe in order to locate distribution networks andparticipants. As a consequence, industry groups play a more prominent role in theenforcement of intellectual property rights. They manage and promote the interests ofmajor corporations and copyright holders within their country, as well asinternationally. For instance, the Recording Industry Association of America (RIAA)is a trade organization that supports the recording industry and those businesses thatcreate, manufacture, or distribute legally sold and recorded music within the USA. Thegroup was founded in 1952, helped define standards related to music production, and is abroker for the collective rights management of sound recordings. In fact, its stated goalsare to: (1) protect intellectual property rights and the First Amendment rights of artists;(2) perform research about the music industry; and (3) monitor and review relevant laws,204
regulations, and policies. Currently the RIAA represents over 1,600 recording companiesand other industries, such as Sony Music Entertainment and Warner Music Group(Brenner, 2011).For more information on industry bodies protecting intellectual property, goonline to:1. www.riaa.com,2. www.iprcenter.gov.There are many other groups, such as the Motion Picture Association of America(MPAA), that operate to protect the intellectual property of their artists and creativeproducers. In the UK, the Federation Against Copyright Theft (FACT) is the primarytrade organization dedicated to the protection and management of intellectual property,notably those of film and television producers. The group was established in 1983 and isactively engaged with law enforcement to combat piracy. For instance, FACT worksregularly with the UK police to take down piracy websites and sue groups engaged in thedistribution or facilitation of digital piracy (FACT, 2013). They also work in conjunctionwith the Australian Federation Against Copyright Theft (AFACT), which targetspirates in Australia and Oceania generally (AFACT, 2013). Similarly, the Indian MusicIndustry (IMI) represents recording industry distributors and producers across thenation (IMI, 2016).All of these entities work in concert to pursue and protect their economic andintellectual interests. This is a substantive challenge in the current internationallandscape, as the laws of one country governing intellectual property may be entirelydifferent than those of another nation. Consider TPB, the aforementioned group centralin the distribution of torrent files, which was founded in Sweden in 2003. Although the205
members assumed they would be safe from law enforcement efforts, several of theirhomes were raided and they were prosecuted by Swedish and US law enforcement forfacilitating the distribution of pirated materials. In an effort to avoid future incidents, thegroup attempted to purchase Sealand, a micro-island off the coast of England. The groupraised $25,000 in donations to facilitate this endeavor, operating under the assumptionthat they could turn the island into a safe haven for pirated materials. This attempt wasunsuccessful, as the Government of Sealand felt that the group was only going to violateinternational laws. Their efforts, however, demonstrate the extent to which piracygroups are organizing and attempting to avoid legal efforts.The recording industry also pursues civil suits against various individuals andbusinesses for their role in the facilitation of piracy. For instance, the music industrysued the file-sharing service Napster over their role in the distribution of piratedmaterials, which led to an out-of-court settlement and the shuttering of Napster as a freeservice. The recording industry also began to sue individual pirates for theirdownloading behaviors, which often involved hundreds of thousands of dollars in finesagainst the pirates. This tactic, however, has been largely abandoned in favor of trackingfile-sharing programs to detect torrent seeders. In turn, they work with ISPs to sendcease-and-desist letters in order to help slow down the volume of pirated materialstraded online. In fact, the RIAA and FACT began to distribute letters to Internet userswho were thought to have engaged in illegal file sharing to demand payment insettlement for their copyright violations (Nhan, 2013). This tactic was thought to be away to directly reduce the legal costs these entities incurred as a result of pursuingsettlements against file sharing.Other nations have pursued options to directly limit individuals’ access to piratedcontent online. For instance, India began to allow ISPs to block access to websites whereindividuals could acquire pirated media beginning in 2011 (ONI, 2012). The blocks wereoften selective and developed on the basis of so-called John Doe orders, where an entitycould claim that unknown individuals would cause harm to their intellectual property orcopyright (Anwer, 2016). The identification of sites was also questionable as they weredeveloped by attorneys working for industry groups such as the Indian Music Industry.As a result, entire sites would be blocked, not just a single URL where content could beidentified. They were not also enforced across all ISPs, causing gaps in enforcement.In 2012, the Madras High Court ordered that only specific URLs could be blocked andnot entire websites in an attempt to minimize free use of the Internet by citizens. Thiswas challenged, however, by a 2014 request from Sony Entertainment which ordered thecourt to allow fully blocking of various file-sharing and hosting sites that could enablethe distribution of pirated material. The court ruled in favor of Sony and eventuallyallowed 219 sites to be blocked entirely. In 2015, the IMI group was able to successfullyargue that ISPs across the nation block access to sites that enable media piracy (Collier,2015). The Delhi High Court instructed all the ISPs in the nation to block users fromaccessing 104 different websites identified by the IMI as a source for pirated content(Collier, 2015). If an individual attempted to access such a site via their web browser,206
they would see the following message:This URL has been blocked under the instructions of the Competent Government Authority or in compliancewith the orders of a Court of competent jurisdiction. Viewing, downloading, exhibiting or duplicating an illicitcopy of the contents under this URL is punishable as an offence under the laws of India, including but notlimited to under Sections 63, 63-A, 65 and 65-A of the Copyright Act, 1957 which prescribe imprisonment for 3years and also fine of up to Rs. 3,00,000/-. Any person aggrieved by any such blocking of this URL may contactat urlblock [at] tatacommunications [dot] com who will, within 48 hours, provide you the details of relevantproceedings under which you can approach the relevant High Court or Authority for redressal of yourgrievance.There has been substantive criticism of this strategy across India for numerousreasons. Specifically, the basis for blocking may include something as simple as theappearance of the name of a piece of copyrighted material in the URL (Anwer, 2016). Inthe case of full site blocks, the list could extend beyond traditional illegal file-sharingsites like The Pirate Bay and include sites like Google. Should an individual receive analert message that content has been blocked due to potential pirated material, it may notbe because they were actually attempting to access illegal content. Telling the personthat they could be arrested may be useful information but is also a relatively emptythreat due to the difficulty of prosecuting that individual (Anwer, 2016). Furthermore, aperson could easily use proxy services, such as Tor, in order to mask their physicallocation and gain access to pirated content. Thus, blocking content from Internet users isa somewhat questionable tactic to affect piracy rates.Box 5.3 Torrent downloads: Fiasco over three-year jailterm shows absurdity of India’s John Doe ordershttp://indiatoday.intoday.in/technology/story/the-3-years-jail-fiasco-for-torrents-shows-absurdity-of-indias-john-doe-orders/1/745886.html.So, can you land up in jail for viewing a torrent site in India or not? Yesterday, IndiaToday.In reported thatyou may get a jail term as well as may have to pay a fine of Rs3,000,000 if you visit a blocked URL,including a torrent site. Today, you must have seen reports that no, you won’t be jailed just because youvisit a torrent site.This article provides an overview of the issues present in India’s decision to blockpirated content, and the questionable legal grounds on which potential offendersmay stand.207
The recording and media industries have also employed unique extra-legal attempts toaffect piracy networks. For instance, some private companies have been hired to disruptfile-sharing processes by “poisoning” torrent files to either corrupt content, identify thedownloaders, or disrupt P2P networks generally (Kresten, 2012). Some of the morecommon methods involve attempting to share a corrupted version of a piece of music ormedia to deter users from downloading the file or making it more difficult to identify theactual content. Alternatively, some companies such as MediaDefender will attempt toshare a file that tries to download content from non-existent peers or false sites in orderto deter offenders (Kresten, 2012).More extreme measures have been employed by various companies in order to disruptP2P sharing groups. In 2010, multiple Indian film studios hired the company AiplexSoftware to engage in DDoS attacks against websites like The Pirate Bay that would notrespond to take-down notices to remove pirated movies they had produced (Whitney,2010). These tactics were largely ineffectual at disrupting piracy networks and actuallyled to a backlash by members of both the piracy and hacker subculture (Whitney, 2010).Members of the group Anonymous engaged in a number of denial-of-service attacksagainst recording artists, companies, and the RIAA website in order to protest theirefforts to stop piracy (Whitney, 2010). The attack, referred to as Operation Payback,effectively knocked critical websites offline and slowed email traffic, making it difficultfor these groups to engage in regular commerce (Nhan, 2013). As a result, there has beena reduction in the use of these extra-legal methods by the recording industry to avoidfurther embarrassment.208
SummaryTaken as a whole, the problem of piracy is extremely complicated. Individuals interestedin obtaining copyright-protected materials without paying for them have used a varietyof ways to acquire these goods, though it has become increasingly easy to acquirepirated materials over the past two decades. The emergence of the Internet and digitalmedia has made it easy for individuals to share media, though pirates have subvertedthese technologies to share copyrighted files. As a consequence, it is extremelychallenging to affect the rates of piracy through traditional measures such as lawsuits orarrests. In fact, as copyright holders continuously adapt legal strategies to deter pirates,the piracy subculture is increasingly vocal about their right to have access to digitalmedia of all sorts. This tension cannot be easily solved, especially as technologies thatincreasingly provide access to digital materials, such as the Kindle, rise in popularity.Therefore, the criminal justice response to piracy will continue to evolve over the nextdecade.Key termsAustralian Federation Against Copyright Theft (AFACT)Berne Convention for the Protection of Literary and Artistic WorksBitTorrentU.S. Customs and Border Protection (CBP)CopyrightCopyright Act of 1976Copyright lawsDigital Millennium Copyright Act (DMCA)Digital piracyEuropean Union Directive 91/250/EEC/2009/24/ECEuropean Union Directive 2001/29/ECFederal Bureau of Investigation (FBI)Federation Against Copyright Theft (FACT)File sharingImmigration and Customs Enforcement (ICE)Indian Music IndustryIntellectual propertyMotion Picture Association of America (MPAA)MP3 formatNapster209
No Electronic Theft (NET) Act of 1997PatentPeer-to-peer (P2P) file-sharing protocolsThe Pirate BayPolice Intellectual Property Crime Unit (PIPCU)Recording Industry Association of America (RIAA)TorrentTorrent clientTrademarkWarezWarez doodzWorld Intellectual Property Organization (WIPO)Discussion questions1. What are your thoughts on digital piracy? Do you think there is a victiminvolved in intellectual property theft?2. Consider how the evolution in technology has influenced how you watchmovies and listen to music. Think about how it must have been to listento music on vinyl records or watch movies on tapes. Would holding aphysical object, such as a record or cassette tape, affect your views ondigital piracy?3. How different is digital piracy from traditional theft?4. Considering that digital pirates are always one step ahead of the movieand music industries, how should private companies attempt to protecttheir intellectual property?210
ReferencesAl-Rafee, S., and Cronan, T. P. (2006). Digital piracy: Factors that influence attitudetoward behavior. Journal of Business Ethics, 63, 237–259.Anwer, J. (2016). Torrent downloads: Fiasco over 3-year jail term shows absurdity ofIndia’s John Doe orders. India Today.in, August 22, 2016. Available at:http://indiatoday.intoday.in/technology/story/the-3-years-jail-fiasco-for-torrents-shows-absurdity-of-indias-john-doe-orders/1/745886.html.Australian Federation Against Copyright Theft (AFACT). (2013). Resources. Available at:www.screenassociation.com.au/resources.php.Brenner, S. W. (2011). Defining cybercrime: A review of federal and state law. In R. D.Clifford (ed.), Cybercrime: The Investigation, Prosecution, and Defense of aComputer-related Crime (3rd edn) (pp. 15–104). Raleigh, NC: Carolina AcademicPress.Business Software Alliance. (2016). Seizing opportunity through license compliance.Available at: http://globalstudy.bsa.org/2016/downloads/studies/BSA_GSS_US.pdf.City of London. (2013). Police Intellectual Property Crime Unit (PIPCU). Available at:www.cityoflondon.police.uk/advice-and-support/fraud-andeconomic-crime/pipcu/Pages/default.aspx.Collier, K. (2015). India institutes a draconian (and ineffective) antipiracy law. The DailyDot, December 7, 2015. Available at: www.dailydot.com/news/india-isp-piracy-ban/.Cooper, J., and Harrison, D. M. (2001). The social organization of audio piracy on theInternet. Media, Culture, and Society, 23, 71–89.Downing, S. (2011). Retro gaming subculture and the social construction of a piracyethic. International Journal of Cyber Criminology, 5(1), 749–771.Federation Against Copyright Theft. (2013). About FACT . Available at: www.fact-uk.org.uk/about/.Gillespie, T. (2006). Designed to “effectively frustrate”: Copyright, technology, and theagency of users. New Media and Society, 8(4), 651–669.Gunter, W. D. (2009). Internet scallywags: A comparative analysis of multiple forms andmeasurements of digital piracy. Western Criminology Review, 10(1), 15–28.Haberman, A. (2010). Policing the information super highway: Custom’s role in digitalpiracy. American University Intellectual Property Brief, summer, 17–25.Higgins, G. E. (2006). Gender differences in software piracy: The mediating roles of self-control theory and social learning theory. Journal of Economic Crime Management,4, 1–30.Higgins, G. E., Wolfe, S. E., and Ricketts, M. L. (2009). Digital piracy: A latent classanalysis. Social Science Computer Review, 27, 24–40.Hinduja, S. (2001). Correlates of Internet software piracy. Journal of Contemporary211
Criminal Justice, 17, 369–382.Hinduja, S. (2003). Trends and patterns among online software pirates. Ethics andInformation Technology, 5, 49–61.Holt, T. J., and Copes, H. (2010). Transferring subcultural knowledge online: Practicesand beliefs of persistent digital pirates. Deviant Behavior, 31, 625–654.Indian Music Industry (IMI). (2016). About. Available at: www.indianmi.org.International Federation of Phonographic Industries. (2004). One in three music discs isillegal but fight back starts to show results . Available at: www.ifpi.org.Karagiannis, T., Briodo, A., Brownlee, N., Claffy, K. C., and Faloutsos, M. (2004). Is P2Pdying or just hiding? IEEE Globecom Global Internet and Next Generation Networks.Available at: http://alumni.cs.ucr.edu/~tkarag/papers/gi04.pdf.Kravets, D. (2016). Navy denies it pirated 558k copies of software, says contractorconsented. Ars Technica, November 14, 2016. Available at:http://arstechnica.com/tech-policy/2016/11/navy-denies-it-pirated-558k-copies-of-software-says-contractor-consented/.Kresten, P. V. (2012). Torrent Poisoning. New York: VolutPress.Masnick, M. (2016). Indian Court says “Copyright is not an inevitable, divine, or naturalright” and photocopying textbooks is fair use. TechDirt, 19 September, 2016.Available at: www.techdirt.com/articles/20160917/00432335547/indian-court-says-copyright-is-not-inevitable-divine-natural-right-photocopying-textbooks-is-fair-use.shtml.McCourt, T., and Burkart, P. (2003). When creators, corporations and consumers collide:Napster and the development of on-line music distribution. Media, Culture & Society,25, 333–350.Music Business Worldwide. (2014). Why does the RIAA hate torrent sites so much?Available at: www.musicbusinessworldwide.com/why-does-theriaa-hate-torrent-sites-so-much/.MUSO. (2016). MUSO Global Film & TV Piracy Insights Report 2016. Available at:www.muso.com/market-analytics-insights-reports/.Nhan, J. (2013). The evolution of online piracy: Challenge and response. In T. J. Holt(ed.), Crime On-line: Causes, Correlates, and Context (pp. 61–80). Raleigh, NC:Carolina Academic Press.ONI. (2012). ONI releases 2011 year in review. Available at: https://opennet.net/blog/2012/04/oni-releases-2011-year-review-0.Peitz, M., and Waelbroeck, P. (2004). The effect of internet piracy on music sales: Cross-sectional evidence. Review of Economic Research on Copyright Issues, 1, 71–79.Pouwelse, J., Garbacki, P., Epema, D., and Sips, H. (2005, February). The bit torrent P2Pfile-sharing system: Measurements and analysis . Fourth International Workshop onPeer-to-Peer Systems (IPTPS’05), February. Available at:http://iptps05.cs.cornell.edu/PDFs/CameraReady_202.pdf.Skinner, W. F., and Fream, A. M. (1997). A social learning theory analysis of computercrime among college students. Journal of Research in Crime and Delinquency, 34,212
495–518.Van Der Sar, E. (2012). The Pirate Bay, now without Torrents. TorrentFreak, February 28,2012. Available at: https://torrentfreak.com/the-pirate-bay-dumps-torrents-1202228/.Whitney, L. (2010). 4chan takes down RIAA, MPAA sites. CNET, September 20, 2010.Available at: www.cnet.com/news/4chan-takes-down-riaa-mpaa-sites/.World Intellectual Property Organization (WIPO). (2017a). Summary of the BerneConvention for the Protection of Literary and Artistic Works (1886). Available at:www.wipo.int/treaties/en/ip/berne/summary_berne.html.World Intellectual Property Organization (WIPO). (2017b). Inside WIPO. Available at:www.wipo.int/about-wipo/en/.World Intellectual Property Organization (WIPO). (2017c). Summary of the WIPOCopyright Treaty (WCT) (1996). Available at:www.wipo.int/treaties/en/ip/wct/summary_wct.html.Yar, M. (2013). Cybercrime and Society (2nd edn). London: Sage.213
Chapter 6Economic Crimes and Online FraudChapter goals• Understand the definitions of fraud and identity theft.• Identify how and why fraudsters have adapted to online environments.• Explain the various forms of email-based fraud currently circulating.• Understand the problem of carding and its use in various forms of fraud.• Know the laws pertaining to fraud and cyber-based theft.• Recognize the agencies responsible for the investigation of fraud.214
IntroductionWhen many people discuss the benefits of computer technology and the Internet, theymay identify the ease with which these resources allow us to shop and manage ourpersonal finances. Consumers can now acquire virtually any item from anywhere in theworld through major online retailers, like Amazon, or directly from other consumers viaeBay and craigslist. PWC’s (2016) survey of 23,000 shoppers in 25 different countriesfound that over half (54%) of the respondents bought products online at least monthly.One-third of the respondents believed that their mobile phone would become their mainpurchasing tool. In the USA, two-thirds of adults who use the Internet shop online atleast once each month; one-third shop online weekly (Mintel, 2015). Similarly, 77 percentof UK Internet users purchased something online in 2015 (Twenga, 2016). Much of thisexpansion stems from the belief that consumers can save money and actively researchproducts and price points by purchasing goods through online retailers (Wilson, 2011).At the same time, consumers often increase the size of their orders and spend more toget the benefit of free shipping (Mintel, 2015). Thus, there has been a significant increasein the use of websites and online auction houses to identify goods and services at lowerprice points than are otherwise available in bricks-and-mortar stores.For more information on consumer shopping trends, go online to:www.internetretailer.com/trends/consumers/.Consumers also invest a great deal of trust in the safety and security of online retailersto manage their financial data. Services like Amazon and iTunes store credit or debitcard information on file so that customers can pay for an item through a single click inorder to minimize the processing time required to pay for a product. Others use third-party payment systems like PayPal to send and receive payments for services rendered.As a result, web-based financial transactions have become commonplace in the modernworld.The ability to access and buy goods anywhere at any time represents a revolution incommerce. The benefits of these technological achievements, however, are balanced by215
the increasing ease with which our personal information may be compromised. Thepaperless nature of many transactions means that we must now put our trust incompanies to maintain the confidential nature of our financial data from hackers anddata thieves. At the same time, consumers have to be vigilant against deceptiveadvertisements for products that are either too inexpensive or lucrative to miss.In fact, one of the most commonly reported forms of cybercrime are forms of cyber-deception and theft, otherwise known as fraud. Although there are many definitions offraud, one of the most commonly accepted involves the criminal acquisition of money orproperty from victims through the use of deception or cheating (e.g. Baker and Faulkner,2003). Various forms of fraud existed prior to the Internet and required some interactionbetween the victim and the offender, either through face-to-face meetings (Kitchens,1993; Knutson, 1996) or telephone-based exchanges (Stevenson, 1998). As technology,such as email and web pages, became more popular, fraudsters began to adapt theirschemes to suit online environments where less direct interaction with victims wasnecessary to draw in prospective targets. In fact, some forms of fraud require virtually nointeraction with a victim, as criminals can now compromise databases of sensitiveinformation in order to steal identities or hijack payment providers in order to illegallytransfer funds.For more information on recent hacks and fraudulent transactions using theinternational SWIFT transaction system, go online to:http://arstechnica.com/security/2016/04/billion-dollar-bangladesh-hack-swift-software-hacked-no-firewalls-10-switches/.The near ubiquity of technology has now afforded fraudsters multiple opportunities toobtain money or information from victims for various purposes. Fraudsters can utilizeemail, texts, instant messaging systems, Facebook, Twitter, and online retailing sites tocapitalize on unsuspecting victims. Some offenders have even begun to track thebehavior of naïve individuals to obtain sensitive information. For instance, teens andyoung adults have begun a dangerous habit of posting pictures of new drivers’ licenses,passports, and credit/ debit cards online to brag to friends (see Box 6.1 for details). In thiscase, the victims are providing their personally identifiable information to others freely,which may then be used to engage in identity crimes with some ease. As a result, this216
presents an immediate and simple resource for fraud based solely on the poor personalsecurity habits of users.Box 6.1 Follow Friday: where debit card numbers getstolenWho tweets their debit card number?www.slate.com/blogs/browbeat/2012/07/06/debit_card_pictures_on_twitter_the_hilarious_new_twitter_account_that_shames_people_for_posting_their_debit_cards_.htmlEnter @NeedADebitCard, a new Twitter account that’s either a service for sense-deprived people, a boonfor identity thieves, or sadistic public shaming, depending on your point of view. “Please quit postingpictures of your debit cards, people,” its bio implores.This article summarizes a unique and unusual phenomenon: individuals postingtheir personal details for others to see via social media. The cultural imperative topost information and the potential harm that may result are discussed.This chapter will provide an overview of the most common forms of fraud employedonline, most notably those sent via email to wide audiences. The utility of e-commercesites for the sale of counterfeit goods and the theft of sensitive personal information foridentity crimes will also be examined in detail. We will also consider the difficulty lawenforcement agencies face in attempting to combat these crimes, due in part to theirinternational scope.217
Fraud and computer-mediated communicationsWhen discussing online fraud, it is important to note that email is a critical resource forfraudsters. Prior to the World Wide Web and CMCs, scammers had to depend on theirability to craft convincing stories, whether in person or through either phone-based orprint scams in magazines and newspapers. These efforts required some degree ofinvestment on the part of the scammer, as they had to develop and pay for an ad to becreated or pay for bulk mail. In fact, some of the most well-known email scams todaywere previously run through handwritten letters in postal mail or faxes in the 1980s(United States Department of State, 1997).The creation and proliferation of email was a boon to scammers, as they could use thismedium in order to access millions of prospective victims simultaneously at virtually nocost (Wall, 2004). The use of email is ubiquitous; many people have multiple accounts attheir disposal for different purposes. Email is extremely simple to use, requires virtuallyno cost for users or senders, and allows the distribution of images, text, web links, andattachments. This enables a scammer to create convincing messages using branded, well-known images that can fool even the most careful of users. For instance, if individualswanted to create an email that appeared to come from a bank, they could visit thatinstitution’s website to download the official logos and language posted in order to crafta more realistic message. They can also use HTML redirects that would not otherwise benoticed by a casual web user in order to make a more believable message.In much the same way, fraudsters have begun to sell counterfeit clothing orpharmaceuticals to unsuspecting victims via spam email (Holt and Graves, 2007; Kingand Thomas, 2009; Taylor, Fritsch, Liederbach, and Holt, 2010; Wall, 2004; Wood, 2004).Spammers can create ads for online retail spaces or post ads on craigslist and eBayselling high-value consumer items, such as Coach® purses, Cartier® watches, andprescription pharmaceutical drugs like Viagra, at a dramatically reduced price(Balsmeier, Bergiel, and Viosca Jr., 2004). Victims of these spam emails are sent whatlooks like a legitimate advertisement for the desired product, including legitimatebranding logos and images. The virtual nature of online retail makes it virtuallyimpossible for the consumer to determine the validity of a claim because they cannot seethe packaging or inspect the quality of an item in person. Consumers who purchaseitems may receive a fraudulent product as with purses or jewelry, or adulteratedproducts in the case of pharmaceuticals which may contain few, if any, activeingredients (Balsmeier et al., 2004; Wall and Large, 2010).In 2015, the Internet Crime Complaint Center (IC3) (2015) received 288,012 complaintsabout various forms of Internet fraud. Approximately 44 percent of these complaintsreported losses of $1 billion. Based on these estimates, the average loss to these victimswas $8,421. When estimating the average loss for all victims, regardless of reported218
losses, the average loss was $3,718 (median of $560). Despite these estimates,approximately 15 percent of Internet fraud victims reported their losses to lawenforcement.For more information on fraud statistics, go online to:www.telegraph.co.uk/motoring/news/i0869408/0nline-fraud-costs-car-buyers-17.8million-a-year.html.219
Identity theftIn addition to economic losses stemming from fraud, there is a tremendous threat posedby the loss of sensitive, personally identifiable information (PII), or the uniqueidentifiers which individuals use in their daily lives (Krebs, 2011). A range of personaldetails are considered PII, including names and birthdates, as well as governmentidentification numbers assigned to you, such as social security numbers, passportnumbers, and drivers’ license numbers. This information is inherently valuable, since itserves as the basis for obtaining credit cards, mortgages, loans, and governmentassistance (Federal Trade Commission, 2016). Criminals who obtain this information canuse it to apply fraudulently for such services. In addition, they may use this informationto create fraudulent identification in order to conceal their identities or evade lawenforcement.For more information on the value of your PII, go online to:www.ft.com/cms/s/2/927ca86e-d29b-11e2-88ed-00144feab7de.html#axzz33UytNvd7.The use of PII to engage in fraud or impersonation has led to a unique set of terms inthe legal and academic fields: identity theft and fraud. These terms are often usedinterchangeably, though their use varies by place. In addition, there is no singledefinition for either term (Copes and Vieraitis, 2009). There are, however, someconsistencies in their meaning. One of the most widely recognized and accepteddefinitions of identity theft in the USA involves the unlawful use or possession of ameans of identification of another person with the intent to commit, aid, or abet illegalactivity (Allison, Schuck, and Learsch, 2005; Copes and Vieraitis, 2009). The Bureau ofJustice Statistics defines identity theft as:the attempted or successful misuse of an existing account, such as a debit or credit card account, the misuse ofpersonal information to open a new account or the misuse of personal information for other fraudulentpurposes, such as obtaining government benefits or providing false information to police during a crime ortraffic stop.(Harrell, 2014)220
In Australia, India, and the UK, the term identity fraud is more commonly used toreference when someone else’s personal information is used by another individual inorder to obtain money, credit, goods, or services, and may be used to enable other formsof fraud, such as mortgage fraud (National Fraud Authority, 2013). In fact, this creates aninteresting dichotomy: possession of PII without authorization from those persons is notillegal in the UK, though it is in the USA.Over the past decade, evidence suggests that identity crimes are increasingexponentially and cause substantive economic harm. Almost 400,000 individuals reportedcomplaints of identity theft to the Federal Trade Commission (FTC) in 2016, comprising13 percent of all complaints received (Federal Trade Commission, 2016). The mostcommon forms of identity theft reported were: employment or tax-related fraud (34%),credit card fraud (33%), phone or utilities fraud, including both fraudulent use of mobileand landline accounts (13%), and bank fraud (12%). Only 27 percent of victims reportedtheir experiences to law enforcement which is surprisingly low, given the economicconsequences of these crimes.The number of identity theft complaints made to the FTC pales in comparison to theestimates of identity theft victimization in the USA. Javelin (2017) estimated that identityfraud affected 15.4 million US citizens and cost them $16 billion. The Bureau of JusticeStatistics (BJS) estimated that 17.6 million US residents, or approximately 7 percent of theUS population over the age of 16, were the victims of identity theft in 2014 (Harrell,2014). The BJS found that the most common form of identity theft victimization was theunauthorized misuse or attempted misuse of an existing account, experienced by 16.4million individuals. More specifically, 8.6 million individuals experienced credit cardfraud, 8.1 million were victimized by bank account fraud, and 1.5 million were victims ofother types of account fraud, such as telephone or insurance accounts.It should be noted that some individuals may have experienced multiple forms ofvictimization. In many cases, the victims only found out when a financial institutioncontacted them (in 45 percent of the incidents) or when noticing fraudulent charges ontheir accounts (18 percent of incidents). Although two-thirds of identity theft victimsreported direct financial losses, only 14 percent experienced out-of-pocket losses. Withinthis group, half experienced losses of less than $100, but 14 percent suffered losses ofmore than a $1,000. Only 10 percent of identity theft victims reported the incident to lawenforcement. Rather, the majority (87%) reported the victimization to a credit cardcompany or bank.Similarly, estimates from the UK vary depending on whether the figures are based onreporting or survey estimates. Cifas (2017) reported that almost 173,000 identity fraudcases were reported in the UK in 2016. Although this was only a 2 percent increase from2015, it was a 52 percent increase from 2014. Identity fraud may now represent morethan half of all fraud cases in the UK (Cifas, 2017). The National Fraud Authority (2013)had previously found that 8.8 percent of a nationally representative sample of citizenshad been victims of identity fraud in 2012. They lost an average of £1,203 each, which isthe equivalent of £3.3 billion at the national level (National Fraud Authority, 2013). In a221
more recent survey, Experian (2016) estimated that there were 3.25 million UK victimswith costs closer to £5.4 billion.Evidence from Experian India (2016), the only provider of fraud detection services inthe country, suggests that there has been a substantive increase in fraudulentapplications for financial products in 2015. In fact, identity theft incidents accounted for77 percent of all cases reported, mostly involving applications for loans and credit cardsthrough the use of fraudulently obtained credentials (Experian India, 2016). There wasalso an increase during the year of frauds based on stolen personal information, with 18percent of all detected frauds involving this sort of information. In addition, there was a50 percent increase in attempts to obtain mortgages using stolen credentials over 2015.Given the scope of identity theft and fraud, it is important to note that criminals canobtain PII in two ways: low-tech and high-tech methods. Low-tech identity theft caninvolve simple techniques such as taking personal information out of mailboxes andtrash cans or during the commission of a robbery or burglary (Allison et al., 2005; Copesand Vieraitis, 2009). Offenders may also use high-tech methods via computers and/or theInternet to obtain personal information that is seemingly unprotected by the victim(Chu, Holt, and Ahn, 2010; Holt and Lampke, 2010; Newman and Clarke, 2003; Wall,2007).It is not clear how many identity crimes stem from low- or high-tech means due to thefact that victims may not be able to identify when or how their identity was stolen(Harrell, 2014). In addition, law enforcement and trade agencies are only beginning tomeasure the scope of identity crimes and to capture this information effectively (FederalTrade Commission, 2016; Harrell, 2014; National Crime Agency, 2017). It is possible thatthere may be an increase in the number of identity theft and fraud incidents stemmingfrom high-tech means due to the ease with which individual offenders can compromisethe PII of thousands of victims at once. For instance, businesses and financial institutionsstore sensitive customer information in massive electronic databases that can be accessedand compromised by hackers (Chu et al., 2010; Holt and Lampke, 2010; Newman andClarke, 2003; Wall, 2007).The extent of hacks affecting consumer PII was demonstrated when the US companyHeartland Payment Systems announced that their system security had beencompromised during 2008 by a small group of hackers. The company processed over 11million credit and debit card transactions for over 250,000 businesses across the USA ona daily basis (Verini, 2010). Thus, hackers targeted their systems and were able toinfiltrate and install malware that would capture sensitive data in transit withouttriggering system security (Krebs, 2011). In turn, they were able to acquire informationfrom 130 million credit and debit cards processed by 100,000 businesses (Verini, 2010).These sorts of mass breaches are increasingly common. The compromise of the USretail giants Target and Neiman Marcus in late 2013 exposed more than 40 million creditand debit card accounts with prospective losses for consumers estimated to be in themillions (Higgins, 2014). In addition, the Hard Rock Hotel and Casino in Las Vegasrecently experienced a data breach in which client information, including names, credit222
and debit card numbers, and the CVV of the cards, were stolen (PandaLabs, 2015). Twoonline dating services, AdultFriendFinder and Ashley Madison, also recently experiencedmajor data breaches in which the personal information of their clients was released. Inthe case of Ashley Madison, 37 million customers had their information released,including completed transactions, email addresses, and sexual preferences (PandaLabs,2015).In light of the scope of data breaches, Symantec (2016) reported that over half a billionpersonal records were stolen or lost in 2015. In nearly half of the cases, the records wereaccidentally made public by the entity rather than being released from an attacker. Therewere a total of 318 breaches with nine of them being considered mega-breaches in whichover 10 million identities were exposed. For their estimates, the average data breach lost1.3 million records, though the median incident led to the loss of only 4,885 records.While financial data is a tremendously attractive target for thieves and fraud-sters,there is also evidence that healthcare data breaches are increasing. The amount ofsensitive PII that could be acquired through an error or weakness in healthcare datastorage is tremendous (Heath, 2015). The information stored by healthcare providers inthe USA frequently includes social security information and other pieces of identifyinginformation that can be used for traditional identity fraud, but could also provideinformation to assist in medical and insurance fraud in the USA. In fact, the companyExperian in the USA reported working on remediating damages and repairing systemsinvolved in compromises of 180 healthcare breaches in the first nine months of 2015alone (Heath, 2015). Symantec (2016) reported that one-third of data breaches in 2015included medical records, although they note that this high percentage could also be anindicator of the higher standards in the health sector to report data breaches.One of the more recent well-known massive data breaches that shook the healthsector targeted Anthem, which is the second-largest provider of healthcare in the USA(Symantec, 2016). In 2015, Anthem’s data breach exposed 78 million patient records,which may cost the company over $100 million (PandaLabs, 2015). This attack wastraced by Symantec back to Black Vine, a well-funded group with associations to aChinese-based IT security organization.223
Email-based scamsIn the context of online fraud, some of the most common schemes are perpetrated basedon initial contact via email. The interactive nature of email content coupled with theability to access hundreds of thousands, if not millions, of users makes this an idealmedium for fraudsters. There are several fraud schemes sent to prospective victims everyday. In the following sections, we discuss some of the most prevalent forms. This is notmeant to be an exhaustive list. Instead, our purpose is to expose you to the mostcommon types of schemes you may encounter on a consistent basis.Nigerian email schemesIn the realm of online fraud schemes, one of the most common and costly types is theadvance fee email scheme. These are so named because the sender requests a smallamount of money up front from the recipient in order to share a larger sum of moneylater (see Box 6.2 for an example). These messages are more commonly referred to as“Nigerian” scams because the emails often come from individuals who claim to reside ina foreign country, particularly Nigeria or other African nations (see Smith, Holmes, andKaufmann, 1999). Some also call them 419 scams as a reference to the Nigerian legalstatutes used to prosecute fraud (Edelson, 2003; Holt and Graves, 2007).Box 6.2 Nigerian email textSubject: MR SULEMAN BELLOFROM THE OFFICE MR SULEMAN BELLOAFRICAN DEVELOPMENT BANK (ADB).OUAGADOUGOU BURKINA FASO.WEST AFRICA.TRANSFER OF ($25,200.000.00) TWENTY FIVE MILLION, TWO HUNDRENTHOUSAND DOLLARS.I AM SULEMAN BELLO, THE AUDITOR GENERAL OF AFRICANDEVELOPMENT BANK HERE IN BURKINA FASO. DURING THE COURSE OFOUR AUDITING, I DISCOVERED A FLOATING FUND IN AN ACCOUNTOPENED IN THE BANK BY MR JOHN KOROVO AND AFTER GOING THROUGHSOME OLD FILES IN THE RECORDS I DISCOVERED THAT THE OWNER OFTHE ACCOUNT DIED IN THE (BEIRUT-BOUND CHARTER JET) PLANE CRASH224
ON THE 25TH DECEMBER 2003 IN COTO-NOU (REPUBLIC OF BENIN).AND NOBODY HAS OPERATED ON THIS ACCOUNT AGAIN, THE OWNEROF THIS ACCOUNT IS MR JOHN KOR-OVO A FOREIGNER, AND A TRADERWHO TRADE ON GOLD AND MINING, HE DIED, SINCE 2003 AND NO OTHERPERSON KNOWS ABOUT THIS ACCOUNT OR ANY THING CONCERNING IT,THE ACCOUNT HAS NO OTHER BENEFICIARY AND MY INVESTIGATIONPROVED TO ME AS WELL THAT MR JOHN KOROVO DIE ALONG WITH HISTIRED FAMILY. THE AMOUNT INVOLVED IS (USD 25.2 M) TWENTY-FIVEMILLION, TWO HUNDRED THOUSAND UNITED STATES DOLLARS ONLY, IAM CONTACTING YOU AS A FOREIGNER BECAUSE THIS MONEY CAN NOTBE APPROVED TO A LOCAL PERSON HERE, BUT CAN ONLY BE APPROVEDTO ANY FOREIGNER WITH VALID INTERNATIONAL PASSPORT OR DRIVERSLICENSE AND FOREIGN ACCOUNT BECAUSE THE MONEY IS IN US DOLLARSAND THE FORMER OWNER OF THE ACCOUNT MR JOHN KOROVO IS AFOREIGNER TOO, AND THE MONEY CAN ONLY BE APPROVED INTO AFOREIGN ACCOUNT.I NEED YOUR STRONG ASSURANCE THAT YOU WILL NEVER, NEVERCHEAT ME AS SOON AS THIS FUND HIT INTO YOUR ACCOUNT. WITH MYINFLUENCE AND THE POSITION OF THE BANK OFFICIAL WE CAN TRANSFERTHIS MONEY TO ANY FOREIGNER’S RELIABLE ACCOUNT WHICH YOU CANPROVIDE WITH ASSURANCE THAT THIS MONEY WILL BE INTACT PENDINGOUR PHYSICAL ARRIVAL IN YOUR COUNTRY FOR SHARING. THE BANKOFFICIAL WILL PROVE ALL DOCUMENTS OF TRANSACTION IMMEDIATELYFOR YOU TO RECEIVE THIS FUND LEAVING NO TRACE TO ANY PLACE ANDTO BUILD CONFIDENCE.ON THE CONCLUSION OF THIS TRANSACTION YOU WILL BE ENTITLED TO30% OF THE TOTAL SUM AS GRATIFICATION, WHILE 10% WILL BE SET ASIDETO TAKE CARE OF THE EXPENSES THAT MAY ARISE DURING THE TIME OFTRANSFER AND ALSO TELEPHONE BILLS, WHILE 60% WILL BE FOR ME.SO ON THE INDICATION OF YOUR WILLINGNESS I WANT YOU TOFORWARD TO ME YOUR: FULL NAME: SEX: COMPANY: IF ANY FULLCONTACT ADDRESS: PHONE: CELL: FAX: CITY: STATE:ZIP CODE COUNTRY:OCCUPATION AND ALL THE NECESSARYINFORMATION WILL BE SENT TOYOU ON THE ACCEPTANCE TO CHAMPION THIS TRANSACTION WITH ME.THANKSYOURS TRULYSULEMAN BELLOSource: Email received by one of the authors.There are several variations of this scam used on a regular basis to defraud225
individuals. One of the most common messages involves the sender making a claim thatthey are a wealthy heir to a deceased person who needs help moving inherited funds outof the country. In turn, they will give the recipient a proportion of the sum in exchangefor financial and legal assistance (Edel-son, 2003; Holt and Graves, 2007). Anotherpopular variation of the message involves the sender posing as a public official who hasbeen able to skim funds from a business or government contract (Edelson, 2003). Theyare seeking a contact to help get the money they illegally obtained out of the account. Asimilar scheme takes the form of a banker or attorney trying to close a dead customer’saccount using the potential victim as the deceased’s next of kin (Edelson, 2003). Otheradaptations have been identified, including the sender being in legal trouble or involvedin some form of illegal behavior. Thus, the sender attempts to ensnare the recipient in anillicit, yet ultimately false, transaction.Potential victims who receive and respond to one of these messages are defraudedthrough the use of two techniques. First, and most often, the respondent will contact thesender, and the sender will then ask for a small donation to get an account or fund out ofa holding process. The sender will then continue to receive small payments from thevictim because of complications in obtaining their account or additional legal fees thatare needed to move the account (Smith et al., 1999). The process continues until thevictim is no longer willing or is too embarrassed to pay additional money, which cancause a significant dollar loss for the victim.An additional proportion of scammers will avoid the long-term process in favor ofmore immediate fraud. They achieve this by requesting that the recipient providepersonal information, such as their name, address, employer, and bank accountinformation. The sender may make this request under the guise of ensuring that therecipient is a sound and trustworthy associate (Edelson, 2003; King and Thomas, 2009).The information is, however, used surreptitiously to engage in identity theft and drainthe victim’s accounts.Due to the millions of spam messages sent every day, it is unknown how manyrespondents are victimized each year. Some may not report their experience to lawenforcement agencies out of fear that they will be prosecuted for their involvement inthe potentially illegal fund transfers described in the initial message they received(Buchanan and Grant, 2001). They may also feel too embarrassed that they lostsubstantial money because they responded to an email or were swindled by an otherwiseimplausible scam (Buchanan and Grant, 2001).As a result, advance fee fraud victims constitute a substantial dark figure ofcybercrime. It is clear, however, that victims of advanced fee fraud email scams losemassive amounts of money each year. The Internet Crime Complaint Center (2015)reported that they received 288,000 complaints in 2015, and, of those, advance fee and419 scams were the second most common type of fraud reported and cost US residents$99 million. Although the average scam may only cost a victim around a $1,000,scammers obtain these funds slowly from multiple victims over the course of a fewweeks and accumulate a substantial amount of money. Thus, it is to a scammer’s226
advantage to send out as many messages as possible in order to increase the likelihood ofa response.For more information on advance fee frauds, go online to:www.onlinebanktours.com/banks/moneyBasics/preview.php?id=83.Phishing emailsThe use of phishing messages is another insidious form of fraud perpetrated in part byemail in which individuals attempt to obtain sensitive financial information from victimsto engage in identity theft and fraud ( James, 2005; Wall, 2007). These messages oftenmimic legitimate communications from financial institutions and service providers, suchas PayPal or eBay. The message usually contains some of the branding and languagecommonly used by that institution in an attempt to convince the recipient that themessage is legitimate (see Box 6.3 for an example). The message usually suggests that aperson’s account has been compromised, needs to be updated, or has some problem thatmust be corrected as soon as possible. The time-sensitive nature of the problem iscommonly stressed to confuse or worry the prospective victim in order to ensure a rapidresponse.Box 6.3 Phishing exampleFrom: service@amazon.comSubject: Update your Amazon.com account informationDear Customer,You have received this email because we have strong reason to believe that yourAmazon account had been recently compromised. In order to prevent anyfraudulent activity from occurring we are required to open an investigation into thismatter.Your account is not suspended, but if in 36 hours after you receive this messageyour account is not confirmed we reserve the right to terminate your Amazon227
subscription.If you received this notice and you are not an authorized Amazon account holder,please be aware that it is in violation of Amazon policy to represent oneself as anAmazon user. Such action may also be in violation of local, national, and/orinternational law.Amazon is committed to assist law enforcement with any inquires related toattempts to misappropriate personal information with the intent to commit fraud ortheft.Information will be provided at the request of law enforcement agencies to ensurethat perpetrators are prosecuted to the full extent of the law.To confirm your identity with us click the link below:http://www.amazon.com/exec/obidos/sign-in.html[this link actually leads to http://ysgrous.com/www.amazon.com/]We apologize in advance for any inconvenience this may cause you and wewould like to thank you for your cooperation as we review this matter.Source: Email received by one of the authors.The email will also include web links that appear to connect to the appropriatewebsite so that the victim can immediately enter their login information for the affectedaccount. Generally, however, the link redirects the user to a different site controlled bythe scammer that utilizes collection tools to capture user data. Better fraudulent sites willalso feature branding or logos from the institution to help further promote the legitimacyof the phishing email. Upon arriving at the site, individuals are prompted to entersensitive information, such as their bank account number, username, password, or evenin some cases Personal Identification Numbers (PINs) to validate their account. Uponentering the data, it is captured by the scammer for later use and may either redirect thevictim back to the original website for the company or provide a page thanking them fortheir information.This type of fraud is actually quite old, dating back to the 1990s when ISPs billed usersby the hour for access. Skilled hackers would try to capture the usernames andpasswords of unsuspecting victims by posing as an ISP, especially America Online (AOL)due to its scope and penetration in the market. Fraud-sters would harvest known AOLemail addresses and send messages claiming to need account updates or validation ofuser profiles. The mass-mailing strategy was like fishing, in that they were hoping tohook victims through deceptive bait. The term “phishing” emerged as a corruption of theterm akin to that of phreaking within the general argot of the hacker community.Unsuspecting victims who believed these messages to be legitimate would forward theirinformation to the sender in the hopes of correcting their account. The fraudsters,228
however, would keep the accounts for their own use or trade the information with othersfor pirated software or other information.The success of phishing techniques led some to begin to target e-commerce and onlinebanking sites as they became popular with larger segments of the population in the early2000s. Hackers began to recognize the value in targeting these institutions, and somebegan to create sophisticated phishing kits that came pre-loaded with the images andbranding of the most prominent global banks. These kits, combined with spam emaillists, enabled hackers to readily steal financial data from thousands of unsuspecting usersaround the world. In fact, the Anti-Phishing Working Group (2017a) tracked over 1.22million unique phishing email campaigns in 2016 alone. The problem of phishing hasbecome so commonplace that over 277,693 unique phishing websites were identified inthe fourth quarter of 2016 (Anti-Phishing Working Group, 2017b). These sites are oftenhosted primarily in the USA, due in part to the substantive proportion of hostingresources available to hackers, along with Germany, Canada, France, and the UnitedKingdom (Anti-Phishing Working Group, 2013, 2017a). Thus, phishing is a globalproblem that cannot be understated, though the prevalence of phishing victimization inthe general population is largely unknown.Work-at-home schemesThe use of the Internet as a medium for job solicitation and advertisements has enabledscammers to adapt existing schemes to virtual spaces. Specifically, some send out ads forso-called “work-at-home schemes” where they promise recipients substantial earningsfor just a few hours of work per day (see Box 6.4 for an example: Turner, Copes, Kerley,and Warner, 2013). These jobs can all be performed in the home, whether online orthrough simple physical tasks, such as reviewing store performances, stuffing envelopes,selling various products, data processing, or repackaging and shipping goods forcompanies. Typically the recipient also requires no training or advanced degrees tocomplete the job. Regardless of the form of work, the scammers typically make moneyby requiring prospective employees to pay fees for training materials, access to databasesfor work, or products and packaging materials. However, the scammer may not sendthese materials or may provide information that is of no actual value to the victim.Alternatively, victims may be roped into cashing fraudulent checks or buying goods andservices on another person’s behalf (Turner et al., 2013).Box 6.4 Work-at-home schemeDear Sir/Madam,It is my pleasure to write to you in respect of our organization; Delixi Consultsbased in People Republic of China and has a Chapter in Holland, Our organization is229
a leader in the export of textile products including a variety of yarns and myriad offabrics as well as various clothing materials, Artworks and construction equipmentWe buy and deliver competitively-priced, quality products to our customers in thetextile industry.Our Head office is in China, with branches all over Europe, parts of West Africa.Over the years, We have been expanding our clientèle’s to the UnitedStates/Canada, South America, North America and we have gotten some clientsover there. We are currently looking for trustworthy representatives in your regionthat can help as a link between us and our clients over there. We need reliableindividuals/companies as book-keepers or representatives such as you. So I wouldlike to know if you will like to work with us online from home and get paid basedon percentage without leaving your present job if you have any. We will be glad ifyou could work with us as our representative or book-keeper in your country.You will be working as our payment assistant in charge of collecting andprocessing payments from our clients. Since they will be making the payment inchecks or money orders made payable only in your country, you will be collectingthese payments, cash them at your bank, then be forwarding them via moneytransfer international money transfer). And for this service, We agree to pay you10% of every total amount you collect from our clients.and be aware if you are acompany we are purchasing product from this can also build our partnership inreceiving fund for us on our behave.REQUIREMENTS1. 18 years or older.2. Responsible, Reliable and Trustworthy.3. Ability to receive and follow instructions.4. Able to check and respond to emails often.5. Easy telephone access. kindly reply to this Email (sandralsmith1@hotmail.com).IS THIS LEGAL?Yes it is. As a matter of fact, our lawyers checked all legal provisions to know ifthere is any domestic or international law against businesses or deals in thismanner. And they said it is allowed by all LAWS. So know that doing this work issafe and legitimate. We would be glad if you accept our proposal. We intend tocommence as soon as you are ready. Just click the reply button to indicate yourinterest and we will contact you as soon as possible. Make sure you reply with thedetails stated below:NAME:ADDRESS:230
CITY:STATE:ZIP CODE:PHONE NUMBER(S):AGE:I hope to hear back from you.Mr. Richard BrownMarketing Manager for Delixi Consults & Co.Source: Email received by one of the authors.An extremely common form of a work-at-home scheme is called a “secret shopper”scheme. Although there are legitimate companies that hire individuals to engage inshopping activities or review products, many disreputable or criminal groups use onlineads to draw in unaware victims. In these schemes, the sender or fake company indicatesthat they are seeking people to shop at specific retailers to review the store’s proceduresand customer service (Turner et al., 2013). The recipient is “hired,” given a check ormoney order by mail to use at the retailer to purchase certain goods, and is allowed tokeep a proportion of the check for compensation. The “employee” of the secret shoppercompany buys the specified items, writes up their experience, and then ships the items toa specified location (Turner et al., 2013). This practice actually serves as a money-laundering technique by cashing fraudulent checks or money acquired through variousforms of fraud and providing scammers with goods. In addition, the prospectiveemployees can be arrested or charged with criminal activity because of their unwittingrole in the scheme (Internet Crime Complaint Center, 2017).231
Romance scamsAn additional e-mail-based scam combines various elements of Nigerian, phish-ing, andwork-at-home schemes: romance scams. Unlike other email scams, victims of romanceschemes are not interested in economic gain but rather in forming an emotional andromantic bond with another person (Buchanan and Whitty, 2013; Cross, 2015). Thepopularity of online dating sites and social media creates a target-rich environment forscammers to contact a broad audience who are either actively seeking or interested in aromantic partner. As such, scammers can manipulate these environments in order tocreate a virtual identity that will appear enticing to their potential victims (Buchananand Whitty, 2013; Cross, 2015).The typical scheme begins via an unsolicited contact sent via a dating profile or socialmedia account where the scammer attempts to garner a response from their target. Thescammer creates fake profiles in various social media and dating sites using attractivepictures of men or women in order to increase the likelihood of a victim responding. Inaddition, many scammers indicate that they are US or European citizens working abroadwith no relatives or family to help them cope with the distance. Their “loneliness”creates a potential bonding point with their target, and if a person responds to theirmessages they will carry on protracted discussions with the recipient (Buchanan andWhitty, 2013; Cross, 2015).Careful scammers will ask a great deal of questions of their potential victims in anattempt to “get to know them,” while surreptitiously using the information to help adjustthe scam to increase the likelihood of responses over time. The scammer will alsoindicate their romantic interest and profound love for the victim relatively soon, whichmay take the victim by surprise (Buchanan and Whitty, 2013; Cross, 2015). They mayalso obtain the victim’s address information and begin to send them gifts online andoffline in an attempt to help cement their relationship and bond the scammer and victim.Once a relationship has been established, there are a range of ways the scammer maydefraud the victim. All of these techniques are similar to the practices used in otheremail scams to acquire funds. In most cases, scammers will try to make arrangementswith the victim to pay them a visit in person so that they can consummate their love andenjoy each other’s company (Whitty and Buchanan, 2012). Some issue prevents themfrom traveling and they have insufficient funds to get them out of their specificpredicament. For instance, they may be unable to pay a hotel bill and will not be givenback their passport until the debt is resolved. They may also claim to have been muggedor beaten, and that they need funds to pay their hospital bill (Whitty and Buchanan,2012).Victims who send funds are continually strung along for more money until such timeas they realize they are being defrauded. Scammers may also ask the victim to help them232
by cashing checks on their behalf as they are unable to accept the payment for somereason. Others may ask the victim to accept goods on their behalf and reship them toanother location, as the company will not ship to their location (Cross, 2015).Regardless of the methods used by the scammer, romance schemes are extremelyharmful to victims. The prevalence and cost of victimization are unknown, as manyvictims may feel too embarrassed or ashamed to report their experiences to lawenforcement (Cross, 2015). In the USA, 12,509 victims of romance scams reported losingapproximately $200 million in 2015. These losses averaged to over $16,000 per victim,making it the second-largest category of fraud as measured by victim loss (IC3, 2015).A nationally representative survey of Great Britain in 2010 found that almost 230,000people had been scammed out of funds by romance schemes (Whitty and Buchanan,2012). As a consequence, the UK National Fraud Intelligence Bureau found that thesescams cost the UK £24 million in 2013 and £34 million in 2014 respectively (Action Fraud,2015). Similarly, the Australian Competition and Consumer Commission found thatromance frauds cost citizens over $23.8 million across 3,811 reported incidents in 2016alone (Scamwatch, 2017). These estimates do not, however, take into account theemotional hardships victims of romance schemes experience (see Box 6.5 for theexperience of victims in their own words). Even if an individual does not experience anyeconomic losses, they may feel substantive psychological hurt and a sense of rejectionupon realizing that the scammer was not in love with them at all (Buchanan and Whitty,2013; Cross, 2015).Victims of romance schemes may not fit into a particular demographic profile. Thereis a hypothesis that victims are more likely to be older heterosexual women (Whitty andBuchanan, 2012), though recent research found that both gay men and women were aslikely to be victims as heterosexuals (Buchanan and Whitty, 2013). In addition, victimsappear to have an idealistic worldview of romantic partners, placing them in highemotional and psychological regard while simultaneously ignoring their potentialnegative attributes (Buchanan and Whitty, 2013). These results are based on relativelylimited research, demonstrating a need for continuing empirical analysis to betterunderstand the risks associated with romance scam victimization.Box 6.5 Understanding the human dimensions ofromance scamsDr. Cassandra Cross, Senior Lecturer, School of Justice, Faculty of Law,Queensland University of TechnologyTechniques used by offenders to target victims“Frank” had recently lost his wife to a brain hemorrhage. He had started using233
various social networking websites to chat to women across the globe and, inparticular, started communicating with a woman in Ghana. During theirconversations, Frank had shared details about himself and, more importantly, detailsabout his wife’s death. After a few months, Frank received a request for money fromthe brother of the woman he had been communicating with, after being advised shehad been in a car crash and was suffering from the same illness that had taken hiswife.Then her brother calls me, sends me an email under her name and said she got hit by a car, her brain’sbleeding anyway, I just lost my wife with a brain hemorrhage, and they wanted $1000 for the doctor tooperate, they won’t do anything unless you pay, so I sent them $1000 [or] $1200, then it started.(Frank, 73 years old)Frank was suspicious of the situation presented to him, but was willing to send themoney on the off-chance that the situation was legitimate and that this woman wassick. He had also been in phone contact with the alleged doctor who was treatingher, which added to the plausibility of the situation.She got hit by this car [.] I phoned the doctor and everything I phoned the doctor because I want to know.My wife had died from a brain hemorrhage you know and I’d spent two one hour sessions, probably along time with two different neurosurgeons down there I wanted to give them my brain. [I said to them]why don’t you try this and [this], and as it turned out a lot of the things I suggested had been tried anddon’t work. She’d had a massive internal bleed in the brain, you could see the scan it was just black [.] thedoctor said if it’s on the perimeter on the edge of the brain, yeah they can drain the pressure off and fix itup and I thought you know, and that’s how they got me with her. $1000 wasn’t much, but I didn’t reallybelieve it but I said maybe if it is going to happen and she is going to die I said for a thousand dollars theycan have it you know.(Frank, 73 years old)Frank’s situation illustrates the insidious way in which offenders will manipulate aperson’s emotions and circumstances to obtain financial benefits. It demonstratesthe way in which Frank was presented with a situation that involved multiple actors(the woman, her brother, and the doctor) in order to increase the likelihood that hewould consent to the request for money. The use of the same illness that hadclaimed his wife also reinforces the ways in which offenders will specifically targetvictims to gain compliance to financial requests (Cross, 2013: 33).Impact of romance fraud on victimsRomance scam victims experience devastating effects as a result of the financialimpact of fraud but also the loss of the relationship. For many, the relationship canbe more difficult to grieve than the loss of money by itself.The severity of online fraud victimisation was clearly evident in a small numberof victims interviewed for Cross, Richards, and Smith (2016). As detailed below, theemotional and psychological impacts of online fraud victimization were so great for234
some that they had considered or even attempted suicide. The following excerpts areall taken specifically from romance fraud victims.I have come close to ending my life, honestly, I still feel that way (interview 13).[At the time I reported the fraud] I said “As far as I’m concerned, I am ready to suicide” (interview 34).I even tried to kill myself I was so depressed, because [of] not just the money but because of the shame.My family was very upset (interview 43).I [was] sort of really despairing and about to commit suicide. [.] I was desperate, I mean I was consideringsuicide. I was that distraught with what I’d actually done [.] [further into the interview] I was reallydespairing. I was, I saw this end for myself through suicide. And then I thought, “this is ridiculous. If Idon’t say something to somebody, I’m going to do it [commit suicide]” (interview 49).One woman, whose fraud victimization followed a number of other adverse lifeevents, including a violent intimate partner relationship and the loss of her job,described taking steps towards ending her life:Participant: I had literally torn up any personal things – letters, diaries, photos– so there would be no trace left.Interviewer: Of this [online fraud] incident?Participant: Of me. [.] You just feel so stupid. [.] [I felt] pretty useless really,that is what I kept thinking, a bit of a waste of space, that is what I keptthinking about myself.Interviewer: Did you ever think of suicide?Participant: Yeah I did. I just shut down, but I would make sure my underwearwas clean. It was just so bizarre, and there would be no trace of me left, Iwould just evaporate (interview 44).(Cross et al., 2016: 28–29)Shame and embarrassment in disclosing romance fraudFor many victims of romance fraud, embarrassment stemming from both usingonline dating services, and having been defrauded, combined to prevent them fromseeking support from loved ones. Many victims of romance fraud had either notdisclosed to their family and friends that they were seeking romance online, or hadprovided only limited details. For example, one woman said:I’ve got adolescent kids. [.] They knew about it, they knew I was on a [dating] site. [.] But they’re not realcomfortable talking about it [.] [later in the interview]. My kids were certainly okay about the fact that Iwas on the [dating] site but didn’t really want any sort of details (interview 5).A male victim, who had sought out a relationship on an international datingwebsite, described his reluctance to tell his family about being defrauded:The stigma is twofold. One is to admit to your family that you have gone onto an international dating site,235
which is socially something which most Anglo-Saxon children would struggle with. [.] It’s the wholestigma of being on a site that’s a problem with the mail order bride thing. [.] The other thing is I got stung.That is two things there that you will emotionally not share (interview 4).(Cross et al., 2016: 61)ReferencesCross, C. A. (2013). Fraud and its PREY: Conceptualizing social engineering tacticsand its impact on financial literacy outcomes. Journal of Financial ServicesMarketing, 188–198.Cross, C., Richards, K., and Smith, R. G. (2016). The reporting experiences andsupport needs of victims of online fraud. Trends & Issues in Crime and CriminalJustice, 518: 1–14.Pump-and-dump stock schemesOver the past two decades, the Internet has become an ideal medium for small investorsto trade stocks. The information-gathering and analytical capabilities afforded bytechnology allow investors to micromanage their accounts without the need to engagebrokers and firms with their own concepts of good or sound investments (Tillman andIndergaard, 2005). Instead, consumers can use firms that allow the individual to buy andsell stocks based on their own hunches and information. To that end, scammers havebegun to leverage email as a means to advertise stocks with generally low value to thelarger public (Tillman and Indergaard, 2005). Often, this is performed through the use ofspam emails called pump-and-dump messages (see Box 6.6 for an example).The text of a pump-and-dump message indicates that a small company with a lowstock price is on the cusp of becoming a hot commodity due to the development of aproduct or idea with substantive growth potential. These companies may not be tradedin larger markets such as the New York Stock Exchange (NYSE) because of the lack ofpublicly available information on the product, but are rather sold in smaller “over-the-counter” markets (Tillman and Indergaard, 2005). This makes it difficult for investors todetermine the validity of claims or to actively research a product. Some may take theadvice that they see and, because of its generally low price, invest in the hopes of turninga profit.Box 6.6 Pump-and-dump messageHey Kids.236
Statler here. I have to laugh. Yes friends, laugh. I have no other reaction to all theTwitter Warriors and Chat Room Heros who, because they were short COLV, couldnot talk enough trash about the stock.It is time to buy COLV. Call your broker and buy it right now because I promiseyou it is going to twenty dollars. That’s right $20.I am going Ole School with COLV – and issuing a buy recommendation.Remember to tell your friends to sign up at http://www.stocktips.com/ and followmy newsletter for more COLV info.COLV – Ready to make big dough?Happy Trading,MikeCo-Editor, Stock TipsSource: Email received by one of the authors.The scammers, however, are attempting to artificially “pump up” the price by enticingindividuals to purchase the stock. This concurrently increases the stock price within thelarger market, inspiring further investor confidence which may further increase its value.The individuals behind the scheme will then “dump,” or sell, their shares when they feelit has reached a critical mass. By selling, the stock price will begin to drop, causingremaining shareholders to lose substantial amounts as the price declines (Tillman andIndergaard, 2005). Thus, these schemes are worthwhile only to those insiders who canpump the stocks and dump them at the artificially inflated rate.While this sort of scam may appear to be specialized and affect only those withsubstantial incomes, it is important to note that these spam messages may constitute asmuch as 15 percent of all spam email in a given year (Bohme and Holz, 2006). Thispercentage fluctuates widely as penny stock emails only constituted 1 percent of spamemails in 2012 but 16 percent of all spam in 2013 (MarketWatch, 2014). These messagesare also different from other scams in that they do not require the sender to interactdirectly with the victims. Instead, the spam generators purchase the stocks in advance oftheir email campaigns and will track the rise of the stock they advertise (Hanke andHauser, 2006). Often, the spammers will sell their stock within a few days of the initialmessage distribution, as the price of the stock will reach an inflated peak price. Selling atthis time ensures the greatest possible rate of return on their investment. In fact, Friederand Zittrain (2007) suggest that spammers can generate a 4 percent rate of return ontheir initial investment, while victims lose at least 5 percent within a two-day period.The potential profits earned by pump-and-dump scammers was demonstrated in a2015 spam campaign perpetrated via the globally popular WhatsApp messaging service.237
Users received messages from individuals claiming to be Wall Street insiders stating thatpeople should buy stock in a digital currency company called Avra (Lipka, 2015). Thestock went from an 11 cent value on the morning of Friday, August 21 to $1.26 beforenoon the same day. The stock then closed at below $1 the same day, suggesting that theprimary spammers had cashed out while the stock was at its highest value. By Monday,August 24 the stock closed at 24 cents, suggesting that the scam cycle had run its course.The fact that the stocks affected are commonly traded through smaller investmentmarkets makes them difficult to track and even harder to disrupt, as the spammers andinvestors cannot be readily identified. There have been several noteworthy arrests ofpump-and-dump scammers, such as the recent indictment of seven individuals in theUSA for their roles in perpetrating a massive scheme via spam and false posts on socialmedia sites (US Attorney’s Office, 2013). The scope of this scheme was massive; it isestimated that the perpetrators gained more than $120 million in fraudulent stock sales,affecting victims in 35 countries (US Attorney’s Office, 2013). The perpetrators werecaught due to collaborative investigations by the FBI, RCMP, and agencies in the UK andChina, particularly through the use of intercepts of electronic communications andphone calls between participants (US Attorney’s Office, 2013). Thus, pump-and-dumpschemes require a substantial investigative effort in order to detect and disrupt thesescams.E-commerce sitesThe increased use of the Internet by consumers to identify and purchase goods has alsoenabled fraudsters to find ways to distribute counterfeit goods through online outletsdue to the large return on investment and low risk of detection (Wall and Large, 2010).The sale of counterfeit goods is actually a form of intellectual property theft (see Chapter5) in that individuals create, distribute, and sell products that closely replicate orblatantly copy the original designs of a privately owned product. The counterfeitproduct, however, is of a lower quality despite using similar branding and designs toentice buyers, while none of the profits are returned to the original copyright holder(Wall and Large, 2010). As a result, counterfeiting can harm the economic health andreputation of a company due to the sale of poor-quality products using stolen designsand intellectual property.Spam email is a particularly practical way to advertise counterfeit products becausethe creator can use language which suggests that their prices are very low for high-quality items that otherwise make a social statement or help the buyer gain socialposition (Wall and Large, 2010). The lack of regulation in online markets also allowssellers to offer counterfeit products, which may look like the authentic product, directlyto consumers. Online spaces do not allow consumers to properly inspect an item, forcingthem to rely on the images and descriptions of products. As a result, counterfeiters canuse images including legitimate brand logos and photos of the actual product to create238
advertisements that speak to the value and low cost of their merchandise (Balsmeier etal., 2004; Wall and Large, 2010; see Box 6.7 for an example). In turn, consumers are onlyable to evaluate the advertisement and may not realize they have been swindled until apoor-quality forgery or fake arrives in place of the original item.Box 6.7 Counterfeit luxury goods messageFrom: Prestigious Gift ShopSubject: Christmas Sale, Thousands of Luxury Goods For Under $100Dunhill, Mont Blanc, Yves Sant Laurent Shoes, Omega Watches, The good price fornew collections of prestigious accessories, fashionable shoes and smart bags.Autumn-Winter 2011. [.] On sale for a reduced priceTempting offers on fabulous replica watches aboundSource: Email received by one of the authors.Spam email is a key resource for counterfeiters to advertise and lure in unsuspectingconsumers, as fraudsters can drive traffic to online markets that they manage.Alternatively, they may use existing markets, such as online retail sites, where they canartificially manipulate indicators of trust and reputation to appear more legitimate(Dolan, 2004). In fact, evidence from the brand protection company MarkMonitor foundthat one of six individuals seeking genuine products at a deep discount was directed torogue websites that appeared legitimate in order to make a purchase (Smith, 2014). Inaddition, research on Nike products advertised on Google demonstrated that 20 percentof results would direct a consumer to a website selling counterfeit products despitefrequent attempts to take down this content (Wadleigh, Drew, and Moore, 2015).Counterfeiters may also use auction sites and secondary retail markets online as ameans to sell their products. For instance, an existing eBay seller profile that has beeninactive may be stolen and hijacked by a fraudster in order to sell counterfeit productswhile appearing to be a reputable seller in good standing (Chua, Wareham, and Robey,2007; Gregg and Scott, 2006). Sellers can also create accounts using fake names oraddresses, making it difficult to locate the identity of the person responsible for the saleof fraudulent goods (Gregg and Scott, 2006).The Organisation for Economic Co-operation and Development (OECD) reported thatthe estimated value of imported fake goods worldwide was $461 billion in 2013, whichwas 2.5 percent of all global imports (OECD, 2016). This included all physical counterfeitgoods which infringe trademarks, design rights or patents, and tangible pirated productsthat would violate copyright protection. At the same time, this does not include onlinepiracy which further affects retailers and copyright holders (see Chapter 5). Twentypercent of fake goods that were seized affected the intellectual property rights of UScompanies, though corporations in Italy (15%), France (12%), Switzerland (12%), Japan239
(8%), and Germany (8%) were also affected. Almost two-thirds (63.2%) of fake goodsoriginated from China with another 21.3 percent originating in Hong Kong, totaling 84.5percent of all fake goods seized. Although many of the purchases were completed online,most fake goods (62%) that were seized were shipped through parcel post.Limited research suggests that consumers who buy counterfeit goods wish to conformto current fashion norms and be part of the “it-crowd.” They want to position themselveswithin the social elite who own authentic versions of a counterfeit product (Wall andLarge, 2010). Thus, counterfeit luxury goods allow sellers to “trade upon the perceptionof and desire for exclusivity and to extract its high value by deceiving consumers intobuying non-authentic and often low-quality products” (Wall and Large, 2010: 1099).Evidence suggests that the most popular brands sought after by consumers seekingcounterfeit products are high-end luxury labels, including Louis Vuitton®, Gucci®,Burberry®, Tiffany®, Prada®, Hermes®, Chanel®, Dior®, Yves Saint Laurent®, andCartier® (Ledbury Research, 2007). The majority of counterfeit products purchasedthrough email-based ads are clothes (55%), shoes (32%), leather goods (24%), jewelry(20%), and watches (26%) (Ledbury Research, 2007).Those consumers who are defrauded through eBay often have limited recourse to dealwith the problem (Dolan, 2004). Currently, eBay does not offer monetary compensationto victims of fraud; the company will only log the complaint and mark the seller’sprofile. PayPal and payment providers may absorb fraudulent charges, though this doesnot guarantee that victims will be fully compensated. As a result, many victims ofauction fraud do not know where to turn to file a complaint. Those who do complain tosome agency often report dissatisfaction with the process (Dolan, 2004). However, theirexperiences do not prevent them from engaging in online commerce, as more than 75percent of victims go on to buy goods via auctions and e-commerce sites (Dolan, 2004;see Box 6.8 for details on the development of brand protection communities to minimizethe risk of purchasing counterfeit goods).Box 6.8 The rise of virtual brand protectioncommunitiesThe rise of e-commerce and secondary market sales has created uniqueopportunities for educated consumers to find products at very low prices. Thissystem has also been exploited by counterfeiters and criminals as a means to disposeof fake merchandise with minimal difficulty, as consumers are unable to examinetheir products prior to making a purchase. Given these risks, a number of so-calledindependent virtual brand communities have emerged online to help consumersmake informed purchases. This term is largely born out of consumer research,referencing the fact that individual consumers band together online based on theirshared interest in a specific brand or product (Muniz and O’Guinn, 2001). The groupfunctions independently of the brand owner, operating by loyal customers as a240
means to share their commitment to the brand, communicate information andknowledge about its products, as well as the values they have imbued in the brand(Muniz and O’Guinn, 2001; Sloan, Bodey, and Gyrd-Jones, 2015).Brand communities can also serve as a resource to minimize losses due tocounterfeiting by detecting counterfeit retailers in advance of a purchase (Basu andMuylle, 2003: 163). Evidence suggests that consumers participate in brandcommunities to learn about products and quality, as well as user experiences (Millánand Diaz, 2014). In turn, consumers may be properly informed of the ways in whicha product should be marketed, how it should appear, and which vendors may beconsidered legitimately associated with the brand (Royo-Vela and Casamassima,2011).In particular, independent virtual brand communities can be a valuablemechanism to authenticate products and sellers associated with a particular brand orindustry (Basu and Muylle, 2003). Participants can share the potential red flagsassociated with counterfeit products, and the perceived legitimacy of a vendor ortheir website (Mavlanova and Benbunan-Fich, 2010; Narcum and Coleman, 2015).There are a number of these communities associated with brands, such asniketalk.com, which functions as a forum for enthusiastic fans of the Nike brand(and other athletic shoe brands) to discuss products, rate their performance, andauthenticate online retailers and independent vendors operating on sites like e-bay.com. The site has no association with Nike, but operates as one of the world’slargest online communities to discuss this brand. There are similar forums forvarious retail categories, such as thebagforum.com which operates as a forum forindividuals to discuss various purses and handbag makers and retailers, as well asauthenticate products prior to making a purchase. Thus, brand communities serve avital role in assisting consumers in determining the legitimacy of a product andreducing the potential losses associated with counterfeit purchases.ReferencesBasu, A., and Muylle, S. (2003). Authentication in e-commerce. Communications ofthe ACM, 46(12), 159–166.Mavlanova, T., and Benbunan-Fich, R. (2010). Counterfeit products on the internet:The role of seller-level and product-level information. International Journal ofElectronic Commerce, 15(2), 79–104.Millán, Á., and Díaz, E. (2014). Analysis of consumers’ response to brand communityintegration and brand identification. Journal of Brand Management, 21(3), 254–272.Muniz Jr, A. M., and O’Guinn, T. C. (2001). Brand community. Journal of ConsumerResearch, 27(4), 412–432.Narcum, J. A., and Coleman, J. T. (2015). You can’t fool me! Or can you?241
Assimilation and contrast effects on consumers’ evaluations of productauthenticity in the online environment. Journal of Asian Business Strategy, 5(9),200.Royo-Vela, M., and Casamassima, P. (2011). The influence of belonging to virtualbrand communities on consumers’ affective commitment, satisfaction and word-of-mouth advertising: The ZARA case. Online Information Review, 35(4), 517–542.Sloan, S., Bodey, K., and Gyrd-Jones, R. (2015). Knowledge sharing in online brandcommunities. Qualitative Market Research: An International Journal, 18(3).In addition to counterfeit luxury goods, spammers frequently target prescription drugsand supplements through email advertising. Almost a quarter of all spam is advertisingpharmaceutical products (Grow, Elgin, and Weintraub, 2006; Kaspersky, 2017; see Box6.9 for an example). According to the Pew Internet American Life survey, 63 percent ofInternet users have received spam emails advertising sexual health medications, 55percent received spam with regard to prescription drugs, and 40 percent received emailsabout an over-the-counter drug (Fox, 2004). Recent estimates of the economy for illicitpharmaceuticals were placed at $200 billion globally on the basis of sales from onlinemarkets as well as diverted products and counterfeit products produced around theworld (Sophic Capital, 2015).For more on the dangers of counterfeit pharmaceuticals, go online to:www.youtube.com/watch?v=Yyatw3rxSMc.Box 6.9 Counterfeit pharmaceutical messageDiet Pill Breakthrough!!!What if you could actually shed 10, 15 or even 25 pounds quickly and safely inless then [sic] 30 days?NOW YOU CAN [.]Click below to learn more about Hoodia:http://051.mellemellepoa.com.242
Source: Email received by one of the authors.The substantial volume of pharmaceutical spam is directly related to the increased useof prescription drugs by the general population across the globe (Finley, 2009). Manyindividuals use prescription drugs legitimately for assorted pains and ailments, and asmall proportion of the population are addicted to prescription pain medications(Crowley, 2004). Regardless, the cost of pharmaceuticals has risen substantially over thepast decade, making it difficult for some to acquire the necessary medications (Crowley,2004).The creation of Internet pharmacies over the past ten years has enabled individuals toaccess legitimate and illegitimate needs at low cost and, in some cases, withoutprescriptions (Finley, 2009). In fact, the Pharmaceutical Security Institute (PSI, 2017b) hasdocumented a 51 percent increase in the number of arrests involving the seizure ofcounterfeit drugs between 2011 and 2015. The quantity of drugs seized varies, though 33percent of all those arrests made in 2015 involved over 1,000 doses of a medication, while56 percent involved less than that amount. Seizures involving smaller quantities haveincreased substantially over the past few years, which is due to the increased volume ofcounterfeit drugs being sold online (PSI, 2017b). This is also a global problem, witharrests made in 128 countries; however, the majority of arrests and seizures occurred inAsian countries during 2015 (PSI, 2017a). North American seizures and arrests alsoincreased 100 percent from 2014 to 2015, which is again likely a function of purchases ofcounterfeit pharmaceutical products online (PSI, 2017a).Online pharmaceuticals present a substantial threat to consumers, as they can obtainprescription drugs without an actual prescription. The United Nations’ InternationalNarcotics Control Board (INCB) found that approximately 90 percent of allpharmaceutical sales achieved online are made without a prescription (Finley, 2009).Sullivan (2004) found 495 websites selling prescription drugs in a single week of analysis,and only approximately 6 percent of these sites required any evidence of an actualprescription. Similarly, the US General Accounting Office (2004) found that only 5 of the29 pharmacies based in the USA required validation of a prescription before distributingdrugs. Many online pharmacies hosted in foreign countries relied on medicalquestionnaires, or required no information at all from the consumer in order to acquire aprescription (Finley, 2009).As a consequence, it is difficult to distinguish legitimate online pharmacies from thosedesigned expressly to sell counterfeit products to unsuspecting consumers. In fact, thereis a distinct threat to consumer safety posed by the sale of prescription drugs online(Grow et al., 2006; Herper, 2005; Phillips, 2005; Stoppler, 2005; Tinnin, 2005). Unlikeluxury goods counterfeiting, the consumers who buy from online pharmacies may not becognizant of the potential for adulteration or outright useless ingredients included inthese products. Stoppler (2005) reported that drugs purchased from illegal onlinepharmacies have the potential to: (1) be outdated or expired; (2) be manufactured insubpar facilities; (3) contain dangerous ingredients; (4) be too strong or too weak; (5)243
contain the wrong drug, or (6) be complete fakes. In fact, the US Food and DrugAssociation reported that approximately 90 percent of all prescription drugs coming intothe USA purchased through email or postal mail are dangerous and include minimalactive ingredients (Tinnin, 2005).An additional concern lies in the difficulty of regulating or deterring illegal onlinepharmacies. This is a consequence of the anonymity afforded by the Internet andcomputer technologies. Offenders can quickly create a pharmacy, sell products, andeither move their website to a different address or completely disappear before lawenforcement can begin a proper investigation. In addition, the website creators can setup their web address to appear to be hosted in any country and utilize branding andimagery that would make the site appear to be legitimate. For instance, LegitScript andKnujOn conducted an investigation of “rogue” Internet pharmacies, designed to “sell orfacilitate the sale of prescription drugs in violation of federal or state laws and accepteddrug safety standards” through the search engine bing.com (LegitScript and KnujOn,2009). The authors were able to identify ten rogue pharmacies advertising on the searchengine, though they were all removed within days of their initial investigation. Theauthors were, however, able to obtain a prescription drug without an actual prescriptionthrough another rogue pharmacy advertising on bing.com (LegitScript and KnujOn,2009). Thus, the problem of counterfeit pharmaceuticals poses a potentially serious riskto vulnerable populations, which may make this more difficult to combat than otherforms of online fraud.244
The problem of carding and stolen data marketsThe range of fraud schemes discussed above suggests that anyone can be a target foronline fraud and identity theft. Many of these schemes are too good to be true, such asthe 419 emails which indicate that a person can make millions of dollars if they arewilling to pay a few hundred dollars up front. Other scams are more difficult to assess,such as phishing emails that mirror the originating website and company as closely aspossible and prey on victims’ fears of compromise. Each of these fraud types, however,requires the victim to engage an offender in some way.The need for victim–offender interaction in order to facilitate fraud has decreasedover the past decade with the growth of large-scale repositories of consumer data, suchas bank records, personal information, and other electronic files (see Allison et al., 2005;Furnell, 2002; Newman and Clarke, 2003; Wall, 2001, 2007). As discussed earlier, hackerscan now simply compromise large databases of information to capture victim datawithout the need for any interaction with others. The success of such compromises isevident in the fact that offenders regularly target institutions for mass exploitation. Infact, members of the group that breached Heartland Payment Systems were alsoresponsible for a similar attack against the Marshalls department stores and its parentcompany, TJX, in 2006 (see Box 6.10 for details on one of the hackers responsible forthese breaches). That compromise led to the loss of 45 million credit card records andover $1 billion in customer damages (Roberts, 2007).For more on data breach rates go online to:www.verizonenterprise.com/DBIR/2016/.245
Box 6.10 Albert GonzalesIn Surprise Appeal, TJX Hacker Claims US Authorized His Crimeswww.wired.com/2011/04/gonzalez-plea-withdrawal/.Albert Gonzalez, the hacker who masterminded the largest credit card heists in U.S. history, is asking afederal judge to throw out his earlier guilty pleas and lift his record-breaking 20-year prison sentence, onallegations that the government authorized his years-long crime spree.This story details the claims made by Albert Gonzales, an individual who admittedto engaging in some of the largest data breaches in the past decade, targeting TJX,Heartland Payment Systems, and national retail chains. He claimed that thesecrimes were committed as a result of his role as an undercover informant for the USSecret Service, and that he should not be sanctioned for his involvement.These instances demonstrate the amount of information fraudsters can acquire in ashort amount of time. This is not the only way in which mass data can be acquired. Forinstance, phishing campaigns may generate a few hundred respondents who providesensitive data in minutes (James, 2005). However, this begs the question of whatoffenders can do with hundreds, thousands, or millions of credit and debit card accounts.This is too much information for any one person to use, given the short window ascammer may have before fraudulent transactions are noticed. At the same time, thesedata have a tangible value that can be exploited in the right hands.In order to garner the greatest possible return from stolen data, individuals havebegun to sell the information they obtain via open markets operating online. Thispractice is sometimes referred to as carding, which involves the use and abuse of a creditcard number or the identity associated with that account. This practice dates back to themid-1990s when hackers would utilize statistical programs to randomly generate creditcard numbers (Moore, 2010). They would then check to see if these generated numberswere actually active. If so, they would use the cards to engage in fraud. As access tocredit card data increased through the use of phishing and other techniques, the use ofthese programs decreased in favor of purchasing information on the open market.Several studies demonstrate that hackers advertise data they have stolen in a varietyof ways through advertisements in IRC channels or web forums (Holt and Lampke, 2010;Franklin, Paxson, Perrig, and Savage, 2007; Motoyama, McCoy, Levchenko, Savage, andVoelker, 2011; Thomas and Martin, 2006). These markets appear to be hosted andoperated primarily out of Russia and Eastern Europe, though a small proportion exist inthe USA and parts of Western Europe (Dunn, 2012; Symantec Corporation, 2012).Individuals commonly sell credit card and debit card accounts, PIN numbers, andsupporting customer information from around the world in bulk lots (Holt and Lampke,2010; Franklin et al., 2007; Motoyama et al., 2011). Some also offer “cash out” services toobtain physical money from electronic accounts by hijacking these accounts to engage in246
electronic fund transfers established by a hacker (Holt and Lampke, 2010; Franklin et al.,2007; Motoyama et al., 2011; Thomas and Martin, 2006). Others offer “drops services,”whereby individuals purchase electronics and other goods electronically using stolencards, have them shipped to intermediaries who pawn the items, and then wire the cashto interested parties (Holt and Lampke, 2010). A limited number of sellers also offer spamlists and malicious software tools that can be used to engage in fraud (Holt and Lampke,2010).The emergence of online carding markets enables individuals to engage efficiently incredit card fraud and identity theft with minimal effort and limited technical knowledgeor skill (Franklin et al., 2007; Holt and Lampke, 2010; Motoyama et al., 2011). Thesemarkets allow skilled hackers to garner a profit through the sale of information theyacquire to other criminals, while those who use the accounts can make money for asmall initial investment (Honeynet Research Alliance, 2003; Franklin et al., 2007; Holtand Lampke, 2010; Thomas and Martin, 2006). Furthermore, individuals around theworld may be victimized multiple times, removing the ability to control where and howindividuals have access to sensitive personal information (see Box 6.11 for details on arecent international incident involving stolen credit card data).Box 6.11 Using Japanese ATMs to defraud South AfricanbanksCriminals Steal 1.44 billion Yen ($13 million) from 1,400 ATMs in 2½hourshttps://www.hackread.com/japan-atms-money-stolen/.[L]aw enforcement authorities are investigating an incident in which a group of more than 100 cybercriminals has allegedly stolen 1.44 billion yen $13 million USD from 1,400 convenience stores fromautomated teller machines (ATMs) all over the country [Japan] in just 2½ hours on May 15.This story details an incident where a group of criminals in multiple cities acrossJapan used credit card data acquired from a South African bank to withdraw themaximum amount allowable from 1,400 ATMs in a matter of hours in 2016. This isarguably the most rapid and large amount of fraud ever conducted offline usingcard data acquired via electronic means.247
Carding markets constitute a unique subculture driven by individual interests in thesale and trade of sensitive information. The social nature of sales requires thatindividuals actively engage one another in order to conduct business. The virtual natureof these markets, however, makes it difficult for actors to truly trust others because theyare unable to physically inspect goods and merchandise prior to making a purchase(Franklin et al., 2007; Holt and Lampke, 2010; Motoyama et al., 2011). In the followingsection, we discuss the structure of the market in detail and the social forces that shaperelationships between buyers and sellers. Although there are variations in the marketscurrently operating online, we discuss the most common structures observed acrossmultiple studies.Carding market processes, actors, and relationshipsThe process of buying and selling goods in carding markets begins with an individualposting an advertisement in a forum or IRC channel describing the goods and servicesthey have available or which they need to complete a project (Franklin et al., 2007; Holtand Lampke, 2010; Motoyama et al., 2011). The level of information provided may vary,though the more detailed a post is, the more likely an individual may be to receive aresponse from interested parties. For instance, the following is an ad from a forum wherean individual was selling credit card numbers along with the CVV2, or CreditVerification Value number. This three-digit number appears on the back of credit anddebit cards in the signature line as a means to ensure that the customer has the card ontheir person at the point of sale, particularly for electronic purchases. The seller has goneto great lengths to describe his products and their utility in fraud:Hi everyone,I’m just a newcomer here and I offer you a great service with cheapest prices. Isell mainly CC/Cvv2 US and UK. I also sell International Cvv2 if you want. Before Iget Verified here, I sold Cvv2 in many forums. Some members in this forum knowme. Hope I can serve you all long time.Service details:My CC/Cvv2 comes with these infos:Name: Address: City: State: Zip: 248
Phone: Email: CC number: Exp day: CVN: (come with Cvv2, not with CC)Basic prices for each CC/Cvv2:++CC (without Cvv2 number): US: 0.5$ each UK: 1$ each++Cvv2:US: 1$ eachUk: 2.5$ each*** Cvv2 UK with DOB: 10$ each ****** Cvv2 US with DOB: 3$ each ****** US Visa Business/Purchasing: 4$ each ****** US Amex/Discover: 3$ each ***Add-on prices:+Special Card Type: +$1+Special Gender: +$1+Special City or State: +$1+Special Card BIN: +$1.5+Special Zip Code: +$1Term of service:– Payment must be done before CC/Cvv2 are sent.– Order over 100 CC/Cvv2 get 10% discount.– Order over 500 CC/Cvv2 get 15% discount.– Order over 1000 CC/Cvv2 get 20% discount.*** I do replace new cards if any invalid. ***Contact details:+PM me in the forum.+Email me as [removed]+Yahoo ID: [removed]+ICQ: [removed]^^ Have a good carding day and good luck ^^249
As noted above, the seller will specify their terms of service and the degree of servicethey offer to customers who need assistance. This varies based on the individual andtheir overall reputation within the market. In addition, sellers or buyers will include theirpreferred payment mechanism, which is usually an electronic medium, such as WebMoney (WM) or Yandex (Franklin et al., 2007; Holt and Lampke, 2010; Motoyama et al.,2011). A proportion also indicate that they will accept payments via Western Union, awire transfer service that sends currency between individuals. Electronic payments aregenerally preferred because they can be anonymized to reduce the risk of detection ortracking by law enforcement (Franklin et al., 2007; Holt and Lampke, 2010; Motoyama etal., 2011). Wire transfers, like Western Union, require individuals to show identificationin order to receive funds, which can increase the likelihood of arrest.Sellers also provide their preferred method of contact, since the sales and negotiationprocess occurs outside of the forum or IRC channel. Most individuals use the instantmessaging protocol ICQ, which is currently owned and operated out of Russia (Franklinet al., 2007; Holt and Lampke, 2010; Motoyama et al., 2011). A proportion of sellers alsoprovide email addresses, or will accept private messages through forum communicationsvenues. This helps protect the details of a conversation from the general public, though italso makes it difficult for individuals to lodge a complaint if they feel they have beencheated or swindled.In order to provide participants with some degree of information about the sellers incarding markets, some sites use a naming system in order to identify a person’s statusand reputation. An individual is given a title by the moderators or operators of a forumor IRC channel based on feedback from participants and the use of testers who canvalidate a seller’s claims. Many markets use the term unverified seller to identifysomeone who is new and therefore unable to be fully trusted. Individuals who choose todo business with that person do so at their own risk (Franklin et al., 2007; Holt andLampke, 2010; Motoyama et al., 2011).An individual may become a verified seller by providing a sample of data to a forummoderator or administrator, or alternatively offering malware or other services to bereviewed. Those forums which offer validation services will typically write and postreviews of the seller as a means of vetting an individual. Reviewers describe the qualityof a service or data source, problems they may have had in using the data, and anysupport offered by the seller. Those sellers and service providers who met the standardsof the forum may then be given verified status (Franklin et al., 2007; Holt and Lampke,2010; Motoyama et al., 2011).Some markets do not use naming conventions to identify sellers, so the participantswill often provide feedback within the forum or channel to provide a measure ofreputation and reliability. Positive feedback helps demonstrate the quality of a seller’sdata or services and may increase the overall reputation of a seller within the site.Negative feedback, however, can harm a seller’s business and push customers towardother vendors with generally favorable reviews. A seller who does not provide data afterbeing paid, is slow to respond to customers, or sells bad data and does not offer to250
replace their products may be called a ripper, or rip-off artist (Franklin et al., 2007; Holtand Lampke, 2010; Motoyama et al., 2011). This is a pejorative term in carding marketsthat, if left unanswered, may lead to an individual being banned from the site entirely.The use of customer feedback and specialized terms to identify participants are theonly real mechanisms available to participants in the event that they are dissatisfied witha transaction. Since the sale and distribution of stolen financial and personal data isillegal, participants cannot contact police or other customer protection services if theyare cheated. In addition, the virtual nature of the market makes it difficult forparticipants to confront someone in person. The use of informal sanctions is the only realway that markets can be regulated to ensure successful outcomes and general customersatisfaction (Franklin et al., 2007; Holt and Lampke, 2010; Motoyama et al., 2011).Social forces within carding marketsThe interactive nature of carding markets creates a unique series of social forces thatshape the relationships between participants. In fact, research by Holt and Lampke (2010)indicates that there are four key forces that affect the interactions and behaviors ofbuyers and sellers. These include (1) communications, (2) price, (3) product quality, and(4) customer service. The first issue, communications, is vital to ensure the efficient andrapid creation and completion of deals. Since data breaches and information theft maybe detected by consumers and financial institutions, carders have a limited timeframe fordata to remain valid and active. Those sellers who immediately respond to customerrequests are more likely to receive praise and positive feedback. Individuals taking hoursor days to respond to customer requests, or delaying the delivery of a purchased product,would receive negative feedback. This suggests that customer contact has a substantialinfluence on the behavior of sellers in order to garner trust and establish a reputation.Price points also affect the way in which customers select the services of sellers. Thereis some demonstrable competition among sellers to provide the lowest cost for theirservices. Customer feedback often notes that low prices spur the decision to buy from aspecific actor within the market. To help maintain customer bases over time, some sellersoffer bulk discounts to regular clients or free gifts with large purchases. This is helpful toincrease the amount of data a seller is able to offload and therefore maximize their profit.At the same time, customers view this as a beneficial mechanism to build trust and as ashow of service (Holt and Lampke, 2010).At the same time, the quality of a seller’s products is vital to ensure customers returnand buy from them over the long term. Those who offer bad data at low prices willreceive generally unfavorable reviews because customers want to get the greatest returnon their investments (Holt and Lampke, 2010). Thus, they will seek out sellers who havereasonable prices with a greater likelihood of active accounts with some value in order toexploit those funds.The final aspect of the market is customer service, which is an important tool to help251
drive a seller’s reputation and placate buyers who feel they have been cheated (Holt andLampke, 2010). For instance, some sellers offer free replacements for inactive or deadaccounts to ensure that their buyers are satisfied with a purchase. A number of reputablesellers also operate 24–7 customer support lines via ICQ to ensure that any technicalquestions or assistance can be immediately handled. Such resources are an importantmechanism to demonstrate a seller’s reputation and willingness to aid clients. This helpsminimize the likelihood of customers being ripped off and promotes smooth transactionsthat satisfy market demands.Taken as a whole, carding markets are a unique criminal subculture that mirrorselements of legitimate businesses. Their existence also engenders phish-ing, hacking, andother means of data theft in order to continually turn a profit through sales in the openmarket. As a result, there is a need for ongoing research to document the scope of thisform of crime and identify enforcement mechanisms to disrupt their operation.252
Identity theft and fraud lawsIn light of the myriad forms of fraud that can be perpetrated online, it is critical that thecriminal justice system has various mechanisms that may be employed to pursue theseoffenders. There are several legislative mechanisms that have emerged, primarily at thefederal level, to punish fraud. The most pertinent laws in the USA are listed under theIdentity Theft and Assumption Deterrence Act of 1998, which makes it a federalcrime to possess, transfer, or use a means of identification of another person withoutauthorization with the intent to commit or aid in the commission of illegal activity at thelocal, state, or federal level (Brenner, 2011). This includes a variety of specific actsoutlined in Title 18 of the US Legal Code (section 1028), including the following:a. Knowingly, and without authority, produce an identification document orsupporting materials for identification documents, such as holograms or otherimages.b. Knowingly transfer an identification document or materials with theknowledge that the item was stolen or produced without authority.c. Knowingly possess with the intent to use or transfer five or more identificationdocuments or materials.d. Knowingly possess an identification document or materials with the intent touse the item to defraud.e. Knowingly produce, transfer, or possess a document-making implement orauthentication feature that will be used in the creation of a false identitydocument.f. Knowingly possess an identification document or supporting materials of theUnited States that is stolen or produced without lawful authority.g. Knowingly transfer, possess, or use a means of identification of another personwithout authorization with intent to engage in unlawful activity.h. Knowingly traffic in false authentication materials for use in the creation offalse identification.These activities could affect interstate or foreign commerce, as well as any materials thatare sent through the mail, such as personal identifications or passports. The punishmentsfor identity crimes range from 5 to 15 years in prison, as well as fines and prospectiveforfeiture of goods and materials obtained while using an identity (Brenner, 2011).Under this law, an identification document is defined as “a document made or issuedby or under the authority of the United States government [.] with informationconcerning a particular individual, is of a type of intended, or commonly accepted forthe purpose of identification of individuals” (USC 1028d). This law also specificallyoutlaws the use of means of identification, which includes names, social security253
numbers, date of birth, drivers’ license or identification numbers, passport information,employer identification numbers, biometric data (such as fingerprints), unique electronicidentification numbers, addresses, bank routing numbers, or even thetelecommunications identifying information of an access device, such as the IP addressof a computer system (Brenner, 2011). Finally, this legislation made the Federal TradeCommission (FTC) a clearinghouse for consumer information on identity-related crimes.The Identity Theft Penalty Enhancement Act of 2003 added two years to any prisonsentence for individuals convicted of a felony who knowingly possessed, used, ortransferred identity documents of another person (Brenner, 2011). This act also addedfive years to the sentence received for identity theft convictions related to an act ofviolence or drug trafficking, and ten years if connected to international acts of terrorism.This specific enhancement is designed to further punish actors who may develop orcreate fictitious identities in support of acts of terror.In addition, the Identity Theft Enforcement and Restitution Act of 2008 isimportant because of its impact on sentencing and the pursuit of identity crimes(Brenner, 2011). Specifically, this Act allows offenders to be ordered to pay restitution asa penalty to victims of identity theft. This statute also enables more effectivemechanisms to prosecute offenses unrelated to computer fraud that could otherwise beprosecuted under the Computer Fraud and Abuse Act. In addition, it expands the abilityfor agencies to pursue computer fraud actors engaging in interstate or internationaloffenses. Finally, this Act imposes criminal and civil forfeitures of property used in thecommission of computer fraud behaviors.A final piece of federal legislation to note is the Fair and Accurate CreditTransactions Act of 2003. This law provided multiple protections to help reduce the riskof identity theft and assist victims in repairing their credit in the event of identity theft(Brenner, 2011). This includes requiring businesses to remove customer credit cardinformation (except for the last four digits) from receipts to reduce the risk ofvictimization. The law also allowed consumers to obtain a free credit report every yearfrom the major credit monitoring services to assist in the identification of fraudulenttransactions or potential identity theft. Finally, the Act provided mechanisms forconsumers to place and receive alerts on their credit file to reduce the risk of fraudulenttransactions. These steps are integral to protecting consumers from harm.Many states have outlawed acts of computer-based fraud and theft. Some choose toprosecute these offenses under existing computer-hacking statutes, while others includeseparate language pertaining to computer fraud (e.g., Arkansas, Hawaii). A number ofstates have also outlawed computer theft, which may include forms of piracy orcomputer hardware theft (e.g., Colorado, Georgia, Idaho, Iowa, Minnesota, New Jersey,Pennsylvania, Rhode Island, Vermont, Virginia). Every state has laws establishingidentity theft or impersonation, though the extent to which the kind of data or identityinformation is identified within the law varies (National Conference of StateLegislatures, 2016). In addition, 29 states have established specific laws and regulationsfor victims of identity theft to receive restitution for their experiences (National254
Conference of State Legislatures, 2016).In addition to laws pertaining to fraud and theft, a small number of states havedeveloped legislation related to large-scale data breaches, like the Heartland Bank orTJX compromises (National Conference of State Legislatures, 2016). Breaches can affecthundreds of thousands of victims through no fault of their own, creating a substantiveneed to ensure that consumers are protected. California was the first state to developsuch a law in 2003, entitled the California Security Breach Notification Act (Cal. CivilCode). This legislation requires Californian residents to be notified of a breach whenevera database compromise leads to the loss of an individual’s first and last name along withany of the following information: (1) social security number, (2) drivers’ license numberor California State ID card number, or (3) an account, debit, or credit card number incombination with any security information that could be used to authorize a transaction,such as the three-digit security code on the card.This law was designed to serve as a safeguard for consumers in the event that abreach led to the loss of sensitive information. In addition, this legislation validated theidea that companies and organizations are obliged to protect consumer data from harm.The near unanimous passing of this legislation led other states to develop their ownlanguage pertaining to breach notifications. Currently, there are breach notificationrequirements mandated by law in 47 states, the District of Columbia, Guam, Puerto Rico,and the Virgin Islands (National Conference of State Legislatures, 2016). They differ inthe extent to which a breach is defined, what entities must comply with the law, and theextent to which data must be protected. This will no doubt continue to evolve as thethreats to large databases of information change and increase with time.Many nations around the world have also criminalized identity crimes in somefashion, though their statutes may not actually include this phrase. For instance, Indiauses the phrase “identity theft” in their criminal code under Section 66C, making thefraudulent or dishonest use of passwords or unique identity information punishable byup to three years in prison and fines (Brenner, 2011). Australia does not use this phrasingin its Criminal Code Amendment Act 2000 in section 135.1, but this new code recognizesgeneral dishonesty where a person is guilty if they do anything with the intention ofdishonesty, causing a loss to another person, and that person is a Commonwealth entity(Brenner, 2011).Canada’s federal Criminal Code also has multiple sections related to identity crimes.Under section 402.2, anyone who knowingly obtains or possesses another person’sidentity information, such that the data may be used to commit some form of fraud ordeceit, may be subject to up to five years in prison (Holt and Schell, 2013). In addition,section 403 criminalizes the fraudulent use of another person’s identity information to (1)gain advantage for themselves or others, (2) obtain or gain interest in property, (3) causedisadvantage to the person being impersonated or others, or (4) avoid arrest orprosecution (Holt and Schell, 2013). Any violation of this statute may be punished with aprison sentence of up to ten years in total.The UK uses similar language regarding fraudulent or dishonest use in order to gain255
advantage or cause another person to lose in some fashion in its Fraud Act of 2006. Thisstatute applies specifically to England, Wales, and Northern Ireland, and also identifiesthree forms of fraud, including false representation of facts or laws, failure to discloseinformation when legally mandated, and fraud based on abuses of individual power tosafeguard or protect personal or financial information (Holt and Schell, 2013).The EU Convention on Cybercrime (CoC) also includes two articles pertaining tocomputer forgery and fraud, though it does not use the phrase identity fraud or theft(Brenner, 2011). The CoC requires nations to adopt legislation criminalizing access,input, deletion, or suppression of data that leads it to be considered inauthentic orfraudulent, even though it would otherwise be treated as though it were authentic data(Brenner, 2011). In addition, the CoC criminalizes the input or alteration of data and/orinterference with computer systems with the intent to defraud or procure economic gainand cause the loss of property of another person. This language applies directly tovarious forms of online fraud and data theft, making it a valuable component for thedevelopment of cybercrime law globally.Regulating fraud globallyThe myriad forms of fraud that can be perpetrated, coupled with the potential forfraudsters to victimize individuals around the world, makes this a difficult form of crimeto investigate. In the USA, local law enforcement agencies may serve as a primary pointof contact for a victim, as do the offices of state Attorneys General, who typically act asinformation clearinghouses for consumer fraud cases. In addition, states’ AttorneysGeneral offices can accept complaints on behalf of fraud victims and help directindividuals to the correct agency to facilitate investigations when appropriate. It isimportant to note that federal agencies will be responsible for cases where the victim andoffender reside in different states or countries. We will focus our discussion on theprimary federal agencies in various nations which are responsible for the investigation ofonline fraud due to the fact that the majority of online fraud cases involve victims livingin a separate jurisdiction from their offender (Internet Crime Complaint Center, 2009).The United States Secret Service (USSS) is one of the most prominent federal lawenforcement bodies involved in the investigation of online fraud in the USA. The SecretService was initially part of the U.S. Department of the Treasury and had a substantiverole in investigating the production of counterfeit currency and attempts to defraudfinancial payment systems (Moore, 2010). As banks and financial industries came todepend on technology in the 1980s and 1990s, the Secret Service increasingly investigatedInternet-based forms of fraud. Today, the cyber operations of the Secret Service includethe detection, criminal investigations, and prevention of financial crimes, includingcounterfeiting of US currency, access device fraud (including credit and debit fraud),complex cybercrimes, identity crimes and theft, network intrusions, bank fraud, andillicit financing operations (United States Secret Service, 2017). Financial institution fraud256
(FIF) offenses typically involve the use of counterfeit currency created in part bycomputers and sophisticated printing devices, as well as checks and other protectedfinancial products (Moore, 2010). Access-device fraud, whereby an individual uses creditcard numbers, PINs, passwords, and related account information to engage in acts offraud, is also a high priority of the Secret Service. The practices of carders are ofparticular interest to the Secret Service, as the sale and use of dumps and other financialinformation constitute acts of access-device fraud. Another area of interest is theinvestigation of general acts of fraud involving computers and systems of “federalinterest,” such that they play a role in, or directly facilitate, interstate or internationalcommerce and government information transfers (Moore, 2010). This is a very broadarea of investigation, including hacking offenses and the use of computers as storagedevices to hold stolen information or produce fraudulent financial materials. As a result,the Secret Service has been given the power to investigate a wide range of cybercrimes.To help ensure successful detection, investigation, and prosecution of these crimes, theSecret Service also operates Electronic Crimes Task Forces (ECTF) and Financial CrimesTask Forces (FCTF) across the country (United States Secret Service, 2017). After theSecret Service demonstrated the success of the first ECTF in New York City in 1995,Congress mandated a national network of task forces be created “to prevent, detect andinvestigate electronic crimes, including potential terrorist attacks against criticalinfrastructure and financial payment systems” (United States Secret Service, 2017).Currently, there are 39 ECTFs in the USA which work together with universities, local,state, and federal law enforcement, and the private sector to discuss trends anddevelopments in various cybercrimes. The FCTFs bring together law enforcementagencies and the private sector to more specifically create an organized response to thethreats against the US financial payment systems and critical infrastructures. As of thebeginning of 2017, there were 46 FCTFs operated by the Secret Service (United StatesSecret Service, 2017).In addition to the Secret Service, the Federal Bureau of Investigation plays aprominent role in the investigation of cybercrime, including online fraud. The FBI isconsidered the lead federal agency for investigating various forms of cybercrime (FBI,2017). The FBI also identified Internet fraud and identity theft as top crimes of interest(FBI, 2017). This is a change for the Bureau, which focused on traditional forms of white-collar crime and fraud in the real world until the early 2000s, when Internet use becamevirtually ubiquitous across the industrialized world. The expansion of FBI investigativeresponsibilities into online fraud is in keeping with their general role in the investigationof cyber-attacks against national infrastructure and security (FBI, 2017). Criminalentities, terrorist groups, and even nation-states may have a vested interest in identitytheft in order to fund various illicit activities and generally harm the economic safety ofthe nation and its citizens. Thus, both the Secret Service and the FBI now play a role inthe investigation of online fraud. This creates potential investigative challenges, asinvestigators across agencies must find ways to coordinate operations in order to avoidthe duplication of effort and de-conflict what actors are cooperating with law257
enforcement in compromising ongoing criminal investigations (see Box 6.12 for details).Box 6.12 The overlapping role of the Secret Service andthe Federal Bureau of InvestigationCrime Boards Come Crashing Downhttp://archive.wired.com/science/discoveries/news/2007/02/72585?currentPage=2.While Thomas had been working on the West Coast for the FBI, the Secret Service’s New Jersey office hadinfiltrated Shadowcrew separately, with the help of a confidential informant, and begun gatheringevidence against carders on that site.This article provides an overview of the relationships between the FBI and SecretService in the investigation and takedown of the group “the Shad-owcrew” andsubsequent investigations of other hacker groups.The Federal Bureau of Investigation also houses the Internet Crime ComplaintCenter (IC3) within its Cyber Operations Division. The IC3 Unit is staffed by both FBIagents and professional staff with expertise in the prevention, detection, andinvestigation of cybercrime. They also partner with industry representatives, such asInternet service providers, financial institutions, and online retailers, as well as withregulatory agencies and local, state, and federal law enforcement agencies to understandthe scope of various forms of online fraud. Victims can contact the agency through anonline reporting mechanism that accepts complaints for a range of offenses, though themost common contacts involve non-delivery of goods or non-payment, advance feefraud victimization, identity theft, auction fraud, and other forms of online fraud drivenvia spam (Internet Crime Complaint Center, 2017). In turn, victims may be directed tothe appropriate investigative resources to further handle complaints.For more on the IC3, go online to: https://pdf.ic3.gov/2015_IC3Report.pdf.258
The US Immigration and Customs Enforcement (ICE) and US Customs and BorderProtection (CBP) agencies also have an investigative responsibility regarding financialcrimes, fraud, and counterfeiting. Given that CBP agents monitor border crossings andports, they serve a pivotal role in the identification of attempts to smuggle in cash andcurrency, as well as use or transfer fraudulent documents. ICE is the largest investigativeagency within the Department of Homeland Security. Homeland Security Investigators,including ICE agents, investigate a wide variety of crimes in order to protect “the UnitedStates against terrorist and other criminal organizations who threaten [US] safety andnational security and transnational criminal enterprises who seek to exploit America’slegitimate trade, travel, and financial systems” (Immigration and Customs Enforcement,2017). In order to prevent or investigate terrorist acts and criminal behavior, theyinvestigate the flow of people, money, drugs, guns, fraudulent items, and other itemsacross US national boundaries. Therefore, the ICE and other HSI investigators play amajor role in investigating identity crimes, fraud, and smuggling (Immigration andCustoms Enforcement, 2017).In the UK, the primary agency responsible for managing fraud between 2008 and 2014was the National Fraud Authority (NFA), which was formed in order to increasecooperation between both the public and private sector (National Fraud Authority, 2014).The NFA acted as a clearinghouse for information on various forms of fraud and reportson the scope of fraud in any given year through the publication of the Annual FraudIndicator report. Through assessments of threats to the public and not-for-profit sectors,this report attempted to estimate the total costs of fraud to UK residents each year(National Fraud Authority, 2014). In March 2014, NFA functions were transferred toother agencies (National Fraud Authority, 2017). NFA staff that were working onstrategic development and threat analysis were transferred to the National CrimeAgency (NCA). The NCA addresses serious and organized crime in the UnitedKingdom, including cybercrime, fraud, and other Internet crimes. They operate theNational Cyber Crime Unit which “leads the UK’s response to cybercrime, supportspartners with specialist capabilities and coordinates the national response to the mostserious of cyber crime threats” by working with Regional Organized Crime Units, theMetropolitan Police Cyber Crime Unit, industry, and law enforcement and governmentagencies (National Crime Agency, 2017). Within the NCA, the Economic CrimeCommand focuses on reducing the impact of economic crime, including moneylaundering, fraud, and counterfeit currency, on the UK.Action Fraud, which was housed in the NFA, was transferred to the City of London259
Police (National Fraud Authority, 2017). Action Fraud is a reporting service that enablescitizens and businesses to file reports of fraud online or via phone and obtaininformation about how to better protect themselves from being victimized. In fact, theAction Fraud service is similar to that of the US IC3, in that victim complaints areforwarded to law enforcement. In this case, Action Fraud reports are examined by theCity of London Police and the National Fraud Intelligence Bureau (NFIB), operated bythe City of London police, for further investigation (Action Fraud, 2017). The NFIBcollects information on various forms of fraud and aggregates this data along withreports from business and industry sources into a large database called the NFIB KnowFraud system. Analysts can query this database to generate intelligence reports on thecredibility of fraud reports and develop information that may be used to pursue criminalcharges or other operations to disrupt fraudsters (Action Fraud, 2017).For more on reporting fraud in the UK, go online to:www.actionfraud.police.uk/report_fraud.Canada also uses a similar fraud reporting structure called the Canadian Anti-FraudCentre (CAFC), which is a joint effort of the Royal Canadian Mounted Police, OntarioProvincial Police, and the Competition Bureau. The CAFC collects reports andcomplaints on various forms of fraud, both online and offline, from victims througheither an online process or over the phone. The complaints received are aggregated andexamined by the Operational Support Unit (OSU) to develop intelligence packages andbriefs for Canadian agencies and task forces that investigate fraud, prepare fraudprevention campaigns, and the private and public sector on alternative preventativemeasures to reduce the ability of fraudsters to communicate with potential victims andtheir ability to launder funds (CAFC, 2017).There are also a number of non-governmental organizations and groups that offerassistance in dealing with fraud. For instance, the Anti-Phishing Working Group(APWG) is a not-for-profit global consortium of researchers, computer securityprofessionals, financial industry members, and law enforcement designed to documentthe scope of phishing attacks and provide policy recommendations to government andindustry groups worldwide (Anti-Phishing Working Group, 2017a). The APWG hasmembers from 1,800 institutions around the world, including financial institutions andtreaty organizations, such as the Council of Europe’s Convention on Cybercrime and the260
United Nations Office of Drugs and Crime (UNODC). The group collects statistics onactive phishing attacks provided by victims and researchers to supply information on themost likely targets for phishing attacks and shares this information with interestedparties to help combat these crimes. Furthermore, the APWG operates variousconferences designed to improve the detection, defense, and cessation of phishing andfraud victimization.The Federal Trade Commission (FTC) is a key resource for consumers and victims offraud, particularly after the passing of the Identity Theft Assumption and Deterrence Actof 1998. The FTC is an independent watchdog agency within the federal governmentresponsible for consumer protection and monitoring the business community to preventmonopolies and regulate fair practice statutes (FTC, 2017). There are three separatebureaus within the FTC: (1) Bureau of Competition, (2) Bureau of Consumer Protection,and (3) Bureau of Economics. The Bureau of Consumer Protection is tasked with theenforcement of laws related to consumer safety, fraud, and privacy protection. ThisBureau is staffed by attorneys who have the power to pursue cases against various formsof fraud and identity crimes. In particular, the FTC serves as a key reporting resource forconsumer complaints of identity crimes through both an online and telephone-basedreporting mechanism. It is important to note that the FTC does not pursue individualclaims to any resolution. Instead, the aggregation of reporting information is used todetermine when and how federal lawsuits may be brought against specific groups or todevelop legislation to protect consumers. The FTC also operates a spam-reportingdatabase to help track the various scams used by fraudsters over time. Finally, they offera variety of consumer-focused publications that discuss the risks for identity theft andways to protect credit scores, bank accounts, and other sensitive information.For more consumer information from the FTC, go online to:www.consumer.ftc.gov.The FTC is also increasingly involved in the regulation and monitoring of onlineadvertising campaigns. As consumers increasingly use e-commerce sites in the course oftheir shopping, it is vital that their rights and personal information are safeguarded fromdeceptive advertising practices or unfair tracking policies. For instance, the FTC filed acomplaint against Sears Holdings Management Corporation, the owner of the Sears andK-Mart retail chains, in 2009 (FTC, 2009). The suit alleged that the websites for both261
stores engaged in a campaign entitled “My SHC Community” that would allow users toprovide their opinions about their shopping practices and preferences. Individuals whoaccepted the invitation were then asked to download a program that wouldconfidentially track online browsing habits. Consumers would also be given $10 forleaving the application running for at least one month (FTC, 2009).The user agreement did not, however, explain the full behavior of the trackingprogram up front, which had the potential to capture consumer information, includingusernames, passwords, credit and bank account information, and other sensitive datathat the company had no need to obtain (FTC, 2009). As a result, the FTC pursued itscase against the corporation until such time as they agreed to clearly disclose theprocesses of the application on a secondary screen from the license agreement and tocontact all existing users to let them know of the potential for harm, as well as allowthem to remove the program. Finally, the corporation was to destroy all data obtainedfrom consumers prior to the filing of the suit (FTC, 2009).There are similar entities for data protection across the world, such as the UK’sInformation Commissioner’s Office (ICO) (whose main purpose is to protect the public’sinformation rights and privacy) (ICO, 2017), the Australian Government’s Office of theAustralian Information Commissioner (OAIC) (OAIC, 2017), and Spain’s AgenciaEspañola de Protección de Datos (AEPD) (AEPD, 2017). These agencies provide detailedinformation on governmental regulations, the protections that should be in place forpersonal data, and what individuals should do in the event that they are victimized insome fashion. In addition, these agencies may work together to share information andinvestigate some forms of offending. For instance, these nations all have a collaborativeworking agreement with the FTC to collect data on spam and other consumer threats(Federal Trade Commission, 2005).262
SummaryAs a society, we have increasingly come to depend on the Internet and computertechnology to manage virtually every aspect of our financial lives. This has unparalleledbenefits in that we can track expenses and monitor our purchases in near real time. Ourability to connect to others and to pay for purchases has also increased the opportunitiesfor fraudsters to take advantage of vulnerable populations. The use of email-based scamsallows individuals to create convincing replicas of messages from legitimate serviceproviders and vendors. Consumers must now be extremely cautious about accepting atface value what they see in online messages. The amount of sensitive information aboutour financial and personal lives that is now outside of our regulation has also createdopportunities for fraud that are beyond our control. Carders and data thieves can nowvictimize hundreds of thousands of people in a short space of time and gain a substantialprofit from the sale of these data.The response from the criminal justice and financial sector to these crimes hasimproved greatly over the past decade. There are still great challenges involved in thedetection, investigation, and successful prosecution of these cases due to thejurisdictional challenges that may exist. Since offenders and victims can be hundreds, ifnot thousands, of miles away from one another, it is difficult to arrest responsible partiesor even make victims whole through restitution. Thus, we must continually improveconsumer awareness of fraud to reduce the likelihood of victimization andsimultaneously expand the capabilities of law enforcement to respond to these crimes.Key terms419 scamsAction FraudAdvance fee email schemesAnti-Phishing Working Group (APWG)Canadian Anti-Fraud Centre (CAFC)CardingCarding marketsData breachesFair and Accurate Credit Transactions Act of 2003Federal Trade Commission (FTC)FraudIdentification documentIdentity fraud263
Identity theftIdentity Theft and Assumption Deterrence Act of 1998Identity Theft Enforcement and Restitution Act of 2008Identity Theft Penalty Enhancement Act of 2003Immigration and Customs Enforcement (ICE)Internet Crime Complaint Center (IC3)National Crime Agency (NCA)National Fraud Intelligence Bureau (NFIB)Personal identification number (PIN)Personally identifiable information (PII)PhishingPump-and-dump messagesRipperSecret shopper schemeUnited States Secret ServiceUnverified sellerUS Customs and Border Protection (CBP)Verified sellerWork-at-home schemesDiscussion questions1. As we continue to adopt new technologies to communicate, how willscammers use these spaces? For instance, how might a scammer useFaceTime or Skype to lure in prospective victims?2. Which demographic groups seem most susceptible to email-based fraudschemes, such as 419 scams? Why do you think this might be the case?3. What steps and techniques can individuals use to reduce their risk ofvictimization via carding or other non-interactive forms of fraud?4. How can nations work together better to address fraud? What is a nationsupposed to do if its citizens are routinely victimized online by citizens ofanother nation which refuses to do anything about it?264
ReferencesAction Fraud. (2015). Figures show online dating fraud is up by 33% last year. ActionFraud, February 13, 2015. Available at: www.actionfraud.police.uk/news/new-figures-show-online-dating-fraud-is-up-by-33per-cent-last-year-feb15.Action Fraud. (2017). What is Action Fraud? Available at:www.actionfraud.police.uk/about-us/who-we-are.Agencia Española de Protección de Datos (AEPD). (2017). Transparency: the Agency.Available at: www.agpd.es/portalwebAGPD/LaAgencia/index-ides-idphp.php.Allison, S. F. H., Schuck, A. M., and Learsch, K. M. (2005). Exploring the crime of identitytheft: Prevalence, clearance rates, and victim/offender characteristics, Journal ofCriminal Justice, 33, 19–29.Anti-Phishing Working Group. (2013). Phishing Activity Trends Report, 2nd Quarter2013. Available at: http://docs.apwg.org/reports/apwg_trends_report_q2_2013.pdf.Anti-Phishing Working Group. (2017a). Charter and Saga. Available at:www.antiphishing.org/about-APWG/.Anti-Phishing Working Group. (2017b). Phishing Activity Trends Report, 4th Quarter.Available at: http://apwg.org/resources/apwg-reports/.Baker, W. E., and Faulkner, R. R. (2003). Diffusion of fraud: Intermediate economic crimeand investor dynamics. Criminology, 41(4), 1173–1206.Balsmeier, P., Bergiel, B. J., and Viosca Jr., R. C. (2004). Internet fraud: A globalperspective. Journal of E-Business, 4(1), 1–12.Bohme, R., and Holz, T. (2006). The effect of stock spam on financial markets. Availableat: http://ssrn.com/abstract=897431 or http://dx.doi.org/10.2139/ssrn.897431.Brenner, S. W. (2011). Defining cybercrime: A review of federal and state law. In R. D.Clifford (ed.), Cybercrime: The Investigation, Prosecution, and Defense of aComputer-related Crime (3rd edn) (pp. 15–104). Raleigh, NC: Carolina AcademicPress.Buchanan, J., and Grant, A. J. (2001). Investigating and prosecuting Nigerian fraud.United States Attorneys’ Bulletin, November, 29–47.Buchanan, T., and Whitty, M. T. (2013). The online dating romance scam: Causes andconsequences of victimhood. Psychology, Crime & Law, 20, 261–283.Canadian Anti-Fraud Centre (CAFC). (2017). About the CAFC. Available at:www.antifraudcentre-centreantifraude.ca/about-ausujet/index-eng.htm.Chu, B., Holt, T. J., and Ahn, G. J. (2010). Examining the Creation, Distribution, andFunction of Malware On-Line. Washington, DC: National Institute of Justice.Available at: www.ncjrs.gov/pdffiles1/nij/grants/230112.pdf.Chua, C. E. H., Wareham, J., and Robey, D. (2007). The role of online tradingcommunities in managing Internet auction fraud. MIS Quarterly, 31, 750–781.265
Cifas. (2017). Identity fraud reaches record levels. Available at:www.cifas.org.uk/press_centre/identity-fraud-reaches-record-levels.Copes, H., and Vieraitis, L. M. (2009). Bounded rationality of identity thieves: Usingoffender-based research to inform policy. Criminology & Public Policy, 8(2), 237–262.Cross, C. 2015. No laughing matter: Blaming the victim of online fraud. InternationalReview of Victimology, 21, 187–204.Crowley, B. (2004). Lower prescription drug costs don’t tell the whole story . Availableat: www.aims.ca/en/home/library/details.aspx/1081 .Dolan, K. M. (2004). Internet auction fraud: The silent victims. Journal of EconomicCrime Management, 2, 1–22.Dunn, J. E. (2012). Russia cybercrime market doubles in 2011, says report. IT WorldToday. Available at: www.itworld.com/security/272448/russia-cybercrime-market-doubles-2011-says-report.Edelson, E. (2003). The 419 scam: Information warfare on the spam front and a proposalfor local filtering. Computers and Security, 22(5), 392–401.Experian. (2016). Fraud costing the UK economy £193bn a year. Available at:www.experianplc.com/media/news/2016/fraud-costing-the-uk-economy-193bn-a-year/.Experian India. (2016). Fraud risks in 2015. Available at:www.experian.in/assets/Experian-launches-India-Fraud-Report-2016.pdf.Federal Bureau of Investigation. (2017). What we investigate. Available at:www.fbi.gov/investigate.Federal Trade Commission. (2005). FTC, Spanish Data Protection Agency WorkingTogether to Fight Illegal Spam. February 24, 2005. Available at: www.ftc.gov/news-events/press-releases/2005/02/ftc-spanish-data-protection-agency-working-together-fight-illegal.Federal Trade Commission. (2009). Sears settles FTC charges regarding tracking software.FTC. Available at: www.ftc.gov/news-events/press-releases/2009/06/sears-settles-ftc-charges-regarding-tracking-software.Federal Trade Commission. (2013). Consumer Sentinel Network Data Book for January–December 2012. Available at:www.ftc.gov/sites/default/files/documents/reports_annual/sentinel-cy-2012/sentinel-cy2012.pdf.Federal Trade Commission. (2016). Consumer Sentinel Network Data Book for January–December 2016. Available at:www.ftc.gov/system/files/documents/reports/consumer-sentinel-network-data-book-january-december-2016/csn_cy-2016_data_book.pdf.Federal Trade Commission. (2017). Bureaus & Offices. Available at: www.ftc.gov/about-ftc/bureaus-offices.Finley, L. L. (2009). Online pharmaceutical sales and the challenge for law enforcement.In F. Schmalleger and M. Pittaro (eds), Crime of the Internet (pp. 101–128). SaddleRiver, NJ: Prentice Hall.266
Fox, S. (2004). Prescription drugs online . PewInternet and American Life Project.Available at: www.pewinternet.org/2004/10/10/prescription-drugs-online/.Franklin, J., Paxson, V., Perrig, A., and Savage, S. (2007). An inquiry into the nature andcause of the wealth of internet miscreants. Paper presented at CCS07, October 29–November 2, in Alexandria, VA.Frieder, L., and Zittrain, J. (2007). Spam works: Evidence from stock touts andcorresponding market activity. Berkman Center Research Publication No. 2006–11;Harvard Public Law Working Paper No. 135; Oxford Legal Studies Research PaperNo. 43/2006. Available at: http://ssrn.com/abstract=920553 orhttp://dx.doi.org/10.2139/ssrn.920553.Furnell, S. (2002). Cybercrime: Vandalizing the Information Society. Boston, MA:Addison-Wesley.Gregg, D. G., and Scott, J. E. (2006). The role of reputation systems in reducing on-lineauction fraud. International Journal of Electronic Commerce, 10, 95–120.Grow, B., Elgin, B., and Weintraub, A. (2006). Bitter pills: More and more people arebuying prescription drugs from shady online marketers. That could be hazardous totheir health. BusinessWeek. Available at: www.businessweek.com/stories/2006-12-17/bitter-pills.Hanke, M., and Hauser, F. (2006). On the effects of stock spam emails. Journal ofFinancial Markets, 11, 57–83.Harrell, E. (2014). Victims of Identity Theft, 2014 (NCJ 248991). Available at:www.bjs.gov/index.cfm?ty=pbdetail&iid=5408.Heath, S. (2015). Healthcare data breaches top concern in 2016, says Experian. HealthITSecurity, December 8, 2015. Available at: http://healthitsecurity.com/news/healthcare-data-breaches-top-concern-in-2016-says-experian.Herper, M. (2005). Bad medicine. Forbes. Available at:www.forbes.com/forbes/2005/0523/202.html.Higgins, K. J. (2014). Target, Neiman Marcus data breaches tip of the iceberg. DarkReading, January 13, 2014. Available at: www.darkreading.com/attacks-breaches/target-neiman-marcus-data-breaches-tip-o/240165363.Holt, T. J., and Graves, D.C. (2007). A qualitative analysis of advanced fee fraud schemes.The International Journal of Cyber-Criminology, 1, 137–154.Holt, T. J., and Lampke, E. (2010). Exploring stolen data markets on-line: Products andmarket forces. Criminal Justice Studies, 23, 33–50.Holt, T. J., and Schell, B. (2013). Hackers and Hacking: A Reference Handbook. New York:ABC-CLIO.Honeynet Research Alliance. (2003). Profile: Automated Credit Card Fraud. Know YourEnemy paper series. Available at: http://old.honeynet.org/papers/profiles/cc-fraud.pdf (accessed July 20, 2008).Immigration and Customs Enforcement (ICE). (2017). U.S. Immigration and CustomsEnforcement. Available at: www.ice.gov.Information Commissioner’s Office (ICO). (2017). About the ICO. Available at:267
https://ico.org.uk/about-the-ico/.Internet Crime Complaint Center. (2009). IC3 2009 Internet Crime Report. Available at:www.ic3.gov/media/annualreport/2009_IC3Report.pdf.Internet Crime Complaint Center. (2015). 2015 Internet Crime Report. Available at:https://pdf.ic3.gov/2015_IC3Report.pdf.Internet Crime Complaint Center. (2017). Federal Bureau of Investigation Internet CrimeComplaint Center (IC3). Available at: www.ic3.gov/about/default.aspx.James, L. (2005). Phishing Exposed. Rockland: Syngress.Javelin. (2017). 2017 Identity Fraud: Securing the Connected Life. Available at:www.javelinstrategy.com/coverage-area/2017-identity-fraud.Kaspersky. (2017). What is spam and a phishing scam. Available at:www.kaspersky.com/resource-center/threats/spam-phishing.King, A., and Thomas, J. (2009). You can’t cheat an honest man: Making ($$$s and) senseof the Nigerian email scams. In F. Schmalleger and M. Pittaro (eds), Crime of theInternet (pp. 206–224). Saddle River, NJ: Prentice Hall.Kitchens, T. L. (1993). The cash flow analysis method: Following the paper trail in Ponzischemes. FBI Law Enforcement Bulletin, August, 10–13.Knutson, M. C. (1996). The Remarkable Criminal Financial Career of Charles K. Ponzi.Available at: www.mark-knutson.com/blog/wp-content/uploads/2014/06/ponzi.pdf.Krebs, B. (2011). Are megabreaches out? E-thefts downsized in 2010. Krebs on Security.Available at: http://krebsonsecurity.com/2011/04/are-megabreaches-oute-thefts-downsized-in-2010/.Ledbury Research. (2007). Counterfeiting Luxury: Exposing the Myths (2nd edn). London:Davenport Lyons. Summary available at: www.wipo.int/ip-outreach/en/tools/research/details.jsp?id=583.LegitScript and KnujOn. (2009). No prescription required: Bing.com prescription drugads: A second look at how rogue Internet pharmacies are compromising the integrityof Microsoft’s online advertising program. Supplemental Report. LegitScript.com:Online Pharmacy Verification.Lipka, M. (2015). Whatsapp users get played in “pump and dump” scheme. CBS NewsMoneywatch, August 24.MarketWatch. (2014). Huge surge in spam emails pitching penny stocks. Available at:www.marketwatch.com/story/penny-stock-schemes-not-just-for-the-wolf-of-wall-st-2014-05-27.Mintel. (2015). Nearly 70% of Americans shop online regularly with close to 50% takingadvantage of free shipping. Available at: www.mintel.com/press-centre/technology-press-centre/nearly-70-of-americans-shop-online-regularly-with-close-to-50-taking-advantage-of-free-shipping.Moore, R. (2010). Cybercrime: Investigating High-technology Computer Crime (2nd edn).London: Routledge.Motoyama, M., McCoy, D., Levchenko, K., Savage, S., and Voelker, G. M. (2011). Ananalysis of underground forums. In Proceedings of the 2011 ACM SIGCOMM Internet268
Measurement Conference, 71–79.National Conference of State Legislatures. (2016). State Security Breach NotificationLaws. Available at: www.ncsl.org/issues-research/telecom/security-breach-notification-laws.aspx.National Crime Agency. (2017). About us. Available at:www.nationalcrimeagency.gov.uk/about-us.National Fraud Authority (NFA). (2013). Annual Fraud Indicator June 2013. Available at:www.gov.uk/government/uploads/system/uploads/attachment_data/file/206552/nfa-annual-fraud-indicator-2013.pdf.National Fraud Authority (NFA). (2014). What We Do. Available at:www.gov.uk/government/organisations/national-fraud-authority/about.National Fraud Authority (NFA). (2017). National Fraud Authority. Available at:www.gov.uk/government/organisations/national-fraud-authority.Newman, G., and Clarke, R. (2003). Superhighway Robbery: Preventing E-commerceCrime. Cullompton: Willan Press.Office of the Australian Information Commissioner (OAIC). (2017). About Us. Availableat: www.oaic.gov.au/about-us/.Organisation for Economic Co-operation and Development (OECD). (2016). Trade incounterfeit and pirated goods. Available at: www.oecd.org/governance/trade-in-counterfeit-and-pirated-goods-9789264252653-en.htm.PandaLabs. (2015). Panda Labs’ Annual Report 2015. Available at:www.pandasecurity.com/mediacenter/src/uploads/2014/07/Pandalabs-2015-anual-EN.pdf.Phillips, T. (2005). Knockoff: The Deadly Trade in Counterfeit Goods. Sterling, VA: KoganPage.PSI. (2017a). Counterfeit Situation: Geographic Distribution. Available at: www.psi-inc.org/geographicDistributions.cfm.PSI. (2017b). Counterfeit Situation: Incident Trends. Available at: www.psi-inc.org/incidentTrends.cfm.PWC. (2016). Total Retail Survey 2016. Available at:www.pwc.com/gx/en/industries/retail-consumer/global-total-retail.html.Roberts, P. F. (2007). Retailer TJX reports massive data breach: Credit, debit data stolen.Extent of breach still unknown. Info World. Available at:www.infoworld.com/d/security-central/retailer-tjx-reports-massive-data-breach-953.Scamwatch. (2017). Scam statistics. Available at: www.scamwatch.gov.au/about-scamwatch/scam-statistics?scamid=13&date=2016.Smith, R. G., Holmes, M. N., and Kaufmann, P. (1999). Trends and Issues in Crime andCriminal Justice No. 121: Nigerian Advance Fee Fraud. Australian Institute ofCriminology. Available at: www.aic.gov.au/documents/D/C/4/%7BDC45B071–70BC-4EB1-B92D-4EEBE31F6D9E%7Dti121.pdf.Smith, T. (2014). New Shopping Report reveals one in six bargain-hunters duped byrogue sites. Available at: www.markmonitor.com/mmblog/newshopping-report-269
reveals-one-in-six-bargain-hunters-duped-by-rogue-sites/.Sophic Capital. (2015). Counterfeit Pharmaceuticals. Available at:http://sophiccapital.com/wp-content/uploads/2015/04/DOWNLOAD-SOPHIC-CAPITALS-COUNTERFEIT-PHARMACEUTICAL-REPORT.pdf.Stevenson, R. J. (1998). The Boiler Room and Other Telephone Scams. Champagne:University of Illinois Press.Stoppler, M. (2005). Buying prescription drugs online – are the risks worth it? Availableat: www.medicinenet.com/ (accessed June 26, 2006).Sullivan, M. (2004). Online drug sales targeted. PC World.Symantec Corporation. (2012). Symantec Internet Security Threat Report, Volume 17.Available at: www.symantec.com/threatreport/.Symantec. (2016). 2016 Internet Security Threat Report. Available at:www.symantec.com/security-center/threat-report?inid=globalnav_scflyout_istr.Taylor, R. W., Fritsch, E. J., Liederbach, J., and Holt, T. J. (2010). Digital Crime andDigital Terrorism (2nd edn). Upper Saddle River, NJ: Pearson Prentice Hall.Thomas, R., and Martin, J. (2006). The underground economy: Priceless . login, 31, 7–16.Tillman, R. H., and Indergaard, M. L. (2005). Pump and Dump: The Rancid Rules of theNew Economy. Newark: Rutgers University Press.Tinnin, A. (2005). Online pharmacies are new vehicle for raising some old legal issues.Kansas City Missouri Daily Record.Turner, S., Copes, H., Kerley, K. R., and Warner, G. (2013). Understanding online work-at-home scams through an analysis of electronic mail and websites. In T. J. Holt (ed.),Crime On-line: Causes, Correlates, and Context (2nd edn) (pp. 81–108). Raleigh, NC:Carolina Academic Press.Twenga. (2016). E-commerce in the United Kingdom: Facts & Figures. Available at:www.twenga-solutions.com/en/insights/ecommerceunited-kingdom-factsfigures-2016/.United States Attorney’s Office. (2013). Nine individuals indicted in one of the largestinternational penny stock frauds and advance fee schemes in history. Federal Bureauof Investigation. Available at: www.fbi.gov/newyork/press-releases/2013/nine-individuals-indicted-in-one-of-the-largest-international-penny-stock-frauds-and-advance-fee-schemes-in-history.United States Department of State. (1997). Nigerian Advance Fee Fraud. Bureau ofInternational Narcotics and Law Enforcement Affairs.United States General Accounting Office. (2004). Internet Pharmacies: Some Pose SafetyRisks for Consumers. General Accounting Office Report to the Chairman, PermanentSubcommittee on Investigations, Committee on Governmental Affairs, US Senate,Washington, DC. Available at: www.gao.gov/new.items/d04820.pdf.United States Secret Service. (2017). The Investigative Mission. Available at:www.secretservice.gov/investigation/#cyber.Verini, J. (2010). The great cyberheist. The New York Times, November 14, 2010.Available at: www.nytimes.com/2010/11/14/magazine/14Hacker-t.html?_r=1.270
Wadleigh, J., Drew, J., and Moore, T. (2015). The e-commerce market for lemons:Identification and analysis of websites selling counterfeit goods. In Proceedings of the24th International Conference on World Wide Web (pp. 1188–1197). InternationalWorld Wide Web Conferences Steering Committee.Wall, D. (2004). Digital realism and the governance of spam as cybercrime. EuropeanJournal on Criminal Policy and Research, 10, 309–335.Wall, D. S. (2001). Cybercrimes and the Internet. In D. S. Wall (ed.), Crime and theInternet (pp. 1–17). New York: Routledge.Wall, D. S. (2007). Cybercrime: The Transformation of Crime in the Information Age.Cambridge: Polity Press.Wall, D. S., and Large, J. (2010). Locating the public interest in policing counterfeitluxury fashion goods. British Journal of Criminology, 50, 1094–1116.Whitty, M. T., and Buchanan, T. (2012). The online romance scam: A serious cybercrime.Cyberpsychology, Behavior, and Social Networking, 15, 181–183.Wilson, M. (2011). Accenture survey: Discounters continue to dominate back-to-schoolshopping. Chain Store Age. Available at: www.chainstoreage.com/article/accenture-survey-discounters-continue-dominate-back-school-shopping (accessed August 15,2011).Wood, P. A. (2004). Spammer in the works: Everything you need to know aboutprotecting yourself and your business from the rising tide of unsolicited “spam”email. A Message Labs White Paper, April. Available at: www.construct-it.org.uk/pages/sources/A%20spammer%20in%20the%20works.pdf.271
Chapter 7Pornography, Prostitution, and Sex CrimesChapter goals• Understand the range of sexual expression and activity online.• Identify the evolution of pornography in tandem with technology.• Understand the role of the Internet in prostitution.• Know the laws pertaining to obscenity and sex work.• Recognize the role of self-regulation in dealing with obscenity around theworld.272
IntroductionAs technologies have improved over the past two decades, the ability for human beingsto connect in real time has increased dramatically. In the early days of the Web, BBSsand chatrooms gave people the ability to talk via text, though this lost some of thecontext of facial and emotional expression, such as laughter or anger. As camera andvideo technology evolved, so did its use online through the introduction of Skype andother video-chat programs. The inclusion of cameras in virtually all computing deviceshas led to the growth of social media platforms focused on sharing photos and videoswith others, such as Snapchat and Instagram.As a result, an increasingly large number of people are using these technologies toenhance their romantic relationships or flirt with others, though this was not perhaps theintention of the developers. People can send photos or videos of themselves inprovocative outfits or engage in sexually suggestive activities with great ease throughtext messaging. This activity, colloquially called sexting, has become popular as it isperceived as a way to attract or stimulate a prospective partner with a degree of security,since it is directed toward only one recipient rather than routed through an email client,which might make the content visible to others (Mitchell, Finkelhor, Jones, and Wolak,2012). In fact, the impact of sexting upon popular culture may be seen in songs such asthe 2016 Top-40 rap song by Yo Gotti called “Down in the DM” which explores theprocess of sending and receiving nude images via social media sites.The seemingly common practice of sexting led researchers to examine the prevalenceof this activity among young people. Results vary depending on the sample population,though a recent nationally representative sample of US youth between the ages of 10 and17 found that only 2.5 percent sent pictures of themselves in a nude or nearly nude stateto others, 7.1 percent had received nude or nearly nude images of others, and 5.9 percentreported receiving images of sexual activity (Mitchell et al., 2012). By contrast, a surveyof a recent sample of over 2,000 youth in New South Wales, Australia found that almosthalf had sent a sexual image or video of themselves to another person (Lee, Crofts,McGovern, & Milivojevic, 2015). Almost 60 percent of the same sample received animage or video from another person, with the highest sexting activities reported among13- to 15-year-olds (Lee et al., 2015).Regardless of the proportion of people who engage in sexting, it is important to notethat the instant the photo or video is sent, it is no longer something that the sender cancontrol. Even content sent via social media sites like Snapchat, which suggest that nouser content is retained, may still be captured via screenshots. A recipient can easilycirculate the content to others or repost the image on a social media site, like Facebook,to embarrass the sender (Mitchell et al., 2012). Worse still, a number of websites haveemerged specifically for individuals to post sexual images and videos they received or273
acquired for others to see. These sites are often referred to as revenge porn, as peopleoften post content they receive from an intimate partner after a relationship sours, or byhacking someone’s phone or email account in order to acquire pictures and embarrassthe sender (Halloran, 2014).The release of revenge porn has become popular, leading to the development ofmultiple websites dedicated to such content. For instance, the website IsAnyoneUp.com,which was subtitled “Pure Evil,” was created by Hunter Moore in 2010 (Dodero, 2012).He began to post pictures of a woman who continuously sent him sexual images on ablog space and provided a link for others to submit photos to be posted. As contentbegan to roll in – some from hackers, some from ex-girlfriends and boyfriends, and somefrom individuals just interested in seeing themselves online – Moore would link thephotos to the Facebook or Twitter page of the individual featured (Dodero, 2012). Thesite became quite popular, though it drew substantial criticism from individuals whowere unwittingly featured on the site. As a result, Moore sold the site to an anti-bullyinggroup in 2012, arguing that he was no longer able to support the site due to its expenseand the difficulties of reporting the submitted images of child pornography to lawenforcement. Eventually, Moore and a hacker he worked with were indicted in January2014 in federal court on 15 counts of violations of the Computer Fraud and Abuse Act onthe premise that photos were acquired through the use of hacking techniques andidentity theft (Liebelson, 2014). Both were eventually found guilty, though some arguethat their sentences were too lenient relative to the impact they had on their victims’lives (see Box 7.1 for more discussion).Box 7.1 The impact of revenge porn on its victimshttps://motherboard.vice.com/en_us/article/xygzz7/hunter-moore-revenge-porn-victim-got-a-whopping-14570-in-restitution.Hunter Moore Revenge Porn Victim Got a Whopping $145.70 inRestitutionThe $145.70 is being paid to a single victim, identified only as L.B. Her email account was hacked in 2011by Moore’s co-defendant, Charles Evens, who was sentenced to 25 months in prison last week. HunterMoore paid Evens to acquire as many hacked photos as possible.274
This article provides a discussion about the outcome of the prosecution of HunterMoore and Charles Evens, who published sexual images of multiple women on thewebsite isanyoneup.com. The issue of victim restitution relative to the impact thatthe publication of revenge porn content has on their lives is explored, giving contextto the need for greater legal solutions to assist individuals whose lives have beenaffected.Sexting and revenge porn are just more recent examples of the way in whichtechnology has been used to produce and disseminate sexually explicit content.Technological innovation and sexuality have in fact been intertwined since the firsthuman being attempted to paint on cave walls (Lane, 2000). This relationship has beenbrought to the forefront, as we now use devices that can record and transmit any and allof our activities to others. As a result, this chapter will consider the ways in whichhuman beings use technology to engage in various forms of sexual expression. We willalso consider the impact of technology upon paid sexual encounters, or prostitution,which has been in existence since the emergence of society. Finally, we will consider thecomplex legal structures used to define obscenity and pornography, as well as the widerange of well-connected agencies that investigate these offenses.275
The spectrum of sexuality onlineComputer-mediated communications allow individuals to engage easily in sexuallyexplicit discussions, view pornography (Lane, 2000), and participate in more serious acts,including creating, disseminating, downloading, and/or viewing pedophilia and childpornography (Durkin and Bryant, 1999; Quayle and Taylor, 2002). In addition, theInternet has engendered the formation of deviant subcultures that were otherwiseunlikely or limited in the real world (see Quinn and Forsyth, 2005). Individuals canconnect with others who share their interests to find social support and informationsharing. Virtual environments provide an opportunity for deviants to connect andcommunicate without fear of reprisal or scorn, though their actions may often take placein the real world (Quinn and Forsyth, 2005).As a result, the Internet now provides resources that cater to all individuals, regardlessof sexual orientation or preferences. In addition, these services can be arrayed along aspectrum from legal but deviant to highly illegal depending on the nature of the contentand the laws of a given country (Quinn and Forsyth, 2005). For example, there are anumber of service providers offering completely legal resources to connect individualstogether, such as dating services like Match. com and plentyoffish.com. These sites allowindividuals to create personal profiles noting their likes and dislikes, connect with otherswho share their interests, and potentially meet offline for a date or build a long-termrelationship. Similar services, however, also exist that are designed to facilitate short-term sexual encounters, including extramarital affairs, based on personal profiles thatconnect interested parties together. Websites like AshleyMadison.com have becomeextremely popular, despite the fact that they encourage casual sex between people whoare otherwise engaged in monogamous relationships (Bort, 2013).In addition to content designed to facilitate relationships, there is also a great deal ofpornography, defined broadly as the representation of sexual situations and content forthe purposes of sexual arousal and stimulation (Lane, 2000), available online. Theseerotic writings, photos, video, and audio content, which are easily accessible, are largelylegal, but may be viewed as deviant depending on the social norms and values within acommunity (Brenner, 2011). In the USA and most Western nations, pornographic contentis legal so long as the participants (or those depicted in the work) are over the age of 18and the consumer is of legal age. Some content, such as sex between animals andhumans, rape or physical harm, and images featuring children and minors, are illegal(Quinn and Forsyth, 2013). The lack of boundaries in online spaces, however, makes ithard to completely regulate or restrict individuals’ access to this content.For more on the legal status of pornography, go online to:276
http://en.wikipedia.org/wiki/Pornography_by_region.The availability of pornography and erotica has enabled individuals to find contentthat appeals to any interest, no matter how unusual. In fact, there is now a wide range ofonline content providers that cater to specific sexual fetishes, where individualsexperience sexual arousal or enhancement of a romantic encounter based on theintegration of physical objects or certain situations (Quinn and Forsyth, 2013). Fetishescan include anything from wearing high heels or a certain type of clothing (e.g., nursingor police officer uniforms), to more extreme acts, including sex with animals (bestiality)or the dead (necrophilia). The range of subjects that are now featured in pornographiccontent online has led to the concept of “Rule 34,” which essentially states that “if itexists, there is pornographic content of it” (Olson, 2012).The Internet also facilitates paid sexual services of all kinds which operate at varyingdegrees of legality. The development of high-speed Internet connectivity and live-streaming video feeds allows male and female performers to engage in sex shows ondemand where they are paid for their time (Roberts and Hunt, 2012). Sites likeLiveJasmin provide access to cam whores, or performers who engage in text-basedconversations with individuals viewing them on streaming-video feeds and take requestsfor specific behaviors or sexual acts. In turn, the performer can be taken into a privatesession where the viewer pays by the minute to interact with and direct the performer toengage in various activities (Roberts and Hunt, 2012). Although these exchanges do notinvolve actual physical contact between the provider and the client, making theencounters completely acceptable from a legal standpoint, the acceptance of paymentmakes this a form of sex work.For more on sex work, go online to:http://rabble.ca/books/reviews/2014/05/working-it-sex-work-labour.277
Technology also facilitates traditional prostitution in the real world, where individualspay for sexual encounters with another person. For instance, clients of sex workers useforums and other CMCs to discuss the sexual services available in a location and the actsthat sex workers will engage in (Holt and Blevins, 2007; Milrod and Monto, 2012;Weitzer, 2005). Sex workers use websites, blogs, and email in order to arrange meetingswith clients and vet them before they meet in the real world (Cunningham and Kendall,2010). Although these communications are not illegal, laws pertaining to the act ofprostitution vary from country to country (Weitzer, 2012). Some nations, such as theUSA, Russia, and China, have criminalized both the sale and solicitation of sex. Othernations, including Sweden, Norway, and Canada, have made it illegal to pay for sex as aclient, though sex workers can legally engage in prostitution. Still other nations havelegalized prostitution entirely, such as the UK, though they may have laws againstcertain activities such as soliciting sex in public places (Weitzer, 2012). For those nationsthat have criminalized both the solicitation and sale of sex, technology is making iteasier for both clients and providers to reduce their risk of detection and arrest.Throughout this chapter we will consider the range of sexual activities that arefacilitated by technology using examples of each behavior, though this will not be anexhaustive description of all sexual services or preferences.278
Pornography in the digital agePrior to the Internet and consumer access to digital media, the production of sexualmaterials was primarily limited to professional production studios and artists. Amateurswere able to write their own erotic fiction and paint or sculpt images, though they mayvary in quality.The development of audio and visual recording equipment in the nineteenth centuryrevolutionized the creation of sexual images. No longer were individuals limited to linedrawings or other artistic representations of sexual images; instead, the human bodycould be represented as it was in real life (Yar, 2013). The first photographs featuringnudes were popularized by Louis Daguerre of France as a means to support the trainingof painters and other artists. Due to the process of photography at this time, it tookbetween 3 and 15 minutes for an image to be captured, making it virtually impossible toshow individuals engaged in actual sex acts (Lane, 2000). As photographic processingevolved in the 1840s and 1850s, the cost of creating images decreased, allowing nudesand erotic photos to be sold at a cost which the middle class could easily afford. Imagesof nudes were also printed on postcard stock and sent through the mail to others,becoming colloquially known as “French postcards” (Lane, 2000).The development of motion picture films in Europe in 1895 was followed almostimmediately by the creation of the first erotic films (Lane, 2000). In 1896, the film LeCoucher de la Marie was made by Eugene Pirou and showed a woman engaging in astriptease. Shortly thereafter, European and South American filmmakers produced filmsfeaturing actual sex between couples, such as A L’Ecu d’Or ou la Bonne Auberge from1908 and Am Abend from 1910.Producing erotic images or pornographic films during this period was extremely risky,as social mores regarding sex were very different from those of today. Up until theVictorian era of the mid-1800s, there were few laws regarding possession or ownershipof sexual images and objects. In fact, the world’s first laws criminalizing pornographiccontent were created in the UK through the Obscene Publications Act (OPE) of 1857(Yar, 2013). This Act made it illegal to sell, possess, or publish obscene material, whichwas not clearly defined in the law. Law enforcement could also search, seize, and destroyany content found, which was a tremendous extension of police powers at the time(Lane, 2000). Shortly thereafter, similar legal structures began to emerge throughoutEurope and the Americas in order to help minimize the perceived corrupting influence ofsuch content on the masses.As a way to skirt these laws, pornography producers began to market their materialsas either artworks or celebrations of health or nature, such as nudist lifestyles.Gentlemen’s magazines also included images and drawings of nudes. The developmentof Playboy magazine in the 1950s epitomized the attempt to combine tasteful nudity279
coupled with traditional content regarding fashion, fiction, and news stories (Lane, 2000).These works pushed conventional attitudes toward perceived obscene content in massmedia, while underground publishers were producing images of sexual intercourse andfetish materials that were sold through direct mail and in less reputable stores. Thesematerials often drew the attention of law enforcement, though social standards began tosoften in the late 1960s and 1970s toward erotica and pornography. As a result,magazines and films became more prevalent and could be purchased at news-stands andsome retailers, leading to a range of publications, from Hustler to Penthouse (Lane, 2000).Social attitudes toward obscene content evolved concurrently with technologicalinnovations that became available to consumers in the 1970s through the 1990s. In the1970s, the development of the Polaroid instant camera and relatively affordable homevideo recording equipment made it easier for individuals to create their ownpornographic media in the privacy of their own homes (Lane, 2000). The creation of thevideo cassette during the 1970s was also revolutionary, as consumers could recordcontent using inexpensive recording cameras that put images on to blank tapes ratherthan film stock. Thus, individuals could film their own sexual experiences, and couldthen watch them using video cassette recorders (VCRs) in their own homes ondemand. These affordable devices revolutionized the production of pornography, somuch so that the pornographic film industry began to record using VHS tapes ratherthan actual film stock. As a result, the industry exploded and became extremelyprofitable due to low costs and high-volume sales and rentals. Similarly, amateur contentbecame increasingly possible, as consumers owned the equipment needed to make theirown sex tapes at home.As technology continued to improve in the late 1990s with the expansion of the WorldWide Web, individuals began to experiment with how they could use computers andmedia to create sexual images in their own homes without the need for majordistribution through existing publishers (Yar, 2013). Digital cameras, web cams, andhigh-speed Internet connectivity allowed individuals to develop materials to sell directlyto interested parties, regardless of whether they worked with existing porn producers oron their own out of their own homes. One of the prime examples of such a story is thatof Sandra and Kevin Otterson, or Wifey and Hubby, who have operated their ownpornographic website selling content they produce since 1998 (Cromer, 1998). The couplehad no prior involvement in the porn or sex industry but were simply interested insharing images of themselves. Kevin first posted scanned images of Polaroid pictures ofhis spouse on a Usenet group in 1997 and received extremely positive feedback fromothers. They continued to post pictures and eventually started to sell the materialsthrough direct mailing. Their website first came online in January 1998 and charged amonthly fee of $9.95 in order to access pictures, videos, and additional content that couldbe purchased through the real world. At the time, the couple estimated that they hadmade a few hundred thousand dollars from the sale of their content (Cromer, 1998).The popularity of the Web and computer technology led to a massive explosion ofadult content online. In fact, there were some questions as to the impact that immediate280
access to porn could have upon society as a whole. A study which exacerbated this issuewas published by an undergraduate student named Martin Rimm at Carnegie MellonUniversity in 1995, and attempted to document the scope of pornography online at thetime (Godwin, 2003). His study, commonly referenced as the Carnegie Mellon Report,suggested that over 80 percent of images on the Internet involved sexually explicitcontent, which led to tremendous coverage in major news outlets, like Time magazineand Nightline, about the threat of cyberporn (Godwin, 2003). Policy makers began to callfor restrictions on pornographic content on the Internet, creating a minor moral panicover how youth may be corrupted by the ability to see porn online. Shortly after thisfirestorm began, academics started to review the methods employed in his work anddiscredited its findings based on limited methods and questionable ethics (Godwin,2003). Regardless, Rimm’s work has had a long-standing impact upon the perceivedavailability of porn on the Internet and affected legislation to deal with obscene content.For more on the fallout from the Carnegie Mellon Report, go online to:www.columbia.edu/cu/21stC/issue-1.2/Cyber.htm.Even now, the evolution of applications, high-quality digital cameras in mobilephones and tablets, and online outlets are affecting the production of porn. For instance,a recent study examining 130 million Tumblr users’ account data found thatapproximately 22 percent of the sample intentionally consumed pornographic content onthe service, though only 1 percent produced unique pornographic content themselves(Coletto, Aiello, Lucchese, and Silvestri, 2016). The photo-sharing application Snapchat,which deletes images after being viewed by the recipient, also has a base of users whohave monetized the service as a mechanism to produce pornographic photos and videos.Individuals need only set up a premium account, where others pay to view the user’scontent via various services like Paypal or Snapcash, the in-app payment system(Reynolds, 2016).The popularity of photos and videos taken by amateurs using mobile phone cameras,whether voluntarily or as “revenge porn,” has created a unique demand for this content.Not only have professional porn producers simulated this content with professionalperformers, but individuals also share amateur content with others online via forumsand file-sharing sites. The desire for amateur content may have been part of the drivingforce for the release of illegally acquired photos and videos of multiple celebrities on281
August 31, 2014 (Drury, 2015). The images appeared initially on the website 4chan, butlater appeared on a range of websites around the world, and has been referred to as TheFappening (slang for masturbation), or Celebgate due to the target of the releases. Theimages of major and minor celebrities who were iPhone users were acquired throughphishing schemes to obtain their usernames and passwords (Drury, 2015). In turn, severalhackers gained access to hundreds of celebrities’ content hosted on the Apple iCloudstorage platform. The images acquired were shared widely across the Web, thoughattempts to remove the content from websites or blogs are always defeated byindividuals who repost it elsewhere.For more on the ways that celebrity data was acquired from iCloud, go onlineto: www.zdziarski.com/blog/?p=3783.As technology continues to evolve, pornography producers have also attempted tostay current with new trends. In particular, the porn industry is creating contentspecifically for use in Virtual Reality (VR) headsets, where individuals insert their smartphones into a special wearable headset cradle that produces an entirely immersiveexperience (see Box 7.2 for more details). Scenes are shot specifically for VR users usingmultiple cameras and are edited so as to place the viewer directly into the scene.Regardless of the acceptance of VR as a new media platform, this example clearlydemonstrates that the landscape of porn will continue to evolve in tandem with our useof popular technologies.Box 7.2 The rise of VR porn contentwww.dailynews.com/arts-and-entertainment/20170113/porn-fans-exposed-to-282
virtual-reality-the-industrys-next-big-thing.Porn fans exposed to virtual reality: the industry’s “next big thing”“I firmly believe virtual reality is the next big thing for the adult entertainment industry – and it will makeobsolete traditional recorded two-dimensional porn,” said Alec Helmy, founder of XBIZ, an annual porntrade expo.This article gives a brief overview on the rise of VR pornography and itsdevelopment in southern California, which is home to the majority of the globaladult entertainment industry.283
Prostitution and sex workIn recent years, researchers have explored the influence of technology on what isarguably the world’s oldest trade: prostitution. The practice of paying for sex may beviewed as a sort of labor market where there is both a demand from clients or those whopay for the encounter and those suppliers who are paid for their services.There is a range of providers currently engaged in the sale of sexual services, withprostitutes who work soliciting individuals on the streets comprising the lowest rung ofsex work (Lucas, 2005). Although studies estimate that street prostitutes comprise 10 to20 percent of all sex workers, they are often racial minorities who receive very lowwages and face significantly higher rates of arrest (Alexander, 1998; Cooper, 1989;Hampton, 1988; Levitt and Venkatesh, 2007; Rhode, 1989; West, 1998). The largerproportion of sex workers operate behind closed doors in homes, apartments, andbusinesses (such as massage parlors and strip clubs), where the risk of arrest issubstantially lower. Finally, escorts and high-end call girls comprise the highest echelonof sex workers and are thought to make much higher wages than any other sex workers(Lucas, 2005; Moffatt, 2005; Weitzer, 2000, 2005).Paid sexual encounters were traditionally driven by discrete face-to-face exchanges onthe street or behind closed doors in the real world. The emergence of the Internet andCMCs has revolutionized the practice by enabling providers and clients to connect on aone-to-one basis at any time. For instance, individuals can text or email sex workers todetermine their availability and set up meetings. In fact, many escorts now operate theirown websites and blogs, and advertise in various outlets online to attract customers.For more on the role of the Internet in prostitution and human trafficking, goonline to: www.commercialappeal.com/story/news/crime/2017/01/27/ex-mata-ceo-among-arrests-memphis-sex-trafficking-sting/97132652/.Similarly, the customers of sex workers now use the Web in order to communicatewith others so as to gain insights into the resources available in their area and review theservices of various providers (Blevins and Holt, 2009; Cunningham and Kendall, 2010;284
Holt and Blevins, 2007; Hughes, 2003; O’Neill, 2001; Raymond and Hughes, 2001; Sharpand Earle, 2003; Soothill and Sanders, 2005). These exchanges often occur in web forumsand review websites and focus on the customer experience, including detaileddiscussions of the services offered by all manner of sex workers, as well as the attitudeand behavior of prostitutes before, during, and after sex acts (Cunningham and Kendall,2010; Holt and Blevins, 2007; Sharp and Earle, 2003; Soothill and Sanders, 2005). Thereare now numerous websites where individuals can post reviews of their experiences withsex workers, with names like BigDoggie and Punternet (see Box 7.3 for details). Inaddition, these websites provide specific details on the negotiation process with sexworkers, final costs for various sex acts, and the use of condoms during encounters(Cunningham and Kendall, 2010; Holt and Blevins, 2007; Sharp and Earle, 2003; Soothilland Sanders, 2005).Box 7.3 The role of escort review sitesEscort-review website thrive after failed sting, but women remainwarywww.nbcnews.com/id/10896432/ns/us_news/t/several-comfortable-steps-ahead-law/.The Hillsborough vice unit pioneered the technique of registering with escort sites and posting bogusprofiles when it launched Operation Flea Collar in 2002, targeting Big Doggie, which is in its back yard.Vice officers started their own fake Web page in order to join Big Doggie.This article provides a unique exposé on the ways in which local law enforcement inthe USA uses escort-review websites as a means to investigate prostitution and sexcrimes generally.The volume of information available online provides substantive details on the largelyhidden processes of the negotiations between clients and sex workers operating in thestreets, as well as behind closed doors (Holt, Blevins, and Kuhns, 2013). In addition, theseposts give the client’s point of view, which is often under-examined but critical, sincetheir demand for sexual services affects the supply available. Prospective clients of sexworkers who access these forums can use the information posted to evade high-risk285
areas while identifying and acquiring the sexual services they desire. This may decreasethe success of law enforcement efforts in those nations where prostitution is illegal and,simultaneously, increase the knowledge of prospective customers to negotiate withworkers across various environments (Holt et al., 2013; Scott and Dedel, 2006).The clients of sex workersThe emergence of online communities that enable information sharing among the clientsof sex workers has changed the process of soliciting sex workers. The development ofonline communities allowed individuals to discuss their preferences and experienceswith no fear of rejection or embarrassment. In fact, research by Blevins and Holt (2009)found that there is now a subculture of clients in the USA operating in a series of webforums guided by their preferences and interests. This subculture places significant valueon the notion that paid sexual encounters are normal and non-deviant. In fact, those whovisited sex workers placed significant value on their experiences and knowledge of thesex trade. As a result, they would not refer to themselves as “johns” or “tricks,” as theyare known in popular culture (Scott and Dedel, 2006). Instead, forum users avoided suchderogatory terms in favor of terms like “monger” or “hobbyist” to recognize that they areinterested in paid sexual encounters and enjoy the experience. Individuals who postedgreat detail about their experiences with sex workers were often viewed as seniormembers. As a result, those who were unfamiliar with the sex trade can ask forassistance from more senior or experienced members in the forum to gain information.In addition, the customers of prostitutes viewed sex and sex workers as a commodity,in that encounters cannot occur without payment. Thus, johns regularly referred to sexworkers on the basis of where they worked, whether in streets, strip clubs, or advertisedonline using abbreviations such as streetwalker or SW to indicate that the worker is astreet-walking prostitute. Similarly, forum users would include terms to describe thebuild and appearance of sex workers that objectify them in some fashion. In particular,forum users typically discussed the mileage of a sex worker, referring to theirappearance and how it had degraded over time in the sex trade. The notion of mileage ismost often used in reference to cars, motorcycles, and vehicles, suggesting thatcustomers of sex workers view the providers, first and foremost, as a commodity ratherthan as a person. In addition, the participants in prostitution forums focused heavily onthe costs associated with various sexual acts and the negotiation process between theclient and provider (see Box 7.4 for more details on the actual thoughts of a hobbyist).286
Box 7.4 The opinions of a hobbyist in CanadaWe spoke to a sex industry hobbyist, the worst kind of johnwww.vice.com/en_ca/article/we-spoke-a-sex-industry-hobbyist-theworst-kind-of-john.I have been using the boards for about eight years. I use the review boards for one reason: to find out ifthere are any new girls in the hobby. Cheap whores you can find anywhere; in bars, massage parlours,strip clubs. But new girls, that still have a bit of authenticity to them, are rarer.This article provides a unique interview with a frequent customer of sex workerswho participates in multiple online forums to learn about the trade. His perspectivevalidates some of the findings from researchers regarding the values and beliefs ofthe clients of sex workers in online communities.Finally, the subculture of client-centered prostitution forums focuses on sexuality andthe way in which sex is experienced. Many of the posts in these forums were dedicatedto depicting the types of sex acts and services that certain prostitutes would provide invery graphic detail. The users commonly discussed the acts that providers would offerand whether or not they used condoms. There was also some discussion about thequality of the experience, as prostitutes who could make the experience feel like aconsensual relationship with no money involved were said to provide girlfriendexperience, or GFE (Blevins and Holt, 2009; Milrod and Monto, 2012; Sharp and Earle2003; Soothill and Sanders, 2005). Since there was no way to guarantee that theexperience of one user would be consistent with others, some would use the term yourmileage may vary (YMMV) in reference to the variation in encounters.287
Dealing with obscenity and pornography onlineExisting legislationThe way in which obscenity is defined varies by place and is heavily dependent onprevailing social standards. In the USA, legal definitions of obscenity have evolved overtime through cases reviewed by the Supreme Court. In fact, the case of Miller v.California in 1973 established the definition of obscene content that is still in use today(US Department of Justice, 2014). A work may be deemed obscene, and therefore notprotected by the First Amendment right to free speech, if it meets one of the followingthree criteria:1. An average person who is capable of applying contemporary adult communitystandards finds that material appeals to prurient interests, defined as “an erotic,lascivious, abnormal, unhealthy, degrading, shameful, or morbid interest innudity, sex, or excretion.”2. An average person applying contemporary adult community standardsdetermines that a work depicts or describes sexual conduct in a patentlyoffensive way, defined as “ultimate sexual acts, normal or perverted, actual orsimulated, masturbation, excretory functions, lewd exhibition of the genitals,or sado-masochistic sexual abuse.”3. Lacks serious literary, artistic, political, or scientific value (US Department ofJustice, 2014).This decision provides each community and state with the necessary flexibility todefine what constitutes indecent or obscene materials (Tuman, 2003). In addition, itidentified that there are differences between minors and adults, which require youth tobe protected from obscene content. Because the government has the responsibility toprotect youth from harmful or obscene content, the standard for what constitutesobscenity for minors is lower than that for adults. The three-pronged Miller standard stillapplies, though, in the context of standards for “minors,” harmful materials constitute“any communication consisting of nudity, sex, or excretion” (US Department of Justice,2014).A number of federal statutes are present concerning obscene content. Under Title 18U.S.C. 1460–1470, it is a crime to:1. possess obscene material with the intent to distribute those materials on federalproperty;2. import or transport obscene materials across borders;288
3. distribute or receive obscene material through a common carrier in interstatecommerce, including postal mail, private carriers, or computer and Internet-based services;4. broadcast obscene, profane, or indecent language via television, radio, or cableand subscription television services;5. knowingly produce, transport, or engage in the sale of obscene, lewd, or filthymaterial through interstate commerce;6. transfer obscene materials to minors.The punishments for these offenses vary based on the severity of the offense (USDepartment of Justice, 2014). Possession with intent to distribute obscene materials onfederal property and broadcasting obscene content can lead to a fine and/or a two-yearprison sentence. All other offenses, with the exception of transferring obscene content tominors, may be punishable by a five-year prison sentence, a fine, or both (see Box 7.5 fora review of some of the obscenity cases prosecuted over the past two decades).Individuals who are found guilty of transferring obscene content to minors may receivea prison sentence of up to ten years and/or a fine (US Department of Justice, 2014).Box 7.5 The vagaries of prosecuting obscene contentonlineWhy can you go to prison for making scat porn?www.vice.com/en_au/article/why-is-the-guy-who-made-2-girls-one-cup-going-to-jail.Ira Isaacs was in the same business as the creator of 2 Girls 1 Cup, and as a result, he’s been sentenced to48 months in jail for “producing and selling obscene videos and distributing obscene videos.”This article provides a plain-spoken review of the range of pornography creators anddistributors who have been prosecuted in the USA for making obscene contentavailable online. It gives the reader a clear understanding of the situations andcircumstances that are likely to lead to federal charges against pornographers.289
In addition, the USA criminalized the use of misleading domain names in order todraw Internet users to websites hosting sexually explicit or obscene content under theTruth in Domain Names Act of 2003 (Brenner, 2011). One of the first individualsarrested under this law operated a range of websites using domain names that weremisspelled versions of popular artists and intellectual property for children. For instance,his site www.dinseyland.com featured hardcore pornography, and was a directmisspelling of the legitimate website www.disneyland.com (CNN, 2003). The operator ofthe site may be imprisoned for up to two years (or up to four if the domain name wasselected to intentionally attract minors to the site) and fined up to $250,000.To demonstrate the variation in what is defined as obscene, the Obscene PublicationsAct (OPA) 1959 for England and Wales indicates that any article may be obscene if itseffect on the audience member who reads, views, or hears it is to “deprave and corrupt”(Crown Prosecution Service, 2014). The decision regarding what is obscene is to bedetermined by a jury without the assistance of an expert, which to a certain degreemirrors the US concept of community standards in establishing obscenity (CrownProsecution Service, 2014). The law does specify that most depictions of sexualintercourse or fetish activities that are consensual are unsuitable for consideration asobscene, though more serious depictions of rape, torture, bondage, degrading sexual actssuch as the consumption of excreta, and sex with animals are appropriate for prosecution(Crown Prosecution Service, 2014). This includes video, audio, and photographic imagesin physical print, such as magazines and DVDs, as well as content distributed over theInternet.Individuals who publish or sell obscene articles for economic gain and are foundguilty of violating this act may be fined and imprisoned for between three and five years,as a result of a recent enhancement of sentences through the Criminal Justice andImmigration Act 2008 (Crown Prosecution Service, 2014). This Act also criminalized thepossession of extreme pornography, defined as materials produced for the purpose ofsexual arousal which depict acts that “threaten a person’s life; acts which result in or arelikely to result in serious injury to a person’s anus, breasts or genitals; bestiality; ornecrophilia” (Crown Prosecution Service, 2014). For instance, acts involving the insertionof sharp instruments (such as blades or needles), mutilation and cutting, choking, orserious blows to the head or body are all potentially illegal under this law. Thislegislation also allows individuals who possess extreme pornography that threatens aperson’s life or leads to serious injury to be fined or imprisoned for up to three years,while all other images, such as bestiality, may lead to a maximum sentence of two yearsin prison (Crown Prosecution Service, 2014).An additional set of laws were passed and implemented in 2001, requiring theimplementation of filtering and security protocols to protect youth. The Children’sInternet Protection Act (CIPA), which covers all schools that teach students fromkindergarten through twelfth grade, and the Neighborhood Children’s InternetProtection Act (NCIPA) which encompasses public libraries, require Internet filters inthese locations that block young people from accessing harmful content, including290
pornographic and obscene materials (Federal Communications Commission, 2013). Thelaw also requires that a “technology protection measure” be implemented on everycomputer within the facility that is connected to the Internet, and each institution mustadopt and implement an Internet safety policy addressing most forms of cybercrime(Federal Communications Commission, 2013). In the event that such filters are not put inplace, the school or library may lose certain federal funding and grants.In addition to concerns over access to obscene content via the Internet, somelegislatures have criminalized the production of sexual content by individuals usingmobile devices and digital photography. For instance, 23 US states have criminalized theact of sending sexual images of themselves to others, so long as the sender is under theage of 18 (Hinduja and Patchin, 2017). Interestingly, only nine states specifically use thephrase sexting in the language of their statutes. Sixteen of these states consider this to bea misdemeanor, while six have made it a felony depending on the circumstances of thecase and the nature of the image. These laws are intended to protect minors fromfacilitating access to child pornography and sexual exploitation, though some criticsargue they unfairly stigmatize youth for engaging in sexual behaviors that have becomea somewhat normal feature of sexual relationships in the modern age. This may explainwhy there is no federal legislation to date involving sexting behaviors in the USA, and inmost other Western nations.Sexting behavior is also associated with the problem of revenge porn discussed earlierin the chapter (see p. 267). Much like sexting, the distribution of sexual images withoutpermission from their creator presents a unique challenge for lawmakers. On one side,individuals argue that if a person creates the content her- or himself (but normallyherself) and sends it to others, she or he loses ownership of those images and control ofwhether or where those images are posted. Others argue that it is a violation of trust andthat the lack of consent from the person who took the image should prevent the contentfrom being posted elsewhere. There has been substantive public outcry over the need forcriminal and civil remedies to combat this activity in nations across the globe.The USA has not criminalized the non-consensual disclosure of sexual images orcontent at the federal level, though 36 states and the District of Columbia havedeveloped laws (Goldberg, 2017). Some states, like Utah, have made the release of imagesa misdemeanor, while others, such as Arizona, have made it a felony. In addition, 11states created civil statutes allowing victims to sue the individual involved in the releaseor threat to release content for damages, legal costs, and related fees (Goldberg, 2017).Several nations have criminalized posting sexual content without the authorization ofthe creator. For instance, France has made it illegal for a person to transmit the picture ofa person who is within a private place without their consent (Clarke-Billings, 2016).Canada and the UK have similar legislation, though the UK added language that thesender must have an intent to cause distress to the individual featured in the content. Inthe UK, individuals found guilty could be imprisoned for up to two years and face a fine.In fact, 1,160 incidents of revenge porn were reported in England and Wales betweenApril and December of 2015, though approximately 200 people were arrested on charges291
related to this law (Knowles, 2016).India’s Information Technology Act 2000 also criminalizes capturing, transmitting, orpublishing images of a person’s private parts without their consent or knowledge.Violating this statute is punishable by up to three years in prison or a fine of up to200,000 rupees. Israel may have the most severe sanctions associated with revenge porn,as the offender can be classified as a sex offender and be subject to up to five years in jail(Clarke-Billings, 2016).Finally, it is important to note that many nations have laws pertaining to prostitutionat both the local and federal level. The sale of sex has been criminalized, though theextent to which it is enforced is highly inconsistent. Several Southeast Asian nations(e.g., Malaysia, the Philippines, and Thailand) do not strictly regulate prostitution,making them an ideal locale for individuals interested in sex tourism, particularly forsexual encounters with minors (Nair, 2008). In addition, few nations have language intheir criminal codes regarding the use of technology in order to acquire or solicit sexualservices. As a result, Western nations have criminalized the act of sex tourism (Nair,2008). For instance, the US federal criminal code (18 USC § 2423(c)) criminalizes the actof traveling to a foreign country to engage in paid sexual encounters with minors. This istrue even if the activity is legal in the country where the act took place (Nair, 2008).Individuals found guilty under this statute may be fined and imprisoned for up to 30years. In addition, many Western nations have criminalized the act of paying for sexwith minors in order to protect youth from commercial sexual exploitation (Brenner,2011).292
Self-regulation by the pornography industryAlthough almost every other thematic chapter ends with a discussion of the lawenforcement agencies responsible for dealing with investigating violations of existingstatutes, this chapter will differ due to the overlapping duties of agencies regarding thecrimes discussed in the next chapter. To avoid redundancy, this chapter will focusinstead on the role of industry in regulating and policing the presence of obscene contentonline.Currently, pornography producers are encouraged but not legally mandated to avoidexposing individuals under the age of 18 to obscene content. Prior laws that werespecifically designed to minimize the likelihood that minors could access porn have beenoverturned in the USA due to concerns over their effect on free speech rights (Procidaand Simon, 2003). As a result, there are a range of techniques which pornographicwebsites hosted in the USA use to reduce the likelihood that young people access theircontent. In the 1990s and early 2000s, a number of websites worked with AgeVerification Services (AVS), which would, upon entry into the website, verify the ageof an individual via a valid credit card or driver’s license (Procida and Simon, 2003).These services waned in popularity with changes in legislation and the increasedavailability of pornographic content via YouTube-style video-sharing sites. Individualsno longer needed to pay to access pornographic content, as both users of content andproducers began to recognize the popularity of video-sharing sites that offered suchmedia free of charge. Instead, many pornographic websites began to provide a warningpage that pops up on screen prior to entering the actual website which requiresindividuals to certify that they are over the age of 18 and, therefore, legally able to accesspornographic content, and that they will not hold the site responsible for obscenecontent. There has been no legal ruling by federal courts as to whether this constitutesan acceptable attempt to prevent minors from viewing porn. In addition, a number ofadult websites will also provide links at the bottom of the pop-up page to variousparental monitoring software programs in order to encourage safe surfing habits foryouth.The technology and pornography industries have also found ways to cope with theincreasingly common problem of revenge porn. For instance, the search engine Googlewill now remove images and videos that were posted without the creator’s consent ifthey are identified via their search results (Lee, 2015). Victims must contact the company,but are responsive to requests and will take down the content largely claiming that thesite is in violation of the Digital Millennium Copyright Act laws governing intellectualproperty (see Chapter 5 regarding digital piracy laws; also Lee, 2015). The major socialmedia sites also honor requests to remove content, as do a number of porn sites thatallow users to upload content. This step has been lauded by some as a positive move by293
the industry to police itself from illegal content, though it does not prevent people fromreposting illicit content of their own.A final development in the way in which adult content is hosted online is thedevelopment of the .xxx domain (Matyszczyk, 2012). The creation of this top-leveldomain, similar to .com, .net and .edu websites, provides a voluntary option forindividuals to host pornographic content online. This domain was approved in March2011 and implemented in April 2011 by the Internet Corporation for Assigned Namesand Numbers (ICANN), which is responsible for the coordination and stability of theInternet over time. It was thought that the use of a .xxx domain would enable parentsand agencies to filter content with ease, though some were concerned that these sitescould be blocked entirely, thereby limiting individuals’ rights to free speech(Matyszczyk, 2012).The most recent statistics from 2012 suggest that there are 215,835 .xxx domainscurrently registered, though only 132,859 of these sites are actually adult oriented(Matyszczyk, 2012). A majority are also registered by businesses and industries who didnot want their brand or product associated with a pornographic website. At present, it isnot clear how this new domain space may be used or to what extent individuals areinterested in actually visiting .xxx spaces relative to those in the .com or .net space(Matyszczyk, 2012). Thus, this technique used to affect access to obscene or pornographiccontent may change over time.294
SummaryTaken as a whole, it is clear that any new technology made available to the generalpublic will be incorporated into the pursuit of sexual encounters in some way. Theextent to which that activity will lead to legal troubles varies, based on who is beingaffected and how. For instance, many nations may not take issue with the production ofsexually explicit material featuring consenting adults, so long as it does not involveactivities that push boundaries of taste or social standards. However, the use oftechnology to potentially embarrass or shame another who was featured in sexualcontent may be pursued. The constantly evolving state of technology, and its influenceon social norms, makes it extremely difficult to develop laws related to its misuse insexual situations. As a result, there is a need for constant inquiry into the nature ofsexual offenses in online and offline environments to improve and adapt the criminalcode to new offenses. Likewise, law enforcement must understand offender behaviorsand enable successful prosecution of these cases.Key terms.xxx domainAge Verification Services (AVS)BestialityBigDoggieCam whoresCarnegie Mellon ReportCelebgateChildren’s Internet Protection Act (CIPA)CommodityConvention on CybercrimeCoroners and Justice ActCriminal Justice and Immigration Act 2008Criminal Justice and Public Order ActEscortExtreme pornographyFappeningFrench postcardsGirlfriend experience (GFE)Internet Corporation for Assigned Names and Numbers (ICANN)Internet Watch Foundation (IWF)295
JohnsMassage parlorMileageMiller v. CaliforniaNecrophiliaNeighborhood Children’s Internet Protection Act (NCIPA)NetworkingObscene Publications Act 1857Obscene Publications Act (OPA) 1959ObscenityProstitutionProtection of Children Act 1978 (PCA)PunternetRevenge pornRule 34SextingSexual fetishesStreet prostitutionStreetwalker (SW)TricksTruth in Domain Names Act of 2003Video cassetteVideo cassette recorders (VCRs)Wifey and HubbyDiscussion questions1. How do you use your computer, tablet, and/or smart phone for datingand romantic assistance? Do you think that the use of technology makesit easier or harder for people to meet others?2. How could the development of the Internet and CMCs help reduce therisk of harm for individuals interested in the sex trade? In what waysdoes the ability to communicate about sex workers and review theirservices make it a less dangerous activity?3. Do you think it is appropriate to punish individuals who engage insexting? What about individuals who post sexual images which theyreceive from romantic partners online without the permission of thecreator? Why or why not?296
297
ReferencesAlexander, P. (1998). Position: A difficult issue for feminists. In F. Delacoste and P.Alexander (eds), Sex Work: Writings by Women in the Sex Industry (2nd edn) (pp.184–230). San Francisco, CA: Cleis Press.Bissette, D. C. (2004). Internet pornography statistics: 2003 . Available at:www.healthymind.com/porn-stats.pdf.Blevins, K., and Holt, T. J. (2009). Examining the virtual subculture of johns. Journal ofContemporary Ethnography, 38, 619–648.Bort, J. (2013). I spent a month on infidelity dating site Ashley Madison and waspleasantly surprised by how nice it was. Business Insider, December 17, 2013.Available at: www.businessinsider.com/how-to-use-cheating-site-ashley-madison-2013–12?op=1.Brenner, S. W. (2011). Defining cybercrime: A review of federal and state law. In R. D.Clifford (ed.), Cybercrime: The Investigation, Prosecution, and Defense of aComputer-related Crime (3rd edn) (pp. 15–104). Raleigh, NC: Carolina AcademicPress.Clarke-Billings, L. (2016). Revenge porn laws in Europe, U.S. and beyond. Newsweek,September 16, 2016. Available at: www.newsweek.com/revenge-porn-laws-europe-us-and-beyond-499303.CNN. (2003). Man accused of luring kids to porn sites. CNN, September 3, 2003. Availableat: www.cnn.com/2003/TECH/internet/09/03/trick.names/.Coletto, M., Aiello, L. M., Lucchese, C., and Silvestri, F. (2016). On the behavior ofdeviant communities in online social networks. In Proceedings of the 10 AnnualAAAI Conference on the Web and Social Media, 72–82. Available at:www.aaai.org/ocs/index.php/ICWSM/ICWSM16/paper/view/13059/12726.Cooper, B. (1989). Prostitution: A feminist analysis. Women’s Rights Law Reporter, 11,98–119.Cromer, M. (1998). Inside Wifey Inc. Wired, September 2, 1998. Available at:http://archive.wired.com/techbiz/media/news/1998/09/14784.Crown Prosecution Service. (2014). Extreme Pornography. Prosecution Policy andGuidance. Available at: www.cps.gov.uk/legal/d_to_g/extreme_pornography/.Cunningham, S., and Kendall, T. (2010). Sex for sale: Online commerce in the world’soldest profession. In T. J. Holt (ed.), Crime Online: Correlates, Causes, and Context(pp. 114–140). Raleigh, NC: Carolina Academic Press.Dodero, C. (2012). Hunter Moore makes a living screwing you. The Village Voice, April 4,2012. Available at: www.villagevoice.com/2012-04-04/news/revenge-porn-hunter-moore-is-anyone-up/.Drury, F. (2015). FBI investigation into leaked naked celebrity photos focuses on man298
who “lives alone with parents” as they say many more famous people may have beenhacked. Daily Mail, June 10, 2015. Available at: www.dailymail.co.uk/news/article-3118070/FBI-investigation-leaked-naked-celeb-photos-focuses-man-lives-parents.html.Durkin, K. F., and Bryant, C. D. (1999). Propagandizing pederasty: A thematic analysis ofthe on-line exculpatory accounts of unrepentant pedophiles. Deviant Behavior, 20(2),103–127.Edwards, S. S. M. (2000). The failure of British obscenity law in the regulation ofpornography. The Journal of Sexual Aggression, 6(1/2), 111–127.Federal Communications Commission. (2013). Children’s Internet Protection Act (CIPA).Federal Communications Commission Consumer and Governmental Affairs Bureau.Available at: http://transition.fcc.gov/cgb/consumerfacts/cipa.pdf.Godwin, M. (2003). Cyber Rights: Defending Free Speech in the Digital Age. Boston, MA:MIT Press.Goldberg, C. A. (2017). States with revenge porn laws. Available at:www.cagoldberglaw.com/states-with-revenge-porn-laws/.Halloran, L. (2014). Race to stop “Revenge Porn” raises free speech worries. NationalPublic Radio, March 6, 2014 . Available at:www.npr.org/blogs/itsallpolitics/2014/03/06/286388840/race-to-stop-revenge-porn-raises-free-speech-worries.Hampton, L. (1988). Hookers with AIDS – The search. In I. Rieder and P. Ruppelt (eds),AIDS: The Women (pp. 157–164). San Francisco, CA: Cleis Press.Hinduja, S., and Patchin, J. (2017) Sexting laws across America. Available at:http://cyberbullying.org/state-sexting-laws.pdf.Holt, T. J., and Blevins, K. R. (2007). Examining sex work from the client’s perspective:Assessing johns using online data. Deviant Behavior, 28, 333–354.Holt, T. J., Blevins, K. R., and Burkert, N. (2010). Considering the pedophile subcultureon-line. Sexual Abuse: Journal of Research and Treatment, 22, 3–24.Holt, T. J., Blevins, K. R., and Kuhns, J. B. (2013). Examining diffusion and arrestpractices among johns. Crime and Delinquency, 60, 261–283.Hughes, D. M. (2003). Prostitution online. Journal of Trauma Practice, 2, 115–131.Knowles, K. (2016). Revenge porn crackdown: Hundreds prosecuted under new law. TheMemo, September 6, 2016. Available at: www.thememo.com/2016/09/06/revenge-porn-law-cps-violence-against-women-and-girls-report-wawg-repot/.Lane, F. S. (2000). Obscene Profits: The Entrepreneurs of Pornography in the Cyber Age.New York: Routledge.Lee, M., Crofts, T., McGovern, A., and Milivojevic, S. (2015). Sexting among youngpeople: Perceptions and practices. Available at:www.aic.gov.au/media_library/publications/tandi_pdf/tandi508.pdf.Lee, S. (2015). Pornhub joins fight against revenge porn. Newsweek, October 14, 2015.Available at: www.newsweek.com/pornhub-revenge-porn-help-victims-383160?utm_source=internal&utm_campaign=incontent&utm_medium=related1.299
Levitt, S., and Venkatesh, S. A. (2007). An empirical analysis of street-level prostitution .Available at: http://economics.uchicago.edu/pdf/Prostitution%205.pdf.Liebelson, D. (2014). FBI arrests “The most hated man on the Internet,” Revenge-pornking Hunter Moore. Mother Jones, January 23, 2014. Available at:www.motherjones.com/mojo/2014/01/fbi-arrests-revenge-porn-king-hunter-moore.Lucas, A. M. (2005). The work of sex work: Elite prostitutes’ vocational orientations andexperiences. Deviant Behavior, 26, 513–546.Matyszczyk, C. (2012). Is anyone actually going to .xxx domains? Cnet, May 2, 2012.Available at: http://news.cnet.com/8301-17852_3-57426462-71/is-anyone-actually-going-to-.xxx-domains/.Milrod, C., and Monto, M. A. (2012). The hobbyist and the Girlfriend Experience:Behaviors and preferences of male customers of Internet Sexual Service Providers.Deviant Behaviors, 33 (10), 792–810.Mitchell, K. J., Finkelhor, D., Jones, L. M., and Wolak, J. (2012). Prevalence andcharacteristics of youth sexting: A national study. Pediatrics, 129, 13–20.Moffatt, P. (2005). Economics of prostitution. In P. Moffatt (ed.), Economics Uncut: AComplete Guide to Life, Death, and Misadventure (pp. 193–228). London: EdwardElgar.Nair, S. (2008). Child Sex Tourism. US Department of Justice. Available at:www.justice.gov/criminal/ceos/sextour.html (accessed January 13, 2012).Olson, P. (2012). We are Anonymous: Inside the Hacker World of LulzSec, Anonymous,and the Global Cyber Insurgency. New York: Hachette.O’Neill, M. (2001). Prostitution and Feminism. London: Polity Press.Procida, R., and Simon, R. J. (2003). Global Perspectives on Social Issues: Pornography.Lanham, MD: Lexington Books.Quayle, E., and Taylor, M. (2002). Child pornography and the Internet: Perpetuating acycle of abuse. Deviant Behavior, 23(4), 331–361.Quinn, J. F., and Forsyth, C. J. (2005). Describing sexual behavior in the era of theInternet: A typology for empirical research. Deviant Behavior, 26, 191–207.Quinn, J. F., and Forsyth, C. J. (2013). Red light districts on blue screens: A typology forunderstanding the evolution of deviant communities on the Internet. DeviantBehavior, 34, 579–585.Raymond, J. G., and Hughes, D. M. (2001). Sex Trafficking of Women in the UnitedStates: International and Domestic Trends. Washington, DC: U.S. Department ofJustice. Available at: www.ncjrs.gov/pdffiles1/nij/grants/187774.Pdf (accessed June10, 2008).Reynolds, E. (2016). Young people sharing explicit content via premium Snapchataccounts. August 19, 2016. Available at:www.news.com.au/technology/online/social/young-people-sharing-explicit-content-for-cash-on-premium-snapchat-accounts/news-story/b8d0367553702f163ea4762c1773c35a.Rhode, D. L. (1989). Justice and Gender: Sex Discrimination and the Law. Cambridge,300
MA: Harvard University Press.Roberts, J. W., and Hunt, S. A. (2012). Social control in a sexually deviantcybercommunity: A cappers’ code of conduct. Deviant Behavior, 33, 757–773.Scott, M. S., and Dedel, K. (2006). Street prostitution. Problem Oriented Policing GuideSeries (2). Washington, DC: Office of Community Oriented Policing Services, U.S.Department of Justice.Sharp, K., and Earle, S. (2003). Cyberpunters and cyberwhores: Prostitution on theInternet. In Y. Jewkes (ed.), Dot Cons. Crime, Deviance and Identity on the Internet(pp. 33–89). Portland, OR: Willan Publishing.Soothill, K., and Sanders, T. (2005). The geographical mobility, preferences and pleasuresof prolific punters: A demonstration study of the activities of prostitutes’ clients.Sociological Research On-Line, 10. Available at:www.socresonline.org.uk/10/1/soothill.html.Tuman, J. (2003). Miller v. California. In R. A. Parker (ed.), Free Speech on Trial:Communication Perspectives on Landmark Supreme Court Decisions (pp. 187–202).Tuscaloosa, AL: University of Alabama Press.US Department of Justice. (2014). Citizen’s guide to US federal law on obscenity .Availableat:www.justice.gov/criminal/ceos/citizensguide/citizensguide_obscenity.html.Weitzer, R. (2000). Sex for Sale. London: Routledge.Weitzer, R. (2005). New directions in research on prostitution. Crime, Law and SocialChange, 43, 211–235.Weitzer, R. (2012). Legalizing Prostitution: From Illicit Vice to Lawful Business. NewYork: New York University Press.West, R. (1998). U.S prostitutes collective. In F. Delacoste and P. Alexander (eds), SexWork: Writings by Women in the Sex Industry (2nd edn) (pp. 279–289). San Francisco,CA: Cleis Press.Yar, M. (2013). Cybercrime and Society. Thousand Oaks, CA: Sage.301
Chapter 8Child Pornography and Sexual ExploitationChapter goals• Define the term child pornography and how it differs from adultpornography.• Understand the various ways in which technology may be used to facilitatechild pornography and sexual exploitation.• Recognize the clinical definition of pedophilia and its relationship to childsex crimes.• Understand the various typologies used to classify child pornography andabuse activities.• Know the laws pertaining to child pornography and exploitation.• Recognize the agencies responsible for the investigation of childpornography around the world.302
IntroductionAs noted in Chapter 7, the rise of the Internet has had a substantial impact upon theproduction of sexually explicit material and pornography. People can access contentfocusing on virtually any single element of an individual’s sexual identity, from skincolor to height to a performer’s age. A segment of the population has always expressedan interest in and sexual attraction toward young people (see Green, 2002). Within adultpornography, there is a history of publications and materials focusing on “barely legal”men and women who have just reached the age of 18. Young celebrities have alsobecome increasingly sexualized, as with Brittney Spears and Jessica Simpson during the1990s, Paris Hilton in the 2000s, and their current contemporaries Selena Gomez andKylie Jenner.While such content may appeal to the majority of individuals with an interest inyoung men and women, there is a smaller segment of the general population whoseinterests extend to those who are much younger than 18. Although it is unknown whatproportion of the population may be attracted to individuals who are under age, there ishistorical evidence that sexual relationships between adults and children wereconsidered perfectly acceptable, such as in ancient Greece and feudal Japan (Green, 2002;O’Donnell and Milner, 2007). Throughout the majority of the twentieth century,individuals could find print publications and films featuring children engaging in sexualposes and even penetrative intercourse with adults in various countries around the worldup until the early 1980s (Tate, 1990). For instance, the USA only criminalized theproduction and commercial dissemination of sexual images of children in 1977.The stigmatization of individuals who were attracted to children led to the formationof advocacy groups which wanted to eliminate any laws related to the age of consent toengage in sexual acts. One of the more notable of these groups formed in 1978 and calleditself the North American Man-Boy Love Association (NAMBLA). The individualswho founded the group argued that it is implausible that anyone under a certain agecannot understand or truly express their desire for an emotional or romantic relationship(Pearl, 2016). Similar groups may be found across the globe, such as the AustralianMan/Boy Love Association and Vereniging Marijn in the Netherlands.Many of these groups eventually disbanded either owing to law enforcementcrackdowns or social pressure, but their general ideas persisted due in part to theconnective power of the Internet and computers. Despite the criminalization ofpornographic content featuring children in some but not all countries, anyone who isattracted to young people can find others who share their interests online (InternationalCenter for Missing and Exploited Children, 2016). The Internet became a hub for thedistribution of sexual images of children, and public anxiety grew over the potential thatchildren could be solicited online to engage in sexual acts in the real world. This issue303
was exemplified by the popularity of the show To Catch a Predator, where undercoverpolice would pose as an underage girl in various chatrooms online and engage inconversations with individuals who wanted to have sex with them. Eventually, the “girl”would invite the person they chatted with to their home under the pretense of a physicalmeet-up, only to be met by the show’s host, Chris Hansen, and police officers to arrestthe individual (see Box 8.1 for additional details).Box 8.1 The practices of To Catch a Predatorwww.nbcnews.com/id/14824427/ns/dateline_nbc/t/theyre-still-showing/#.UAUeSF2zm94.But his journey didn’t begin that day – it began more than a week earlier when he entered a YahooGeorgia chat room and decided to hit on a decoy, an adult posing as a 15-year-old. It didn’t take long forthe 23-year-old, screenname “scoobydooat101”, to steer the chat towards sex.This article, written by Chris Hansen who was the host of To Catch a Predator,explains how the show was able to identify and draw in individuals who wereinterested in sexual relationships with young people. Readers will understand a littlemore about the motivations of individuals who came into contact with the show’sundercover operatives and how they worked with police to make arrests.This chapter elaborates on both the role of the technology in the creation, distribution,and access to sexual content featuring children, as well as the nature of the communitiesthat support or justify sexual attractions to young people. This chapter provides anoverview of the ways in which pornography featuring adults differs from that ofchildren, as well as the various ways in which individuals use child pornography, notonly for personal use but to assist in developing sexual relationships with children onlineor offline. We also examine the laws used to prosecute child sexual exploitation, and theorganizations and law enforcement agencies that investigate these crimes across theglobe.304
Defining and differentiating child porn from obscenecontentAs noted in Chapter 7, the Internet and digital media played a pivotal role in theproduction of pornography featuring consenting adults and created controversy aroundthe ease of access to lewd or obscene content. This discussion pales in comparison to thesocial panic surrounding the availability and distribution of pornographic contentfeaturing children via the Web (Lynch, 2002; Quinn, Forsyth, and Mullen-Quinn, 2004).Child pornography is defined as the depiction of “the sexual or sexualized physicalabuse of children under 16 years of age or who appear to be less than 16 that wouldoffend a reasonable adult” (Krone, 2004: 1). This content may include both video and stillphotos, and in some countries content featuring computer-generated or simulateddepictions of children.The fact that children are the focus of the sexual nature of these images, as both thesubject of the work and a participant in the acts, makes this content different fromtraditional obscene content outlined in Chapter 7. Although both forms of content mayinvolve expressions of sexuality, they differ in the ways in which participants come toengage in the acts depicted. For instance, participants in obscene images andpornography largely give their consent to engage in sexual acts and be photographed orvideotaped doing so. Individuals under the age of 16 are unable to fully understand theimplications of their actions, particularly infants, toddlers, and young children who maynot be able to verbally communicate. Their naivety and inability to comprehend thenature of any act makes children unable to give their consent to engage in sexual acts,particularly with adults.An additional difference lies in the fact that obscene content featuring adults is oftenproduced with compensation provided to the participants. An adult participant may havecircumstances that force them to engage in such acts, whether serious debt or personalhardships, but they receive some sort of benefit for their efforts. In comparison, an adultwill subvert the trust children have in order to force or convince them to engage in anact. When an adult, who is seen as a protector or mentor, manipulates a minor’s trust inthis manner the loss of boundaries leads to psychological harm to the child (see Sinanan,2015). For instance, some may attempt to convince a child that sexual acts with adultsare perfectly natural in order to assuage concerns that they are doing something wrong.Some may prey upon fear, and tell children that they will inform their parents and getthem into trouble for whatever activity they have engaged in. Others may simply forcethe child to engage in an act against their will. Overall, the production of childpornography results in both psychological and physical trauma to the victims.These factors make the production and consumption of child pornography aparticularly heinous crime, unlike the production of obscene or pornographic content.305
The differences that underlie these materials have led some agencies to encourage theuse of different terms to refer to images of children engaging in sexual acts. For instance,Interpol and Europol use the term child sexual abuse material to refer to what isotherwise considered child pornography on the basis that since children are unable togive consent, and are being harmed physically and emotionally, the phrase pornographyis reductive and unfair to the victims. The inclusion of the words “sexual abuse” clearlyrecognizes the harm and severity of the nature of the crimes depicted in images andvideos, and are essential to protect victims from further harm (Interpol, 2017).It must be noted that child pornography is a legal definition that extends to certainimages focusing on sexual acts or sexualized images of children. Individuals whoactively seek out sexual images of children frequently access content that exists on asimilar continuum of obscene content featuring adults. This was demonstrated throughthe development of the COPINE (Combatting Paedophile Information Networks inEurope) Scale to categorize sexual content on the basis of the harm involved in eroticaand pornographic content involving children (Taylor, Holland, and Quayle, 2001a).Initially, researchers developed this scale as a tool to assist in the delivery of therapeutictreatment, as there may be different cognitive therapies to employ based on the nature ofthe images an individual actively obtained. The model was eventually adapted as a toolfor researchers and law enforcement to classify content on a scale from 1 to 10, with onebeing the least severe and 10 being the most severe (see Box 8.2 for details; Taylor et al .,2001a and 2001b). The COPINE Scale categories were created after analyzing collectionsof child pornography images found on offender computers.Box 8.2 The 10-Point COPINE ScaleLevel – 1Type – IndicativeDescription – Non-erotic and non-sexualized pictures showing children intheir underwear, swimming costumes from either commercial sources orfamily albums. Pictures of children playing in normal settings, in which thecontext or organization of pictures by the collector indicatesinappropriateness.Level – 2Type – NudistDescription – Pictures of naked or semi-naked children in appropriate nudistsettings, and from legitimate sources.Level – 3Type – EroticaDescription – Surreptitiously taken photographs of children in play areas orother safe environments showing either underwear or varying degrees ofnakedness.306
Level – 4Type – PosingDescription – Deliberately posed pictures of children fully clothed, partiallyclothed or naked (where the amount, context and organization suggestsexual interest).Level – 5Type – Erotic PosingDescription – Deliberately posed pictures of fully, partially clothed or nakedchildren in sexualized or provocative poses.Level – 6Type – Explicit Erotic PosingDescription – Pictures emphasizing genital areas, where the child is eithernaked, partially clothed or fully clothed.Level – 7Type – Explicit Sexual ActivityDescription – Pictures that depict touching, mutual and self-masturbation, oralsex and intercourse by a child, not involving an adult.Level – 8Type – AssaultDescription – Pictures of children being subjected to a sexual assault,involving digital touching, involving an adult.Level – 9Type – Gross AssaultDescription – Grossly obscene pictures of sexual assault, involving penetrativesex, masturbation or oral sex, involving an adult.Level – 10Type – Sadistic/Bestialitya. Pictures showing a child being tied, bound, beaten, whipped or otherwisesubjected to something that implies pain.b. Pictures where an animal is involved in some form of sexual behavior witha child.Images that fall into the first three categories of the COPINE Scale are generally non-sexual, and may include images of children swimming, changing clothes, or in variousstates of undress (Taylor et al., 2001a and 2001b). Such content could be producedsurreptitiously by an offender, or acquired from parents, friends, family members, printmedia, advertisements, as well as social media sites online. Content that meets the legaldefinition of child pornography begins in category 4, and focuses more on sexual acts orsexualized images featuring children, including sexualized poses or masturbation (Tayloret al., 2001a and 2001b). The content we may consider as the most extreme begins incategory 8, and features overt sexual acts involving adults, other children, or even307
animals. This content also includes children being violently raped, abused, or tortured ina sexual fashion.Although it may seem unconscionable to view such images, let alone create them,there is a demand for this content within the community of child pornographyconsumers (Seigfried-Spellar, 2013). This was evident in the takedown of a group calledThe Dreamboard, which operated a forum where individuals could view and shareimages of child sexual abuse that was categorized by the nature of the content. The mostdepraved content on the site was listed under the title “Super Hardcore” and featuredimages of adults engaging in sexual acts which clearly caused the victims physical andemotional distress (see Box 8.3 for more on efforts to eliminate this group).Box 8.3 Details on Operation Delegowww.justice.gov/opa/pr/2011/August/11-ag-1001.html.The board rules also required members to organize postings based on the type of content. One particularcategory was entitled “Super Hardcore”[.] involving adults having violent sexual intercourse with “veryyoung kids”[.] “in distress, and or crying.”This press release details a massive investigation of an international childpornography distribution network operating online called The Dreamboard.Individuals participated in this community from around the world, and wererequired to post content in order to remain active users. The scope of this group, theharm they caused, and the extent of content hosted demonstrate the variety ofcontent that may be classified as child pornography.308
The role of technology in child pornography andexploitationWhile child pornography existed well before the creation of the Internet, theglobalization of technology has created an environment where Internet childpornography is readily available, accessible, and affordable, if not entirely free of charge(Cooper, 1998). In essence, viewing child pornography is an easy crime to commit and aneasier crime to get away with. It is difficult to assess the total number of childpornography images that may be available at any given time online due to the existinglaws regarding access to this content. Older estimates suggested that there were 20,000images of child pornography posted on the Internet each week (Pittaro, 2008; Rice-Hughes, 2005). More recent statistics from the UK suggest that there were 68,092 specificURLs and 448 news groups that were confirmed to contain child sexual abuse images in2015 alone (IWF, 2016). In addition, it appears that child pornography is a worldwideproblem which allows individuals in multiple nations to acquire content from anywhere.The availability of digital photography, webcams, high-speed Internet connections,editing software, and removable storage media make it possible for individuals to createhigh-quality images and videos of deplorable acts of sexual abuse involving children forconsumption around the world.A substantial proportion of child pornography currently circulating on the Internetappears to be shared via peer-to-peer file-sharing programs, including BitTorrent(WCSC, 2013). This same software used to distribute pirated media (see Chapter 5) is aregular venue for sharing traditional pornographic videos and images, as well as imagesfeaturing children. Although the same tools are used to distribute pirated media as theyare to download child pornography, it is unlikely that the average person would identifyand download child pornography files by accident. Individuals actively seeking childpornography use keyword searches used to label images, videos, and file sets that aredistinct from other content (IWF, 2017).The growth of various voice over IP, video-calling services, and applications hasengendered the growth of services to stream child sexual abuse as it happens. The sameresources that are used by standard consumers for interpersonal communication, rangingfrom Skype to FaceTime to Periscope, can now be used to let individuals watch peopleengage in sexual acts with children. Even worse, these services often allow viewers todirect the action as it happens, suggesting certain sex acts occur or to comment on whatthey are seeing (see, e.g., Box 8.4). Many of these streaming services appear to originatefrom and operate out of Southeast Asian nations, in many cases involving parents andtheir children rather than some large-scale criminal organization. For instance, therewere 57 criminal cases for live-streaming abuse against actors in the Philippines in 2013,though this number rose steadily to 167 in 2015 alone (Holmes, 2016). One reason why309
these streams may have grown is that the operators can make individuals pay for accessusing online payment systems or cryptocurrencies. The profits made from streamingmay enable families to gain access to simple comforts and resources they were otherwisenot able to afford. As a result, it may be difficult to deter the abusers who enable thesebehaviors.Box 8.4 Live-streaming sexual abuse contentPace administrator busted for watching live child pornwww.nydailynews.com/new-york/pace-administrator-busted-watching-live-child-porn-article-1.2600912.Scott Lane, 34, executive director of donor relations and fund-raising programs for Pace University, isaccused of watching the sickening show from his Hell’s Kitchen apartment under the Internet handle“NYC Perv” – and at times even directed the action.This article details the activities of a man in New York City who was arrested forwatching and commenting on a live-stream feed of a boy being sexually assaulted.The disturbing nature of this technology is evident in this story, detailing how theviewers engaged with the people who were actively assaulting the child.Social media sites, like Facebook, also serve as a platform for the identification ofimages of children. Much of this content may be innocuous, featuring images of childrenplaying, swimming, or taking baths. Such images may be acquired easily from friends,family, and associates with children who regularly share media. The rise of image-basedmessaging applications like Snapchat, Kik, and Periscope are also creating opportunitiesfor individuals to actively solicit images from children as well (see Chapter 12).Interested individuals can use these applications as a platform to target youth based oninformation provided in their profile, and then begin to chat with them. Theconversations are intended to build a rapport between the adult and child, and enable theadult to actively solicit the youth to send them images of themselves in various posesand activities (see Box 8.5 for an example). Some may even attempt to use theirconnection to eventually meet the child offline so that they may engage in sexual actswith them in person.310
Box 8.5 Understanding attempts to solicit youth intodocumenting sexual actsMan pleads guilty to producing child pornwww.waynesvilledailyguide.com/news/20170201/man-pleads-guilty-to-producing-child-porn.On June 20, 2014, a search warrant was obtained for Coons’s Face-book account and Facebook providedinvestigators with more than 8,000 pages of private messages exchanged between Coons and others. Manyof the messages were from young girls between the ages of 11 and 17. Coons asked several of the girls tosend him pictures of themselves without clothes on.This story details the investigation and arrest of a Missouri man named Tyler Coonsfor soliciting children via social media sites into sharing images of themselvesengaging in sexual acts. This report details how his activities were identified by aconcerned parent and the process of his arrest and subsequent prosecution.There is also a great deal of child pornography hosted on the Dark Web, referencingthe portion of the Internet operating on the specialized encrypted software platform Tor(see Chapter 1; also Cox, 2016). One reason for the increased use of Tor is likely due tothe difficulty law enforcement agencies may initially have in identifying the location ofcontent hosting services and users. Individuals can only access the Dark Web bydownloading and using the free Tor browser, which anonymizes the IP address andlocation details of the user (Barratt, 2012). Individuals can host any content they want onTor using home-brew servers operating out of their homes, which conceals the physicallocation of the hosting site. In addition, Tor-based content is not indexed by Google orother search engines, making it difficult to quantify the amount of material availableonline (Barratt, 2012).As a result, some child pornography-sharing communities have shifted to Tor in anattempt to conceal their actions from law enforcement. Federal agencies, such as the FBI,however, are taking somewhat extreme steps to identify child porn groups and theirparticipants, including essentially hacking the Tor infrastructure in order to capturesensitive user information. Such steps may challenge the admissibility of evidenceacquired and force investigators to be more transparent in how a takedown operation311
was performed (see Box 8.6 for details).Box 8.6 The complex techniques required to investigateDark Web child pornPlaypen: the story of the FBI’s unprecedented and illegal hackingoperationwww.eff.org/deeplinks/2016/09/playpen-story-fbis-unprecedented-and-illegal-hacking-operation.In December 2014, the FBI received a tip from a foreign law enforcement agency that a Tor Hidden Servicesite called “Playpen” was hosting child pornography. That tip would ultimately lead to the largest knownhacking operation in U.S. law enforcement history.This article explains the FBI’s investigation of the child porn-sharing group calledPlaypen that operated on the Dark Web. The FBI would not only begin to host thesite on their servers facilitating the distribution of child pornography, but also sendmalware to site participants to infect their browsers and capture information ontheir location. This article, written by the Electronic Freedom Foundation, exploresthe risky nature of this investigation and the negative consequences that extremeinvestigative tactics may have for all citizens, regardless of their participation incriminal activities.312
Explorations of the pedophile subculture onlineComputers have clearly become the preferred medium for those individuals with asexual interest in children by allowing them a degree of anonymity and minimal fear ofsocial stigma or legal ramifications for disclosing their preferences (Alexy, Burgess, andBaker, 2005; Durkin, 1997; Durkin and Hundersmarck, 2007; Holt, Blevins, and Burkert,2010; Rosenmann and Safir, 2006). These deviant subcultures take part in a variety ofcomputer crimes involving children, ranging from using the Internet as a way to reachout and develop emotional and sexual relationships with children ( Jenkins, 2001), to thedistribution, trading, and production of child pornography (Durkin, 1997; Jenkins, 2001;Quayle and Taylor, 2002; Taylor, Quayle, and Holland, 2001b).Individuals interested in relationships with prepubescent or pubescent children maybe classified as pedophiles or hebephiles, respectively, according to the diagnostic criteriaestablished by the American Psychological Association’s Diagnostic and StatisticalManual of Mental Disorders – 5th edition (DSM-5; APA, 2013). Specifically, the DSM-5introduced the concept of pedophilic disorder, which is diagnosed using the followingcriteria:1. Over a period of at least six months, recurrent, intense sexual arousingfantasies, sexual urges, or behaviors involving sexual activity with aprepubescent child or children (generally age 13 years or younger).2. The person has acted on these sexual urges, or the sexual urges or fantasiescause marked distress or interpersonal difficulty.3. The person is at least 16 years old and at least five years older than the child orchildren in the first criterion (APA, 2013).The individual must demonstrate all three criteria in order to be diagnosed as apedophile in clinical settings. The DSM-5 also subdivides the pedophilia diagnosis intomore specific categories: sexually attracted to males, females, or both sexes, exclusive(attracted only to children) or non-exclusive (attracted to both adults and children), orlimited to incest (APA, 2013; O’Donohue, Regev, and Hagstrom, 2000).The implementation of the term disorder in this edition of the DSM is importantbecause it identifies that an individual has acted on their specific urges. Such abehavioral criterion was not present in previous editions which only identifiedpedophilia as a clinical paraphilia or condition. The APA was criticized for this inclusioncriterion as it does not clearly delineate between those who have engaged in sexual actswith children and those who have sought out child pornography for masturbatorypurposes (e.g., Berlin, 2014). This kind of vague language is insufficient for what is meantto be a diagnostic tool for clinicians.Regardless of clinical classification, individuals who engage in either sexual activities313
with or fantasize about children are considered to be among the most hated deviants insociety (Durkin, 1997; Durkin and Bryant, 1999; Holt et al., 2010; Jenkins, 2001;Rosenmann and Safir, 2006). Adults who show a strong sexual interest toward childrenare, therefore, stigmatized by society and retreat into the virtual world to express theirtrue feelings, since the Internet can offer almost complete anonymity. Those who sharethese taboo sexual feelings come together to form what is known as the “pedophilesubculture” ( Jenkins, 2001; Pittaro, 2008). It is here where members of the subculture feelthey are part of a group that accepts them for their sexual interests. In fact, they can gainvalidation for their sexual beliefs.In his 2001 book Beyond Tolerance: Child Pornography On the Internet, Philip Jenkinsexamined a BBS where individuals exchanged images of child pornography and found asubculture where individuals shared beliefs about the value of child pornography andthe need to exchange these materials and socialized individuals into this activity. Jenkinswrote, “Joining the subculture marks less an entry into new activities and interest thanan escalation of pre-existing behaviors, supported by a new sense of community” (2001:106). These are individuals seeking acceptance; the anonymous nature of the Internetoffers this. Users expressed fears of being detected by law enforcement, political reviews,and even a shared language. Jenkins observed, “one is likely to acquire gradually thepeculiar language, mores, and thought patterns of this world and thus be inducted subtlyinto the subculture” (2001: 108). In order to keep up with the language and the rapidchange of discussion, users must visit and participate regularly if they hope to benefitfrom this subculture.Support, justification, and/or rationalization are also common among pedophilesubcultures (Durkin and Bryant, 1999; Holt et al., 2010; Jenkins, 2001; Mayer, 1985).Mayer wrote, “One striking characteristic of the pedophile is the ability to minimize orrationalize his activities” (1985: 21). Most individuals belonging to such subcultures seenothing wrong with relationships between adults and children; in fact, they see manypositive benefits from these interactions, such as being a positive role model in a child’slife ( Jenkins, 2001). They often do not associate themselves with pedophiles or childmolesters and even condemn these individuals themselves. These individuals justify thistype of sexual orientation by using the term “child love” to describe what they perceiveto be a perfectly normal relationship between adult and child, which does not alwayshave to involve sexual activity (Holt et al., 2010; Jenkins, 2001).Pedophiles will also use neutralization strategies in attempts to normalize their type ofdeviance. For example, they may attempt to deny whether a “victim” existed (“denial ofthe victim”) by rationalizing that the children were asking for or wanted sex. They mayalso use a technique called “denial of injury,” saying that sexual encounters can berewarding and even educational for children ( Jenkins, 2001). Some groups have evengone so far as to compare themselves to the Jewish population being hunted down by theNazis in Germany; they believe that sexual attraction to children is much morewidespread than society cares to accept, and by persecuting them, society is preachinghypocrisy (Jenkins, 2001).314
The idea that “child love” is different from being a pedophile in the eyes of theseindividuals is a topic that has been examined more recently by researchers (Holt et al.,2010; Jenkins, 2001). Many members of the child pornography discussion boardsexamined by Jenkins (2001) did not see themselves as pedophiles. In one thread, a useridentified as “Humbert Humbert” wrote, “Am not a pedo, just like the beauty of pre-pubescent/adolescent girls. Therefore, I don’t think I am a perv. Just rational minded” (Jenkins, 2001: 119). They believe that those who actually abuse children represent only asmall minority of their community and that most users are just looking, not acting(Jenkins, 2001).It is hard to determine which members of these communities are or have actually beenphysically (sexually) involved with children, since the majority of users do not revealany illegal behavior that may have occurred for fear of legal ramifications (Jenkins,2001). However, the concept of sharing fantasies, urges, and non-sexual interactions withchildren is seen in most of the pedophile online communities (Holt et al., 2010; Jenkins,2001). While most research and investigations have focused on targeting those whopossess/trade child pornography and/or child molesters, few have considered themembers of the online pedophile subculture who do not consider themselves pedophilesor child molesters but “child lovers” (Holt et al., 2010).Typologies of child pornography use and consumptionGiven the substantial concern over the rise of child pornography in online environments,researchers have examined characteristics of individuals who consume childpornography. Although it may be counter-intuitive, Internet child pornography users arenot necessarily pedophiles (i.e., sexually attracted to children) or child sex offenders (i.e.,hands-on contact offenders: Babchishin, Hanson, and Hermann, 2011; Klain, Davies,and Hicks, 2001; Frei, Erenay, Volker, and Graf, 2005; McCarthy, 2010). Internet childpornography users may be motivated by curiosity, addiction or financial profit ratherthan by a sexual interest in children (Taylor and Quayle, 2003). In addition, researchindicates that Internet child pornography users are not more likely to cross over intocontact offending (see Seto and Eke, 2005; Webb, Craissati, and Keen, 2007).According to Seto, Hanson, and Babchishin (2011), child pornography users (i.e.,hands-off or Internet-only offenders) are significantly less likely to reoffend and haveprior criminal histories of contact offenses compared to contact child sex offenders (i.e.,hands-on). However, research suggests that they are more likely to exhibit pedophiliccharacteristics compared to contact child sex offenders (Babchishin, Hanson, andVanZuylen, 2015; Seto, Wood, Babchishin, and Flynn, 2012; Seto, Cantor, and Blanchard,2006; Sheldon and Howitt, 2005).Researchers have used various data to further understand the dynamics betweenonline and offline offender groups. In general, individuals who only consume childpornography appear to differ from those who either engage in real-world offenses only,315
or who engage in both offense types. Online-only offenders are more likely to be young,single, white males who are unemployed and who have greater empathy for sexualabuse victims (Babchishin et al., 2011). Their level of empathy may be key in keepingthem from engaging in contact offenses in the real world, as it appears that individualswho view child pornography report higher pedophilic interests generally (Babchishin etal., 2015). People who engage in offenses online and offline report slightly higherpedophilic interest levels than those who only view child pornography, which may be animportant behavioral driver (Babchishin et al., 2015).Online offenders also demonstrate a greater range of sexual deviance which may beassociated with their interest in various sexual content (Babchishin et al., 2011). Thismay also be associated with the fact that online offenders are also more likely to reporteither having a homosexual or bisexual orientation (Babchishin et al., 2015). Importantly,both online and off-line offenders are more likely to report sexual and physical abusethan men in the general population. This is sensible, since there is a high correlationbetween some history of abuse and sexual offending behaviors generally (Jespersen,Lalumière, and Seto, 2009).Overall, not all child pornography users are pedophiles or contact child sex offenders,and child pornography users are not significantly more likely to cross over into contactchild sex offenses. In addition, some research suggests that they may exhibit morepedophilic characteristics than contact child sex offenders (Babchishin et al., 2015;Federal Bureau of Investigation, 2002; Klain et al., 2001; Perrien, Hernandez, Gallop, andSteinour, 2000; Quayle and Taylor, 2002; Seto et al., 2006; Seto and Eke, 2005). However,these previous studies sampled child pornography users from the clinical or forensicpopulation. Other researchers have relied on self-report measures using anonymoussurveys to assess the prevalence of child pornography use among general Internet users,with results suggesting that anywhere between 6 and 10 percent of Internet users admitto intentionally consuming child pornography (Seigfried, Lovely, and Rogers, 2008;Seigfried-Spellar, 2015, 2016).Recognizing that child pornography users are not a homogeneous group, researchersdeveloped typologies to classify individuals based on their collecting behaviors (Alexy etal., 2005; Durkin, 1997; Krone, 2004; Quayle and Taylor, 2002; Rogers and Seigfried-Spellar, 2013; Taylor and Quayle, 2003). It is thought that viewing and collecting childpornography and related material can possibly lead to more serious offenses, and mayproduce varied uses for this content, whether online or offline. One of the first suchtypologies was proposed by Durkin (1997: 16) with four categories based on individualmisuse of the Internet and its role in offline activities: (1) trafficking child pornography(traders); (2) communicating and sharing ideas with like-minded persons (networking);(3) engaging in inappropriate communication with children (grooming), and (4)attempting to find children to molest (travelers).An expanded model was proposed by Krone (2004) focusing on offenders’ use oftechnology to view, collect, share, and/or produce child pornography, as well as theirlevel of technical competency, the nature of the images they seek, their social316
connectivity to others interested in child porn, and the extent to which they attempt tohide their activities from law enforcement. In this respect, Krone’s typology builds fromDurkin, but also provides greater depth and potential accuracy in assessing offenderbehavior. This nine-category typology recognizes the following types: (1) browser, (2)private fantasy, (3) trawler, (4) non-secure collector, (5) secure collector, (6) groomer, (7)physical abuser, (8) producer, and (9) distributor. It is not intended for use in clinicaltreatment or diagnostic purposes, but rather to classify misuse of technology andinvolvement in the production of child pornography and sexual abuse for lawenforcement.The first two categories involve individuals with no social connections to others andat the same time do not take steps to hide their activities from law enforcement. Thebrowser views child pornography accidentally, but saves the content deliberately forlater use. The private fantasy user creates their own materials so that they can use it forpersonal reasons later. This content is not meant to be viewed by others or deliberatelyshared, and may include stories, line drawings, or computer-generated images or videos.The next three categories involve individuals deliberately searching for childpornography and sexual content, though they may have generally lax security. Thetrawler searches actively for child pornography through various browsers, as they havegenerally few connections to others to facilitate access to content and take no steps toconceal their activities. The non-secure collector is technologically savvy and uses peer-to-peer file-sharing programs and other more secured sources to access content. Theyhave greater social connections that engender access to child pornography, though theytake no real steps to protect whatever content they collect. The secure collector,however, only accesses child pornography via secured or private networks anddeliberately categorizes and indexes their collections. They also exchange content withothers in order to gain access to secured child pornography-sharing groups andnetworks.Although the previous categories involved no physical contact with child victims, thenext three categories all involve attempted or successful direct contact offenses in thereal world. These categories also have substantive overlap with categories from theDurkin (1997) typology, as with groomers who seek sexual relationships with childrenonline. A groomer may not access child pornography, but if they do they are more likelyto share it with their intended target to normalize the notion of a sexual activity.Groomers are also dependent on the steps their victims take in order to minimize theirrisk of getting caught.Physical abusers have direct physical contact with children and are similar togroomers in that they may or may not access child pornography and may havecultivated a relationship with their victim online. Producers go one step beyond abusers,as they document their abuse of a victim, or serve as a facilitator to document abuse inwhich others engage. In both of these categories, the offenders are also dependent ontheir victims to minimize the likelihood of detection. Those in the final category,distributors, are responsible for sharing the content used by offenders in any of the317
previous categories. They may be either poorly or well connected to others based on thetype of content they share, though they are much more careful to secure their activitiesfrom law enforcement. Distributors are also likely to not have direct contact with childvictims, instead operating as a middleman to make content available.An expansion of the Krone (2004) model was produced by Rogers and Seigfried-Spellar (2013) to provide specificity on the ways in which individual offenders may storecontent or misuse their devices in the course of an offense. The authors retain theoriginal nine categories proposed by Krone (2004), but provide additional context for thetechnical knowledge of the offender based on the file types, system locations, andsoftware/hardware resources an individual may use to either access content or concealtheir activities. As with Krone, this typology is designed to aid law enforcement inrecognizing potential sources of forensic information to facilitate criminal investigations(see Box 8.7 for details).For instance, browsers are likely to have evidence of their activities in their browserhistories and recycle bin, while a private fantasy user may also have evidence located inexternal hard drives and their phone due to the nature of the content they create.Trawlers and non-secure collectors may have a greater range of software which they useto attempt to access child pornography and store files in unusual systems locations. Thesecure collector may, however, use file encryption in order to hide the file folders thatstore the content they acquire. The nature of the files and content used by the remainingcategories are thought to vary based on their access to and use of child pornography aswell as the nature of the abuse in which they engage.Box 8.7 The Rogers Seigfried-Spellar Hybrid ModelCategoryFeaturesSystem artifactsBrowserResponse to spam, accidentalInternet history logshit on suspect site — materialTemporary filesknowingly saved.Web cacheCookiesDefault user account folders(e.g., pictures, movies)ThumbnailsDeleted filesRecycle binPrivate fantasyConscious creation of onlineInternet history logstext or digital images for privateTemporary filesuse.Web cacheCookiesDefault user account folders(e.g., pictures, movies)318
ThumbnailsP-2-P foldersEmailRegistry/typed URLSDeleted filesRecycle binExternal storage devicesMobile phoneTrawlerActively seeking child pornogInternet history logsraphy using openly availableTemporary filesbrowsers.Web cacheCookiesDefault user accountfolders (e.g., pictures,movies)Non-default foldersThumbnailsP-2-P foldersEmailRegistry/typed URLSDeleted filesRecycle binIRC foldersExternal storagedevicesMobile phoneNon-secureActively seeking material, oftenInternet history logscollectorthrough peer-to-peer networks.Temporary filesWeb cacheCookiesDefault user accountfolders (e.g., pictures,movies)Non-default foldersThumbnailsP-2-P foldersEmailRegistry/typed URLSDeleted filesRecycle binIRC foldersExternal storage319
devicesMobile phoneSecure collectorActively seeking material butInternet history logsonly through secure means.Temporary filesCollector syndrome, andWeb cacheexchange as an entry barrier.CookiesDefault user accountfolders (e.g., pictures,movies)Non-default foldersThumbnailsP-2-P foldersEmailRegistry/typed URLSDeleted filesRecycle binExternal storagedevicesEncrypted foldersIRC foldersMobile phoneGroomerCultivating an onlineInternet history logsrelationship with one or moreTemporary fileschildren. The offender may orWeb cachemay not seek material in any ofCookiesthe above ways. PornographyDefault user accountmay be used to facilitate abuse.folders (e.g., pictures,movies)Non-default foldersThumbnailsP-2-P foldersEmailRegistry/typed URLSDeleted filesRecycle binExternal storagedevicesMobile phonePhysical abuserAbusing a child who may haveInternet history logsbeen introduced to the offenderTemporary filesonline. The offender may orWeb cachemay not seek material in any ofCookies320
the above ways. PornographyDefault user accountmay be used to facilitate abuse.folders (e.g., pictures,movies)Non-default foldersThumbnailsP-2-P foldersEmailRegistry/typed URLSDeleted filesRecycle binExternal storagedevicesDigital camerasMobile phoneProducerRecords own abuse or that ofInternet history logsothers (or induces children toTemporary filessubmit images of themselves).Web cacheCookiesDefault user accountfolders (e.g., pictures,movies)Non-default foldersThumbnailsP-2-P foldersEmailRegistry/typed URLSDeleted filesRecycle binExternal storage devicesIRC foldersDigital camerasMobile phoneDistributorMay distribute at any one of theInternet history logsabove levels.Temporary filesWeb cacheCookiesDefault user accountfolders (e.g., pictures,movies)Non-default foldersThumbnailsP-2-P folders321
EmailRegistry/typed URLSDeleted filesRecycle binExternal storage devicesIRC foldersDigital camerasMobile phone322
The legal status of child pornography around the globeDespite the variation in what constitutes obscene content, there is some consistency inlaws regarding child exploitation. In the USA, there are multiple federal laws designed toprotect youth from exploitation and punish individuals who share or create images ofchild pornography. In fact, the first law criminalizing child pornography in the USA wasenacted in 1977, called the Protection of Children Against Sexual Exploitation Act.This law made it illegal for anyone under the age of 16 to participate in the visualproduction of sexually explicit materials, though this definition was extended to the ageof 18 in 1986 (Brenner, 2011).Later legislation, though, has had the greatest impact on child pornography andexploitation through the implementation of the Child Pornography Prevention Act of1996. This Act extended the existing laws regarding child pornography by establishing anew definition for this term. Specifically, this Act amended the criminal code under Title18 to define child pornography as “any visual depiction, including any photograph, film,video, picture, or computer or computer-generated image or picture of sexually explicitconduct” (Brenner, 2011: 51). The law also recognizes that the image: (1) must have beenproduced involving an actual minor engaging in sexual acts; (2) involved or appeared toinvolve a minor, and/or (3) was created, adapted, or modified to appear that a minor isengaging in sexual acts. This definition was established in order to provide neededflexibility to prosecute child pornography cases that may have been created usingPhotoshop or other computer programs and sent electronically.This Act also made it illegal to engage in multiple activities associated with theproduction of child pornography. It is now illegal for anyone to persuade, entice, induce,or transport minors in order to engage in sexual acts for the purpose of producingimages and/or videos of the acts, and if they will be transported in foreign or interstatecommerce (Brenner, 2011). Similarly, it is illegal for anyone to entice a minor to engagein sexual acts outside of the USA in order to produce visual depictions of the behavior. Itis also illegal for anyone to print or publish advertisements associated with the sexualexploitation of children (Brenner, 2011). This law also makes it illegal to either conspireor attempt to commit any of these offenses.The penalties for these offenses are rather harsh and include a federal prison sentenceof between 15 and 30 years and/or a fine. If the offender has a prior charge of sexualexploitation on their record at either the state or federal level, they may receive between25 and 50 years. If they have two or more charges, then they are eligible to receive a lifesentence in prison (Brenner, 2011). In the event that a child dies in the course of theoffenses above, then the offender is eligible for the death penalty.In addition to the production of child pornography, this Act also criminalized:323
1. the transportation of sexually explicit material featuring minors by any means,whether physically or electronically;2. the receipt or distribution of such material;3. selling or possessing materials with the intent to sell them;4. possessing books, films, and other materials that contain such depictions;5. conspiring or attempting to engage in any of these activities.Any violation of the first three activities, or conspiring to engage in these acts, ispunishable by a federal prison sentence ranging between 5 and 20 years minimumand/or a fine. If an individual has any prior convictions for sexual exploitation, they maybe imprisoned for between 15 and 40 years minimum. The fourth offense may lead to afine and/or a prison sentence of no more than 10 years, though a prior convictionincreases the sentence to between 10 and 20 years (Brenner, 2011).Section 2252 of this same Act also made it illegal to knowingly:1. mail, transport, or ship child pornography by any means, physically orelectronically;2. receive or distribute child porn or materials containing child pornography;3. reproduce child porn for distribution through the mail or by computer;4. sell, or possess child porn with the intent to sell;5. possess any “book, magazine, periodical, film, videotape, computer disk, orother material that contains an image of child porn” (Brenner, 2011: 54);6. distribute, offer, or send a visual depiction of a minor engaging in sexuallyexplicit conduct to a minor.The first, fourth, and sixth activities can lead an individual to be imprisoned forbetween 5 and 20 years minimum, though if they have a prior conviction for childpornography they may receive a prison sentence of between 15 and 40 years. The fifthactivity, possessing child porn, can lead an individual to be fined and imprisoned for upto 10 years, though if they have a prior offense history they may be imprisoned forbetween 10 and 20 years (Brenner, 2011).These statutes all apply to images of real children who have been victimized in someway. Some have argued that the ability to create images of virtual children usingcomputer software or line drawings does not create the same issue of victimization. As aresult, these materials should not be treated as illicit material because of the protectionsafforded by the First Amendment right to free speech in the USA (Brenner, 2011). Thischallenge was struck down through the creation of the Prosecutorial Remedies andOther Tools to end the Exploitation of Children Today Act (or PROTECT Act) of2003. This law criminalized virtual child pornography and extended the legal definitionto include “a digital image, computer image, or computer-generated image that is, or isindistinguishable from, that of a minor engaged in sexually explicit conduct” (Brenner,2011: 57). This Act remedied previous problems experienced by the prosecution when thedefense argued that the individuals in the images were not actual but computer-324
generated victims. In this respect, an offender could claim that their actions caused noharm to real children. Prosecutors would have to challenge such attempts anddemonstrate how harm may have occurred. The revisions afforded by the Act of 2003shifted the burden of proof to the defense, so it is now their duty to prove that the childpornography images do not include actual victims.In addition, this Act included language criminalizing “obscene child pornography,”which involves any visual depiction, whether a sculpture, painting, cartoon, or drawingof minors engaging in sexually explicit conduct or obscene acts; or involves a minorengaging in bestiality, sadism, or masochistic abuse, or sexual acts of any kind; and lacksserious literary, artistic, or scientific value (Brenner, 2011). The language related to thevalue of the image is critical because it is synonymous with that of the Miller test ofobscene material in the Supreme Court. As a result, this helps ensure that this standard isconstitutional when applied to any criminal case.In the USA, all states and the District of Columbia have criminalized the use, creation,possession, and distribution of child pornography and the sexual solicitation andexploitation of minors (Children’s Bureau, 2015). These offenses are treated as felonies,though the range of sanctions varies in terms of years in prison based on the individual’sprior record and the severity of the offense. In addition, 12 states have established lawsthat require commercial film or photography processors and IT workers to report anychild pornography they identify in the course of their work (Children’s Bureau, 2015).These laws are not designed to require computer technicians to actively seek out orsearch for child porn content but, rather, to ensure that such content is reported in theevent that it is uncovered in the course of normal operations. Reporting any childpornography identified provides the individual and their company with immunity fromcriminal or civil liability in most states (Children’s Bureau, 2015). In the event that anindividual does not report child pornography to law enforcement at the state and/orfederal level, the individual may be charged with a misdemeanor and/or fined.International laws regarding child pornography vary based in part on local standardsfor obscene content and their sanctions for use or possession of pornography (ICMEC,2016). In the UK, the Protection of Children Act 1978 (PCA) was the first attempt tolegislate against this activity, making it illegal to obtain, make, distribute, or possess anindecent image of anyone under the age of 18 (Crown Prosecution Service, 2017). Thelaw was extended in 1994 through the Criminal Justice and Public Order Act toinclude images that appear to be photos, so called pseudo-photographs. Additionallegislation in 2009 called the Coroners and Justice Act extended the law to include allsexual images depicting youth under the age of 18, whether real or created (CrownProsecution Service, 2017). The current punishment structures enable an individual to beimprisoned for between five and ten years, depending on the offense and the nature ofthe content the individual either acquired or viewed. For instance, possession of childpornography can lead to a minimum of two to five years in prison, though it can extendbeyond that, depending on the nature of the pornography that the individual acquired(Crown Prosecution Service, 2017). In addition, the Serious Crime Act 2015 criminalized325
the possession of “any item that contains advice or guidance about abusing childrensexually” which may be referred to as a pedophile manual (Crown Prosecution Service,2017). Having such materials carries a maximum sentence of three years in prison.Canada uses a similar definition to that of the USA, though they also include audiorecordings of the sexual exploitation of children and written depictions of persons underthe age of 18 engaging in sexual activities or those who actively induce or encourage sexwith minors (Akendiz, 2008). In fact, Canadian courts can mandate that such content bedeleted from the Internet if the materials are available on a computer system withinCanadian borders. Their sanctions for child pornography are also similar to the USA, inthat the possession of child pornography is punishable by up to 10 years in prison, whilethe production and/or distribution of child pornography can lead to a 14-year prisonsentence (Seidman, 2013). Similarly, Australian law prohibits any sexual image, real orcreated, of children under the age of 18. Their sanctions regarding child pornographyoffenses are consistent regardless of the offense, whether the production or possession ofchild pornography, and include a fine of up to A$275,000 and up to ten years’imprisonment (Krone, 2005). All of these nations also have laws that require ISPs tomonitor and report the presence of child pornography on systems that they control. Inthe event that such materials are not reported, the ISP may be held liable for thedistribution of this content and eligible for fines and other sanctions (Brenner, 2011).In 2009, India criminalized sexual offenses involving a person under the age of 18through an amendment to the Information Technology Act of 2000. Under statute 67B,it is illegal for any person to:a. publish or transmit or cause to be published or transmit material in anyelectronic form which depicts children engaged in sexually explicit act orconduct orb. create text or digital images, collect, seek, browse, download, advertise,promote, exchange or distribute material in any electronic form depictingchildren in obscene or indecent or sexually explicit manner orc. cultivate, entice or induce children to engage in an online relationship with oneor more children for a sexually explicit act or in a manner that may offend areasonable adult ord. facilitate abusing children online ore. record in any electronic form their own sexual abuse of a child or that ofothers.This relatively comprehensive statute makes any of these offenses punishable by up tofive years in prison and/or a fine of 1 million rupees for the first conviction, whichincreases to seven years in prison on the second conviction.The Convention on Cybercrime (CoC) deals with child pornography under Article 9,requiring Member States to make it illegal to produce, distribute, offer, procure, orpossess child pornography via computer or media storage device. The CoC encourages326
the use of a definition of child pornography that includes visual depictions of minors,people who appear to be minors, or realistic images of minors engaged in sexual acts(Brenner, 2011). Due to the complexity of national standards, the CoC also allowssignatory nations to define minors as individuals under the age of 16 or 18, depending ontheir current standards, and may choose not to criminalize created images or thosewhere participants only appear to be minors (Brenner, 2011).Since November 2004, the International Center for Missing and Exploited Children haspublished eight reports comparing legislation on child pornography across theINTERPOL member countries. The first report in 2006 reviewed 184 INTERPOL membercountries and the most recent report (8th edition) included 196 countries. In 2006, theInternational Center for Missing and Exploited Children reported that 95 countries hadno legislation at all specifically addressing child pornography; this number has sincedropped to 35 countries in 2016 (International Center for Missing and ExploitedChildren, 2016). These 35 countries with no legislation addressing child pornographyinclude Dominica, Ethiopia, Iraq, and Kuwait, to name a few. The report concludes that“there has been significant legislative change over the last 10 years [.] [but] the questionremains whether countries that have legislation are in fact enforcing those laws”(International Center for Missing and Exploited Children, 2016: 17).Non-profit organization effortsIn the UK, the Internet Watch Foundation (IWF) is a charitable organization focusedon reducing the amount of child pornography and exploitation materials hostedworldwide and criminally obscene adult content in the UK. The IWF receives financialsupport from ISPs, technology and financial service providers, and the European Union(Internet Watch Foundation, 2017). Beginning in 1996, the IWF was created to provide ahotline for the public and IT professionals to report criminal content found on theInternet. These reports are processed and used to distribute takedown notices to ISPs inthe event that child pornography is identified. In fact, over 700,000 web pages have beenexamined since their inception, and the amount of child pornography hosted in the UKhas decreased to only 0.2 percent as a result of their efforts (Internet Watch Foundation,2016). In addition, the IWF provides a block list to ISPs and industry so that individualsare unable to access content hosted online. They also provide assistance to UK lawenforcement agencies to pursue the distributors and consumers of harmful content.For more on agencies dealing with child abuse and harm, go online to:1. www.iwf.org.uk/2. www.missingkids.com/home3. www.icmec.org327
The National Center for Missing and Exploited Children (NCMEC) is one of thekey non-profit organizations in the USA that deals with missing children and childexploitation. The Center began in 1984 under mandate from the US Congress and then-President Ronald Reagan as a clearinghouse for information and resources regardingthese crimes (National Center for Missing and Exploited Children, 2017). Currently, theNCMEC is funded in part by the US Congress, as well as by donations from the privatesector and matching donors. As a result, the NCMEC is authorized by Congress under 42USC 5773 and performs multiple roles to facilitate the investigation of crimes againstchildren (National Center for Missing and Exploited Children, 2017). Resulting from thePROTECT Our Children Act of 2008, the NCMEC operates a national toll-free hotline (1-800-THE-LOST) to collect information on runaway children, and the CyberTipline,which provides an electronic resource for individuals to report suspected incidents ofchild abuse, child pornography, and sexual exploitation. In fact, the Tipline has processedover 12.7 million reports since it was launched in 1998 (National Center for Missing andExploited Children, 2017).The NCMEC offers training programs for youth and educators involving the threatswhich children face online. The NCMEC also offers training and resources for lawenforcement, including the Child Victim Identification Program (CVIP), which trawlsthrough images of child pornography in order to determine the identity and location ofchild victims (National Center for Missing and Exploited Children, 2017). This programreceived more than 4,600 requests from law enforcement agencies across the globe in2014 alone, consisting of over 28 million images and video files (Krieg, 2015). In addition,they support a joint operation with the US Marshals service to track sex offenders whoviolate the terms and conditions of their sentences.The success of the NCMEC, and the recognition of a need for similar entities aroundthe world, led to the formation of the International Center for Missing and ExploitedChildren (ICMEC) in 1999. The Center is also a non-profit agency with a similar328
mission to the NCMEC, though it is focused on building partnerships in a global contextto better investigate child exploitation cases and build the legal capacity of nations sothat there is consistency in laws to prosecute these offenses (International Center forMissing and Exploited Children, 2017a). They not only focus on child abduction andharm, but also have a substantive set of resources to support the investigation of childpornography and exploitation cases.In particular, the ICMEC operates the Financial Coalition Against ChildPornography (FCACP), which comprises 35 financial institutions and ISPs whichoperate jointly to handle complaints of child pornography and disrupt the businessesthat are engaged in the sale of or profit generation from this content (InternationalCenter for Missing and Exploited Children, 2017b). They also offer training andassistance to law enforcement agencies internationally, along with legal consultations inorder to develop model child exploitation law and harmonize legislation internationally.The ICMEC has national operational centers in Belarus, Belgium, Greece, Russia, and theUSA, and has new regional offices in Singapore, Greece, and Latin America to betterservice the nations of Southeast Asia, Southeastern Europe, and Central and SouthAmerica, respectively (International Center for Missing and Exploited Children, 2017a).Law enforcement efforts to combat child pornAt the federal level in the USA, there are a number of agencies involved in theinvestigation of sexual offenses. The Federal Bureau of Investigation’s (FBI) ViolentCrimes Against Children (VCAC) program investigates a range of sexual offenses andcriminal activities that affect youth, ranging from child pornography to sex trafficking tokidnapping (FBI, 2017). This program became operational in October 2012 when two pre-existing programs, called the Innocent Images Initiative under the Cyber Division andthe Crimes Against Children (CAC) program within the Criminal Investigative Division,merged. Each of these groups had a unique function: the Innocent Images programinvestigated child exploitation and pornography cases online, while the CAC programhandled cases of child prostitution, abduction, and sex tourism (FBI, 2017). Combiningthese programs enabled a more effective approach toward the investigation of theserelated crimes and helped reduce the burden of pursuing the tremendous number ofinvestigations of child exploitation that were tasked to the Cyber division, which wasalready responsible for investigating hacking and fraud cases.The VCAC program now falls under the FBI’s Criminal Investigative Division anddevelops investigative leads, which are pursued by field agents in each of the 56 fieldoffices the Bureau operates across the USA (FBI, 2017). In each office, these cases areinvestigated by specialized Child Exploitation Task Forces (CETFs), which are jointoperations of federal, state, and local law enforcement officers. This program is bothreactive, in that it actively investigates leads and tips provided by the general public andreports collected by the NCMEC, and proactive, based on undercover investigations329
initiated by agents in chatrooms, social networking sites, websites, and file-sharingcommunities (FBI, 2017).The FBI also spearheads the Violent Crimes Against Children International TaskForce (VCACITF), which began in 2004 and is now the largest global task force in theworld that investigates child exploitation cases (FBI, 2017). This program investigatescases of child sex tourism in Southeast Asia and Latin America in order to developpractical evidence against US citizens who engage in such tourism so that they can besuccessfully prosecuted in the USA. Forty nations participate in this force, with 69 activeinvestigators, all of whom share information in order to investigate child exploitationcases (FBI, 2017)In addition, the FBI operates the Endangered Child Alert Program (ECAP), whichseeks to identify the adults featured in some child exploitation content so that they maybe brought to justice (FBI, 2017). The faces and identifying characteristics of individualsare stripped from the media and published as Jane/John Does in order to obtain arrestwarrants and actionable information about their real identities. A similar program,dubbed Operation Rescue Me, has been in operation since 2008 and is designed toidentify the victims of child exploitation. Analysts sift through newly posted images andvideos of child pornography in order to capture clues about the location and timeframeof when the media were made so that victim identities may be determined and saved.Thus far, the program has led to 41 youths being successfully identified frominformation available in these materials (FBI, 2017).The Immigration and Customs Enforcement (ICE) agency also plays an importantrole in the investigation of child exploitation cases (ICE, 2017a). Their role is oftenviewed in the context of managing the people and property that enter the USA, makingthe importation or distribution of child pornography and obscene content through itsborders, electronic or otherwise, an investigative priority for ICE agents. As a result, ICEmanages a program called Operation Predator, which is designed to facilitate theinvestigation of child exploitation, both in the USA and abroad (ICE, 2017a). Thisprogram has led to the arrest of more than 14,000 people for offenses including childporn production and distribution as well as sex trafficking of minors (ICE, 2017b). Notonly do agents actively investigate these crimes, but they also work with state and locallaw enforcement agencies to provide intelligence and investigative resources to identifyoffenders and victims. In fact, ICE recently developed a mobile phone app whichprovides alerts and information about suspected and wanted child predators so that thepublic can report these individuals to law enforcement if they are spotted (ICE, 2017a).This agency is also the US representative of Interpol’s working group on child sexualabuse online. Agents actively identify materials online and use these images and videosas the basis for investigative leads around the world (see Box 8.8; also ICE, 2017a).Box 8.8 Immigration and Customs Enforcementoperations in action330
29 arrested in international case involving live online webcam child abusewww.ice.gov/news/releases/1401/140116london.htm.An organized crime group that facilitated the live streaming of ondemand child sexual abuse in thePhilippines has been dismantled after a joint investigation by the U.K.’s National Crime Agency (NCA),the Australian Federal Police (AFP) and U.S. Immigration and Customs Enforcement (ICE).This article provides an overview of a recent case investigated by a joint operationincluding agents from the US Immigration and Customs Enforcement (ICE). Thecase spanned multiple nations, with victims across the globe.The US Postal Inspection Service also plays a role in the investigation of childexploitation cases, since child pornography and obscene content was distributed directlyvia postal mail prior to the development of the Internet. The Postal Inspectors haveinvestigated these offenses for more than 100 years as the law enforcement arm of theUS Postal Service (USPIS, 2017). There are approximately 1,280 criminal investigatorsworking within the office, as well as 611 armed uniformed officers (USPIS, 2017). Theyoften work hand in hand with other law enforcement agencies to investigate a range ofoffenses, including identity crimes and drug offenses. This is particularly true for childpornography cases, as the Service investigated 46 cases involving the use of postal mailto send or receive exploitative content, and made 46 arrests associated with these casesin 2016 alone (USPIS, 2017).For more information on the Postal Service’s investigative role, go online to:https://postalinspectors.uspis.gov/radDocs/2016%20AR%20FINAL_web.pdf.There are myriad specialized policing units at the federal or national level to331
investigate child pornography and exploitation cases around the world. The UK’s ChildExploitation and Online Protection (CEOP) Command is a part of the NationalCrime Agency (NCA), which became operational in October 2013. The CEOP handlesreports of exploitation, abuse, and missing youth, and will directly investigate threatsand coordinate responses, depending on the scope of harm across multiple areas (CEOP,2017). The CEOP also serves as the point of contact for multinational investigations inorder to coordinate responses within the UK while working in concert with otheragencies around the world. They also track registered sex offenders and pursue thosewho have failed to comply with any community notification requirements they may faceas a result of their release from prison. Local police agencies can also request computerforensic assistance or covert investigation resources from the CEOP to facilitate a caseagainst child predators. In addition to enforcement and investigative responsibilities, theCEOP also operates the ThinkUKnow program, designed to educate children and adultsabout threats to youth safety (CEOP, 2017).In Australia, the Federal Police has a special subgroup called the Child ProtectionsOperations (CPO) Team which investigates and coordinates the response to childexploitation cases both domestically and internationally (Australian Federal Police,2017). The Royal Canadian Mountain Police (RCMP) serve as a key investigativemechanism in Canada and offer training and investigative support for local agencies.They also serve as a key partner in the Canadian National Child ExploitationCoordination Centre (NCECC), the focal point of contact for online exploitation casesthat cross jurisdictional boundaries within Canada or internationally (RCMP, 2017). Allof these agencies also receive online reports and tips concerning child porn andexploitation to serve as a basis for investigation.In the USA, Internet Crimes Against Children (ICAC) task forces provide amechanism for coordination between local, state, and federal law enforcement, as well asprosecutors (ICAC, 2016). The ICAC program currently comprises 61 task forces, with apresence in every state. Some states with larger populations and geography havemultiple ICACs, such as Florida, California, and Texas (ICAC, 2016). The program beganin 1998 under mandate from the Office of Juvenile Justice and Delinquency Prevention(OJJDP) in order to improve the resources available to combat youth victimization at alllevels of law enforcement, including investigative resources, forensic and technologicalassistance, and prosecutorial guidance. In fact, there is now a regular schedule of digitalforensic and investigative training for ICAC investigators offered across the country,which are supported by various federal agencies (ICAC, 2016).Although this may seem like a complex organizational hierarchy to understand, theresponse to child pornography and exploitation cases requires multiple points ofcoordination and response. A successful investigation requires that arrests andtakedowns occur as close together as possible to avoid offenders realizing that they maybe caught and attempting to flee or destroy evidence that may implicate them incriminal activity. Investigations that begin at the local level may also lead to evidence ofcriminal activity in other nations, which may increase the scope of agencies that may332
need to become involved in order for arrests and prosecutions to be both legal andsuccessful.This is evident in the recent series of arrests that took place around the world as partof Operation Spade (Ha, 2014). This investigation began in Canada in 2010 andimplicated a child pornographer operating out of Romania under the name Azov Films,which produced content generated by individuals living in the USA, UK, and Australia,among other nations (Ha, 2014). Agencies within each country investigated domesticincidents, shared this information with their partner agencies abroad, and timed arrestsand takedowns to occur in such a way as to have the widest possible impact uponcontent generators and users. As a result, hundreds of people were arrested around theworld in 2013 and 2014.For more information on Operation Spade, go online to:www.sott.net/article/268763-Nearly-400-children-rescued-and-348-adults-arrested-in-Canadian-child-pornography-bust.Given that child exploitation cases can be international in scope, there is the VirtualGlobal Taskforce (VGT) which coordinates responses to multinational investigations.The VGT was established in 2003 and is an alliance of agencies and private industry thatwork together in order to identify, investigate, and respond to incidents of childexploitation (VGT, 2017). The team comprises federal law enforcement agencies inAustralia, Canada, Columbia, the Netherlands, New Zealand, the Philippines, SouthKorea, Switzerland, the United Arab Emirates, the UK, and the USA, as well as Europoland Interpol (VGT, 2017). The VGT takes complaints of child exploitation, coordinatesmultinational investigations, and provides resources for children and adults to protectthemselves online. They have been tremendously successful in investigating childpornography and abuse cases, leading to over 1,000 investigations and hundreds ofarrests around the world, as in the recent Operation Globe case (see Box 8.9 for details).333
Box 8.9 The Virtual Global Taskforce in actionhttp://virtualglobaltaskforce.com/2016/vgt-announce-20-arrests-in-6-months-from-operation-globe/.VGT announce 20 arrests in 6 months from Operation GlobeThe VGT released the results of “Operation Globe” [.] which resulted in the arrest of 20 offenders, and theidentification of approximately 30 victims in 18 cases, some of which are still ongoing.This study provides an overview of a recent case investigated and pursued bymembers of the Virtual Global Taskforce to combat child exploitation cases.334
SummaryTaken as a whole, it is clear that any new technology or application will likely become aplatform that individuals use in order to facilitate a sexual attraction to children. There isno immediate or easy solution to the challenge of eliminating child sexual abuse andvictimization. This is also one of the few crimes that can lead to substantive internationalinvestigations and cooperative working agreements among agencies. Given thattechnology changes so frequently and may be subverted by offenders in distinct ways,there will be a need for constant inquiry into the nature of sexual offenses in online andoffline environments to improve and adapt the criminal code to new offenses. Likewise,law enforcement must understand offender behaviors so as to better collect evidence thatcan support the investigation and prosecution of sex offenders.Key termsArrest warrantBrowserCanadian National Child Exploitation Coordination Center (NCECC)Child Exploitation and Online Protection (CEOP) CommandChild Exploitation Task Forces (CETF)Child loveChild pornographyChild Pornography Protection Act of 1996Child Protections Operations (CPO) TeamChild sexual abuse materialChild Victim Identification Program (CVIP)Children’s Internet Protection Act (CIPA)COPINE Scale (Combatting Paedophile Information Networks In Europe)Convention on CybercrimeCoroners and Justice ActCriminal Justice and Immigration Act 2008Criminal Justice and Public Order ActCyberTiplineDistributorEndangered Child Alert Program (ECAP)Federal Bureau of Investigation’s (FBI) Violent Crimes Against Children(VCAC)Financial Coalition Against Child Pornography (FCACP)335
GroomerGroomingHands-on contact offendersImmigration and Customs Enforcement (ICE)Information Technology Act of 2000International Center for Missing and Exploited Children (ICMEC)Internet Corporation for Assigned Names and Numbers (ICANN)Internet Crimes Against Children (ICAC)Internet Watch Foundation (IWF)National Center for Missing and Exploited Children (NCMEC)National Crime Agency (NCA)NetworkingNon-secure collectorNorth American Man-Boy Love Association (NAMBLA)Operation PredatorOperation Rescue MeOperation SpacePedophilePhysical abuserPrivate fantasy collectorProducerProsecutorial Remedies and Other Tools to end the Exploitation ofChildren Today Act (or PROTECT Act) of 2003Protection of Children Act 1978 (PCA)Protection of Children Against Sexual Exploitation Act 1977Secure collectorThinkUKnowTradersTravelersUS Postal Inspection ServiceViolent Crimes Against Children International Task Force (VCACITF)Virtual Global Taskforce (VGT)Discussion questions1. Since technology constantly evolves, what applications or devices do youthink may be misused in the future as a platform for individuals toengage in the production or distribution of child pornography?2. In what ways does the ability to communicate about sexual interests336
with children help make it possible for individuals to justify their actionsand offend over time?3. Why do you think we sanction individuals who possess or access childpornography with more severity than we do hackers or data thieves?Why would there be such differential sanction use?337
ReferencesAkdeniz, Y. (2008). Internet Child Pornography and the Law: National and InternationalResponses. New York: Routledge.Alexy, E.M., Burgess, A. W., and Baker, T. (2005). Internet offenders: Traders, travelers,and combination trader-travelers. Journal of Interpersonal Violence, 20(7), 804–812.American Psychiatric Association. (2013). Diagnosis and Statistical Manual of MentalDisorders (5th edn, text revision). Washington, DC: APA.Australian Federal Police. (2017). Online child sex exploitation. Available at:www.afp.gov.au/policing/child-protection-operations/online-exploitation.aspx.Babchishin, K. M., Hanson, R.K., and Hermann, C.A. (2011). The characteristics of onlinesex offenders: A meta-analysis. Sexual Abuse: A Journal of Research and Treatment,23, 92–123.Babchishin, K. M., Hanson, R. K., and VanZuylen, H. (2015). Online child pornographyoffenders are different: A meta-analysis of the characteristics of online and offlinesex offenders against children. Archives of Sexual Behavior, 44, 45–66.Barratt, M.J. (2012). Silk Road: Ebay for drugs. Addiction, 107, 683.Berlin, F.S. (2014). Pedophilia and DSM-5: The importance of clearly defining the natureof a pedophilic disorder. The Journal of the American Academy of Psychiatry and theLaw, 42(4), 404–407.Brenner, S. W. (2011). Defining cybercrime: A review of federal and state law. In R.D.Clifford (ed.), Cybercrime: The Investigation, Prosecution, and Defense of aComputer-related Crime (3rd edn) (pp. 15–104). Raleigh, NC: Carolina AcademicPress.CEOP. (2017). About CEOP. Available at: http://ceop.police.uk/About-Us/.Children’s Bureau. (2015). Mandatory Reporters of Child Abuse and Neglect. ChildWelfare Information Gateway. Available at:www.childwelfare.gov/pubPDFs/manda.pdf.CNN. (2003). Man accused of luring kids to porn sites. CNN, September 3, 2003. Availableat: www.cnn.com/2003/TECH/internet/09/03/trick.names/ .Cooper, B. (1998). Prostitution: A feminist analysis. Women’s Rights Law Reporter, 11,98–119.Cox, J. (2016). FBIs Dark Web child porn investigation stretched to Norway. ViceMotherboard, November 21, 2016. Available at:https://motherboard.vice.com/en_us/article/fbis-dark-web-child-porn-investigation-stretched-to-norway-playpen.Crown Prosecution Service (CPS). (2014). Extreme Pornography. Prosecution Policy andGuidance. Available at: www.cps.gov.uk/legal/d_to_g/extreme_pornography/.Crown Prosecution Service (CPS). (2017). Indecent Images of Children. Prosecution338
Policy and Guidance. Available at:www.cps.gov.uk/legal/h_to_k/indecent_images_of_children/.Durkin, K.F. (1997). Misuse of the Internet by pedophiles: Implications for lawenforcement and probation practice. Federal Probation, 14, 14–18.Durkin, K.F., and Bryant, C.D. (1999). Propagandizing pederasty: A thematic analysis ofthe online exculpatory accounts of unrepentant pedophiles. Deviant Behavior, 20,103–127.Durkin, K.F., and Hundersmarck, S. (2007). Pedophiles and Child Molesters. In E. Goodeand D.A. Vail (eds), Extreme Deviance (pp. 144–150). London: Sage.Federal Bureau of Investigation. (2002, March 17). Operation Candyman press release,March 17. Available at: www.fbi.gov/news/pressrel/press-releases/operation-candyman.Federal Bureau of Investigation. (2017). Violent Crimes Against Children/OnlinePredators. Available at: /www.fbi.gov/investigate/violent-crime/cac.Frei, A., Erenay, N., Volker, D., and Graf, M. (2005). Paedophilia on the Internet: A studyof 33 convicted offenders in the Canton of Lucerne. Swiss Medical Weekly, 135, 488–494.Green, R. (2002). Is pedophilia a mental disorder? Archives of Sexual Behavior, 31(6),467–471.Ha, T.T. (2014). Toronto child-porn investigation leads to major political scandal inGermany. The Globe and Mail, February 16, 2014. Available at:www.theglobeandmail.com/news/world/toronto-child-porn-investigation-leads-to-major-political-scandal-in-germany/article16914457/.Holmes, O. (2016). How child sexual abuse became a family business in the Philippines.Guardian, May 30, 2016. Available at:www.theguardian.com/world/2016/may/31/live-streaming-child-sex-abuse-family-business-philippines.Holt, T.J., Blevins, K.R., and Burkert, N. (2010). Considering the pedophile subculture on-line. Sexual Abuse: Journal of Research and Treatment, 22, 3–24.Immigration and Customs Enforcement (ICE). (2017a). Child Exploitation/ OperationPredator. Available at: www.ice.gov/predator/.Immigration and Customs Enforcement (ICE). (2017b). Federal Grand Jury Indicts IllinoisMan on Child Pornography Charges. Available at:www.ice.gov/news/releases/federal-grand-jury-indicts-illinois-man-child-pornography-charges.International Center for Missing and Exploited Children. (2016). Child Pornography:Model Legislation & Global Review. Available at:www.icmec.org/en_X1/icmec_publications/English__6th_Edition_FINAL_.pdf.International Center for Missing and Exploited Children. (2017a). About the InternationalCenter for Missing and Exploited Children. Available at:www.icmec.org/missingkids/servlet/PageServlet?LanguageCountry=en_X1&PageId=1222.339
International Center for Missing and Exploited Children. (2017b). Commercial ChildPornography: A Brief Snapshot of the Financial Coalition Against Child Pornography.Available at: www.icmec.org/wp-content/uploads/2016/09/FCACPTrends.pdf.Internet Crimes Against Children (ICAC). (2016). Internet Crimes Against Children TaskForce Program. Available at: www.icactaskforce.org/Pages/ICACTFP.aspx.Internet Watch Foundation (IWF). (2016). Annual Report. Available at:www.iwf.org.uk/sites/default/files/reports/2016-09/IWF%202015%20Annual%20Report%20Final%20for%20web.pdf.Internet Watch Foundation (IWF). (2017). About Us. Available at: www.iwf.org.uk/about-iwf.Interpol. (2017). Appropriate Terminology. Available at: www.interpol.int/Crime-areas/Crimes-against-children/Appropriate-terminology.Jenkins, P. (2001). Beyond Tolerance: Child Pornography on the Internet. New York: NewYork University Press.Jespersen, A. F., Lalumière, M. L., and Seto, M. C. ( 2009 ). Sexual abuse history amongadult sex offenders and non-sex offenders: A meta-analysis. Child Abuse & Neglect,33, 179 – 192.Klain, E. J., Davies, H. J., and Hicks, M. A. (2001). Child Pornography: The Criminal-justice-system Response (Report No. NC81). Available at:www.ncjtc.org/NCJTC_Member_Resources/Public/Child%20Pornography%20Criminal%20Justice%20Response.pdfKrieg, L. (2015). Child Exploitation Restitution Following the Paroline v. United StatesDecision. National Center for Missing and Exploited Children. Available at:www.missingkids.com/Testimony/03-19-15.Krone, T. (2004). A typology and online child pornography offending. Trends & Issues inCrime and Criminal Justice, 279, 2–6.Krone, T. (2005). Does thinking make it so? Defining online child pornographypossession offenses. Trends & Issues in Crime and Criminal Justice, 299. Available at:www.aic.gov.au/media_library/publications/tandi/tandi299.pdf.Lynch, M. (2002). Pedophiles and cyber-predators as contaminating forces: The languageof disgust, pollution, and boundary invasions in federal debates on sex offenderlegislation. Law & Social Inquiry, 27, 529–557.Mayer, A. (1985). Sexual Abuse: Causes, Consequences and Treatment of Incestuous andPedophilic Acts. Holmes Beach, FL: Learning.McCarthy, J.A. (2010). Internet sexual activity: A comparison between contact and non-contact child pornography offenders. Journal of Sexual Aggression, 16(2): 181–195.National Center for Missing and Exploited Children. (2017). FAQs. Available at:www.missingkids.com/Missing/FAQ.O’Donnell, I., and Milner, C. (2007). Child Pornography: Crime, Computers and Society.Portland, OR: Willan Publishing.O’Donohue, W., Regev, L. G., and Hagstrom, A. (2000). Problems with the DSM-IVdiagnosis of pedophilia. Sexual Abuse: A Journal of Research and Treatment, 12, 95–105.340
Pearl, M. (2016). Whatever happened to NAMBLA. VICE, March 24, 2016. Available at:www.vice.com/en_ca/article/whatever-happened-to-nambla.Perrien, M., Hernandez, A., Gallop, C., and Steinour, K. (2000). Admissions of undetectedcontact sexual offenses by participants in the Federal Bureau of Prisons’ sex offendertreatment program. Poster presented at the Nineteenth Annual Conference of theAssociation for the Treatment of Sexual Abusers, San Diego, CA.Pittaro, M. (2008). Sexual addiction to the Internet: From curiosity to compulsivebehavior. In F. Schmalleger and M. Pittaro (eds), Crimes of the Internet (pp. 134–150).Upper Saddle River, NJ: Pearson Education Inc.Quayle, E., and Taylor, M. (2002). Child pornography and the Internet: Perpetuating acycle of abuse. Deviant Behavior, 23, 331–361.Quinn, J.F., Forsyth, C.J., and Mullen-Quinn, C. (2004). Societal reaction to sex offenders:A review of the origins and results of the myths surrounding their crimes andtreatment amenability. Deviant Behavior, 25, 215–232.Rice-Hughes, D. (2005). Recent statistics on Internet dangers . Available at:www.protectkids.com/dangers/stats.htm.Rogers, M., and Seigfried-Spellar, K. (2013). Internet child pornography: Legal issues andinvestigative tactics. In T.J. Holt (ed.), Crime Online: Correlates, Cause and Context(2nd edn) (pp. 109–140). Raleigh, NC: Carolina Academic Press.Rosenmann, A., and Safir, M. P. (2006). Forced online: Pushed factors of Internetsexuality. A preliminary study of paraphilic empowerment. Journal ofHomosexuality, 51, 71–92.Royal Canadian Mounted Police (RCMP). (2017). National Child ExploitationCoordination Center Online Child Sexual Exploitation. Available at: www.rcmp-grc.gc.ca/ncecc-cncee/about-ausujet-eng.htm.Seidman, K. (2013). Child pornography laws “too harsh” to deal with minors sextingphotos without consent, experts say. National Post, November 16, 2013. Available at:http://news.nationalpost.com/2013/11/16/child-pornography-laws-too-harsh-to-deal-with-minors-sexting-photos-without-consent-experts-say/.Seigfried-Spellar, K.C. (2013). Measuring the preference of image content for self-reported consumers of child pornography. In Rogers and Seigfried-Spellar (eds),ICDF2C 2012, LNICST 114, pp. 81–90.Seigfried-Spellar, K.C. (2015). Assessing the relationship between individual differencesand child pornography image preferences in an internet sample of child pornographyconsumers. Presentation at the American Academy of Forensic Sciences Sixty-seventh Annual Scientific Meeting, Orlando, FL, February.Seigfried-Spellar, K.C. (2016). Deviant pornography use: The role of early-onset adultpornography use and individual differences. International Journal of Cyber Behavior,Psychology and Learning, 6(3), 34–47.Seigfried, K., Lovely, R., and Rogers, M. (2008). Self-reported Internet child pornographyusers: A psychological analysis. International Journal of Cyber Criminology, 2(1),286–297.341
Seto, M.C., and Eke, A. W. (2005). The criminal histories and later offending of childpornography offenders. Sexual Abuse: A Journal of Research and Treatment, 17, 201–210.Seto, M.C., Cantor, J.M., and Blanchard, R. (2006). Child pornography offenses are a validdiagnostic indicator of pedophilia. Journal of Abnormal Psychology, 115(3), 610–615.Seto, M.C., Hanson, R.K., and Babchishin, K.M. (2011). Contact sexual offending by menwith online sexual offenses. Sexual Abuse: A Journal of Research and Treatment, 23,124–145.Seto, M.C., Wood, J.M., Babchishin, K.M., and Flynn, S. (2012). Online solicitationoffenders are different from child pornography offenders and lower risk contactsexual offenders. Law and Human Behavior, 36(4), 320–330.Sheldon, K., and Howitt, D. (2005). A new kind of paedophile: Contact and Internetoffenders against children compared. Fifteenth European Conference on Psychologyand Law, Vilnius, Lithuania, July 1.Sinanan, A.N. (2015). Trauma and treatment of sexual abuse. Journal of Trauma andTreatment, S4, 1–5.Tate, T. (1990). Child Pornography: An Investigation. London: Methuen.Taylor, M., and Quayle, E. (2003). Child Pornography: An Internet Crime. Hove: Brunner-Routledge.Taylor, M., Holland, G., and Quayle, E. (2001a). Typology of paedophile picturecollections. The Police Journal, 74, 97–107.Taylor, M., Quayle, E., and Holland, G. (2001b). Child pornography, the Internet andoffending. Isuma, 2, 94–100.US Department of Justice. (2014). Citizen’s Guide to US Federal Law on Obscenity.Available at:www.justice.gov/criminal/ceos/citizensguide/citizensguide_obscenity.html.US Postal Inspection Service. (2017). Annual Report 2016. Available at:https://postalinspectors.uspis.gov/radDocs/2016%20AR%20FINAL_web.pdf.Virtual Global Task Force. (2017). VGT Making a Difference. Available at:www.virtualglobaltaskforce.com/what-we-do/.WCSC. (2013). Peer-to-peer child pornography a breeding ground for predators.Available at: www.wmbfnews.com/story/23270855/peer-to-peer-child-pornography.Webb, L., Craissati, J., and Keen, S. (2007). Characteristics of Internet child pornographyoffenders: A comparison with child molesters. Sexual Abuse: A Journal of Researchand Treatment, 19(4), 449–465.342
Chapter 9Cyberbullying, Online Harassment, andCyberstalkingChapter goals• Understand the difficulty in separating the term “bullying” fromharassment and stalking.• Identify the prevalence and correlates of cyberbullying.• Identify the correlates of cyberstalking.• Examine where and how cyberbullying is a crime.• Explore the laws designed to prosecute cyberstalking at the national andstate levels.• Explain why local law enforcement is more likely to investigate these formsof cyber-violence.• Discuss the extra-legal agencies that investigate these activities.343
Online threats, bullying, and harassmentThe development of email and other forms of CMC has completely changed the way inwhich we engage socially with others. Facebook, Twitter, Snap-Chat, and other socialmedia platforms make it easy for us to tell friends and the whole world what we are upto, when, and with whom, around the clock. Social living sites like Foursquare and evenexisting platforms like Facebook allow users to check into a location so that everyonecan know where to find them at any time of day. The ability to post videos and photosallows us to share virtually every facet of our lives with whoever is interested.The relatively open nature in which people can now lead their lives is unparalleledand limited only by an individual’s willingness to share. While it may seem thattechnology engenders users to be truthful about themselves and their lives, there isincreasing evidence that people are very willing to say and post whatever they can toeither become popular or to connect with individuals they are interested to meet.In fact, the creation and development of relationships through social media predicatedon false information has gained prominent attention in the past few years. This act hasbeen referred to as “catfishing” after the documentary movie and television show of thesame name (Peterson, 2013). Both the film and the show follow individuals as theyattempt to disentangle and identify who is actually behind the social networking profilewith whom they have built an emotional, though non-physical, relationship (see Box 9.1for an example of catfishing).Box 9.1 Catfishing in the newswww.bostonglobe.com/ideas/2013/01/27/catfish-how-manti-imaginaryromance-got-its-name/inqu9zV8RQ7j19BRGQkH7H/story.html.Catfish: how Manti Te’o’s imaginary romance got its name“Catfish” is the name of a 2010 documentary about an online romance that turned out to be predicated ona fictitious identity. The makers of the movie developed a spinoff reality show for MTV, also called“Catfish,” devoted to the same theme of duplicity in virtual relationships.This article provides an overview of catfishing and the ways in which individualsare affected by people who prey on their emotions and hide behind the anonymityafforded by technology.344
While catfishing is not illegal, individuals can be emotionally hurt as a result ofdiscovering a relationship that they developed is predicated on lies. In addition,catfishing is just one of many problematic behaviors that can emerge from the Internetand CMCs. When relationships dissolve and couples break up, there is some evidencethat the individual who was dumped may turn to email, Facebook, or even YouTube inorder to post comments about his or her ex that are disparaging or hurtful. Theincreasing ability that we have to take videos and images and send them to others hasled some to post intimate or candid materials in online public places in order toembarrass or shame their ex.At the same time, young people are increasingly using technology as a means to sendbullying or harassing emails to classmates or people that they do not like. Such messagesmay be readily ignored, but if the sender is persistent, or if others begin to “like” orrepost the messages, it may lead the victim to feel ashamed, frightened, or sad. Anumber of youth have tragically committed suicide over their experiences, though this isan extreme outcome. The most notable of these incidents occurred in 2006 with thesuicide of a young girl named Megan Meier. She befriended who she thought was ayoung boy about the same age named Josh Evans through the social networking siteMySpace (Morphy, 2008). Their conversations became frequent, and eventually shebecame emotionally attached to him. That is, until he began to send her mean andhurtful messages and told her that the world would be a better place without her. Shortlythereafter, Megan hanged herself and was found by her parents. It was subsequentlydiscovered that the boy she was talking with did not actually exist. The account was anearly instance of catfishing; it was actually created by Lori Drew, the mother of one ofMegan’s former friends. The two younger girls had a falling out, and Drew opened theaccount to embarrass Megan. Although the outcome was not at all what Drew hadintended (Morphy, 2008), it did not change the fact that Megan died.For more on the Megan Meier story, go online to: www.youtube.com/watch?v=fGYVHFYop9E.345
The Megan Meier case quickly became a lightning rod, drawing national attention tothe problem of cyberbullying. Unfortunately, multiple instances of suicides stemmingfrom cyberbullying have occurred worldwide. For instance, a 14-year-old girl namedHannah Smith in Lancashire, England killed herself after receiving hundreds ofharassing comments on the website Last.FM (Fricker, 2013). Similarly, a 16-year-old girlin Singapore was thought to have committed suicide as a result of a former boyfriendposting mean and hurtful comments on Facebook and via email (Chen, 2011).All of these instances demonstrate that the use of technology can cause real-worldharm, which David Wall would classify as cyber-violence (see Chapter 1 for furtherdiscussion). What we know about these issues, however, is challenged by theoverlapping definitions of bullying, harassment, and stalking, as well as our limitedknowledge of the prevalence of victimization. This chapter will explore these issues,beginning with the common definitions used for these offenses, estimates of bothvictimization and offending, and the impact they have upon victims in general. We willalso discuss the inherent legal challenges that have developed and the existing statutesthat may be used to prosecute these offenses. Finally, we will explore the agencies andgroups involved in the investigation of these offenses. In turn, readers should be able tohave a greatly expanded appreciation for the overlap of these events and the generalthreats these forms of online harm can pose to all Internet users.346
Defining cyberbullyingOne of the most prominent concerns of the past decade is the issue of bullying,particularly cyberbullying, due to the increasing prominence of technology and its useamong young people. In the physical world, bullying is typically defined as theintentional and repeated use of aggressive or negative behaviors based on an imbalanceof power between individuals, most typically a weaker victim (Klomek et al., 2008;Nansel et al., 2001; Olweus, 1993). Bullying may take multiple forms, ranging from verbalthreats or insults (like name-calling or teasing) to more serious physical harm (such asbeing hit or kicked). These behaviors may produce negative emotional reactions from thevictim due to embarrassment, shame, intimidation, anger, sadness, or frustration(Klomek et al., 2008; Nansel et al., 2001).Many of these characteristics are evident when considering bullying in virtualenvironments as well. In fact, cyberbullying may be defined as any intentional,aggressive behavior performed through electronic means (Hinduja and Patchin, 2008).Although a bully cannot physically injure an individual through CMCs, they can causeemotional harm and social embarrassment by sending threatening, mean, or hurtfulmessages via instant messaging, email, posts on social media, and text messages via cellphones (Hinduja and Patchin, 2008).For more on cyberbullying, go online to:1. www.cyberbullying.us.2. www.bullying.co.uk/cyberbullying/347
Similar to traditional bullying, cyberbullying can also take multiple forms. Willard(2007) proposed an eight-category typology of cyberbullying to characterize the activitiesof bullies and the experience of victims:1. Flaming: engaging in online fighting where users directly target one anotherwith angry or irritated messages, often featuring vulgar language.2. Denigration: making comments about individuals’ characters or behaviorsthat are designed to harm their reputation, friendships, or social positions, suchas saying that someone is homosexual or making fun of that person.3. Impersonation: falsely posting as other people to harm their reputation orsocial status by logging into their existing accounts to post messages or bycreating fake accounts to masquerade as that person.4. Outing: posting real personal information about individuals to embarrassthem, such as sending images of them in states of undress, posting who theyare attracted to, or information about homosexual preferences which may notbe known to the general public.5. Trickery: convincing individuals to provide personal information aboutthemselves in what they think is a personal conversation, which is thenrevealed to the general public.6. Exclusion: intentionally preventing others from joining an online group, suchas a network on Facebook or some other site online.7. Harassment: the repeated distribution of cruel or mean messages to a personin order to embarrass or annoy them.8. Stalking: the use of repeated and intense harassing messages that involvethreats or cause the recipient to fear for their personal safety.The typology proposed by Willard (2007) recognizes the substantive variation in harmthat may occur online. In addition, it recognizes that bullying does not require repeatedharm. Posting personal information online that was shared in confidence one time iscyberbullying. Messages, however, may also be sent repeatedly and nearlyinstantaneously to a prospective victim throughout the day (Jones, Mitchell, andFinkelhor, 2012). The constant exposure to hurtful messages can cause persistent andpervasive emotional and psychological harm to a victim. In addition, a message may beposted in multiple environments, such as Facebook, Twitter, and YouTube, within ashort space of time. As a result, multiple individuals may engage in a bullyingexperience by reposting content or “liking” what someone posts. This can causesignificant harm to a victim by making them feel as though the whole world is laughingat them and they cannot escape it. Thus, cyberbullying may be just as harmful to thevictim as real-world bullying – sometimes more.As a final point of concern, bullying may also be viewed as harassment or stalking.Many typically associate bullying, online or offline, with juvenile populations where348
power differentials are common. One researcher even went so far as to argue thatcyberbullying can only occur between minors, whereas any other involvement withadults should be viewed as harassment or stalking (Aftab, 2006). Others have suggestedthat adults can be bullied, particularly in the workplace where there is greater potentialfor individuals to intimidate or otherwise affect those with less power (Kowalski,Limber, and Agatston, 2008). This has some salience in school environments, wherestudents may attempt to harass their teachers online or make fun of them for certainactivities. However, the degree to which teachers are harassed or bullied by students hasbeen given relatively little focus. Most researchers focus instead only on the issue ofbullying in juvenile populations (Bossler, Holt, and May, 2012; Klomek et al., 2008;Marcum, 2010; Nansel et al., 2001). As a result, we will only discuss the issue of bullyingin the case of juveniles and discuss potential age variations later in the chapter.The prevalence of cyberbullyingRates of cyberbullying vary substantially based on the group of youth sampled, the timethe data were collected, and the way in which bullying was defined, or operationalized,by the authors. These issues make it quite difficult to accurately document the scope ofcyberbullying within a single place over time, let alone cross-nationally. In general, theproportion of children who have experienced cyberbullying is somewhat lower than thatof traditional bullying in the real world. Several nationally representative samples ofyouth in the USA indicate that the rate of bullying is between 11 (Nansel et al., 2001) and30 percent in a given year (Haynie et al., 2001). Rates in the UK demonstrate thatbetween 29 (Department for Children, Schools and Families, 2010) and 46 percent ofyouth experience bullying at some point in their lives (Chamberlain, George, Golden,Walker, and Benton, 2010). Thus, this is a substantive global problem for youthgenerally.Initial estimates of cyberbullying within the USA varied in the early 2000s, with ratesof between 6 percent (Thorp, 2004) and 7 percent during a 12-month period (Ybarra andMitchell, 2004). Recent estimates from the USA suggest that rates of cyberbullying haveincreased, which may be a reflection of greater access to technology at early ages.Kowalski and Limber (2007) found that 18 percent of a sample of middle school youthreported being cyberbullied over a 12-month period. Similarly, a recent study of 5,707 12-to 17-year-olds by Hinduja and Patchin (2016) found that 33.8 percent of their samplehad experienced cyberbullying at some point in their lives. Only 16.9 percent of thissample experienced cyberbullying victimization within 30 days of completing the survey,suggesting that victimization experiences may be distributed over time.These rates, however, may be a result of distinctive student samples, as results fromthe nationally representative National Crime Victimization Survey-SupplementalSurvey (NCVS-SS) on bullying and cyberbullying found that approximately 6 percent ofstudents aged 12 to 18 were cyberbullied during the 2008/2009 academic year (DeVoe,349
Bauer, and Hill, 2011). This figure remained relatively constant in sample data collectedbetween 2012 and 2013, with 6.8 percent of youth reporting being cyberbullied (USDepartment of Education, 2015).For more information and statistics on cyberbullying, go online to:http://cyberbullying.org/statistics.It is also important to note that there is some variation in cyberbullying victimizationrates and those of youth engaging in cyberbullying behaviors. Ybarra and Mitchell (2004)found 18 percent of a sample of youth engaged in cyberbullying offending in a one-yearperiod. A similar rate has been identified across multiple studies conducted by Hindujaand Patchin (2016). In fact, their first sample of 370 youth found that 20.1 percent of theirsample engaged in some form of online bullying. In one of their most recent studies from2016 with 5,707 youth, 11.5 percent of children engaged in cyberbullying behavior atsome point in their lifetimes. This is a lower rate of bullying behaviors compared toother studies, and only 6 percent of youth had engaged in cyberbul-lying behaviors overthe past 30 days when the survey was administered. Thus, there are some differencesevident in the rates of cyberbullying offending and victimization.When examined internationally, the rates of cyberbullying victimization reported arealso substantial and similar to those of the USA. Recent research from a Canadiansample suggests that almost 25 percent of middle school students had been cyberbullied(Li, 2008). Estimates from the UK suggest that rates of cyberbullying vary between 8 and38 percent of youth, depending on the form of victimization, time of data collection, andthe population studied (Department for Education, 2011; Tarapdar and Kellett, 2011). Amultinational study of youth in Greece, Iceland, the Netherlands, Poland, Romania, andSpain found that 21 percent of youth were victimized, with the highest rates observed inRomania (37%) compared to Spain (13%) and Iceland (13%) (Tsitsika et al ., 2015). A studyof 276 Turkish youth aged 14 to 18 indicated that 23.9 percent experienced cyberbullying,15.9 percent engaged in cyberbullying, and 21.4 percent experienced cyberbullying asboth victim and perpetrator (Erdur-Baker, 2010).Research on Asian populations is growing, and suggests that victimization rates maybe somewhat higher than in Western countries in some cases. Evidence from a recentmultinational study conducted by Intel (2015) found that 22 percent of youth betweenthe ages of 8 and 16 were cyberbullied, and 52 percent engaged in cyberbullying350
themselves. Research on cyberbullying in a Chinese sample suggests that the lifetimevictimization rate can be quite high, at 33 percent of a middle school population (Li,2008). Data from a nationally representative sample of youth in Singapore suggests thatwhile 67 percent of youth experience some form of physical bullying, only 18.9 percentexperience cyberbullying, and 18 percent report some form of cyberbullying via a mobiledevice during a 12-month period (Holt, Chee, Ng, and Bossler, 2013).351
Predictors of bullying online and offlineTaken as a whole, these statistics suggest that cyberbullying is a problem that at leastone out of every six youth may experience in his or her lifetime. It is not clear how thiswill change as smart phone adoption and social networking applications expand acrossthe world. Despite the lack of clarity on this issue, there are specific factors that mayincrease the risk of cyberbullying victimization for youth.First, females may be more likely to report cyberbullying victimization than malesbased on the way in which females and males differ in their expression of aggressionand harmful behaviors. Boys generally report higher levels of physical bullying andaggressive behavior; females appear to use more indirect tactics focused on causingemotional harm through behaviors like spreading gossip (Boulton and Underwood, 1992;Klomek et al., 2008; Nabuzoka, 2003). The evidence on sex differences for cyberbullyingvictimization, however, is mixed based on the sample population (Zych, Ortega-Ruiz,and Del Rey, 2015). Meta-analyses of cyberbullying research have found mixed resultsregarding the relationship between gender and bullying, suggesting that there may beminimal gender differences in the risk of cyberbullying victimization and offending(Zych et al ., 2015).Second, there is also a link between age and cyberbullying victimization. While mostresearch suggests that younger children are more likely to experience bullying in the realworld (Borg, 1999; Olweus, 1993), cyberbullying is more likely to be reported by olderyouth (Sbarbaro and Smith, 2011; Tokunaga, 2010; Zych et al ., 2015). The age variationsnoted may stem from differential access to technology, since the very young may havelimited access to computer and mobile phone technology (Smith et al., 2008). As childrenreach their early teens they are more likely to gain access to computers and phones,thereby increasing their exposure to bullying. This issue may, however, exacerbate overtime with increasingly early exposure to mobile devices.Third, in keeping with access to technology, the use of certain technologies mayincrease the risk of cyberbullying victimization. Spending time online in social networks,chatrooms, and on email can increase one’s risk of experiencing electronic bullying orharassment (Berson, Berson, and Ferron, 2002; Hinduja and Patchin, 2008; Holt andBossler, 2009; Twyman, Saylor, Taylor, and Comeaux, 2010; Ybarra and Mitchell, 2004).Ybarra and Mitchell (2004), however, also found that increased use of the Internetgenerally may also increase the odds of online harassment victimization for females, butnot for males.Fourth, the methods through which individuals share information in onlineenvironments are also related to victimization because it decreases personalguardianship, or the ability to protect oneself from harm. Individuals who providesensitive information about themselves in public places, like a social network profile,352
have an increased risk of bullying victimization (Mitchell, Finkelhor, and Becker-Blease,2007). Posting school schedules, home addresses, or images and stories of themselves incompromising situations provides offenders with fodder for attack (Hinduja and Patchin,2009). The increased emphasis on photo and video-based social media applications likeInstagram and Snapchat also creates opportunities for individuals to target someonebased on their gender or appearance. As a consequence, individuals who do not managepersonal or sensitive information carefully may increase their risk of victimization.Fifth, being bullied in the real world is also unfortunately a strong predictor for beingbullied in the virtual world as well. The relationship between bullying across bothenvironments appears consistently, regardless of where the sample was generated(Erdur-Baker, 2010; Hinduja and Patchin, 2008; Kowalski and Limber, 2007; Ybarra andMitchell, 2004; Zych et al ., 2015). This may be due to the fact that being bullied in thereal world could immediately make someone a target for bullying in virtual spaces. Inaddition, the difficulty in escaping the bullying experience when it operates both onlineand offline may have a greater impact upon the victim, making them more likely toreport negative psychological and emotional outcomes (Holt et al., 2013; Olweus, 1993;Tokunaga, 2010).To understand the predictors of bullying, we must also examine it from the offender’spoint of view in order to provide insight into which youth are more likely to bullyothers. In general, these youth appear to have a temper and may be easily frustrated(Camodeca and Goossens, 2005; Holt, Bossler, and May, 2012). They are also more likelyto report lower levels of self-control and display behaviors indicating that as well. Forexample, they report greater problem behaviors at school (Hinduja and Patchin, 2008). Atthe same time, they also have low compassion and empathy toward others, making itdifficult for them to understand how their actions affect other people (Camodeca andGoossens, 2005).Individuals who engage in cyberbullying also tend to engage in assaultive behaviorsoffline, including bullying behaviors (Hinduja and Patchin, 2008). Cyberbullies alsoappear to spend more time online and to engage in various online activities ranging fromchecking email to spending time in social networking sites, which is sensible given themechanisms needed in order to bully others online (Hinduja and Patchin, 2008). Thereare, however, few demographic correlates, as neither gender nor age appears to beclearly related to cyberbullying activities. Studies find that both males and femalesengage in cyberbullying, though females may do so with somewhat greater frequency(Zych et al ., 2015). Similarly, studies have found mixed relationships between age andcyberbullying (Tokunaga, 2010; Zych et al ., 2015). As a result, it is important that weconsider how the behavioral and attitudinal correlates of bullying may be used to betterunderstand and intervene in bullying encounters to reduce the negative outcomes whichchildren may experience.The challenge of online harassment and stalking353
As identified earlier, some categorize harassment and stalking under the definition ofcyberbullying. These definitional issues make it difficult to truly differentiate betweenharassment and stalking. In fact, Sinclair and Frieze (2000) argue that there is no way toidentify what behaviors should be classified as harassment or stalking, and thus theterms should be used interchangeably. There are, however, a few salient points thatcould be made in order to identify when an incident may be defined as onlineharassment or as cyberstalking. While both behaviors involve the constant use ofemail, text, or some other form of CMC, the effects which these messages have on thevictim are pertinent. Instances of harassment may be viewed as bothersome, annoying,or unwanted by the recipient, but these communications do not necessarily portray athreat (Turmanis and Brown, 2006). By contrast, cyberstalking may lead a victim to fearfor their personal safety and/or experience emotional distress (Bocij, 2004). In both cases,the recipient should indicate to the sender that they want the messages to stop. Such anindication is important in order to help law enforcement pursue a criminal case againstthe sender.It is also important to recognize that cyberstalking is related to, but not equivalent to,traditional stalking activities (Bocij, 2004; Bocij and McFarlane, 2002). In cases of real-world stalking, the actor may track his or her victim and show up unannounced andunwelcome in various places, which may intimidate or cause fear in the victim (Bocij,2004). Cyberstalking may involve a variety of online activities that produce similarresults, such as monitoring a person’s online behaviors, gathering personal informationabout that individual through various outlets, and sending hostile or threateningmessages that imply they will cause bodily harm to the victim or to their property (seeBox 9.2 for an example; also Bocij, 2004).Box 9.2 Vickie Newton and negative outcomes ofcyberstalkingwww.fbi.gov/news/stories/woman-sentenced-for-cyberstalking.Woman sentenced for harassing victim on social mediaThe messages were relentless. A California woman couldn’t escape the barrage of malicious texts, phonecalls, and social media posts originating from a mysterious individual with whom she had no previous354
connection.This article provides insights into the experiences of an obsession-based stalker whowent from being a criminal justice student in university to a convicted felon becauseof her fixation on a woman.The range of cyberstalking does not simply end with virtual threats. A fewcyberstalkers have sent malicious software, like keylogging programs, in order tomonitor all aspects of their victims’ behaviors (Bocij, 2004). Other cyberstalkers createfalse posts in various sites impersonating their victims in order to embarrass them orcause them physical harm (Bocij, 2004). For instance, a convicted cyberstalker in the USAnamed Shawn Sayer posted sexually explicit videos of his ex-fiancée to porn sites underher actual name, along with a Facebook account that reposted the videos (Hoey, 2012).He would then contact individuals who liked the content and arranged meetings withthe men at her home in order to have sex. The various men who showed up at thevictim’s home were then confused when she had no idea why they were there and madeher fear that she would be raped or otherwise hurt.A cyberstalker, however, does not have to engage in real-world stalking and vice versa(Bocij, 2004). The anonymity afforded by the Internet, coupled with the volume ofinformation available about individuals via social network sites and other self-generatedcontent, allows people to engage in stalking behaviors with ease. In addition,cyberstalkers need not know their victims, which is in contrast to real-world stalking.Instead, a prospective stalker can identify any random target through Google searches orsimple online interactions. The threats posed by cyberstalkers can be just as serious asthose in the real world, and can produce the same response in victims as those found intraditional stalking activities offline (Bocij, 2004).For an example of a stranger-driven case of cyberstalking, go online to:www.bbc.co.uk/newsbeat/article/32379961/cyber-stalking-when-looking-at-other-people-online-becomes-a-problem.Rates of harassment and stalking355
In light of the challenges inherent in differentiating between harassment and stalking, itis important to attempt to identify the rates of these offenses in the general population.One of the best estimates of online harassment in the USA comes from the YouthInternet Safety Survey (YISS) sponsored by the National Center for Missing andExploited Children (Jones et al., 2012). This study of youths aged 10 to 17 years who usedthe Internet regularly was administered in three waves: the first in 2000, the second in2005, and the third in 2010. There was an increase in online harassment victimizationacross the three time periods. First, the proportion of youth who reported onlineharassment, as defined by receiving threats or offensive comments either sent to them orposted about them online for others to see, increased from 6 percent in 2000 to 9 percentin 2005 to 11 percent in 2010. Within these samples, the number of youths who reporteddistress, as measured by fear or being upset due to the harassment, increased from 3percent in 2000 and 2005 to 5 percent in 2010. In addition, the proportion of youths whoexperienced repeated harassment increased from 2 percent in 2000 to 4 percent in 2005 to5 percent in 2010 ( Jones et al., 2012).The YISS also captures youth engaging in harassment against other children. Thesefigures showed an increase in the proportion of youth engaging in harassment withineach wave (Jones et al., 2012). Specifically, those youths posting rude or nasty commentsonline increased from 14 percent in 2000 to 28 percent in 2005 to 40 percent in 2010. Asimilar increase was evident in youths who used online spaces to embarrass or harasssomeone out of anger or spite. This rate increased from 1 percent in 2000 to 9 percent in2005 to 10 percent in 2010. These figures illustrate that the prevalence of harassment hasincreased for modern youth.Similar responses are noted in populations of college students using assessments oftheir experiences over a 12-month period, though it again depends largely on thepopulation sampled. In a study of New Hampshire college students, Finn (2004) foundthat 10 to 15 percent of students reported receiving harassing messages via email orinstant messaging, and more than half received unsolicited pornography. Similarly, Holtand Bossler (2009) found that 18.9 percent of a convenience sample of college students ata southeastern university received unwanted emails or instant messages. In addition, in arandom sample of students from a single university, Marcum, Ricketts, and Higgins(2010) found that harassment victimization ranged from 6.5 to 34.9 percent, depending onthe type of harassment reported.There are also a small number of sources available to understand the scope ofcyberstalking. One of the few truly nationally representative studies assessingcyberstalking in the USA comes from the National Crime Victimization Survey-Supplemental Survey (NCVS-SS) (Catalano, 2012). Using a population sample of 65,270people collected in 2008, the survey found that 26.1 percent of those who reported beingstalked were sent emails that made them fearful. Similarly, Fisher, Cullen, and Turner(2000) developed a nationally representative sample of college students and found that24.7 percent of those who were stalked received repeated emails that seemed obsessive orled them to feel fear. Spitzburg and Hoobler (2002) found some degree of variation in356
responses based on the type of stalking reported, ranging from 1 to 31 percent for morecommon activities.For more on the NCVS study, go online to:www.bjs.gov/content/pub/pdf/svus_rev.pdf.In Canada, statistics suggest that 7 percent of all adults receive threatening oraggressive emails and instant messages (Perrault, 2013). The majority of these messagescome from strangers (46 percent of male victims; 34 percent of female victims), oracquaintances (21 percent of male victims; 15 percent of female victims; Perrault, 2013).A recent survey conducted by the National Centre for Cyberstalking Research (2011)in the UK found that approximately 75 percent of a sample of 353 people experiencedsome form of online harassment. The majority of messages were sent via socialnetworking sites (62.1 percent males; 63.1 percent females) or through personal emailaccounts (55.8 percent males; 56.4 percent females). There are, however, no currentnational statistics collected within the UK to assess arrest rates or victim reports ofcyberstalking victimization (National Centre for Cyberstalking Research, 2011).Understanding victims’ experiences of cyber-violenceIt is clear that many aggressive and hurtful comments can be sent through CMCs andthat many people are victimized as a result. The responses that victims have to bullying,harassment, and stalking, however, are quite varied. A proportion of individuals are ableto brush off their experience and move forward without taking the comments of theirharasser or stalker to heart. However, some experience emotional or physical harm, anda very small proportion even go so far as to seriously contemplate suicide (Ybarra andMitchell, 2004). To better understand the victim response, we will examine each form ofcyber-violence in turn.Cyberbullying produces effects often mirroring reactions to physical bullying. Victimsof cyberbullying often exhibit symptoms of depression, stress, and anxiety (Ybarra andMitchell, 2004). Social withdrawal and school failure may also occur. These responses aremore likely if cyberbullying incidents occur in tandem with offline bullying. Youngpeople may begin to skip school, or be truant, in order to try to avoid persistent or357
repeated victimization (Katzer, Fetchenhauer, and Belschak, 2009; Ybarra et al., 2007). Infact, data from a nationally representative survey of youth suggests that 4 percent ofchildren who were cyberbullied skipped school, relative to the 0.04 percent of those whoskipped school but were not victimized (Robers, Zhang, Truman, and Snyder, 2012).Truancy may also occur because the victim feels that school is no longer a safe place tobe, particularly when they experience substantive bullying both online and offline(Varjas, Henrich, and Meyers, 2009).Some youth may also skip school to avoid shame, embarrassment, and stigmaassociated with their bullying experiences online or offline. In fact, Kowalski et al. (2008)argue that the negative impact of cyberbullying can even be worse than physicalbullying experiences, due to the persistent nature of their victimization. A youth may beshoved, hit, or called names in the hallways at school, but they can escape thatexperience once they leave the campus. In contrast, cyberbullying is much more difficultto avoid, as bullying messages can be sent continuously to the victim, be reposted byothers, and can also reappear, making the victim feel helpless (Campbell, 2005; Li, 2006).One of the most noteworthy examples of the impact of cyberbullying upon youthdepression and behavior is the experience of Ghyslain Raza, also known as the “ StarWars Kid. ” The 15-year-old Raza, a high school student in Trois-Rivieres, Quebec,Canada, made a video of himself swinging a golf ball retriever (Wei, 2010). Hismovements were similar to the style of Darth Maul, the dual-lightsaber-wielding SithLord from Star Wars: Episode 1. Raza had set up a camcorder to make a tape of himselffor a school project in the fall of 2002 and filmed himself with no intention of othersseeing his “lightsaber” strikes. However, one of his classmates found the tape in April2003 and showed it to a friend, who then converted the tape to a digital format. The twoboys then distributed the video via email to friends, and it began to spread across thestudent body. One student even posted the video to a peer-to-peer file-sharing site withthe title Jackass_starwars_funny.wmv, where it became a viral phenomenon.The mental anguish young Raza experienced was quite severe because so many peoplesaw the video and constantly made fun of him for his activities. He became severelydepressed, dropped out of school, and was institutionalized for psychological treatmentby the end of 2003 (Wei, 2010). Raza’s family sued the families of four of the boys whodiscovered the video and posted it online for damages and emotional harm, which led toan out-of-court settlement for an undisclosed amount. The video, however, has beenseen over 1 billion times on various online media outlets since it was first posted. Thus,the global spread of hurtful content can have a substantial impact upon a victim’semotional well-being.In addition to school absences and emotional harm, some victims of cyber-bullyingreport having suicidal thoughts, or suicidal ideation, as a result of their experiences(Hinduja and Patchin, 2008; Klomek et al., 2008; Li, 2006). Individuals who experiencesuicidal ideation often have negative attitudes generally, which may be a long-termconsequence of bullying experiences online and offline (Arseneault et al., 2006; Beranand Li, 2007; Nansel et al., 2001). Over the past few years, there has been a substantial358
amount of media attention around cyberbullying and suicide. Much of this stems fromthe seminal Megan Meier case discussed earlier and the multiple incidents ofcyberbullying victimization leading to suicides around the world (see Box 9.3 for detailson the Audrie Pott suicide case). Thus, the connection between virtual and realexperiences must be considered further.Box 9.3 The unfortunate suicides resulting frombullyinghttp://usnews.nbcnews.com/_news/2013/04/14/17747411-california-case-another-three-part-tragedy-of-rape-cyber-bullying-and-suicide?lite.California case another three-part tragedy of rape, cyberbullying andsuicideThree boys accused of sexually assaulting a 15-year-old California girl who took her own life after picturesof the attack were posted online are due in court this week, as authorities ramp up their investigation intothe latest case involving rape and cyber bullying.This article provides an overview of the harm that can result from cyber-bullyingincidents, as evident in the case of a young girl who committed suicide after beingassaulted and having pictures of the incident posted online and shared by others.Victims of cyberstalking and online harassment may report similar experiences tothose of bullying because of the persistent messages and threats they receive. Inparticular, victims typically report feeling powerless, shamed, and socially isolated fromothers (Ashcroft, 2001; Blauuw et al., 2002). Anxiety and depression may also be acommon outcome due to concerns about actualizations of threats or the worry overreceiving more messages.Some victims of bullying, stalking, and harassment may begin to change theirbehaviors as a response to their victimization, deciding to either take steps to defendthemselves or reduce their risk of further victimization. For instance, evidence from theNCVS supplemental study on bullying (Catalano, 2012) found that those who werecyberbullied were more likely to carry a knife, gun, or other defensive weapon to school.359
A comparative analysis by Sheridan and Grant (2007) found no differences in thebehavioral patterns of victims of either traditional or cyberstalking. Victims of traditionalstalking report changing their behavior patterns in order to reduce the risk ofvictimization. Some also change their address, phone number, or email address in orderto help reduce their ability to be identified (Baum, Catalano, Rand, and Rose, 2009;Nobles, Reyns, Fox, and Fisher, 2012). A small proportion of victims also begin to carry adefense weapon, like pepper spray (Wilcox, Jordan, and Pritchard, 2007; Nobles et al.,2012). Approximately 10 to 15 percent of victims either stop spending time aroundfriends or family in order to minimize their risk of exposure, or they stay with lovedones in order to increase their feelings of personal safety and protection (Nobles et al.,2012). Victims who felt higher degrees of fear were more likely to engage in a highernumber of these self-protective behaviors (Nobles et al., 2012).Reporting online bullying, harassment, and stalkingAlthough there are substantive psychological and behavioral consequences for victims ofbullying, harassment, and stalking, it appears that very few report these incidents toagencies or individuals who can help them. While many researchers examine theprevalence of cyberbullying or traditional bullying, few have considered how often thesebehaviors are reported. One of the only studies to look at reporting with a nationallyrepresentative sample suggests that approximately 75 percent of children harassed toldsomeone about the incident, though they primarily told friends rather than parents(Priebe, Mitchell, and Finkelhor, 2013). Similarly, the NCVS supplemental survey onbullying (Catalano, 2012) found that 31 percent of youths contacted a teacher or schoolofficial about their experience. Those who did not report the incident made this decisionbecause they felt that it was either not serious enough or was so common that no onewould take them seriously (Priebe et al., 2013).The lack of reporting to parents or authority figures may be a consequence ofconcerns among youth that they may lose access to the technology that enablescyberbullying (Hinduja and Patchin, 2009; Marcum, 2010). In fact, youth who experiencecyberbullying were likely to have had a conversation with their parent(s) aboutharassment and the risks associated with online communication, though it did not affecttheir likelihood of reporting the incident (Priebe et al., 2013). A logical parental responsemay be to take away their child’s cell phone or perhaps limit the amount of time theycan spend online. Such a response may be undesirable, especially for a teenager who hasonly recently acquired a cell phone or is used to having unrestricted access totechnology.Instead, many youths who are cyberbullied tend to simply delete the messages theyreceive, ignore it where possible, or block the sender in order to reduce their exposure(Parris, Varjas, Meyers, and Cutts, 2012; Priebe et al., 2013). In fact, most youth report theincident only if they feel it is severe (Holt-feld and Grabe, 2012; Slonje, Smith, and360
Frisen, 2013), such as if it lasts for several days or produces a severe emotional response(Priebe et al., 2013). Limited research on the topic suggests that reporting cyberbullyingexperiences to parents decreases as youths age (McQuade, Colt, and Meyer, 2009; Slonjeet al., 2013). Instead, teens are more likely to report cyberbullying experiences to theirpeers as a coping strategy. In addition, parents do not appear to report instances ofcyberbullying to police owing to perceptions that they will not be able to handle the casedue to limited laws (Hinduja and Patchin, 2009; McQuade et al., 2009). Similarly, there issome evidence that school administrators may not want to contact police due toconcerns over how the incident will impact the school’s reputation (McQuade et al.,2009).Similar issues are evident in the number of cyberstalking or harassment cases reportedto law enforcement agencies. Statistics on victim reporting from the NCVS suggest thatapproximately 42 percent of female stalking victims and 14 percent of female harassmentvictims contacted police (Catalano, 2012). The data reported for this study were amendedrecently due to errors in the way in which some acts of stalking and harassment werecoded. As a result, it is not clear how many cases were actually made known to police(Catalano, 2012). Using information from a nationally representative sample of femalecollege students, Fisher and her colleagues (2000) found that less than 4 percent ofwomen sought a restraining order against their stalker and less than 2 percent filedcriminal charges. Although there is less information available on cyberstalking andharassment victim reporting internationally, evidence from the Canadian Uniform CrimeReporting (UCR) Survey found that the majority (70%) of victims reporting intimidationor harassment online were female (Perreault, 2013).The lack of reporting for stalking and harassment cases may be due to a perceptionamong victims that their case will not be taken seriously by law enforcement (Nobles etal., 2012). Victims of crimes like sexual assault or domestic violence often feel that theirexperience is not serious enough to report to police or will not be viewed as real byofficers. In much the same way, victims of stalking and harassment cases, online oroffline, may assume that officers will not be inclined to make a report or investigate. Asa result, victims may feel abandoned by the criminal justice system and may proactivelychange behaviors that are perceived to put them at risk for further harassment. In fact,research suggests that victims who feel greater levels of fear because of the incident andperceive that they are being stalked are more likely to engage in multiple self-protectivebehaviors (Nobles et al., 2012).Regulating online bullying, harassment, and stalkingThe prevalence of these various person-based online crimes requires substantive criminallaws in order to prosecute individuals who choose to engage in these behaviors. Theamount of legislative effort placed on these crimes, however, is mixed, depending on theoffense. For instance, there are no federal statutes in the USA concerning bullying or361
cyberbullying. This is not a substantial issue given that most instances of cyberbullyinginvolve people living in close physical proximity to one another.Some advocates called for the development of new federal laws following the death ofMegan Meier and the subsequent failure to successfully prosecute this case. Specifically,Lori Drew, one of the two women responsible for the creation of the false MySpace pageand comments that led to Meier’s suicide, was charged in federal court for violations ofthe Computer Fraud and Abuse Act (Steinhauer, 2008; see Box 9.4 for details on theapplicability of these statutes). She was charged with three felony counts of computerfraud and one conspiracy count under the assumption that she violated MySpace’s termsof service, which included the stipulation that users could not create fictitious accounts.The jury found Drew guilty on these three charges, though they were reduced tomisdemeanor counts, and the conspiracy charge was thrown out (Steinhauer, 2008). Thethree charges of computer fraud, however, were also thrown out and Drew was fullyacquitted in July 2009 after the judge argued against the use of this statute, which isnormally reserved to prosecute computer hackers and data thieves (see Chapters 3 and 6for details on the statutes; also Zetter, 2009).Box 9.4 The Computer Fraud and Abuse Act applied toMegan Meier’s deathwww.ecommercetimes.com/story/65424.html.The Computer Fraud Act: bending a law to fit a notorious caseOfficials were determined to punish Lori Drew for something – the suicide of young Megan Meier seemeda direct consequence of her actions [.] Drew ultimately was convicted of three misdemeanors, butprosecutors had to stretch a law beyond its original intent in order to win that outcome.This article explains how Lori Drew was prosecuted under CFA statutes in the USA,and why the case was fraught with difficulty. The case demonstrates whycybercrime law must be developed with flexibility and prospective application astechnologies change.In the wake of the failed prosecution and debate over the utility of existing legislation,362
the Meier family began to pursue the creation of new laws to protect victims and seekjustice against offenders at the federal level. This led to the development of US HR1966,called the Megan Meier Cyberbullying Prevention Act, which was proposed in 2009.This legislation would have made it illegal for anyone to use CMC “to coerce, intimidate,harass or cause substantial emotional distress to a person,” or use electronic resources to“support severe, repeated, and hostile behavior” (Hinduja and Patchin, 2013: 17). Theproposed legislation would have allowed for either fines or a two-year prison sentence.This resolution was not successfully passed into law (see Box 9.5 for details on the failureof this legislation).Box 9.5 The failure of the Megan Meier bullyinglegislationwww.wired.com/threatlevel/2009/09/cyberbullyingbill/.Cyberbullying bill gets chilly receptionProposed legislation demanding up to two years in prison for electronic speech meant to “coerce,intimidate, harass or cause substantial emotional distress to a person” was met with little enthusiasm by aHouse subcommittee on Wednesday.This article provides an overview of the failures in creating legislation to outlawcyberbullying at the federal level in the USA. The political and legal challenges thataffect the adoption of legislation are both interesting and divisive and are furtherelaborated in this work.Although the lack of federal legislation on bullying is bothersome, 49 states (withMontana as the sole hold-out) and the District of Columbia have laws in placeconcerning bullying and require that schools have policies in place concerning bullyingbehaviors (Hinduja and Patchin, 2016). In addition, 48 states have language in theirlegislation recognizing the terms cyberbullying or online harassment (Hinduja andPatchin, 2016). In addition, 20 states and the District of Columbia provide criminalsanctions for bullying behaviors (Hinduja and Patchin, 2016). Virtually all states (45)require schools to provide some sort of punishment for bullying so as to affect the363
behaviors of the bully and give some retribution for victims.Fifteen states and the District of Columbia also include language indicating thatbullying may occur off-campus and can still be sanctioned (Hinduja and Patchin, 2016).Some argue that it may be inappropriate to extend school jurisdictions beyond the schoolgrounds, as parents should be responsible for managing youth behavior. Given theimpact that bullying victimization can have upon students’ academic performance,attendance, and mental health generally, some argue that it is necessary for schools toextend protection to students and sanction bullies who engage in harmfulcommunications while off-campus.The complexities inherent in legislating against bullying are also evident around theworld. Singapore recently criminalized online harassment and bullying behaviors underthe Protection From Harassment Act (2014), which includes the (1) use of anythreatening, abusive, or insulting words or behavior, or (2) making threats, abusive, orinsulting communication that may be seen, heard, or perceived by another person tocause harassment, alarm or distress. There is, however, no legislation at the nationallevel in Canada, Australia, or the UK. Legislation has been proposed in the past, as withCanadian Bill C-13 that would make it a crime to share an intimate image without theconsent of the subject of the image, punishable by up to five years in prison. Althoughthe bill failed, the province of Nova Scotia implemented its own laws to protect victimsfrom offenders through protective orders, as well as civil suits for damages (see Box 9.6for details on the incident which led to the creation of this law; also Serfas, 2013). It waslater struck down by the Supreme Court within the province due to its being consideredoverly broad. Similarly, there is no law designed specifically to deal with cyberbullyingin the UK, the European Union, or Australia (Cybersmile, 2017). These offenses may beprosecuted under other existing laws, though nations may choose to developcyberbullying-specific legislation in the near future as public outcry increases.Box 9.6 The suicide of Rehtaeh Parsonswww.theguardian.com/society/2013/aug/09/rehtaeh-parsons-suicide-charged-photos.Rehtaeh Parsons suicide: two charged over photos in cyberbullying cases364
Police in Canada have charged two young men with distributing child pornography in the cyberbullyingcase of Rehtaeh Parsons, a 17-year old who killed herself after a photo of her allegedly being raped wasshared online.This article provides an overview of the case of Rehtaeh Parsons, a young girl inNova Scotia who was allegedly raped by two men and a photo of the incidentwound up online. Rehtaeh was bullied by others because of the photo, andeventually took her own life. The lack of laws made it difficult for her family to seekjustice, leading to changes in Nova Scotia laws as elaborated in this work.Harassment and stalkingUnlike cyberbullying, many nations have statutes that may be applied to instances ofthreatening or harassing communications. Under Title 47 of the US Criminal Code,Section 223(A) defines six acts involving a telecommunications device in interstate orforeign communications as illegal, including:1. Making, creating, soliciting, or initiating the transmission of requests orproposals that are obscene or involve child pornography with the intent toannoy, threaten, abuse, or harass.2. Doing these same activities knowing that the recipient is under the age of 18.3. Using a telecommunications device without disclosing your identity with theintent to annoy, abuse, threaten, or harass an individual at the called number.4. Causing another person’s phone to ring continuously to harass or annoy thatperson.5. Making repeated phone calls designed solely to harass that person.6. Knowingly permitting a telecommunications device or facility to be used forany of these activities.While some of these behaviors may not seem criminal, it is important to recognizethat a stalker or harasser can easily automate the process of calling a phone number overand over again in order to annoy the recipient. As a result, the outcome of the contact isjust as pertinent as the behavior itself. In addition, the phrase “telecommunicationsdevice” may be applied to a cellular phone or even to voiceover IP (VOIP) telephony.Thus, this law does not pertain solely to landline phones. The punishment for theseactivities includes fines and/or imprisonment for up to two years.In addition, Section 875 of Title 18 of the federal code makes it a crime to transmit anyof the following four communications via interstate or foreign commerce methods,including postal mail, telephone, or the Internet:1. a demand for a ransom for the release of a kidnapped person2. a message with the intent to extort money365
3. a threat to injure a person4. a threat to damage property.The punishments for these offenses vary, including a fine and two years in prison forthreats to property or extortion, as well as up to 20 years in prison for threats ofkidnapping and physical injury.In addition, Code 18 Section 2261A of the federal law makes it illegal for any person touse an interactive computer service or any facility of interstate or foreign commerce inorder to engage in activities that cause a person to feel substantial emotional distress orplace that person in reasonable fear of death or serious bodily injury to themselves or totheir family (Brenner, 2011). In addition, this statute makes it illegal to travel across statelines with the intent to kill, injure, harass, or intimidate another person and place themor their family in fear of death or serious bodily injury (Brenner, 2011).The penalties for these behaviors involve a fine and/or five years in prison if theindividual simply makes the threat. If serious bodily injury resulted from the offenderusing a weapon, they may receive up to ten years in prison. Should a victim bepermanently disfigured or receive a life-threatening injury, then the offender mayreceive up to 20 years in prison. Finally, should the victim die as a result of the offender’sactions in relation to threats made, they may receive up to a life sentence for theiractions (Brenner, 2011).It is important to note that these two statues require that a credible threat is made toeither a person or property. The need for a so-called “true threat” stems from the case ofUnited States v. Alkhabaz, involving a student at the University of Michigan namedAbraham Jacob Alkhabaz, or Jake Baker (Brenner, 2011). He wrote graphic storiesdescribing acts of rape, torture, and murder and posted them to a Usenet group startingin October 1994. In one of these stories, he described performing acts of rape andeventually killing a woman who had the same name as one of his female classmates. Hisposts led the subject of the story to complain to the University of Michigan police, whoinvestigated and brought in the FBI due to the interstate nature of onlinecommunications. Baker was arrested on six counts of communicating threats to kidnapor injure a person, though only one of those counts involved the woman who was thesubject of the story. The case was dismissed by the judge due to a lack of evidence thatBaker would actually act out the fantasies described in his writings. The governmentappealed the case to a higher court, but the decision was upheld, as the lack of evidencethat Baker would act on the threat demonstrated the absence of a “true threat” to anyindividual (Brenner, 2011). Thus, this case established the need for the communicationsto generate actual fear or concern for safety.For more on the Alkhabaz case, go online to:www.casebriefs.com/blog/law/criminal-law/criminal-law-keyed-to-dressler/inchoate-offenses/united-states-v-alkhabaz/.366
At the state level, virtually all states have legislation pertaining to either cyberstalkingor harassment. There is some variation as to the type of laws in place, since some stateshave legislation against both offenses (Brenner, 2011). With regard to individual forms ofoffending, 45 states have established laws that may be used to prosecute cyberstalking orharassment, which usually recognizes that the offender uses electronic communicationsto stalk or engage in a pattern of threatening behaviors (WHOA, 2017b). All of thesestatutes incorporate language pertaining to a credible threat of harm to the victim. Inaddition, 40 states have harassment statutes which do not necessarily require crediblethreats posed to victims or to their families (WHOA, 2017b). The statutes recognize theuse of CMCs to annoy, harass, or torment the victim and are differentially located withstate criminal codes. For instance, Arizona, Utah, and Virginia place online harassmentunder its own statute, while Delaware, Missouri, and New York incorporate these crimesunder existing harassment and stalking legislation (Brenner, 2011). The punishments forboth cyberstalking and harassing communications range from misdemeanors to felonies,depending on the severity of the offense.It is important to note that most nations do not technically define cyberstalking intheir actual legislation. In fact, there is no language in the European Convention ofCybercrime pertaining to stalking or harassment (Brenner, 2011). Instead, cyberstalkingbehaviors are subsumed under existing legislation regarding stalking generally.Australia, for instance, criminalized cyberstalking through the Stalking Amendment Actof 1999 (Bocij, 2004). This statute recognizes that contacting a person in any way,including phone, fax, email, or “through the use of any technology,” to cause the victimapprehension or fear to their detriment constitutes unlawful stalking. Canadian lawallows for prosecutions under section 264 of the Criminal Code for stalking offensesinvolving repeated communications directly or indirectly with the victim or anyone theyknow, and/or engaging in threatening conduct toward their victim or family members(Department of Justice Canada, 2012). The punishment for such a violation is up to tenyears in prison if convicted.For more on the growth of cross-national cyberstalking and harassment cases,go online to: www.newsweek.com/2014/08/22/how-law-standing-cyberstalking-264251.html.367
Similarly, England and Wales have multiple laws related to stalking and harassingcommunications that may all be extended to online environments. First is the Protectionfrom Harassment Act 1997 (c40), which criminalized stalking and bullying inprofessional settings. This act prohibits conduct that constitutes harassment of others,assuming that a reasonable person would believe the behavior to be harassing (CrownProsecution Service, 2013). Violations of this statute can be punishable by up to sixmonths of incarceration and fines where considered appropriate by a judge.Section 4 of the Act criminalizes the act of putting others in fear of violence, definedas any course of conduct that would cause “another to fear, on at least two occasions,that violence will be used against him is guilty of an offence if he knows or ought toknow that his course of conduct will cause the other so to fear on each of thoseoccasions” (Crown Prosecution Service, 2013). In addition, the offender must know thattheir actions will cause their prospective victim to fear that they will experienceviolence. Thus, the offender must know that they are actively affecting the behavior anddemeanor of their victim. Anyone found guilty of such an act could receive up to fiveyears in prison and receive fines based on judicial discretion.This Act was revised through the introduction of the Protection of Freedoms Act2012 to include language related specifically to stalking and to incorporate aspects oftechnology into law (Crown Prosecution Service, 2013). Specifically, it added newlanguage to Section 2 (regarding stalking to harass) and Section 4 (about stalking tocause fear). In Section 2, stalking is defined as harassment of a person or behaviorsassociated with stalking, including following a person, contacting them by any means,monitoring their victim through any form of electronic communications or the Internet,and publishing materials or statements about a person or claiming that a commentoriginates from another person (Crown Prosecution Service, 2013). Anyone found guiltyof such an offense may be imprisoned for no more than one year and/or receive a fine.Section 4 now defines stalking where the victim feels fear as any act that leads the targetto fear they will be violently victimized or cause that person fear or distress that affectstheir day-to-day behaviors on at least two occasions (Crown Prosecution Service, 2013).Individuals found guilty of this activity may be imprisoned for up to five years and/orreceive a fine.In addition, the Malicious Communications Act 1988 enables individuals to beprosecuted for sending messages to another person for the purpose of causing fear oranxiety (Crown Prosecution Service, 2013). This Act was revised in 2001 to includeelectronic communications of any kind that convey a threat, indecent or offensivecontent, or information that is false. Any violation of this Act is punishable by no more368
than six months’ imprisonment and a fine.India also criminalized stalking and cyberstalking under the Criminal AmendmentOrdinance, 2013, under section 354D, recognizing any attempt to (1) follow, (2) contact,or (3) attempt to contact a person despite their clear indications of disinterest, or (4)monitor a person’s Internet, email, or electronic communication, or (5) physically watchor spy on a person (Halder, 2013). These actions must lead a person to feeling fear ofviolence, serious alarm or distress, or affects their mental state. Individuals found guiltyof stalking may be fined, and may be imprisoned for one to three years (Halder, 2013).Enforcing cyber-violence laws and normsAs noted earlier in this chapter, cases of cyberbullying, harassment, and stalking are notnecessarily reported to law enforcement agencies either due to embarrassment on thepart of victims or because the victim feels that the case may not be investigated or takenseriously by police. The lack of federal laws in the USA that may be used to pursue legalaction means that the various federal agencies discussed throughout this book are notnormally involved with these types of crime. The Federal Bureau of Investigation,however, may investigate cases of threats or stalking, but only if a case involves asubstantive threat that crosses state lines.Instead, most incidents of bullying, stalking, and harassment in the USA andelsewhere are handled by local or state law enforcement agencies due to the potential foroffenders and victims to live in close proximity to one another. In fact, a sample of 358state and local law enforcement agencies indicated that 71.8 percent of them investigatedharassment cases (Holt, Bossler, and Fitzgerald, 2010). Despite the preference for localagencies to investigate, there are no immediate statistics available for the reported ratesof cyberbullying, harassment, or stalking in official statistics provided by lawenforcement agencies. This is largely the result of the fact that these items are notcurrently included in the existing reporting resources provided in the Uniform CrimeReport (UCR). Although there is some potential information available concerning theincidence of intimidation involving computers in the National Incident-BasedReporting System (NIBRS) (Addington, 2013), the data is limited due to the fact thatonly 31 states currently provide information to the NIBRS, which is much lower thanthat of the UCR. As a result, it is unclear how frequently these offenses are reported tothe police or cleared by arrest (Addington, 2013).Although local law enforcement can serve as a critical investigative resource for theinvestigation of certain offenses, some victims may not choose to contact police becausethey are not sure if what they are experiencing may even be legally defined as stalkingor harassment. To that end, there are several not-for-profit groups that operate to assistvictims online. In the UK and USA, the group Cybersmile is well known for its role ineducating and assisting victims of cyberbullying. This charitable organization wasfounded in 2010 to educate the public on the harm caused by cyberbullying through369
service programs in schools and neighborhoods (Cybersmile, 2017). Cybersmile offerseducational workshops for the public on cyber-security and cyberbullying that areprovided by community outreach workers affiliated with the group. In addition, theyoffer a helpline for bullying victims to help connect them with pertinent communityservices and counseling providers in their area. The group also advertises uniqueacademic research publications related to cyberbullying victimization in order tocommunicate these issues to the public. Finally, Cybersmile organizes an annual StopCyberbullying Day designed to draw attention to the problem through communityoutreach events and fundraising to aid the organization (Cybersmile, 2017).For more information on organizations that aid victims, go online to:1. www.cybersmile.org/,2. www.haltabuse.org/.For cyberstalking victims, the group Working to Halt Online Abuse (WHOA) is akey resource to investigate cyberstalking and advocate on behalf of victims. Thisvolunteer organization was created in 1997 in order to aid victims around the world whoare experiencing harassment or stalking (WHOA, 2017a). WHOA handles reports ofcyberstalking incidents from victims who contact the group directly.The group claims to receive an estimated 50 to 75 cases per week, though the actualnumber of cases reported by the agency handled each year is smaller than this due to theamount of information victims provide (WHOA, 2017a). This affects the number of casesthey report to the general public on a yearly basis. WHOA reported 220 cases in 2009,349 in 2010, 305 in 2011, 394 in 2012, and 256 in 2013 (WHOA, 2017a). This does not meanthat there has been a substantive change in the incidence of cyberstalking. It may just370
reflect a larger number of respondents completely filling out the online reporting formfrom 2011 to 2013 respectively. Complaints made by prospective victims are then passedon to their staff of Internet Safety Advocates who work directly with victims in order todetermine the source of harassing or stalking messages and contact web hosting services,ISPs, and law enforcement. It is important to note that advocates cannot force any entityto remove content that may be harmful to a victim, but they may write and request thatmaterial be removed. WHOA is also not a law enforcement agency; thus, they cannotpursue an offender or bring charges against any entity involved in the hosting orfacilitation of harassment (WHOA, 2017a). The group’s practical experience withstalking behaviors and technology, however, makes them well prepared to assistindividuals who may experience cyberstalking.As a result of the problems that law enforcement and non-profit organizations have inhelping individuals after they have been victimized, researchers, advocacy groups, andeven schools emphasize the need for individuals to take control of managing theirpersonal safety as a key tool in reducing their risk of bullying, stalking, and harassment.This may be due to the overwhelming role of individual choice in online spaces. Forinstance, no one is required to have an account on a social networking site like Facebookor Twitter. Certainly, people are able to stay in touch with their friends and keep abreastof current events through these sites, but it is not a necessity. If they establish anaccount, they decide how much information to post about themselves and in what waythey accept or maintain friends. Should that person feel dissatisfied with a post or anexchange with another person, they have the power to delete those messages. In fact, oneof the top “tools” Facebook provides for users to maintain their security is the ability tounfriend someone, block individuals, and use the “Report” button on the page in order tobring that content to the attention of Facebook security. It is not clear how manyreported incidents are investigated. Facebook notes (Facebook Tools, 2012):People you report won’t know that they’ve been reported. After you submit a report, we’ll investigate the issueand determine whether or not the content should be removed based on the Facebook Terms. We research eachreport to decide the appropriate course of action.Since various tools are readily available, it makes sense to argue that personalresponsibility and accountability for safety should be encouraged. The challenge lies inclearly communicating these issues to young people and those with fewer computerskills and less online experience. An excellent example of security in action may be seenin the creation and use of email accounts. Various services provide free email accounts,such as Hotmail, Yahoo, and Gmail. When a person sets up their account, it is importantto avoid using either their real name or a gendered term in the address. It may be easierto determine a person’s identity if their email address or social media name isJanelovesmovies4419 than if it were something more neutral, like moviefan. Similarly,the use of sexual or explicit language in your email address or social networking profilemay also increase the potential to receive unsolicited emails.In order to curb instances of bullying and harassment among youth, many security371
experts recommend that parents place computers in public spaces within their home, likethe kitchen or living room, and require children to have some parental supervision whileonline. The ability to quickly observe the kinds of websites which children visit andperiodically monitor their online activities could help reduce the number of questionablewebsites to which they are exposed. However, cheap access to lightweight portableInternet-enabled devices, like iPods, iPads, Kindles, and laptops, makes it difficult toensure that children are using devices in close proximity to parents. Some also argue thatparents should install filtering software to manage the kinds of websites their childrencan visit. These devices can, however, be difficult for parents with little technologicalskill to set up or properly configure to ensure maximum effectiveness. Recent researchsuggests that children are able to easily circumvent these protective software programsor use other wireless Internet access points in order to avoid these devices altogether(Bossler et al., 2012; Jones et al., 2012). Even if a parent is able to properly configuresoftware at home, it does not matter once their child goes to school or to a friend’shouse, where they have less control over their children’s Internet activities and access.Because of the inherent difficulty in managing the online experiences of young people,one of the most important steps that parents and schools can take is to begin a frank andhonest conversation about Internet use (see Box 9.7 for Facebook’s suggestions forparents). Understanding how and why young people are using technology is vital to keeppace with their changing online habits. Furthermore, it is important to recognize thatadults can and should play a role in the socialization of youth into acceptable onlinebehaviors. Parents and guardians teach children what is right and wrong in the physicalworld, and that same experience must play out in online spaces. Admittedly, youngpeople are exposed to millions of people around the world through the Internet, and notall of those people will be on their best behavior at all times. Thus, it is critical thatsomeone is able to explain and give context to why certain activities may happen butshould not be performed by their child. For instance, just because friends post their classschedule or where they will be at a specific time of day on Facebook does not mean thatthey have to do it as well.Box 9.7 Facebook security suggestions for parentswww.facebook.com/safety/groups/parents/.372
Help your teens play it safeFor years, teenagers spent much of their free time talking to friends on the phone. Today’s teens aren’t sodifferent. They just have more ways to communicate[.] If you have a Facebook timeline, and have friendedyour child, try to respect the same boundaries you use offline.This article provides Facebook’s suggestions on how parents and teens should worktogether to be safe while online. Many of these ideas are not novel, but require aclear line of communication between adults and children and an ability to respectone another’s privacy and responsibilities.373
SummaryIn reviewing our knowledge of bullying, harassment, and stalking, it is clear that thisproblem will not go away. Technology has made it incredibly easy for individuals tosend hurtful or threatening communications online, and the perception that victims maynot be able to report their experiences means that incidents may go unacknowledged. Asa result, it is hard to combat this problem because of confusion over who has theappropriate jurisdiction to investigate the offense and whether or not it is a crime basedon existing statutes. The increasing public attention drawn to the serious consequencesof cyber-bullying and stalking cases, however, may force a change in the policy andsocial response over future years. The attempts to develop national laws aroundcyberbullying are an excellent demonstration of the ways in which society is attemptingto respond to these acts. Thus, the way in which we deal with bullying and stalking willno doubt change over the next ten years as perceptions of these behaviors change.Key termsBill C-13CatfishingCyberbullyingCybersmileCyberstalkingDenigrationExclusionFlamingHarassmentImpersonationLori DrewMalicious Communications Act 1988Megan MeierMegan Meier Cyberbullying Prevention ActNational Centre for Cyberstalking ResearchNational Crime Victimization Survey-Supplemental Survey (NCVS-SS)National Incident-Based Reporting System (NIBRS)Online harassmentOutingProtection from Harassment Act 1997 (c40)Protection of Freedoms Act 2012374
StalkingStar Wars KidTrickeryTruantTrue threatUniform Crime Report (UCR)United States v. AlkhabazWorking to Halt Online Abuse (WHOA)Youth Internet Safety Survey (YISS)Discussion questions1. Should we define youth who make harassing or disparaging commentsabout their teachers in online spaces as engaging in cyberbullying, or is itharassment? Simply put, why should we define an act differently on thebasis of the ages of the victim and offender?2. How do we communicate what is acceptable online behavior to youth ina way that is accepted and clear? Furthermore, how do we limit theeffects of “peer pressure” on technology use and acceptance, wherefriends post sensitive information about themselves or personal picturesthat could be abused by others?3. How easy is it to find the reporting tools and links for harassing languageon the social networking sites you use most often? Look on the sites andsee how long it takes you to find it on YouTube, Instagram, Snapchat,and Twitter. Are they easy to find? Are they in obvious places?4. Should schools be able to punish students for online activities that takeplace outside of the campus and after or before school hours if it directlyaffects the behavior of other students? Why?375
ReferencesAddington, L. (2013). Reporting and clearance of cyberbullying incidents: Applying“offline” theories to online victims. Journal of Contemporary Criminal Justice, 3,454–474.Aftab, P. (2006). Cyber bullying. Wiredsaftey.net. Available at: www.wiredsafety.net.Arseneault, L., Walsh, E., Trzesniewski, K., Newcombe, R., Caspi, A., and Moffitt, T. E.(2006). Bullying victimization uniquely contributes to adjustment problems in youngchildren: A nationally representative cohort study. Pediatrics, 118, 130–138.Ashcroft, J. (2001). Stalking and Domestic Violence. NCJ 186157. Washington, DC: USDepartment of Justice.Baum, K., Catalano, S., Rand, M., and Rose, K. (2009). Stalking Victimization in theUnited States. Bureau of Justice Statistics, US Department of Justice. Available at:www.justice.gov/sites/default/files/ovw/legacy/2012/08/15/bjs-stalking-rpt.pdf.Beran, T., and Li, Q. (2007). The relationship between cyberbullying and school bullying.Journal of Student Wellbeing, 1, 15–33.Berson, I. R., Berson, M. J., and Ferron, J. M. (2002). Emerging risks of violence in thedigital age: Lessons for educations from an online study of adolescent girls in theUnited States. Journal of School Violence, 1, 51–71.Blauuw, E., Winkel, F. W., Arensman, E., Sheridan, L., and Freeve, A. (2002). The toll ofstalking: The relationship between features of stalking and psychopathology ofvictims. Journal of Interpersonal Violence, 17, 50–63.Bocij, P. (2004). Cyberstalking: Harassment in the Internet Age and How to Protect yourFamily. Westport, CT: Praeger Publishers.Bocij, P., and McFarlane, L. (2002). Online harassment: Towards a definition ofcyberstalking. Prison Service Journal, 39, 31–38.Borg, M. G. (1999). The extent and nature of bullying among primary and secondaryschoolchildren. Educational Research, 41, 137–153.Bossler, A. M., Holt, T. J., and May, D. C. (2012). Predicting online harassment among ajuvenile population. Youth and Society, 44, 500–523.Boulton, M. J., and Underwood, K. (1992). Bully victim problems among middle schoolchildren. British Journal of Educational Psychology of Addictive Behaviors, 62, 73–87.Brenner, S. (2011). Defining cybercrime: A review of federal and state law. In R. D.Clifford, Cybercrime: The Investigation, Prosecution, and Defense of a Computer-related Crime (pp. 15–104). Raleigh, NC: Carolina Academic Press.Camodeca, M., and Goossens, F. A. (2005). Aggression, social cognitions, anger andsadness in bullies and victims. Journal of Child Psychology and Psychiatry, 46, 186–197.Campbell, M. A. (2005). Cyberbullying: An old problem in a new guise? Australian376
Journal of Guidance and Counseling, 15, 68–76.Catalano, S. (2012). Stalking Victims in the United States – Revised. Washington, DC: USDepartment of Justice. Available at: www.bjs.gov/content/pub/pdf/svus_rev.pdf.Chamberlain, T., George, N., Golden, S., Walker, F., and Benton, T. (2010). Tellus4National Report. London: Department for Children, Schools and Families (DCSF).Chen, E. (2011). Girl, 16, falls to death in cyber-bully tragedy. edVantage. Available at:www.edvantage.com.sg/content/girl-16-falls-death-cyber-bully-tragedy.Crown Prosecution Service. (2013). Stalking and Harassment. Crown Prosecution ServiceProsecution Policy and Guidance. Available at:www.cps.gov.uk/legal/s_to_u/stalking_and_harassment/.Cybersmile. (2017). Who We Are. Available at: http://cybersmile.org/whowe-are.Department for Children, Schools and Families. (2010). Local Authority Measures forNational Indicators Supported by the Tellus4 Survey. London: Department forChildren, Schools and Families.Department for Education. (2011). The Protection of Children Online: A Brief ScopingReview to Identify Vulnerable Groups. London: Department for Education.Department of Justice Canada. (2012). A Handbook for Police and Crown Prosecutors onCriminal Harassment. Department of Justice Canada. Available at:www.justice.gc.ca/eng/rp-pr/cj-jp/fv-vf/har/EN-CHH2.pdf.DeVoe, J. F., Bauer, L., and Hill, M. R. (2011). Student Victimization in U.S. Schools:Results from the 2009 School Crime Supplement to the National Crime VictimizationSurvey. Washington, DC: National Center for Educational Statistics. Available at:http://nces.ed.gov/pubs2012/2012314.pdf.Erdur-Baker, O. (2010). Cyberbullying and its correlation to traditional bullying, genderand frequent risky usage of Internet-mediated communication tools. New MediaSociety, 12, 109–125.Facebook Tools. (2012). Safety. Available at: www.facebook.com/safety/tools/.Finn, J. (2004). A survey of online harassment at a university campus. Journal ofInterpersonal Violence, 19, 468–483.Fisher, B., Cullen, F., and Turner, M. G. (2000). The Sexual Victimization of CollegeWomen. National Institute of Justice Publication No. NCJ 182369. Washington, DC:Department of Justice.Fricker, M. (2013). Hannah Smith suicide: Grieving dad sells home where cyber-bullyingvictim died. Mirror, October 24, 2013. Available at: www.mirror.co.uk/news/uk-news/hannah-smith-suicide-grieving-dad-2485767#.Ut_h_bQo7IU.Halder, D. (2013). Indian law on cyber stalking. Working to halt online abuse. Availableat: www.haltabuse.org/resources/laws/india.shtml.Haynie, D. L., Nansel, T., Eitel, P., Crump, A. D., Saylor, K., Yu, K., et al. (2001). Bullies,victims, and bully/victims: Distinct groups of at-risk youth. Journal of EarlyAdolescence, 21, 29–49.Hinduja, S., and Patchin, J. (2008). Cyberbullying: An exploratory analysis of factorsrelated to offending and victimization. Deviant Behavior, 29, 1–29.377
Hinduja, S., and Patchin, J. W. (2009). Bullying Beyond the Schoolyard: Preventing andResponding to Cyberbullying. New York: Corwin Press.Hinduja, S., and Patchin, J. W. (2012). Summary of Cyberbullying Research From 2004–2012. Available at: http://cyberbullying.us/summary-of-ourresearch/.Hinduja, S., and Patchin, J. (2013). Description of State Cyberbullying Laws and ModelPolicies. Available at: www.cyberbullying.us/Bullying_and_Cyberbullying_Laws.pdf.Hinduja, S., and Patchin, J. W. (2016). 2016 cyberbullying data. Available at:http://cyberbullying.org/2016-cyberbullying-data.Hoey, D. (2012). Biddeford man sentenced to five years for cyberstalking. Portland PressHerald, December 4, 2012. Available at: www.pressherald.com/news/Biddeford-man-sentenced-to-5-years-for-cyberstalking-.html.Holt, T. J., and Bossler, A. M. (2009). Examining the applicability of Lifestyle-RoutineActivities Theory for cybercrime victimization. Deviant Behavior, 30, 1–25.Holt, T. J., Bossler, A. M., and Fitzgerald, S. (2010), Examining state and local lawenforcement perceptions of computer crime. In T.J. Holt (ed.), Crime On-Line:Correlates, Causes, and Context (pp. 221–246). Raleigh, NC: Carolina AcademicPress.Holt, T. J., Bossler, A. M., and May, D. C. (2012). Low self-control deviant peerassociations and juvenile cyberdeviance. American Journal of Criminal Justice, 37(3),378–395.Holt, T. J., Chee, G., Ng, E., and Bossler, A. M. (2013). Exploring the consequences ofbullying victimization in a sample of Singapore youth. International Criminal JusticeReview, 23(1), 25–40.Holtfeld, B., and Grabe, M. (2012). Middle school students’ perceptions of and responsesto cyberbullying. Journal of Educational Computing Research, 46(4), 395–413.Intel. (2015). Intel Security Teens, Tweens and Technology Study. Available at:http://apac.intelsecurity.com/digitalsafety/wp-content/uploads/sites/7/2015/10/Intel-Security_India-TeensTweensTechnology-2015-_National-Datasheet.pdf.Jones, L. M., Mitchell, K. J., and Finkelhor, D. (2012). Trends in youth Internetvictimization: Findings from three youth Internet safety surveys 2000–2010. Journalof Adolescent Health, 50, 179–186.Katzer, C., Fetchenhauer, D., and Belschak, F. (2009). Cyberbullying: Who are thevictims? A comparison of victimization in internet chatrooms and victimization inschool. Journal of Media Psychology, 21, 25–36.Klomek, A. B., Sourander, A., Kumpulainen, K., Piha, J., Tamminen, T., Moilanen, I.,Almqvist, F., and Gould, M. S. (2008). Childhood bullying as a risk for laterdepression and suicidal ideation among Finnish males. Journal of AffectiveDisorders, 109, 47–55.Kowalski, R. M., and Limber, P. (2007). Electronic bullying among middle schoolstudents. Journal of Adolescent Health, 41, 22–30.Kowalski, R. M., Limber, S. P., and Agatston, P. W. (2008). Cyberbullying: Bullying in theDigital Age. Maldon, MA: Blackwell.378
Li, Q. (2006). Cyberbullying in schools. School Psychology International, 27(2), 157–170.Li, Q. (2008). A cross-cultural comparison of adolescents’ experience related tocyberbullying. Educational Research, 50 (3), 223–234.Marcum, C. D. (2010). Examining cyberstalking and bullying: Causes, context, andcontrol. In T. J. Holt (ed.), Crime On-line: Correlates, Causes, and Context (pp. 175–192). Raleigh, NC: Carolina Academic Press.Marcum, C. D., Ricketts, M. L., and Higgins, G. E. (2010). Assessing sex experiences ofonline victimization: An examination of adolescent online behaviors utilizingRoutine Activity Theory. Criminal Justice Review, 35(4), 412–437.McQuade, S., Colt, J., and Meyer, N. (2009). Cyber Bullying: Protecting Kids and Adultsfrom Online Bullies. Santa Barbara, CA: ABC-CLIO.Mitchell, K. J., Finkelhor, D., and Becker-Blease, K. A. (2007). Linking youth internet andconventional problems: Findings from a clinical perspective. Journal of Aggression,Maltreatment and Trauma, 15, 39–58.Morphy, E. (2008). The Computer Fraud Act: Bending a law to fit a notorious case. ECommerce Times, December 9, 2008. Available at:www.ecommercetimes.com/story/65424.html.Nabuzoka, D. (2003). Experiences of bullying-related behaviours by English and Zambianpupils: A comparative study. Educational Research, 45(1), 95–109.Nansel, T. R., Overpeck, M., Pilla, R. S., Ruan, W. J., Simmons-Morton, B., and Scheidt, P.(2001). Bullying behavior among U.S. youth: Prevalence and association withpsychosocial adjustment. Journal of the American Medical Association, 285, 2094–2100.National Centre for Cyberstalking Research. (2011). Cyberstalking in the UnitedKingdom: An Analysis of the ECHO Pilot Survey 2011. Available at:www.beds.ac.uk/__data/assets/pdf_file/0003/83109/ECHO_Pilot_Final.pdf.Nobles, M. R., Reyns, B. W., Fox, K. A., and Fisher, B. S. (2012). Protection againstpursuit: A conceptual and empirical comparison of cyberstalking and stalkingvictimization among a national sample. Justice Quarterly. DOI:10.1080/07418825.2012.723030.Olweus, D. (1993). Bullying at School: What We Know and What We Can Do. Cambridge,MA: Blackwell.Parris, L., Varjas, K., Meyers, J., and Cutts, H. (2012). High school students’ perceptions ofcoping with cyberbullying. Youth and Society, 44, 284–306.Perrault, S. (2013). Self-reported Internet Victimization in Canada, 2009. Available at:www.statcan.gc.ca/pub/85-002-x/2011001/article/11530-eng.htm#n3.Peterson, H. (2013). “Catfishing:” The phenomenon of Internet scammers who fabricateonline identities and entire social circles to trick people into romantic relationships.Daily Mail Online. January 17, 2013. Available at: www.dailymail.co.uk/news/article-2264053/Catfishing-The-phenomenon-Internet-scammers-fabricate-online-identities-entire-social-circles-trick-people-romantic-relationships.html.Priebe, G., Mitchell, K. J., and Finkelhor, D. (2013). To tell or not to tell? Youth’s379
responses to unwanted Internet experiences. Cyberpsychology: Journal ofPsychosocial Research on Cyberspace, 7.Robers, S., Zhang, J., Truman, L., and Snyder, T. D. (2012). Indicators of School Crime andSafety: 2011. Bureau of Justice Statistics. Available at:http://nces.ed.gov/programs/crimeindicators/crimeindicators2011/key.asp.Sbarbaro, V., and Smith, T. M. E. (2011). An exploratory study of bullying andcyberbullying behaviors among economically/educationally disadvantaged middleschool students. American Journal of Health Studies, 26(3), 139–150.Serfas, M. (2013). Cyber-safety act gives Nova Scotia bullies the ultimate power.Policy.mic., August 12, 2013. Available at: https://mic.com/articles/58863/cyber-safety-act-gives-nova-scotia-bullies-the-ultimate-power#.w0YnJLHPi.Sheridan, L., and Grant, T. (2007). Is cyberstalking different? Psychology, Crime & Law,13, 627–640.Sinclair, H. C., and Frieze, I. H. (2000). Initial courtship behavior and stalking: Howshould we draw the line? Violence and Participants, 15, 23–40.Slonje, R., Smith, P. K., and Frisen, A. (2013). The nature of cyberbullying, and thestrategies for prevention. Computers in Human Behavior, 29, 26–32.Smith, P. K., Mahdavi, J., Carvalho, M., Fisher, S., Russell, S., and Tippett, N. (2008).Cyberbullying: Its nature and impact in secondary school pupils. Journal of ChildPsychology and Psychiatry, 49(4), 376–385.Spitzburg, B. H., and Hoobler, G. (2002). Cyberstalking and the technologies ofinterpersonal terrorism. New Media & Society, 4, 71–92.Steinhauer, J. (2008). Verdict in MySpace suicide case. New York Times, November 26,2008. Available at: www.nytimes.com/2008/11/27/us/27myspace.html?_r=0.Tarapdar, S., and Kellett, M. (2011). Young People’s Voices on Cyber-bullying: What AgeComparisons Tell Us? London: The Diana Award.Thorp, D. (2004). Cyberbullies on the prowl in the schoolyard. The Australian, July 15,2004. Available at: www.australianit.news.com.au.Tokunaga, R. S. (2010). Following you home from school: A critical review and synthesisof research on cyberbullying victimization. Computers in Human Behavior, 26, 277–287.Tsitsika, A., Janikian, M., Wójcik, S., Makaruk, K., Tzavela, E., Tzavara, C., andRichardson, C. (2015). Cyberbullying victimization prevalence and associations withinternalizing and externalizing problems among adolescents in six Europeancountries. Computers in Human Behavior, 51, 1–7.Turmanis, S. A., and Brown, R. I. (2006). The stalking and harassment behavior scale:Measuring the incidence, nature, and severity of stalking and relational harassmentand their psychological effects. Psychology and Psychotherapy: Theory, Research andPractice, 79, 183–198.Twyman, K., Saylor, C., Taylor, L. A., and Comeaux, C. (2010). Comparing children andadolescents engaged in cyberbullying to matched peers. Cyberpsychology, Behavior,and Social Networking, 13, 195–199.380
US Department of Education. (2015). Student reports of bullying and cyber-bullying:Results from the 2013 School Crime Supplement to the National Crime VictimizationSurvey. Web Tales, April 2015. Available at:https://nces.ed.gov/pubs2015/2015056.pdf.Varjas, K., Henrich, C. C., and Meyers, J. (2009) Urban middle school studentsperceptions of bullying, cyberbullying, and school safety. Journal of School Violence,8(2), 159–176.Wei, W. (2010). Where are they now? The “Star Wars Kid” sued the people who madehim famous. Business Insider, May 12, 2010. Available at:www.businessinsider.com/where-are-they-now-the-star-wars-kid-2010-5.Wilcox, P., Jordan, C. E., and Pritchard, A. J. (2007). A multidimensional examination ofcampus safety: Victimization, perceptions of danger, worry about crime, andprecautionary behavior among college women in the post-Clery era. Crime andDelinquency, 53, 219–254.Willard, N. (2007). Educator’s guide to cyberbullying and cyberthreats . Available at:www.accem.org/pdf/cbcteducator.pdf.Working to Halt Online Abuse (WHOA). (2017a). About WHOA. Available at:www.haltabuse.org.Working to Halt Online Abuse (WHOA). (2017b). Laws. Available at:www.haltabuse.org/resources/laws/.Ybarra, M. L., and Mitchell, J. K. (2004). Online aggressor/targets, aggressors, and targets:A comparison of associated youth characteristics. Journal of Child Psychology andPsychiatry, 45, 1308–1316.Ybarra, M. L., Mitchell, K. J., Finkelhor, D., and Wolak, J. (2007). Internet preventionmessages: Targeting the right online behaviors. Archives of Pediatrics and AdolescentMedicine, 161, 138–145.Zetter, K. (2009). Judge acquits Lori Drew in cyberbullying case, overrules jury. Wired,Threat Level, July 2, 2009. Available at:www.wired.com/threatlevel/2009/07/drew_court/.Zych, I., Ortega-Ruiz, R., and Del Ray, R. (2015). Systematic review of theoretical studieson bullying and cyberbullying: Facts, knowledge, prevention and intervention.Aggression and Violent Behavior, 23, 1–21.381
Chapter 10Online Extremism, Cyberterror, andCyberwarfareChapter goals• Define terror and differentiate it from cyberterror.• Identify hacktivism and examine how it differs from both traditional acts ofhacking and cyberterror.• Understand how nation-states may utilize the Internet as an attack vectorin a different way than individual citizens with no state sponsorship.• Recognize the value of the Internet as a vehicle for recruitment andcommunications.• Understand the different ways in which extremist groups and non-nation-state-sponsored actors use the Internet.• Define cyberwarfare and its context in the current state of internationalrelations.• Discuss the various laws used to secure the USA and other countries fromthe threat of terror.• Recognize the agencies responsible for the investigation of terror andwarfare in online spaces.382
IntroductionTerror attacks have been a substantial problem around the world, driven in large part byregional interests and issues. For instance, members of various Irish Republican Army(IRA) groups engaged in terror attacks against English targets from the mid-1970sthrough the early 2000s. Similarly, domestic extremist groups within the USA haveengaged in a number of attacks over the past few decades, such as Timothy McVeigh’s1995 bombing of a federal building in Oklahoma City, Oklahoma (Schmid and Jongman,2005).The terror attacks of September 11, 2001 in the USA, however, demonstrated thesubstantial threat posed by international terror groups who may operate in nationsaround the globe, though their agendas and interests may not be directly caused by theirtarget (Schmid and Jongman, 2005). Major terror incidents have occurred worldwide,including attacks against commuter trains in Madrid, Spain in 2004, various targets inMumbai, India in 2008, as well as more recent attacks such as the Bataclan Theater inParis, France in 2015 and the Ataturk Airport attack in Istanbul, Turkey in 2016.Although these incidents were perpetrated by radical Islamist extremist groups suchas the Islamic State of Iraq and Syria (ISIS), various entities have attempted orsucceeded in committing attacks of all sorts. For instance, various domestic extremistand radical groups in the USA are responsible for more combined deaths than that ofIslamic radicals generally (Caspi, Freilich, and Chermak, 2012). As a consequence,physical security measures have been implemented in order to increase the successfulidentification and disruption of further attacks. The USA have radically changed theirairport screening procedures to identify dangerous materials prior to entering flightterminals. In addition, many governments have recalibrated their law enforcement andintelligence-gathering agencies to focus on the prevention of terror and increasedcollaborative information-sharing programs.Although the focus on real-world attacks is an obvious necessity due to thetremendous potential for civilian casualties and property damage, there has been lessattention paid to the prospective threat of attacks through cyberspace. This is surprising,since virtually all industrialized nations are dependent on technology in order to engagein commerce and manage utilities, like water and power, as well as communications. Acarefully targeted attack against any critical infrastructure resource could cause seriousharm to the security of the network and potentially cause harm in the real world. Such ascenario has become increasingly popular in media and films, as in the movies Live Freeor Die Hard and Skyfall, where groups of cyberterrorists compromise traffic controlsystems, government computers, utilities, and financial systems through a series ofcoordinated hacks.The sensationalized appearance of cyber-attacks in film has led to significant debate383
over the realities of virtual attacks against critical infrastructure. In the mid-1990s, whenthe World Wide Web and computer technologies were being rapidly adopted byindustrialized nations, individuals in government and computer security theorized thatsuch attacks were possible (Drogin, 1999; Verton, 2003). For instance, Deputy Secretary ofDefense John Hamre and Richard Clark, an advisor on cyber-security, used the termelectronic Pearl Harbor to refer to a cyber-attack against the USA that would take thenation by surprise and cause crippling harm (Verton, 2003). The lack of concreteevidence that such attacks were happening led some to dismiss these claims.Their predictions, however, were surprisingly accurate, given the scope of attacksoccurring around the world on a regular basis. There are now numerous examples ofhackers gaining access to sensitive electrical grid networks and sewage control systemsaround the world. Perhaps most concerning is the emergence of military entitiesengaging in systematic attacks against corporations and government networks. In fact,the security firm Mandiant (2013) recently published a report linking multiple years ofattacks to a single unit of the People’s Liberation Army of China (PLA) that waspreviously unidentified. This group, designated Unit 61398 in the Third Department ofthe General Staff Department of the PLA, is thought to be staffed by dozens if nothundreds of workers with specialized knowledge of computer security and networkattacks. The unit has actively compromised various targets for years, including attemptsto gain access to companies managing electrical grids and pipelines for oil and gas. Inaddition, the attackers were able to stay inside of targeted systems for up to a year at atime and maintain backdoor access to systems. As a result, Mandiant refers to theirattacks as Advanced Persistent Threat (APT) 1 due to their persistence and effectiveness.Such high-level attacks with direct connections to the military suggest that we may be inthe middle of a new “cold war” that is otherwise unknown to the citizens of thesenations.For more on the APTI report, go online to:http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf.These issues raise complex questions about the very nature of how these threatsshould be viewed and who has the responsibility to respond. For instance, when does anevent move from being viewed as a crime to that of an act of war? Should cyberterror bedefined or viewed differently from traditional acts of terror? This chapter will attempt to384
address these questions in a systematic fashion. First, we will define crime, terror,cyberterror, and war. In addition, the ways in which extremist groups and terrororganizations use the Internet in order to support their activities or engage in attacks willbe explored in detail. Finally, the legislative efforts in place to deal with terrorism as wellas coordinate the response to cyberwar will be discussed in depth.For more debate on the controversies of an electronic Pearl Harbor, go onlineto:1. http://blog.radware.com/security/2013/12/electronic-pearl-harbor/2. www.washingtonpost.com/blogs/innovations/post/digital-deterrents-preventing-a-pearl-harbor-of-cyberspace/2010/12/20/gIQASNKyoL_blog.html.385
Defining terror, hacktivism, and cyberterrorIn order to understand the problem of terror, online or offline, we must first understandits relationship to crime. Both criminals and ideologically driven extremist or terrorgroups may use the same skills or behaviors in the course of an activity. Many nationscharge terrorists under criminal statutes (Brenner, 2008). One way that we may be ableto discern the differences between these behaviors is to consider both the motive of theactor and the number of people harmed. Criminals often target single individuals inorder to increase their likelihood of success and are often driven by economic oremotional desires. For instance, an individual may assault another individual in order toget money in the course of a robbery or kill a person in retribution or cold blood. Aterrorist or extremist group, however, tends to target large groups of people or physicallocations that can cause massive collateral damage while at the same time drawingattention to a specific ideological, political, or religious agenda. In addition, many acts ofterror are designed to target innocent people in order to cause general panic and fearamong the larger populace, rather than simple economic gain (Brenner, 2008).Recognizing the role of motivation is necessary to identify an act of terror. There are,however, a wide range of activities which people engage in that express their political orideological beliefs. Thus, it is necessary to situate acts of terror within the spectrum ofpolitical behaviors online and offline, ranging from non-violent expression to seriousphysical violence (Holt and Kilger, 2012; Schmid, 1988, 2004). There are myriad forms ofnon-violent resistance in which individuals engage on a day-to-day basis. Prior to theemergence of the World Wide Web, individuals could express their dissent with politicalpositions through letter-writing campaigns to print media outlets as well as theirlegislative representatives. Freedom of speech throughout the industrialized world alsoenables individuals to express their opinions in public settings, regardless of hownegative they may be. The Web has extended this capability, as individuals regularlypost messages about their views on politics and social issues on Face-book, Twitter, andother social media (Martin, 2006; Schmid, 1988, 2004). In fact, individuals now contactpoliticians and representatives through the Internet at the same rate as postal mail andtelephone (Best and Krueger, 2005).The development of social media has had a substantive impact upon the acceptanceand growth of social movements across the globe. Individuals posting messages onFacebook, YouTube, or web forums can have their message viewed by others who sharetheir point of view, or who may come to support their cause through convincing stories(Ayers, 1999; Chadwick, 2007; Jennings and Zeitner, 2003; Stepanova, 2011). The use ofsocial media to develop networks of social support is crucial in the formation of acollective identity that can move into real spaces in order to affect social change. Thiswas demonstrated during the Arab Spring protests across the Middle East in 2009, as386
participants planned and promoted their activities via social media (see Box 10.1 fordetails). Similar steps were taken by protesters in the USA opposing the Dakota AccessPipeline, a major oil pipeline that would be built near Native American tribal lands(Dreyfuss, 2017). In fact, social media allow for the formation of so-called flash mobs,where individuals coordinate organized activities, like dances or organized marches,through Facebook or Twitter which take others by surprise. In turn, videos and messagesposted online about the events are able to generate additional attention to their causes.Thus, organized forms of non-violent expression can be enabled by virtual experiencesand communication (Chadwick, 2007; Earl and Schussman, 2003; Jennings and Zeitner,2003; Stepanova, 2011; Van Laer, 2010).Box 10.1 The use of technology in protest activitieswww.huffingtonpost.com/andrew-lam/social-media-middle-east-protests-_b_1881827.html?.From Arab Spring to autumn rage: the dark power of social mediaMohamed Bouazizi [.] set himself on ablaze protesting police corruption, became literally the torch that litthe Arab Spring revolution that spread quickly throughout the Middle East. Bouazzi achieved this in hisvery public death because many who had cell phones recorded his protest and the subsequent videos kick-started the uprising.This article describes the Arab Spring uprising and how social media and cell phonetechnology engendered these events. The content provides a valuable example ofhow everyday technologies can be used to subvert the status quo in government andsociety as a whole.Political expression in the real world can also include the use of destruction orvandalism in order to express dissent (Brenner, 2008; Denning, 2010; Holt and Kilger,2012). For instance, individuals may deface images of politicians or burn flags in order toexpress their dissent over a nation’s position toward an event. In virtual spaces,individuals may engage in similar forms of vandalism against websites or specificresources in order to express their disagreement with a policy or practice (Denning, 2010;387
Woo, Kim, and Dominick, 2004). One such example is an individual claiming to belongto the Animal Liberation Front (ALF) who defaced the website of a fur and leatherretailer. The hacker also added the following message to the content of the site:To the owners of “The twisted pine fur and leather company” you have no excuse to sale [sic] the flesh, skin andfur of another creature. Your website lacks security. To the customers, you have no right to buy the flesh, skin orfur of another creature. You deserve this. You’re lucky this is the only data we dumped. Exploiters, you’ve beenwarned. Expect us.Can you really put that much faith into the security of a company that sales [sic] the fur, skin and flesh ofdead animals to make a profit?We are Anonymous.We are Legion.We do not forgive.We do not forget.We are antisec.We are operation liberate.Expect us.This simple message quickly expressed their point of view and disagreement with thecompany’s practices. In addition, the hackers indicated that they were able to view thecustomer database information maintained by the company, and that they couldpotentially steal the credit and debit card information of individuals who had purchasedgoods through the site.This sort of attack is what some researchers refer to as hacktivism, in that the actorsuse hacking techniques to promote an activist agenda or express their opinion (Denning,2010; Jordan and Taylor, 2004; Taylor, 1999). Such an attack may be illegal, but it doesnot create a high degree of fear or concern among the larger community (Jordan andTaylor, 2004). As a result, hacktivism provides a way to classify criminal acts of protestinvolving hacking techniques that are in some way analogous to offline political action(Denning, 2010). The use of this term, however, does not help refine our understandingof cybercrime or terror, as it is more a nebulous concept than anything else.For more on hacktivism, go online to:1. https://opinionator.blogs.nytimes.com/2013/01/13/what-is-a-hacktivist/2. www.thenation.com/article/154780/wikileaks-and-hacktivist-culture.388
At the most extreme end of political expression are planned acts of violence in supportof a social agenda, typically referred to as terror (Schmid, 2004). This may include thecreation of major explosions, such as the Oklahoma City bombings of the early 1990s inthe USA, or the 9/11 attacks on the World Trade Center. These incidents can causemassive harm to both people and property, and generate fear of future attacks (Martin,2006; Schmid, 2004; Schmid and Jongman, 2005). Although there is no single agreed-upondefinition for what constitutes an act of physical terror, these elements are present inalmost all of the existing frameworks used (Schmid and Jongman, 2005).The definitional issues present for physical terror are exacerbated when attempting todefine what constitutes cyberterror. In fact, the term cyberterror developed in the mid-1990s as technology was increasingly adopted by consumers and industry alike (Foltz,2004). Increasing focus was placed on defining physical terror through the use ofviolence to promote fear; this challenged the notion of cyberterror, since there have beenfew instances where individuals in the real world have experienced any physical harmfrom a cyber-attack (Britz, 2010; Denning, 2010; Foltz, 2004; Martin, 2006; Pollitt, 1998).An attack against the electronic infrastructure supporting financial institutions orpower grids, however, could produce a catastrophic loss of service that results ineconomic harm or disruption of vital services (Brenner, 2008; Britz, 2010; Brodscky andRadvanovsky, 2010; Denning, 2010). For instance, if an attacker was able to knock outpower to a major city, this could potentially result in significant dollar losses forcorporations and lead to physical death if outages affected hospitals or medical services.The unexpected nature of such an attack would also, no doubt, generate panic over theprospect of future attacks occurring with almost no warning. Such fear and concern overcyber-attacks may rival that of a physical terror incident (Britz, 2010; Denning, 2010;Kilger, 2010). As a result, physical harm may be less relevant in the definition ofcyberterrorism compared to the fear that may stem from such an attack.It is also important to recognize that some terror or extremist groups may not attemptto use the Internet as an attack vehicle. Instead, they may simply find value in usingonline communications in order to contact others, spread their message globally, andengage in fundraising activities to support their cause (Britz, 2010; Foltz, 2004). Forinstance, there has been substantial concern over ISIS using various encryptedapplications such as WhatsApp and Telegram to communicate (Rotella, 2016). The use ofvarious instant messaging protocols makes it difficult to track actor networks andvalidate threats (see Box 10.2 for details).389
Box 10.2 The use of encrypted chat applications byterroristshttps://techcrunch.com/2016/01/16/isis-app/.ISIS has its own encrypted chat appTerrorists are communicating over a new secure Android app after getting kicked off WhatsApp,Telegram, and other messengers. Called “Alrawi,” the encrypted chat app makes it harder for governmentsand security agencies to spy on terrorist plans.This article provides an overview of the emergence of a new app being used by ISISto shield its communications from government agencies and counterterror groups.The article also explains why ISIS and other groups are using encrypted appsdeveloped in-house rather than continuing to use popular messaging apps due to therisk of identification. The implications of these developments for not only terroristgroup planning but also counter-terrorism efforts are explained as well.With that in mind, a truly expansive definition of cyberterror must recognize thevariations that may be evident in the way an organization uses technology to further itsagenda. Criminologist Marjie Britz (2010: 97) has developed an inclusive definition forcyberterror that recognizes both of these issues:The premeditated, methodological, ideologically motivated dissemination of information, facilitation ofcommunication, or attack against physical targets, digital information, computer systems, and/or computerprograms which is intended to cause social, financial, physical, or psychological harm to noncombatant targetsand audiences for the purpose of affecting ideological, political, or social change; or any utilization of digitalcommunication or information which facilitates such actions directly or indirectly.We will use this definition in order to frame the remainder of this chapter so as torecognize the various ways in which extremists and terrorists use technology to furthertheir agendas online and offline.390
The role of nation-state vs. non-nation-state attacksSince technology may be used to facilitate acts of crime or terror, we must consider thesource of an attack and how this might relate to the actor’s motivation and target. Withthat in mind, we must define a nation-state and contextualize how it might engage inan attack. Creveld (1999) argues that a nation-state has three characteristics: (1)sovereignty, (2) territoriality, and (3) abstract organization status. Sovereignty involvesthe authority or power to rule, as well as to make and enforce laws within a given area.Territoriality recognizes that a state or governing body exerts power within specific,recognized borders (Creveld, 1999). The idea of “abstract organization” involves theconcept that each state has a distinct and independent persona which is separate fromthat of its people. Specifically, the state is a political entity, while the culture and/orethnic composition of a place makes up its national identity (Creveld, 1999). For instance,the USA utilizes a democratic system of government, while its national identity is acultural mélange of various heritages and backgrounds based on the influx ofimmigrants over time.Given their sovereignty and territorial control, nation-states have the capacity to exertinfluence over their citizens, as well as other nation-states, in order to further theirinterests. As a result, some nation-states may utilize their citizen populations to engagein illegal activities in order to gain either economic or political advantage over anothernation. For instance, a nation-state may encourage individual citizens to engage in thetheft of trade secrets or intellectual property in order to gain economic advantage overanother country with which they must compete in the open market. The originatingnation may offer indirect economic support to actors in order to facilitate their activities,but it does not provide any overt recognition or direct orders that can be traced back tothe government. Thus, the use of state-sponsored actors allows a government to performillegal activities without directly engaging in the act.The role of state sponsorship in cyber-attacks that involve hacking and data theft hasgained substantial attention over the past two decades. One of the most notable incidentsof the past few years involved a major attack against Sony Pictures Entertainment in theUSA. In 2014, a group calling itself Guardians of Peace (GOP) hacked Sony PicturesHeadquarters and notified the company of the compromise by flashing a messagefeaturing a red skull on every employee’s computer, stating: “if you don’t obey us, we’llrelease data shown below to the world” (Robb, 2014). The hackers used a variety ofmalware tools to compromise the network, eventually obtaining as much as 100terabytes of data from the company, including personal emails, scripts, and details on allemployees.The hackers dumped massive amounts of intellectual property and personalinformation online, including films that had not yet been released in theaters, details on391
employee salaries, medical histories, and embarrassing email exchanges betweenexecutives regarding various actors and film projects (Robb, 2014). They also threatenedSony employees with physical violence, and eventually any US movie theater if theyscreened the film The Interview, a comedy where two reporters attempt to assassinateNorth Korean leader Kim Jong-un (Robb, 2014).While it is possible that these attacks were driven by individual hackers without statesupport, it is important to note the massive quantity of data acquired by the hackers, andthe use of somewhat sophisticated attack tools suggest that these were no ordinaryeconomically motivated hackers (Zetter, 2016). In addition, the fact that they targetedSony Pictures and made no attempt to sell the information they acquired or blackmailthe company, but rather dumped it online in multiple batches over time, appears to bedesigned to embarrass the company and its employees (Robb, 2014). The eventualexpressed interest of the hackers to prevent the company from releasing a film thatpainted North Korea in a negative light, even including threats of physical violence(Robb, 2014), is more in keeping with the interests of a nation-state rather than that ofthe larger criminal hacker community that seeks access to sensitive data. Finally, thesource of these attacks has some connections to the nation of North Korea, including theuse of malware containing Korean-language characters that were identified insubsequent attacks against South Korean targets (Zetter, 2016). All of these pointsprovide circumstantial evidence that the attacks were the result of state-sponsored actorsworking on behalf of the North Korean government (Zetter, 2016).The lack of concrete evidence to support the role of the state in sanctioning thisactivity makes it difficult to identify a clear policy response. It may be best to treat thisincident as a crime due to the lack of substantial evidence that the North Koreangovernment ordered this attack to take place. The totality of circumstances wouldsuggest it is something greater than a crime, but the use of a military response may notbe appropriate. As a result, the US government engaged in a series of economic sanctionsagainst the North Korean government in retaliation for the attacks (Robb, 2014). As such,the use of actors with no direct ties to a government entity makes it difficult to clearlydefine this incident as an act of crime, espionage, or war.By contrast, individuals operating without state sponsorship, or non-nation-state-sponsored actors, tend to have fewer resources at their disposal and may targetresources differently in order to affect the operational capabilities of a government orcorporation, gain a direct profit from data theft, or cause fear among a population. Theirattacks may not be as sophisticated as those used by nation-states, but they can stillprove effective, depending on the target of an attack. In addition, actors without statesponsorship do not have to operate within specific military hierarchies of command andmay organize in any way necessary in order to succeed. This does not mean that thereare not leaders within groups; they may be driven by a small core of actors who cometogether and rally others to their cause. Often, this may be done through the use of webforums, IRC, instant messaging groups, and social networking sites that enable the rapidformation of groups. Thus, non-nation-state-sponsored actors can more quickly come392
together to complete attacks with a wide network of participants who can just as rapidlydisband upon completion of the act in the absence of chains of command or hierarchies.One excellent example of non-nation-state-sponsored attacks based on looselyconnected actors is a series of DDoS attacks against US financial institutions beginningin the fall of 2012 by the group Izz ad-Din al-Qassam Cyber Fighters (Gonsalves, 2013).The attacks themselves were directed at US Bank-corp, JP Morgan Chase & Co., Bank ofAmerica, PNC Financial Services Group, SunTrust, and other institutions. The grouputilized compromised web servers located in the USA as a launch point and caused someinterruptions of service for the banks. It is not clear how successful the attacks were,though one estimate suggests at least seven banks were taken down for minutes to hours,depending on the institution (Gonsalves, 2013).The group indicated in posts on the website Pastebin that they were engaging in theattacks because of the treatment of the Islamic faith by the West and the USgovernment’s refusal to remove clips of a movie that disparages the prophet Mohammedfrom YouTube (see Box 10.3 for details). They claimed that they would engage in attacksagainst banks as retribution for these videos and base the duration of their attacks on theperceived damages that will result against these institutions relative to the number oftimes these videos have been viewed and the length of time they have been posted.While some of these institutions were able to use mitigation services to reduce theeffectiveness of the DDoS attacks, it is likely the attacks will continue so long as theCyber Fighters feel they are accomplishing some goal.Box 10.3 Ultimatum For DDoS attacks against US bankshttp://pastebin.com/EEWQhA0j.Operation Ababil, AlQASSAM ULTIMATUM. [.] We, the Cyber Fighters of Izz ad-Din al-Qassam, hadpreviously warned multiple times that, if the insulting movies not be removed from the Internet we willresume the Operation Ababil.This story provides the details of the Cyber Fighters’ campaign against variousfinancial institutions in the USA beginning in February 2013 as retaliation for thepublication of a video on YouTube that insulted the image of the ProphetMohammed. The announcement includes their future targets and demands.Since the individual hackers engaging in these attacks appeared to be motivated393
entirely by their religious backgrounds to target and affect business endeavors, it isreasonable to suggest that this is a crime. The religious component and the desire tochange the attitudes and behaviors of the nation and the stance of those who posted thecontent may also lead some to call these attacks hacktivism. Regardless, it is important toconsider how the role of state associations may affect both the activities of the attackersand the way in which an incident is defined.394
The use of the Internet in the indoctrination andrecruitment of extremist groupsDue to the prospective variations in the behavior and motives of actors, it is necessary toconsider how technology may be used and to what ends. First and foremost, the Internethas tremendous value as a communications vehicle for extremists, terror entities, andnation-state actors. The easy and immediate access to technology, coupled with theanonymity and scale afforded by computers and the Internet, make email, forums,instant messaging, and virtually all other forms of CMC ideal for interpersonalcommunications. Almost every nation on earth now has some form of Internetconnectivity, whether through cellular service providers, high-speed fiber opticconnectivity, or even dial-up Internet access. Groups can maintain contact and reach outto others, no matter where they may be located, through plain text messages, email, orforums.The ability to communicate regularly with others from diverse backgrounds ensuresthat individuals can be slowly but steadily introduced to the core principles of amovement (Gerstenfeld, Grant, and Chiang, 2003; Gruen, 2005; Weimann, 2005).Constant exposure to and reinforcement of an ideology allows individuals to becomeaccepting of an otherwise unusual perspective, and it may eventually enable theacceptance of an extremist ideology or identity (Gersten-feld et al., 2003). There aremyriad web forums operating to support various white nationalist and neo-Naziideologies, including The Daily Stormer, the National Socialist Movement (NSM), andeven portions of the relatively broad Reddit community (Hankes, 2015). One of the oldestof these forums is Stormfront.org, which is extremely popular among neo-Nazis todiscuss all facets of their movement and even day-to-day activities through a white-power perspective (Castle, 2011; Gerstenfeld et al., 2003; Weimann, 2005). The site servesas a venue for individuals to engage in conversations and connect with others virtuallyand through the real world via localized subforums by nation, state, and city. There arealso multiple sections devoted to politics, technology, philosophy, and entertainment.For more information on Stormfront in their own words, go online to:/www.stormfront.org/forum/.395
In addition to direct communications, the Internet also allows groups to directlycommunicate their beliefs and ideologies to the world without the need for mass-mediamarketing or news media coverage. Any terror or extremist group can post messages onblogs or websites in order to directly control the delivery of their message to the mediaand the public at large (Forest, 2009). For instance, members of the hacker groupAnonymous regularly use Twitter, YouTube, and even written letters posted on websitesin order to explain their actions or notify prospective targets that they may be attacked(see Box 10.4 for details).Box 10.4 Anonymous open letter exampleGreetings Citizens of the World, We are AnonymousThis is an open call to establish travel bans on United States citizens, boycott USmade products, divest of US or Trump related business interests, and apply sanctionson the Trump regime and all of its associates. Until the danger the United Statestoday possesses against the world is resolved. Reciprocity measures must be enactedagainst the United States to challenge its shameless actions under the Trump regime.Global response must also come in the form of economic sanctions on productsdirectly associated with the Trump corporate brand.As citizens of the world we must unite against tyranny wherever it emerges andchallenge it. As Trump reveals himself to be a danger not just for the US but the restof the international community it is our right to protect and defend ourselves fromthe madness of rogue entity with no regard for international law, human rights, orcommon decency.We call on the international community from all backgrounds and ideologies,across social stratas and religions, to resist the madness leaking out of the UnitedStates. We call for the creation of global boycotts against US made products, we callon you to contact your representatives and members of parliament and congress toapply sanctions on the Trump regime, we call on you to take part in divestment ofUS shares. BDS the US until the maleficent Trump regime is brought to justice.To the citizens of the United States, this is not an attack on you but firm andnecessary action against the rising tyranny that today befalls you. Participate inyour own liberation from the Trump regime by applying economic and politicalpressure on your house and senate representatives to push the impeachment of theTrump regime. The Trump regime will not listen to protests in the streets, but it willcrumble under protests in the work force & sanctions, divestment, and boycottsabroad. We call on you, the citizens of the United States, to organize rolling workstrikes nationwide. Remove your labour from the pockets of the tyrants, disrupt the396
markets they are so proud of, and take the reins of your governance back bybuilding society and mass collaboration. Forget making America great again,together we can make humanity great again.We are Anonymous.We are everywhere.We are legion.We are those you have left without a home.We are those you have murdered.We are voiceless no more.The world will change. We’ll change it.Tyrants of the World,Expect Us!The Islamic State also uses Twitter as a key platform for recruitment andradicalization. The relatively limited territories which ISIS controls offline in Iraq andSyria demand that they find ways to attract individuals to their ideology, making socialmedia play an essential role in promoting their message to recruit participants globally.Twitter is a vital resource, as individuals can create accounts easily and use them evenfrom basic mobile phones. The use of hash-tags in Twitter messaging also allows ISIS tofind ways to reach the top trending tags to ensure they are seen by a broad audience(Berger and Morgan, 2015). These practices, however, also make it possible for Twitter toidentify and suspend accounts engaged in ISIS posting, although many suspended usersare able to get back on the service almost immediately. They treat a suspension as abadge of honor, validating that they are truly members of the movement and that theycontinue to operate in the face of Western security strategies (Stewart and Maremont,2016).To that end, ISIS operates a coordinated campaign of posting, using a network ofthousands of accounts, some live actors and some that are bots, to immediately retweetany messages posted by main accounts within the organization (Berger and Morgan,2015). In addition to messaging, ISIS recruiters will attempt to engage any individuals inconversation who appear sympathetic to their cause (see Box 10.5 for an example). Theirconversations transition from simple discussions of Islam or of the movement, to moreengaged long-form conversations on Skype or other platforms, including messagingapplications created specifically for ISIS to use (Stewart and Maremont, 2016).Eventually, the individual may be radicalized and encouraged to either engage inviolence in their home nation, or to travel to the Middle East to join the fight for theCaliphate in Iraq.Box 10.5 The role of social media in recruitment and397
radicalizationwww.nytimes.com/2015/06/28/world/americas/isis-online-recruiting-american.html.ISIS and the lonely young AmericanShe kept teaching at her church, but her truck’s radio was no longer tuned to the Christian hits on K-LOVE. Instead, she hummed along with the ISIS anthems blasting out of her turquoise iPhone, and begandaydreaming about what life with the militants might be like.This article details one young woman’s experience engaging with, and eventuallyaccepting, the radical ideology promoted by ISIS. She engaged in discussions withmembers of ISIS via various social media feeds, eventually engaging in regularconversations and even converting to Islam. Her story provides an excellent exampleof the types of individuals ISIS and other radical movements seek out, and theprocesses they employ to indoctrinate them.Computers and software suites for multimedia creation, like Photoshop, also allowgroups to create and manipulate videos, photos, and stylized text. This enables extremistgroups to develop more media-friendly materials or misrepresent facts in support of theirown ideologies. In turn, they can promote their ideas and images to a larger audience ina subtle and convincing way that may instill anger and hostility toward groups that areperceived as oppressors or socially unacceptable (Forest, 2009; Gruen, 2005).The terrorist group Al Qaeda in the Arabian Peninsula (AQAP) operates an English-language magazine called Inspire which provides information on the perspectives of thegroup and the jihadist movement generally. An issue from March 2013 featured anarticle on the 11 public figures from the West who it feels should be wanted dead or alivefor crimes against Islam (Watson, 2013). It also features regular details on techniques toengage in terrorism, ranging from simple bomb making to how to handle firearms.The glossy magazine format allows the authors to promote their agenda in a way thatis both attractive and appealing to readers. At the same time, the writing style may bemore engaging and promote the jihadist agenda to those who may never haveconsidered this point of view (Watson, 2013). In fact, the Tsarnaev brothers whoperformed the Boston Marathon bombing frequently sought and read extremist websites398
and the magazine Inspire which served as the basis for their method of attack. Thebrothers acquired the information needed to build improvised explosive devices frompressure cookers, nails, ball-bearings, and explosive materials via articles published inthe magazine (Cooper, Schmidt, and Schmidt, 2013).For more information on the magazine Inspire and its role in radicalization, goonline to: www.dailymail.co.uk/news/article-2287003/Al-Qaeda-releases-guide-torch-cars-make-bombs-naming-11-public-figures-wants-dead-alive-latest-edition-glossy-magazine.html.In much the same way, the extremist group Stormwatch operates a website about thecivil rights leader Dr. Martin Luther King Jr., which appears to discuss his role as anactivist (martinlutherking.org, 2013). The content of the site, however, decries his role inthe pursuit of equality and suggests that he was actually a mouthpiece for Jews andCommunists, in keeping with the perceptions of the White Supremacist movementgenerally (Weimann, 2005). It is written in a relatively persuasive fashion that may makean unsuspecting reader with little knowledge of King’s role in social change believe thecontent to be factual. For instance, the writers argue King to be a fraud and not areligious man by taking facts and quotes out of context. In fact, they repeatedly arguethat he stole materials from other figures and claimed them as his own, stating:The first book that King wrote, “Stride Toward Freedom,” – was plagiarized from numerous sources, allunattributed, according to documentation recently assembled by sympathetic King scholars Keith D. Miller, IraG. Zepp, Jr., and David J. Garrow.And no less an authoritative source than the four senior editors of “The Papers of Martin Luther King, Jr.” –(an official publication of the Martin Luther King Center for Nonviolent Social Change, Inc., whose staffincludes King’s widow Coretta), stated of King’s writings at both Boston University and Crozer TheologicalSeminary: “Judged retroactively by the standards of academic scholarship, [his writings] are tragically flawed bynumerous instances of plagiarism. [.] Appropriated passages are particularly evident in his writings in his majorfield of graduate study, systematic theology. ”This content derides the success of King and argues that there should be no nationalholiday or recognition of his work. In fact, they provide a link to downloadable flyersabout these issues which reads, “Bring the Dream to life in your town! Download flyersto pass out at your school.” These are excellent examples of the way in whichmultimedia content can be used by extremist groups to help indoctrinate individuals intotheir ideological or political worldview.399
In addition, cell phone cameras and web cams allow individuals to create trainingvideos and share these resources with others through video-sharing sites like YouTube(Gruen, 2005). Posting videos and news stories through social media also provides amechanism to publicly refute claims made by media and governments to ensure that thegroup is presented in a positive light (Forest, 2009; Gruen, 2005). For instance,participants in the recent Arab Spring created videos on camera phones to show violentrepression by government and police agencies, as it happened, to news agencies aroundthe world (Stepanova, 2011). Similarly, ISIS members have posted videos of the conflictin the city of Mosul, Iraq, and other parts of the country where they have attempted totake control of the population. Their videos are intended to validate or refute claims bythe US military and coalition forces regarding their attempts to retake cities where ISIShas dug in (Tawfeeq, Formanek, and Narayan, 2016). Such “on the ground” reportingallows individuals to provide evidence of their experiences.This same capability, however, can be abused by extremist groups in support of theirideologies. One of the most extreme examples of such an act was a video posted bymembers of Al Qaeda in Pakistan on February 21, 2002. In the video, members of thegroup executed a journalist named Daniel Pearl who was kidnapped while he wastraveling to conduct an interview (Levy, 2003). He stated his name for the camera,described his Jewish family heritage, and then condemned America’s foreign policystrategies in the Middle East. Following these statements, his captors then slit his throatand cut off his head, ending the video with a statement demanding the release of allGuantanamo Bay detainees, or otherwise more deaths would result (Levy, 2003). Thegruesome video became a key piece of propaganda for the group and the jihadistmovement generally, while inciting massive outrage in the USA. Such a chilling exampledemonstrates the value of interactive media and the Internet in the promotion ofextremist movements generally (see Box 10.6 for an additional example).Box 10.6 An example of Facebook live being used forterrorismwww.mirror.co.uk/news/world-news/isis-killers-chilling-facebook-live-8190208.ISIS killer’s chilling Facebook live video threatening Euro 2016 minutes400
after murdering police chief and wifeHomegrown jihadist Larossi Abballa broadcast his extremist views on a Facebook live stream afterrepeatedly stabbing Jean-Baptiste Salvaing and his wife at their home on the outskirts of Paris last night.This article details the messages Larossi Abballa posted via Facebook live afterstabbing two people to death while holding their 3-year-old child hostage, includinghis thoughts on the ways in which the French were increasing the threat of terrorattacks based on their policies toward Muslim nations. The article demonstrates thevalue of live streaming content for extremists and radical groups to promotemessages of violence to the world.In addition to video, social movements on the fringes of society have successfullyutilized music and video games as a means to expose individuals to their perspectives insocially acceptable and engaging ways (Britz, 2010; Weimann, 2005). For instance,Resistance Records is a record label that produces and distributes music by bands thatfeature white power and right-wing extremist messages in a direct-downloadable format(Jipson, 2007). The label is owned and run by the National Alliance, a white powergroup, which gains a profit from album sales. Music allows what are otherwise extremeor socially unacceptable positions to be heard in ways that may appeal to youngergenerations or the general public.Video games have also become a key resource for extremist groups to promote theirbeliefs in a socially acceptable, approachable, and extremely engaging way to youngeraudiences. The rewards and reinforcement which individuals can receive throughsuccessfully completing the objectives of a game, coupled with the underlying themes ofthe content, can promote an extremist view in a very digestible format. One of the mostwell-known of these games is called Ethnic Cleansing, which was developed andreleased through Resistance Records using no-cost open-source software. This is a so-called “first-person shooter,” wherein the game is played from the point of view of askinhead or Klansman who kills blacks, Jews, and Latinos in various urban and subwayenvironments (Anti-Defamation League, 2002). This game, and its sequel, White Law,costs $14.99 and, may be downloaded directly through the Resistance Records website(Anti-Defamation League, 2002). Similarly, Islamic extremists have released severalvideo games that place the player in the role of a jihadist fighting against Jews,Westerners, and the US military (Gruen, 2005). The content utilizes pro-Islamic imagery,rap and popular music, as well as various images of and messages from Osama BinLaden and the 9/11 terror attacks. The game has been posted and reposted across variouswebsites online, ensuring its spread to various interested groups (Weimann, 2005).In addition to lifestyle publications and materials that encourage or support extremistideologies, there are a number of training and support manuals distributed online. Infact, the open nature of the World Wide Web allows individuals to post information thatcould be used to engage in violence or cause physical harm in the real world. There are a401
number of training manuals and detailed tutorials for bomb making, gun play, andimprovised weapons use on the Internet, many of which have been available online foryears (Wall, 2001). This is because individuals can easily post a text file or wordprocessor document and repost it in repositories, send via email, or share via socialnetworks in different formats and languages. For example, the Mujahadeen PoisonsHandbook from Hamas and the Encyclopedia of Jihad published by Al Qaeda areavailable in various online outlets (Weimann, 2005). Even the Earth Liberation Front andAnimal Liberation Front have tutorials on how to engage in civil disobedience andprotests against logging companies, construction sites, and animal testing facilities (Holt,2012). These resources engender planning and tactical strategy development, regardlessof the expertise of the individuals in a given area.For an example of a tactical manual, go online to: www.direkteaktie.net/osh/.402
Electronic attacks by extremist groupsAlthough the communications capability afforded by the Internet is unparalleled, it isalso important to consider how these technologies could serve as a target for attacks byextremists, terror groups, and even nation-states. The range of interconnected computersystems and sensitive data that could be compromised online presents a diverse array ofhigh-value targets for attackers (Britz, 2010; Denning, 2010; Holt, 2012; Kilger, 2010). Forinstance, individuals could immediately target financial institutions in order to limit thefunctionality of online banking systems or harm databases of consumer information inorder to cause chaos. Alternatively, attackers may target the computer systems thatsupport the processes within nuclear power plants, hydroelectric dams, or sewagetreatment plants. These systems, called Supervisory Control and Data AcquisitionSystems (SCADA), are vital to the management and processing of critical infrastructureand are often connected to the Internet in some fashion (Brodscky and Radvanovsky,2010). As a result, an attacker who can affect the functionality of these computers maycause substantial physical harm in the real world along with fear over future attacks (seeBox 10.7 for details; also Brenner, 2011; Denning, 2010).Box 10.7 Examples of cyber-attacks against SCADAsystems in water treatmentwww.infosecisland.com/blogview/18281-ICS-Cybersecurity-Water-Water-Everywhere.htmlICS cyber-security: water, water everywhereSince then there have been numerous articles and events that have driven the public conversation aboutthe security of the cyber systems at American water treatment facilities. The question at hand is whetherthis moment of attention will result in any improvements in cybersecurity of the nation’s water supply.This article provides a timeline of the cyber-security incidents that have occurred403
over the past two decades that specifically target water management systems. Thepiece is invaluable in understanding the ways in which systems have beencompromised and what this may mean for the future.The use of cyber-attacks by extremist groups is infrequent, though they are facilitatedin part by the nature of information sharing in the hacker subculture (see Chapter 3; alsoBritz, 2010; Denning, 2010). Hackers regularly provide information on vulnerabilitiespresent in the software and hardware of systems across the world (Taylor, 1999). Thisinformation can be leveraged by anyone with the time or inclination to identify systemswith this vulnerability and attempt to attack them. As a result, open disclosure may domore to facilitate attacks than to provide public awareness of weaknesses. In fact,hackers in support of Al Qaeda have posted various resources to facilitate cyber-attacks,such as Youni Tsoulis, who published a hacker tutorial entitled The Encyclopedia ofHacking the Zionist and Crusader Websites (Denning, 2010). This guide provideddetailed information on vulnerabilities in US cyber infrastructure, as well as techniquesto engage in data theft and malware infections. In addition, the ability to obtain freeattack tools or malware and hacking resources through open markets (see Chapters 3 and4) reduces the amount of resource development needed to successfully complete anattack. Thus, the modern hacker subculture facilitates both legitimate and illegitimatehacking behaviors which can be used by any motivated actor.One of the most common types of attack used in support of extremist or terroragendas is the denial of service attack (DDoS) (Denning, 2010; Kilger, 2010). Theseattacks may not cause significant system damage, though the fact that they prevent usersfrom accessing resources can cause massive dollar losses. In addition, they can berelatively easy to perform and are enabled in part by downloadable tools that willcomplete the attack at the click of a mouse.The history of downloadable DDoS tools stems from the hacker group the ElectronicDisturbance Theater (EDT; Denning, 2010). The group developed a program calledFloodNet that could be downloaded directly from their website to be used by individualswho shared their perspectives on the use of the Internet as a space for social activism. Itwas first used in an attack against the Mexican government owing to their treatment ofZapatista separatists who were fighting against what they perceived to be governmentalrepression (Denning, 2010). The EDT first used FloodNet against the Mexican PresidentZedillo’s website, and then attacked US President Clinton’s website because of hissupport of Mexico. A third, and even larger, attack was then launched against Zedillo,the Pentagon, and the Frankfurt Stock Exchange for its role in supporting globalization(Denning, 2010).For more on the EDT, go online to: www.youtube.com/watch?v=O-U-he8LN3k.404
The success of FloodNet led to its adoption by other activist groups to engage in DDoSattacks, such as an attack by animal rights protesters in Sweden and a British groupcalled the Electrohippies Collective (Denning, 2010). In more recent years, additionalDDoS tools have been developed by groups with diverse interests. For instance, a toolcalled Electronic Jihad was released through the Arabic-language forum al-Jinan for useagainst various Western targets (Denning, 2010).Anonymous also uses a DDoS tool called the Low Orbit Ion Cannon (LOIC) insupport of attacks against personal, industrial, and government targets around the world(Correll, 2010). This simple tool allows individuals to simply select a website to targetand give parameters for the duration of the attack, then click the ready button. LOICrequires no technical knowledge to successfully complete an attack; the interest intargeting a specific entity is all that is necessary.For more on the Low Orbit Ion Cannon, go online to:http://sourceforge.net/projects/loic/.Another useful tool in the arsenal of hackers seeking to express their opinions are webdefacements, where the normal HTML code of a web page is replaced by images, text,and content of the attacker’s choosing (see Chapter 3; Denning, 2010; Woo et al., 2004).Web defacements began as a vehicle for hackers to call out system administrators whoused poor security protocols and to generate a reputation in the hacker community fortheir actions (Woo et al., 2004). As hackers increasingly recognized the value of webdefacements as a means to express their political or ideological motives, the nature andtargets for defacements began to change.Specifically, web defacements appear increasingly to be triggered in response to real-world events. For instance, the Turkish military shot down a Russian fighter jet withinits borders on November 24, 2015 on the basis that it was from an unknown country oforigin at the time of the incident and was nonresponsive to repeated requests to change405
direction (BBC, 2015). The Russian government contended that the jet was engaging in abombing run as part of their operations in fighting ISIS within Syria, which bordersTurkey. Shortly after this incident, the Turkish web infrastructure was hit with a DDoSattack by hackers claiming to be part of Anonymous, indicating that this was revenge forthe Turkish government’s support of ISIS (Cimpanu, 2016). Turkish hacker groupsresponded by engaging in a campaign of web defacements and attacks against Russianwebsites, including defacing the websites of the Russian Embassy in Israel (Cimpanu,2016) and the Russia Joint-Stock Commercial Bank for Reconstruction and Development(Waqas, 2016).In light of the ways in which the Internet may be used by ideologically driven groupsin order to affect action or cause harm, we will now explore two different extremistgroup subcultures and their online activities: (1) the Radical Far Right movement, and (2)the e-jihad.The Radical Far Right onlineThe term “the Radical Far Right” is often associated with white supremacist groups likethe Ku Klux Klan, though it can actually be applied as an umbrella term to capture thecollective of groups with overlapping perspectives, such as neo-Nazi groups, whitenationalists, Aryan skinheads, and other Christian separatist movements. In addition, theterm Alt-Right or Alternative Right has been used to characterize aspects of thesemovements in an attempt to rebrand these ideologies. Although they have differentindividual views, they generally share a framework that the white race has been harmedby non-white racial and ethnic groups, Jews, and Catholics. These groups operate aroundthe world and take various forms. The Southern Poverty Law Center (2017) suggestedthat there were 917 active hate groups operating in the USA in 2017. Although they arespread across the country, the white power movement isFor more information on the different types of hate groups in the USA andwhere they are located, go online to: www.splcenter.org/hate-map.most prominent in the South, upper Midwest, and Southwestern United States. Similargroups are evident in Europe and Asia, including the National Socialist Movement,406
which has offshoots in England and the Philippines (National Socialist Movement, 2014).The value of the Internet for the Radical Far Right movement cannot be understated.Technology allows individuals from marginalized communities across the world tobecome indoctrinated into the culture and to find social support for their attitudes andbeliefs over time. Donald Black, former KKK member and founder of the websiteStormfront, stated that “whereas we previously could only reach people with pamphletsand by sending out tabloid papers to a limited number of people or holding rallies withno more than a few hundred people – now we can reach potentially millions of people”(Faulk, 1997). Considering he made this statement in 1997, the white power movementhas had a long history of Internet use.For more information on the Alt-Right, go online to:www.splcenter.org/fighting-hate/extremist-files/ideology/alternative-right.Some of the most common tools used by the Radical Far Right movement arewebsites, forums, chatrooms, blogs, and other forms of CMC. Individuals who find thesesites may be initially directed to them through Google searches or links through radicalchurch websites (McNamee, Peterson, and Pena, 2010). Spending time reading thecontent and getting to know users may increase their willingness to accept their point ofview. In fact, continuous involvement in these sites may help individuals acceptextremist perspectives, even if their peers or family do not agree with these positions. Inaddition, the ability to make multiple friends and associates online in addition to theirreal-world social relationships can help insulate their perceptions.It is important to note that CMCs used by these movements do not necessarilyencourage violence. Some do and are overtly inflammatory in their language about theneed to rise up in armed conflict or engage in a “race war” (McNamee et al., 2010). Manysites and discussions, however, simply revolve around the importance of the movementand the need to develop a strong white race. In fact, many users in forums and othersites communicate their interpretation of historical events, as in the discussion of Dr.Martin Luther King, Jr. mentioned earlier in this chapter (McNamee et al., 2010). Theymay also promote the idea that the white race has been appointed by God or by naturalright to dominate the world over other races and ethnic groups (McNamee et al., 2010).Constant exposure to these messages will help encourage an individual to believe them407
and be drawn into the movement as a whole.At the same time, the Internet allows users to regularly access cultural currencyrelated to Far Right movements generally. For example, music became an important toolin the indoctrination of individuals through heavy metal bands and other musical stylesin the mid-1990s (Simi and Futrell, 2006). Large concert venues became an importantrallying point, drawing multiple acts to play at day-long festivals. The development of e-commerce sites and music-sharing services aided the spread of white power and neo-Nazi music. In turn, the movement began to use music as a key resource to communicatetheir message through accessible media that may be more engaging to youth culture(Simi and Futrell, 2006).The ability to access the Web has also enabled individuals to develop lifestyle-relatedcontent that incorporates their racial attitudes (Simi and Futrell, 2006). Images of tattoos,concerts, organized meetings, video games, music, and clothing are all easily identifiedvia the Web. There are now even streaming music services available for those interestedin white power bands. In addition, the group Women for Aryan Unity (WAU) publishesa magazine called Home Front on parenting issues, home schooling, and ways tosocialize children into the movement. There are also child-specific materials available todownload, such as coloring pages, crosswords, and stories that are “age appropriate”(Simi and Futrell, 2006). They can also get positive reinforcement from peers and askquestions about how to stay loyal to the movement despite the problems they may facefrom other parents. Thus, the Web is a key resource in the communication of subculturalvalues within radical movements as a whole.The e-jihadOver the past ten years, academic researchers and popular media have focused heavilyon Al Qaeda, and more recently on ISIS, and their role in global terror activities (Forest,2009; Martin, 2006). Much of this work has helped inform our knowledge of the real-world threat that these groups pose, though there has generally been little evidencedemonstrating their role in successful cyber-attacks (Denning, 2010; Ulph, 2006). Thereis, however, some evidence that loose associations of hacker groups are interested andattempting to engage in cyber-attacks against the West. This so-called e-jihad has ties toAl Qaeda, ISIS, and other Islamic extremist groups across the Middle East and Africa,and depends on technology for communications infrastructure and as an attack platform(Denning, 2010; Ulph, 2006).The use of the Internet as a platform for e-jihad has been supported by a variety ofindividuals tied to Muslim extremist groups. For instance, Mohammad Bin Ahmad As-Sa-lim wrote a book entitled 39 Ways to Serve and Participate in Jihâd, which wasdesigned to promote discussion about the issue of war with the West and jihad generally(Denning, 2010; Leyden, 2003). The book discussed the issue of electronic jihad as thethirty-fourth principal way to engage in jihad. He identifies the need for both discussion408
forums for media campaigns and more specific applications of hacking techniques inorder to harm the West. Specifically, he wrote: “He [anyone with knowledge of hacking]should concentrate his efforts on destroying any American websites, as well as any sitesthat are anti- Jihâd and Mujâhidîn, Jewish websites, modernist and secular websites”(As-Sa -lim, 2003). Thus, terror groups realize that Western nations’ dependence on theInternet for both commerce and communications is a major vulnerability that can beexploited to cause economic harm and fear in the general populace.For more information on US citizens being radicalized, go online to:www.cnn.com/2017/03/03/politics/homeland-security-assessment-radicalization/index.html.To that end, the first hacker group to emerge with specific ties to Al Qaeda was the“al-Qaeda Alliance Online,” an offshoot of the hacker group “GForce Pakistan.” Membersof the Alliance defaced a web server operated by the National Oceanic and AtmosphericAdministration (NOAA) on October 17, 2001 (McWilliams, 2001). The defacementcontained interesting, if not contradictory, information by condemning the September 11attacks, stating: “bin Laden is a holy fighter, and whatever he says makes sense”(McWilliams, 2001). They went on to say that they would attack major websites in theUSA and Britain, though “we will not hurt any data as its [ sic ] unethical” (McWilliams,2001).A subsequent defacement occurred ten days later, on October 27, though that was thelast attack attributed to the group (Denning, 2010). It is not clear what happened to theAlliance, but it was replaced by a variety of forums and hacker groups actively engagedin the promotion of attacks against the West and others who disparaged the Islamicfaith. For instance, the al-Farouq forum established a section encouraging electronicjihad, along with a downloadable library of tools and tutorials for engaging in attacks(Denning, 2010; Pool, 2005). Similarly, the al-Jinan forum created and offered a freedownload of a DoS tool called Electronic Jihad and gave awards and electronic medals tothose who were the most effective attackers against sites that harmed Islam (Bakier,2007).One of the most well-known examples of information sharing was from a hackernamed Youni Tsoulis, who used the handle Irhabi007. He developed multiple web forumsand sites supporting Al Qaeda and even set up hidden links to propaganda websites on409
various forums (Corera, 2008). He also promoted hacking and gave multiple tutorials onhacker sites with substantial detail on methods of attack and tactics to compromisewebsites (Jamestown, 2008). Due to the degree to which he actively engaged and sharedinformation about cyber-attack techniques with others in the e-jihad movement, Tsoulicame to the attention of law enforcement and military agencies around the world. Infact, his name was found on a laptop belonging to a member of an Al Qaeda cell inBosnia who was arrested after making threatening videos against various Europeannations. Tsouli was arrested by the London Metropolitan Police during a raid in 2005 andwas found guilty of charges under the Terrorism Act of 2000 (Corera, 2008). He receiveda 16-year sentence; he was 23 years old at the time.More recently, Ardit Ferizi was detained in Malaysia in October 2015 based onallegations that he compromised US computer systems on behalf of ISIS (Perez, Shoichet,and Bruer, 2015). Ferizi used the handle Th3Dir3ctorY, and admitted to compromising aserver hosting a US company, enabling him to gain access to a database containing thepersonally identifiable information (PII) of almost 1,300 military and governmentpersonnel (Department of Justice, 2016). He then gave these data to Junaid Hussain, anISIS recruiter, and discussed using the data to produce a hit-list based on the victims’ PII.The data then appeared in a tweet posted by the Islamic State Hacking Division (ISHD),claiming that they would pass the “personal information to the soldiers of the khilafah,who soon with the permission of Allah will strike at your necks in your own lands!”(Department of Justice, 2016). He was extradited to the USA for prosecution, and waseventually found guilty and sentenced to 20 years in federal prison on charges related toviolations of the Computer Fraud and Abuse Act, as well as providing material supportto a terrorist organization.These two incidents are examples of the few successes in the e-jihad campaign againstthe West. Other attempts have been less successful. For instance, individuals attemptedto engage in a DoS attack against the Vatican website after Pope Benedict madecomments about the Prophet Mohammad and Islam which were viewed as critical oftheir faith (Denning, 2010). Individuals involved in the e-jihad also planned acoordinated series of attacks against US financial institutions and the stock exchange in2006. All of these attacks failed to materialize, calling into question the skill of theattackers relative to the preparations taken to defend against such attacks (Alshech, 2007;Denning, 2010; Gross and McMillan, 2006). This should not be taken as an indication thatAl Qaeda, ISIS, and e-jihad should not be taken seriously, but rather that they recognizethe value of the Internet and are searching for ways to leverage it toward effectiveattacks.Box 10.8 Questioning the reality of cyberterrorThis chapter provides substantive detail on the role of the Internet in facilitatingcommunications, fundraising, and planning for terror groups. There is, however,410
scant evidence of actual cyber-attacks performed by terrorist groups. Pundits andpoliticians have heralded this potential for almost two decades since the coining ofthe phrase “digital Pearl Harbor.”As a result, some scholars argue that the absence of actual evidence of attackscoupled with the expansion of the information collection and security apparatus ofgovernments leads to a distinct conclusion: cyberterror is a social construction(Furedi, 2005; Yar, 2013). Specifically, the threat posed by terrorism is built up bymedia and seized upon by claims makers. The resulting public support may be usedas a means to gain greater control over resources like the Internet and imposerestrictions and surveillance on user activity. This position is supported by therecent revelations regarding the US National Security Agency’s access to email andphone records, as well as a larger global surveillance mechanism (discussed later inthis chapter).This is a challenging position, as the general public does not gain access toinformation on attacks against government systems and critical infrastructure. Theclassification of information makes it difficult to know the reality of terrorist groupcapabilities or their use of cyber-attacks (Denning, 2010). At the same time, there hasbeen a massive build-up in security spending and resource allocation to governmentagencies for what are otherwise extremely rare events (Yar, 2013). In the end, it isnecessary to consider this position and ask, “What is the correct balance betweennational security and citizens’ rights?”411
Cyberwar and the nation-stateAs cyberspace plays an increasingly critical role in managing the everyday aspects ofcommunication and critical infrastructure, governments and military agencies areincreasingly attempting to establish their role in cyberspace. Many industrialized nationsrecognize the threat that cyber-attacks can pose to military and governmentalinfrastructure. Some consider cyberspace to be a new warfare domain just like land, sea,air, and space (Andress and Winterfeld, 2011). As a consequence, it is necessary toconsider how fighting a war in this domain may operate and what constitutes an act ofcyberwar.There is no single agreed-upon definition for warfare, even among the United Nations.The historical literature on war and warfare tactics, however, suggests that it may beviewed as an act of force or violence which compels the opponent to fulfill the will of thevictor (Andress and Winterfeld, 2011; Brenner, 2008; Schwartau, 1996). When applied tocyberspace, the use of war tactics appears designed to control and affect the activities ofan opposing force. Brenner defined cyberwarfare as nation-states’ “use of militaryoperations by virtual means [.] to achieve essentially the same ends they pursue throughthe use of conventional military force” (2008: 65). Thus, the domain of conflict forcyberwar is different from traditional conflicts in that the operations take place in avirtual space (Rid, 2013).The weapons of cyberwar are also different from those of traditional combat, in thatactors may utilize malware and hacking techniques in order to affect systemfunctionality, access to information, or critical infrastructure (Rid, 2013). The outcomesand goals of cyberwar, however, are similar to physical war in that fighters may attempteither targeted tactical strikes against a specific target or try to cause as much damage aspossible to the operational capacity of a nation-state.Although there has been some debate about the actual threat of cyberwarfare and theutility of this term generally (see Andress and Winterfeld, 2011; Rid, 2013), we mustrecognize why it may be a fruitful environment for attack. Nearly all critical systems inmodern industrialized nations depend on the Internet for commercial or logistic support.For example, water and sewage treatment plants, nuclear, hydroelectric, and other powergrids are dependent on the Internet for command and control. Virtually all facets ofbanking, stock exchanges, and economic systems are run through the Internet. Evenaspects of the military and related defense contractors of the world are run throughcivilian or commercial telephony. Any attack that could effectively disrupt thecommunications capacity of the Internet could effectively cripple our society, whichwould have ripple effects throughout the real world. At the same time, the sensitive datamaintained by government or military agencies could be compromised and/ or stolen inorder to gain an economic or defensive advantage. Thus, hacking sensitive systems412
would be an easy and immediate way to affect an enemy through cyberwarfare.Over the past ten years, there have been an increasing number of incidents that mightpractically be viewed as cyberwar. A key example is the conflict between Russia andEstonia in 2007. A conflict developed between Russian and Estonian factions in April2007 when the Estonian government removed a Russian war monument from amemorial garden in a national cemetery (Brenner, 2008; Jaffe, 2006; Landler and Markoff,2007). The statue, called The Bronze Soldier of Tallinn, was installed as a monument tothe Russian involvement in World War II, and was viewed as a relic from Estonia’s timeas part of the former Soviet Union. Now that Estonia was its own independent nation,the government felt it appropriate to have the statue removed (Guadagno, Cialdini, andEvron, 2010). Russian citizens living in Estonia and elsewhere were enraged by thisaction, leading to protests and violence in the streets of both countries. Over 1,300 werearrested during protests in Estonia, many of whom were ethnic Russians living in thecountry.The conflict quickly grew into online spaces, with hackers in both Estonia and Russiaattempting to engage in different hacks and spam campaigns (Brenner, 2008; Jaffe, 2006).Russian hackers also leveraged online forums and hacker sites in order to rally attackerstogether to increase the volume of their attacks and used huge botnets of compromisedcomputers for DDoS attacks (Clover, 2009; Davis, 2007). The attacks incorporated manyindividuals who were interested in attacking Estonia out of their love and respect fortheir homeland, many of whom had little knowledge of computer hacking. As aconsequence, Russian attacks were able to shut down critical components of Estonia’sfinancial and government networks, causing significant economic harm to citizens andindustry alike (Brenner, 2008; Landler and Markoff, 2007). The Estonian Parliament andalmost every governmental ministry website was affected. In addition, three of the sixnational news agencies and two of its largest banks also experienced problems (Clover,2009). In fact, banks were knocked offline for hours and lost millions of dollars due toDDoS attacks (Landler and Markoff, 2007).In the wake of this onslaught, the Estonian government accused the Russiangovernment of supporting and encouraging these attacks. To date, there has been noconcrete evidence provided to support Russian state sponsorship (Denning, 2010). Manyobservers, however, have argued that this incident is a clear demonstration of hownation-states may engage in conflicts in the future. The actors involved may be drivenby their own sense of duty to their country or by actual military doctrine. Regardless, theseverity of the attacks demonstrates the need to identify how cyber-resources might beaffected by conflicts in the real world.A more recent example is the appearance of a piece of malicious software calledStuxnet. This computer worm was used in attacks against the Natanz uraniumenrichment facility in Iran (Clayton, 2010; Kerr, Rollins, and Theohary, 2010). Stuxnetwas designed to specifically compromise and harm computer systems in order to gainaccess to the SCADA systems and related programmable logic controllers (PLCs) inside413
of centrifuges in these plants (Clayton, 2010; Kerr et al., 2010.) Specifically, the codewould allow the PLC to be given commands remotely by the attacker, while shieldingthe actual behaviors of the centrifuges from the plant’s SCADA control systems. As aresult, attackers could surreptitiously disrupt the plant’s ability to process uranium andcause confusion among operators and controllers. It is unknown how long the malwarewas able to operate inside of the facility, though estimates suggest it may have impacted1,000 of the 5,000 centrifuges in the plant and delayed the overall functionality of thenuclear plant by months or even years (Kerr et al., 2010; Sanger, 2012).For more information on Stuxnet, go online to:1. www.youtube.com/watch?v=n7UVyVSDSxY2. www.youtube.com/watch?v=863SNTqyYto.Recent evidence suggests that Stuxnet was developed by the USA under the Bushadministration as evidence grew regarding the Iranian nuclear program aspirations. Theprogram, called Operation Olympic Games, was proactively implemented by anexecutive order of President Obama because it was thought that this sort of attack wouldbe more targeted, difficult to detect, and produce fewer civilian casualties or collateraldamage than a physical strike (Sanger, 2012). In addition, the use of this code wasthought to have reduced the likelihood of a conventional military strike by Israel whichwould have dangerous consequences for the region as a whole. The USA has notacknowledged any of the claims made related to Stuxnet, though its release in the wildhas given computer security professionals and hackers access to this extremelysophisticated malware. The program may serve as a basis for the development of tools inorder to exploit or attack critical infrastructure across the globe (Brodscky andRadvanovsky, 2010; Clayton, 2010). The US Department of Homeland Security expressed414
substantial concern over the use of Stuxnet-like code in attacks against US powerinstallations (Zetter, 2011). Thus, cyber-attacks may be an increasingly common way fornation-states to engage one another to cause harm.For information on US cyber attempts to attack the North Korean missileprogram, go online to: www.nytimes.com/2017/03/04/world/asia/north-korea-missile-program-sabotage.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=span-ab-top-region&region=top-news&WT.nav=top-news&_r=0.Besides overt or covert cyber-attacks, governments are increasingly using cyberspaceas a platform to engage in subtle information warfare campaigns against variousnations. Information warfare involves the use of information and communicationstechnology to gain advantage over an opponent, and may involve multiple strategies tocollect information from an opponent or spread your own information (Andress andWinterfeld, 2011). To that end, the Internet is a critical resource used to spread falseinformation, called disinformation, in order to either manipulate or demoralize a nationand its populace (Andress and Winterfeld, 2011). Since most people now find newsstories online, whether through traditional news media sources or via social media siteslike Facebook, governments can leverage this as a resource to engage in campaigns ofmisinformation or disinformation.For instance, there is substantial evidence that the Russian government operates a“troll factory” out of St. Petersburg where individuals are paid to actively create andspread false information, whether through social media posts, comments in news storiesand videos posted on traditional journalistic outlets, or via websites created by the trollsthemselves (see Box 10.9 for details; also Keneally, 2017). The individuals engaged in thiseffort are referred to as trolls as a historical reference to individuals who actively seekfights and cause trouble in online platforms. They also operate covertly through falseonline profiles that attempt to make the user seem like a citizen from a specific place anda true believer in a specific ideology in order to make their arguments more compellingand believable to others (Timberg, 2016). In turn, trolls seek to turn average peopleagainst their governments or against their fellow citizens in order to sow mistrust anddiscontent, and to challenge the ability of a nation to be effectively led.415
Box 10.9 Inside the Russian troll organizationwww.nytimes.com/2015/06/07/magazine/the-agency.html.The AgencyOne Russian newspaper put the number of employees at 400, with a budget of at least 20 million rubles(roughly $400,000) a month. During her time in the organization, there were many departments creatingcontent for every popular social network.This article exposes the existence and operation of “The Agency,” wherein a groupof people are paid to engage as professional online trolls for the benefit of theRussian government. The depth of their efforts is unparalleled, and affects variousnations in ways that no one could necessarily appreciate on the surface. This isrequired reading to understand the depth of the Russian information warfareapparatus.The Russian troll brigade is thought to have actively engaged in a long campaign ofmisinformation to interfere in the 2016 US presidential election. Throughout the election,there were various news stories and websites designed to spread deliberately falseinformation about the Democrat candidate Hillary Clinton to diminish the perceptionshe was fit to serve. These stories quickly took on the moniker of fake news in anattempt to delineate their fictitious nature and differentiate it from news from traditionalnews stories (Timberg, 2016). Fake news stories, however, were quickly disseminated andshared via social media through professional trolls, which helped reinforce the perceivedlegitimacy of the story and may have influenced a proportion of voters’ perceptions ofeach candidate.Although this was the first demonstrated instance of an attempt to influence the USA,the troll brigade has engaged in a long-standing campaign to destabilize Europeanpolitics in order to increase Russian power within the region (Higgins, 2016). There havebeen repeated attempts to influence German voters’ views, as well as the population ofFinland which directly borders Russia. They have also attempted to whitewash andlegitimize the Russian invasion of the Ukraine via fake news, propaganda, and trolling(Higgins, 2016).416
The persistence and prevalence of false news stories, conspiracy theories, andmisleading comments online led the EU to create a specialized task force designed withthe express purpose of identifying the Russian campaign’s strategies and exposing themto the public (TEPSA, 2017). The EEAS East StratCom Task Force was created in March2015 by the European Council to provide information to the European Union and itsMember States on the extent of Russian disinformation campaigns. They now publishtwo weekly newsletters. The Disinformation Review publishes every Tuesday to showthe latest examples and trends in Russian trolling (TEPSA, 2017). The DisinformationDigest is released every Friday, showing what the pro-government media outlets inRussia are saying compared to independent media voices, along with trends in Russiansocial media feeds (TEPSA, 2017). These two sources demonstrate that informationwarfare is a real, powerful, insidious, and ultimately challenging form of cyberwarfarefor any nation to defeat.For more information, go online to:1. http://us11.campaign-archive2.com/?u=cd23226ada1699a77000eb60b&id=c1a08c5bb92. http://us11.campaign-archive2.com/?u=cd23226ada1699a77000eb60b&id=76c07966f0&e=15f1448f20.417
Legislating extremism and cyberterrorThe Internet and CMCs clearly provide a mechanism for individuals to spread hurtfulmessages and ideas based on prejudice, racism, and other ideological and politicalstances. There is some tension in how to sanction hate speech, as nations like the USAprotect freedom of speech under the First Amendment to the Constitution. The only realway that speech is limited in this country is through the “imminent danger” test, whereone’s comments are unprotected if the speaker attempts to incite dangerous or illegalactivities (Abrams, 2012). Recognizing that the Internet dramatically increases the risk ofexposure to hurtful ideas and prospective radicalization of individuals toward violence,the Obama administration began to take steps to combat the problem of domestic andforeign terror and extremist groups without changing existing protections to free speech.The White House released a policy and strategy document in August 2011 entitledEmpowering Local Partners to Prevent Violent Extremism in the United States. Thisdocument detailed their desire to use a community-based approach to reduce theproblem of extremist groups and violent behavior through the integration of lawenforcement and public–private partnerships with stakeholders in local communities(White House, 2011b). It was argued that religious leaders in mosques and Islamiccenters of worship, as well as schools and community groups, should be broughttogether in order to foster trust between community residents, law enforcement, and thefederal government. In fact, this strategy involved multiple federal agencies rangingfrom the Treasury, Department of Defense, Department of Justice, Department ofHomeland Security, and the Federal Bureau of Investigation (White House, 2011b). Thehope was that these inter-agency and community partnerships could better improve thescope of engagement with communities on issues that they were concerned about, anddevelop better partnerships that would make communities resilient to radicalization,whether from online groups or those in the real world.The USA is unique with regard to its equal protection of free speech, as many nationsaround the world have criminalized hate speech in some form. The UK’s Public OrderAct 1986 criminalized expressions of threats, abusive, or insulting behavior to any groupof persons based on their race, color, ethnicity, nationality, or ethnic origin with apunishment of up to seven years in prison and/or a fine (Mendel, 2012). This law wasamended in 2006 to include religious hatred and again in 2008 for protection of sexualorientations (Mendel, 2012). Similar legislation is present in Australia, Canada, Denmark,France, Germany, the Netherlands, Singapore, and South Africa (Mendel, 2012).Although these statutes do not primarily identify the Internet as a venue for thecommunication of hate speech, the laws can be extended to these environments.The European Convention on Cybercrime also includes language criminalizing the useof the Internet in order to disseminate hate speech. Specifically, the CoC identifies “racist418
and xenophobic material,” including writing, images, videos, and any other contentdesigned to promote or encourage hate or discrimination against any group (Brenner,2011). The distribution or posting of such material online is defined as criminal under theCoC, as is making online threats to any person on the basis of their racial, ethnic, orreligious background, and the distribution of information that denies or otherwiseattempts to misinform individuals regarding genocide and crimes against humanity(Brenner, 2011). This legislation has tremendous value in addressing the developmentand radicalization of individuals through the Internet, particularly white supremacistmovements.In addition to hate speech, many of the examples provided throughout this chapterreflect the use of hacking techniques in furtherance of terror or extremist group plots. Asa result, several nations have extended their laws pertaining to computer hacking so thatthey may be applied to these offenses (see Chapter 3 for more details). For instance, oneof the few nations to specifically use the language of cyberterror in their legislation isIndia, which amended its Information Technology Act, 2000 to recognize cyberterroras:1. 1) When an individual with intent to threaten the unity, integrity, security, orsovereignty of India or strike terror in the people by:a. Denial of access to a computer resourceb. Penetrating or accessing a computer resource either withoutauthorization or exceeding authorized accessc. Introducing or causing the introduction of a computer contaminant(e.g. malware) that may cause injury to persons or death, damage ordestruction of property, or adversely affect critical informationinfrastructured. Accessing a computer resource without authorization or exceedingaccess to obtain information, data, or a database that is restricted dueto state security concerns in order to cause injury to the State, itssecurity, or relationships with other nations.Anyone either found guilty of engaging in these behaviors or conspiring to commit themmay be imprisoned for life.The USA expanded the Computer Fraud and Abuse Act following the 9/11 attacksthrough the introduction and passing of the Uniting and Strengthening America byProviding Appropriate Tools Required to Intercept and Obstruct Terrorism (USAPATRIOT) Act of 2001. This Act strengthened the existing CFAA laws to include anycomputer in the world so long as it is “used in a manner that affects interstate or foreigncommerce or communications of the United States” (Brenner, 2011). This provisionenables US law enforcement to engage in investigations in foreign countries, so long asthe investigation is recognized as legitimate by that nation. In addition, the PATRIOTAct modified the law to also include any unauthorized access to a computer or network419
that:1. modifies or impairs access to medical data;2. causes physical injury to a person;3. poses a threat to public health or safety;4. damages a computer used by a government entity in the administration ofjustice, national defense, or national security.Although this language does not specifically recognize cyberterror, the expansion ofthe statute enabled greater latitude for federal law enforcement to pursue cybercriminalsand more effectively prosecute those who would target either critical infrastructure orsensitive data sources that could cause significant harm in the real world.In addition, the PATRIOT Act also relaxed the legal provisions needed for lawenforcement agencies to engage in the surveillance of electronic communications. Forinstance, the Act revised provisions of the Electronic Communications Privacy Act(ECPA) related to subpoenas of ISPs and cable companies. The Act enabled lawenforcement to obtain the names and addresses of subscribers, along with their billingrecords, phone numbers called, duration of sessions while online, services used,communication device information, and other related data. The release of suchinformation can enable law enforcement to more effectively trace the activities of a userto specific websites and content during a given session of Internet use. In addition, theECPA now defines email that is stored on a third-party server for more than 180 days tobe legally viewed as abandoned. As a result, law enforcement can request that this dataand the content of the email, whether opened or unopened, be turned over without theneed for judicial review. Finally, the PATRIOT Act allowed ISPs to make emergencydisclosures of information to law enforcement in instances of extreme physical or virtualthreats to public safety. Such language allows for greater surreptitious surveillance ofcitizens with minimal government oversight or public awareness.At the state level, there is generally little legislation that exists with regard tocyberterrorism. Arkansas, Connecticut, Georgia, Illinois, Indiana, and West Virginia allhave statutes that relate directly or indirectly to cyberterrorism (Brenner, 2011). Forexample, Arkansas recognizes an act of terror as any act or series of two or more actsthat attempt to disable or destroy data, computers, or computer networks used byindustry, government, or contractors. Connecticut more narrowly defines an act of“computer crime furtherance of terrorist purposes” as an attempt to use computer crimesin order to intimidate or coerce either the government or civilian populations. Georgiahas criminalized the use of a computer in order to disseminate information related toterrorist activities (Brenner, 2011). The lack of state-based legislation may stem from therecognition that an act of terror, whether virtual or real, will more immediately fallunder the investigative responsibility of the federal government. At the same time, thepresence of such legislation suggests that these states are progressive in their thinkingabout these issues and may serve as models for other states across the country.420
Other nations have adopted similar language to that of the US PATRIOT Act, such asCanada’s Anti-terrorism Act of 2001, which changed standards for the interception ofdomestic communications of all kinds (Brenner, 2011). For instance, this law allows theCommunications Security Establishment of Canada (an analog to the NSA) to interceptcommunications that either begin or end in Canada and involve a foreign source. Priorto this law, any domestic information acquired in the process of an internationalintercept would have been destroyed or ignored. Although there has been substantivepublic debate surrounding the legitimacy of these new laws, the Canadian governmenthas not moved to strike them down. Similar legislation in Australia and New Zealandhas, however, been repealed due to the perception that they are too extreme and degradepublic trust in government (Rid, 2013).421
Investigating and securing cyberspace from the threat ofterror and warOver the past decade, governments around the world have been making strides toimprove their nation’s cybersecurity posture. In the USA, President Obama’sComprehensive National Cybersecurity Initiative (CNCI) was adopted in May 2009 inorder to strengthen America’s digital infrastructure (White House, 2011a). This involvedthree main goals to secure the USA from cyberthreats:1. Establish a front line of defense against immediate threats and a responsecapability through federal and local partnerships.2. Defend against the full spectrum of threats.3. Strengthen the future cybersecurity environment through education andresearch.This plan involved long-range strategic planning and development in order toeffectively develop an integrated response to cyber-threats. To that end, the CNCI had toachieve 12 major initiatives over the following decade (White House, 2011a):1. Move towards managing a single federal enterprise network.2. Deploy intrinsic detection systems.3. Develop and deploy intrusion prevention tools.4. Review and potentially redirect research and funding.5. Connect current government cyber operations centers.6. Develop a government-wide cyber intelligence plan.7. Increase the security of classified networks.8. Expand cyber education.9. Define enduring leap-ahead technologies.10. Define enduring deterrent technologies and programs.11. Develop multi-pronged approaches to supply chain risk management.12. Define the role of cybersecurity in private sector domains.Some of these steps are more easily achieved than others (White House, 2011a). Forinstance, there is now a White House cybersecurity advisor who provides directguidance to the President on cyber-threats and security issues. In addition, thegovernment is developing an intrusion detection and prevention system referred to as“EINSTEIN” in order to help reduce the success of any attack against governmentsystems.In addition, the National Security Agency (NSA) has begun to develop a massivedata center in Utah in order to improve the cybersecurity response of the nation. This422
center, called the Community Comprehensive National Cybersecurity Initiative DataCenter, is designed to process, aggregate, and verify threats across DoD and federalcyberspace (Fidel, 2011). As a result, there is some evidence that this plan is actuallytaking shape in the real world.The scope of NSA data collection was recently and dramatically brought to light bythe whistle-blowing efforts of a former contractor named Edward Snowden. He revealedthe existence of multiple programs designed to capture and mine sensitive data fromvarious electronic data sources around the world, including the PRISM program (Gidda,2013). The NSA implemented this program in 2007 to collect email and other electroniccommunications data of all sorts, and it was carried out through cooperativerelationships with various technology companies, including Apple, Facebook, Google,Microsoft, and Skype (Gidda, 2013). In turn, this data could be mined and queried forintelligence-generation purposes to assess terror threats and networks of actors, as wellas identify tactical and strategic information. News of this program drew tremendousoutrage from various governments, particularly Germany and Brazil (Gidda, 2013). TheUnited Kingdom, however, indicated that it received access to PRISM data and used thissource in addition to its own surveillance and data-collection programs (Gidda, 2013). Itis unclear how such data-collection programs will change or adapt with changingattitudes toward the Internet and data privacy generally, though it will continue to be acore issue for national security.The Federal Bureau of InvestigationAs noted earlier, the Federal Bureau of Investigation (FBI) plays a critical role in theinvestigation of both traditional crimes and cybercrimes. In fact, the investigation ofterror attacks and foreign intelligence operations is among the top priorities of theBureau. The National Security Branch (NSB) of the FBI is designated with the task ofgathering intelligence and coordinating investigative efforts to disrupt terrorist groupsand foreign intelligence groups (FBI, 2017). The NSB was established in 2005 as the resultof a presidential directive to combine the mission and resources of the counterterrorism,counterintelligence, and intelligence mission of the Bureau under a single unit. Thisbranch includes five components: (1) the FBI’s National Joint Terrorism Task Force,which manages over 100 FBI Joint Terrorism Task Forces, shares intelligence, and workscooperatively on terrorism investigations; (2) the Counterintelligence Division deals withtraditional and non-traditional espionage and intelligence gathering in the USA; (3) theWeapons of Mass Destruction Directorate (WMDD) designed to reduce the threat andproliferation of nuclear, biological, and chemical weapons; (4) the Terrorist ScreeningCenter, which generates actionable intelligence for state and local law enforcementagencies and maintains the consolidated Terrorist Watchlist; and (5) the High-ValueDetainee Interrogation Group that actively collects information from terror suspects inorder to gain information to deter attacks against various targets (FBI, 2017). Thus, the423
NSB plays a critical role in both law enforcement, homeland security, as well as in theintelligence community generally.For information on the recent DOJ indictment of two Russian spies allegedlyresponsible for Yahoo hacks, go online to:www.cnn.com/2017/03/14/politics/justice-yahoo-hack-russia/index.html.The Department of EnergyWhile most generally think of law enforcement agencies with regard to the investigationof crime and terror threats, other government agencies play an increasingly pertinentrole in this space. For instance, the US Department of Energy (DOE) plays a criticalrole in the maintenance and protection of energy programs and production generally. Asour energy infrastructure is becoming dependent on the Internet and computertechnology for operation and management, the threat of external attacks andcompromise has increased dramatically (Department of Energy, 2013). Thus the DOEoperates the Office of Intelligence and Counterintelligence in order to generateintelligence on various threats to our energy infrastructure, as well as those of foreigngovernments and nations. In addition, the Office of the Chief Information Officer at theDOE supports various resources to communicate information on cybersecurity threats tonational security in general (Department of Energy, 2013). They support computersecurity protocols for DOE employees and techniques to secure various resources fromexternal threats.The DOE also operates an Incident Management Program, coordinated with US-CERT, to respond to various cyber-threats. This includes reporting incidents, generatingsecurity bulletins for vulnerabilities in various desktop and SCADA systems, as well asincident response management and tracking (Department of Energy, 2013).The Department of Homeland SecurityThe Department of Homeland Security (DHS) is a cabinet-level department whichconsolidated various federal agencies under a single department heading. Created in424
2001 following the September 11 attacks, the DHS handles civilian infrastructure andpopulations within the borders of the USA (DHS, 2016). Their mission includes a varietyof agencies focused on traditional physical resources, such as Customs and BorderProtection and finance through the Secret Service, though the cybersecurity role of theDHS has expanded over the past decade. In fact, the DHS now operates the Office ofCybersecurity and Communications, which plays multiple roles in coordinatingcybersecurity strategies, along with communications in the event of major emergenciesand disasters (DHS, 2016).One of the key components under this Office is the National Cyberse-curity andCommunications Integration Center (NCCIC), which opened on October 30, 2009 (DHS,2016). The NCCIC’s mission is to minimize the likelihood of successful attacks againstboth critical information technology and communications networks. The NCCIC alsoserves to connect multiple government organizations together in order to protectcomputer systems and networked infrastructure in general. It also plays a role in linkingthe public and private sectors together in order to help promote information sharing andimprove the state of cybersecurity through awareness of emerging threats.For more on the organizational structure of the US DHS, go online to:www.dhs.gov/organizational-chart.The Center consists of four branches to secure all aspects of the nation’s informationtechnology infrastructure (DHS, 2016). The first is the US-Computer EmergencyReadiness Team, or US-CERT, which serves as a response center and informationclearinghouse for cyber-threats across the world (DHS, 2016). The CERT providesreporting mechanisms for vulnerabilities and threats to systems, as well as security toolsto help patch and protect systems from attack (DHS, 2016). The CERT can also serve toanalyze and track threats as they evolve for virtually any branch of government andcivilian networks through the National Cybersecurity Protection System (NCPS) (DHS2016).The NCCIC also houses the Industrial Control Systems Cyber Emergency ResponseTeam (ICS-CERT), which plays a similar function to the US-CERT, but focuses solely oncontrol systems used in critical infrastructure and systems, such as water and energyproviders. The ICS-CERT can also provide incident response operations to restore425
services and analyze attacks. They also serve as a key point of communication betweenthe private and public sector to share information on control system-related threats(DHS, 2016).The National Coordinating Center for Communications (NCC) serves as the hub forany efforts to either restore or initiate telecommunications services and facilities onbehalf of National Security and Emergency Preparedness. Finally, the NCCIC Operationsand Integration branch (NO&I) serves as the hub for planning, coordinating, andintegrating all capabilities across the NCCIC (DHS, 2016).Other nations use similar mechanisms to secure various infrastructures from cyber-threats. For instance, the Centre for the Protection of National Infrastructure (CPNI)in the UK exists to inform critical infrastructure owners of emerging threats andcoordinate responses in the event of a compromise (CPNI, 2014). Similarly, Australianow has the Critical Infrastructure Center which was founded on January 23, 2017 tocoordinate the response to threats to the nation and its territories against the varioussystems and networks (AGAGD, 2017).426
Cyberwar and responseAlthough law enforcement has general oversight over cybercrimes and incidents ofterror, the military has exclusive response to acts that may be defined as cyberwar, suchas attempts to compromise DoD networks or those of related defense contractors. To thatend, the Pentagon established the US Cyber Command (USCYBERCOM) in 2009 inorder to manage the defense of US cyberspace and critical infrastructure against attacks(Andress and Winter-feld, 2011). The new Cyber Command is a sub-command of theUnited States Strategic Command (USSTRATCOM), which has responsibility over space,information operations, intelligence, nuclear arms, and combating weapons of massdestruction. This is sensible given the fact that cyberspace is an overarchingenvironment that cuts across all branches of military service. This command focuses onDoD networks only, while all civilian aspects of cyberspace are managed by theDepartment of Homeland Security.In addition, the Department of Defense is now placing a specific emphasis on the needfor careful responses to theft of data, destructive attacks to degrade networkfunctionality, and denial-of-service attacks, due to the direct threat they pose to thecommunications capabilities of the nation, as well as the maintenance of secrecy andintellectual property (Department of Defense, 2011). In order to reduce the risks posed bymalicious actors and attacks, the report calls for improved relationships with privateindustry in order to develop an improved total government response and an expandedworkforce focusing on cybersecurity.In addition to the DoD, the NSA plays a critical role in the protection andinvestigation of attacks against sensitive military networks (NSA, 2013). The NSA servesas a key resource in both data encryption and protection of nearly all federal governmentcomputer networks. They also investigate attacks against computer networks fromnation-state and non-nation-state actors alike (NSA, 2013). Finally, they play a criticalrole in intelligence gathering of foreign nations’ cyber infrastructure in order to mapvulnerabilities and develop offensive cyber strategies (see Box 10.10 for examples of toolsdeveloped by the NSA). The NSA combines agents with skills in computer science,engineering, mathematics, and linguistics in order to better investigate various issuesrelated to cybersecurity threats. Similar agencies are present in various nations, such asAustralia’s Defence Signals Directorate (DSD), Canada’s Communications SecurityEstablishment (CSE), New Zealand’s Government Communications Security Bureau(GCSB), and the UK’s Government Communications Headquarters (GCHQ).Box 10.10 The tools created by the NSA for espionageand attack427
https://medium.com/@botherder/everything-we-know-of-nsa-and-five-eyes-malware-e8eac172d3b5#.cw0vpzc84.Everything we know of NSA and Five Eyes MalwareAfter years of publications, and even a massive commercial speculation [.] it comes to no surprise thatWestern governments are also engaged in malware attacks. However, we still know very little on theircapabilities and sophistication.This article provides an overview of all the malware and tools that were disclosed byEdward Snowden in the large dump of NSA documents he made available toreporters. This analysis details myriad programs used for both active surveillanceand cyber-attacks. The scope of tools and the systems they compromise is extremelysurprising and demonstrates the technical sophistication of some of the programsused to various ends in the wild.The development of USCYBERCOM emerged around the same time as those of othersimilar command infrastructures across the world. For instance, Australia established theCyber Security Operations Centre (CSOC) in 2009 as a coordinated response to cyber-attacks against government systems. Canada, France, Japan, and the UK have establishedsimilar agencies in order to help defend against attacks. The Chinese government hasestablished both offensive and defensive military organizations housed within so-calledInformation Warfare Militia Units, Technical Reconnaissance Bureaus (TRBs), and theGeneral Staff Department (GSD; Andress and Winterfeld, 2011). At the same time, theseforces may be augmented by the larger population of active hackers operating within thebounds of the nation with or without state sponsorship. The Russian government alsohas cyberwarfare capabilities which are housed within the Federal Security Service ofthe Russian Federation, the Federal Guard Service, and the General Staff (Andress andWinterfeld, 2011). Even North Korea has established units in order to support cyberwar,though the lack of information about the nation makes it difficult to assess their truefunctionality (Andress and Winterfeld, 2011). Incidents like the Sony PicturesEntertainment hack, if truly performed by North Korea, would suggest they havesubstantive capabilities that must not be taken lightly.428
SummaryThis chapter demonstrates the complex and very real threat posed by acts of onlineextremism and cyberterrorism, including the application of hacking techniques infurtherance of war between nation-states. These threats require a sophisticated responsefrom law enforcement and military agencies alike in order to properly defend againstattacks. At the same time, it may not be immediately clear when an attack is motivatedby an extremist agenda or when it is simply criminal. Thus, the problem of cybercrime,hacktivism, and cyberterror will involve investigative resources and initiatives todetermine the origins of an attack and the actors responsible. This issue will continue toevolve along with technology adoption and use across the globe. Hopefully, however, wewill not experience an electronic Pearl Harbor incident in the years to come.Key termsAl Qaeda in the Arabian Peninsula (AQAP)Alt-Right, Alternative RightArdit FeriziCentre for the Protection of National Infrastructure (CPNI)Comprehensive National Cybersecurity Initiative (CNCI)Critical Infrastructure CenterCyberterrorCyberwarDepartment of Energy (DOE)Department of Homeland Security (DHS)DisinformationDisinformation DigestDisinformation Reviewe-jihadElectronic Communications Privacy Act (ECPA)Electronic Pearl HarborFake newsFederal Bureau of Investigation (FBI)Flash mobFloodNetGuardians of Peace (GOP)HacktivismInformation Technology Act, 2000429
Information warfareInspireIslamic State of Iraq and Syria (ISIS)Low Orbit Ion Cannon (LOIC)National Security Agency (NSA)Nation-stateNon-nation-state-sponsored actorOperation Olympic GamesPeople’s Liberation Army of China (PLA)PRISM programRadical Far RightSony Pictures HeadquartersStuxnetSupervisory Control and Data Acquisition System (SCADA)TerrorTrollUSA PATRIOT ActUSCYBERCOMDiscussion questions1. How should we define or view the activities of Anonymous? They hackgovernment targets, civilians, and industry. As such, should their actionsbe viewed as cybercrime, hacktivism, or cyberterror? Why?2. What real-world events, whether political, military, or social, couldtrigger a cyber-attack? For instance, why were there not more virtual sit-ins or DDoS attacks in response to the PRISM program?3. Why do you think incidents like the Sony Pictures Hack or the Russiantrolling operations do not lead to more substantial policy responses fromthe USA? Is it too difficult to find an appropriate response? What do youthink would be acceptable?4. The threat of nuclear war and the proliferation of WMD are deterred inpart by the idea of mutually assured destruction, not only for the twonations but for the larger world. Given that nearly every nation haseconomic and critical infrastructure dependent on technology, if anation-state were to engage in cyberwar against a rival, it would demanda physical or cyber response. With that in mind, how can nation-statesdeter the use of cyber-attacks against one another? How do we respondto attacks committed by hackers or nation-states which are not430
influenced by traditional deterrence methods?431
ReferencesAbrams, F. (2012). On American hate speech law. In M. Herz and P. Molnar (eds), TheContent and Context of Hate Speech: Rethinking Regulation and Responses (pp. 116–128). Cambridge: Cambridge University Press.Alshech, E. (2007). Cyberspace as a combat zone: The phenomenon of electronic jihad.MEMRI Inquiry and Analysis Series, 329. The Middle East Media Research Institute,February 7.Andress, J., and Winterfeld, S. (2011). Cyber Warfare: Techniques, Tactics, and Tools forSecurity Practitioners. Waltham, MA: Syngress.Anti-Defamation League. (2002). Racist Groups Using Computer Gaming to PromoteViolence Against Blacks, Latinos, and Jews. New York: Anti-Defamation League.Available at: www.adl.org/videogames/default.asp.As-Sa -lim, M. (2003). 39 Ways to Serve and Participate in Jihâd. At-Tibyân Publications.Available at:www.archive.org/stream/39WaysToServeAndParticipate/39WaysToServeAndParticipateInJihad_djvu.txtAustralian Government Attorney General’s Department (AGAGD). (2017). CriticalInfrastructure Resilience. Available at:www.ag.gov.au/NationalSecurity/InfrastructureResilience/Pages/default.aspx.Ayers, J. M. (1999). From the streets to the Internet: The cyber-diffusion of contention.The ANNALS of the American Academy of Political and Social Science, 566, 132–143.Bakier, A. H. (2007). Forum users improve electronic jihad technology. Terrorism Focus,4(20), June 26.BBC. (2015). Turkey’s downing of Russian warplane – what we know. BBC News,December 1, 2015. Available at: www.bbc.com/news/world-middleeast34912581.Berger, J. M., and Morgan, J. (2015). The ISIS Twitter census: Defining and describing thepopulation of ISIS supporters on Twitter. The Brookings Institute. Available at:www.brookings.edu/research/the-isis-twitter-census-defining-and-describing-the-population-of-isis-supporters-on-twitter/.Best, S. J., and Krueger, B. S. (2005). Analyzing the representativeness of internet politicalparticipation. Political Behavior, 27, 183–216.Brenner, S. W. (2008). Cyberthreats: The Emerging Fault Lines of the Nation State. NewYork: Oxford University Press.Brenner, S. W. (2011). Defining cybercrime: A review of federal and state law. In R. D.Clifford (ed.), Cybercrime: The Investigation, Prosecution, and Defense of aComputer-related Crime (3rd edn) (pp. 15–104). Raleigh, NC: Carolina AcademicPress.Britz, M. T. (2010). Terrorism and technology: Operationalizing cyberterrorism andidentifying concepts. In T. J. Holt (ed.), Crime On-line: Correlates, Causes, and432
Context (pp. 193–220). Raleigh, NC: Carolina Academic Press.Brodscky, J., and Radvanovsky, R. (2010). Control systems security. In T. J. Holt and B.Schell (eds), Corporate Hacking and Technology-driven Crime: Social Dynamics andImplications (pp. 187–204). Hershey, PA: IGI-Global.Caspi, D. J., Freilich, J. D., and Chermak, S. M. (2012). Worst of the bad: Violent whitesupremacist groups and lethality. Dynamics of Asymmetric Conflict, 5, 1–17.Castle, T. (2011). The women of Stormfront: An examination of white nationalistdiscussion threads on the Internet. Internet Journal of Criminology. Available at:www.internetjournalofcriminology.com/Castle_Chevalier_The_Women_of_Stormfront_An_Examination_of_White_Nationalist_Discussion_Threads.pdfChadwick, A. (2007). Digital network repertoires and organizational hybridity. PoliticalCommunication, 24, 283–301.Cimpanu, C. (2016). Russian–Turkish conflict spews into cyberspace with Russianembassy hack. Softpedia Security Blog, January 18, 2016. Available at:http://news.softpedia.com/news/russian-turkish-conflict-spews-into-cyberspace-with-russian-embassy-hack-499090.shtml.Clayton, M. (2010). Stuxnet malware is “weapon” out to destroy [.] Iran’s BushehrNuclear Plant. Christian Science Monitor, September 21, 2010. Available at:www.csmonitor.com/USA/2010/0921/Stuxnet-malware-is-weapon-out-to-destroy-Iran-sBushehr-nuclear-plant.Clover, C. (2009). Kremlin-backed group behind Estonia cyber blitz. Financial Times,March 11.Cooper, M., Schmidt, M. S., and Schmidt, E. (2013). Boston suspects are seen as self-taught and fueled by the web. The New York Times, April 23, 2013. Available at:www.nytimes.com/2013/04/24/us/boston-marathon-bombing-developments.html?pagewanted=all&_r=0.Corera, G. (2008). The world’s most wanted cyber-jihadist. BBC News, January 16.Correll, S. P. (2010). An interview with Anonymous . PandaLabs Blog. Available at:http://pandalabs.pandasecurity.com/an-interview-with-anonymous/.CPNI. (2014). CPNI: The policy context. Available at: www.cpni.gov.uk/about/context .Creveld, M. V. (1999). The Rise and Decline of the State. Cambridge: CambridgeUniversity Press.Davis, J. (2007). Web war one. Wired, September 2007, 162–169.Denning, D. E. (2010). Cyber-conflict as an emergent social problem. In T. J. Holt and B.Schell (eds), Corporate Hacking and Technology-driven Crime: Social Dynamics andImplications (pp. 170–186). Hershey, PA: IGI-Global.Department of Defense. (2011). Department of Defense Strategy for Operating inCyberspace. Washington, DC. Available at:www.defense.gov/news/d20110714cyber.pdf.Department of Energy. (2013). National Security and Safety. Available at:http://energy.gov/public-services/national-security-safety.Department of Homeland Security. (2016). U.S. Department of Homeland SecurityDepartment Components. Available at: www.dhs.gov/departmentcomponents.433
Department of Justice. (2016). ISIL-Linked Kosovo Hacker Sentenced to 20 Years in Prison,September 23, 2016. Available at: www.justice.gov/opa/pr/isil-linked-kosovo-hacker-sentenced-20-years-prison.Dreyfuss, E. (2017). Social media made the world care about Standing Rock – and helpedit forget. Wired Security, January 24, 2017. Available at:www.wired.com/2017/01/social-media-made-world-care-standing-rock-helped-forget/.Drogin, B. (1999). Russians seem to be hacking into Pentagon. San Francisco Chronicle,October 7.Earl, J., and Schussman, A. (2003). The new site of activism: On-line organizations,movement entrepreneurs and the changing location of social movement decision-making. In P. G. Coy (ed.), Consensus Decision Making, Northern Ireland andIndigenous Movements (pp. 155–187). London: JAI Press.Faulk, K. (1997). White supremacist spreads views on net. The Birmingham News,October 19, 1997, 1. Available at: www.stormfront.org/dblack/press101997.htm.Federal Bureau of Investigation. (2017). National Security Branch. Available at:www.fbi.gov/about/leadership-and-structure/national-security-branch.Fidel, S. (2011). Utah’s $1.5 billion cyber-security center underway. Deseret News,January 6, 2011. Available at: www.deseretnews.com/article/705363940/Utahs-15-billion-cyber-security-center-under-way.html?pg=all.Foltz, B.C. (2004). Cyberterrorism, computer crime, and reality. Information Management& Computer Security, 12, 154–166.Forest, J. J. (2009). Influence Warfare: How Terrorists and Governments Struggle to ShapePerceptions in a War of Ideas. Westport, CT: Praeger.Furedi, F. (2005). Politics of Fear: Beyond Left and Right. London: Continuum.Gerstenfeld, P. B., Grant, D. R., and Chiang, C. P. (2003). Hate online: A content analysisof extremist internet sites. Analyses of Social Issues and Public Policy, 3, 29–44.Gidda, M. (2013). Edward Snowden and the NSA files – timeline. Guardian, July 25,2013. Available at: www.theguardian.com/world/2013/jun/23/edward-snowden-nsa-files-timeline.Gonsalves, A. (2013). Islamic group promises to resume U.S. bank cyberattacks. CSOOnline, Febrary 28, 2013. Available at: www.csoonline.com/article/729598/islamic-group-promises-to-resume-u.s.-bank-cyberattacks?source=ctwartcso.Gross, G., and McMillan, R. (2006). Al-Qaeda “Battle of Guantanamo” cyberattack a no-show. IDG News, December 1.Gruen, M. (2005). Innovative recruitment and indoctrination tactics by extremists: Videogames, hip hop, and the World Wide Web. In J. J. Forest (ed.), The Making of aTerrorist (pp. 16–20) . Westport, CT: Praeger.Guadagno, R. E., Cialdini, R. B., and Evron, G. (2010). Storming the servers: A socialpsychological analysis of the first Internet war. Cyberpsychology, Behavior, andSocial Networks, 13, 447–453.Hankes, K. (2015). Black Hole. Southern Poverty Law Center Intelligence Report, March 9,434
2015. Available at: www.splcenter.org/fighting-hate/intelligence-report/2015/black-hole.Higgins, A. (2016). Efforts to expose Russia’s “Troll Army” draws vicious retaliation. TheNew York Times, May 30, 2016. Available at:www.nytimes.com/2016/05/31/world/europe/russia-finland-nato-trolls.html.Holt, T. J. (2012). Exploring the intersections of technology, crime and terror. Terrorismand Political Violence, 24, 337–354.Holt, T., and Kilger, M. (2012). Examining willingness to attack critical infrastructure onand off-line. Crime and Delinquency, 58, 798–822.Jaffe, G. (2006). Gates urges NATO ministers to defend against cyber attacks. The WallStreet Journal On-line. June 15, 2006. Available at:http://online.wsj.com/article/SB118190166163536578.html.Jamestown. (2008). Hacking manual by jailed jihadi appears on web. Terrorism Focus, 5(9). Jamestown Foundation, March 4.Jennings, K. M., and Zeitner, V. (2003). Internet use and civic engagement: A longitudinalanalysis. Public Opinion Quarterly, 67, 311–334.Jipson, A. (2007). Influence of hate rock. Popular Music and Society, 30, 449–451.Jordan, T., and Taylor, P. (2004). Hacktivism and Cyber Wars. London: Routledge.Keneally, M. (2017). How Russia used trolls, cyberattacks, and propaganda to try toinfluence election. ABC News, June 6, 2017. Available at:http://abcnews.go.com/Politics/russia-trolls-cyberattacks-propaganda-influence-election/story?id=44610568.Kerr, P. K., Rollins, J., and Theohary, C. A. (2010). The Stuxnet Computer Worm:Harbinger of an Emerging Warfare Capability. Washington, DC: CongressionalResearch Service.Kilger, M. (2010). Social dynamics and the future of technology-driven crime. In T. J.Holt and B. Schell (eds), Corporate Hacking and Technology-driven Crime: SocialDynamics and Implications (pp. 205–227). Hershey, PA: IGI-Global.Landler, M., and Markoff, J. (2007). Digital fears emerge after data siege in Estonia. TheNew York Times, May 29.Levy, B. H. (2003). Who Killed Daniel Pearl? Brooklyn, NY: Melville House.Leyden, J. (2003). Al-Qaeda: The 39 principles of holy war. Virtual Jerusalem.Mandiant. (2013). APT1: Exposing one of china’s cyber espionage units. Mandiant.Available at: http://intelreport.mandiant.com/.Martin, G. (2006). Understanding Terrorism: Challenges, Perspectives, and Issues (2ndedn). Thousand Oaks, CA: Sage.martinlutherking.org. (2013). Martin Luther King Jr. – A true historical examination .Available at: http://martinlutherking.org.McNamee, L. G., Peterson, B. L., and Pena, J. (2010). A call to educate, participate,invoke, and indict: Understanding the communication of online hate groups.Communication Monographs, 77(2): 257–280.McWilliams, B. (2001). Pakistani hackers deface US site with ultimatum. Newsbytes,435
October 17.Mendel, T. (2012). Does international law provide for consistent rules on hate speech. InM. Herz and P. Molnar (eds), The Content and Context of Hate Speech: RethinkingRegulation and Responses (pp. 417–429). Cambridge: Cambridge University Press.National Security Agency (NSA). (2013). Mission Statement. Available at:www.nsa.gov/about/mission/index.shtml.National Socialist Movement. (2014). National Socialist Movement FAQ. Available at:www.nsm88.org/faqs/frequently%20asked%20questions%20about%20national%20socialism.pdfPerez, E., Shoichet, C. E., and Bruer, W. (2015). Hacker who allegedly passed U.S.military data to ISIS arrested in Malaysia. CNN, October 19, 2015. Available at:www.cnn.com/2015/10/15/politics/malaysian-hacker-isis-military-data/.Pollitt, M. M. (1998). Cyberterrorism – fact or fancy? Computer Fraud & Security, 2, 8–10.Pool, J. (2005). Technology and Security Discussions on the Jihadist Forums. JamestownFoundation, October 11.Rid, T. (2013). Cyber War Will Not Take Place. London: Hurst & Company.Robb, D. (2014). Sony hack: A timeline. Deadline, December 22, 2014. Available at:http://deadline.com/2014/12/sony-hack-timeline-any-pascal-the-interview-north-korea-1201325501/.Rotella, S. (2016). ISIS via WhatsApp: “Blow Yourself Up, O Lion.” ProPublica, July 11,2016. Available at: www.propublica.org/article/isis-via-whatsappblow-yourself-up-o-lion.Sanger, D. E. (2012). Confront and Conceal: Obama’s Secret Wars and Surprising Use ofAmerican Power. New York: Crown Publishing.Schmid, A. P. (1988). Political Terrorism. Amsterdam: North Holland Press.Schmid, A. P. (2004). Frameworks for conceptualising terrorism. Terrorism and PoliticalViolence, 16, 197–221.Schmid, A. P., and Jongman, A. J. (2005). Political Terrorism: A New Guide to Actors,Authors, Concepts, Data Bases, Theories, and Literature. New Brunswick, NJ:Transaction Publishers.Schwartau, W. (1996). Information Warfare (2nd edn). New York: Thunder’s MouthPress.Simi, P., and Futrell, R. (2006). White Power Cyberculture: Building a Movement. ThePublic Eye Magazine Summer, 69–72.Southern Poverty Law Center. (2017). Hate Map. [Online] Available at:https://www.splcenter.org/hate-map .Stepanova, E. (2011). The role of information communications technology in the “ArabSpring”: Implications beyond the region. PONARS Eurasia Policy Memo No. 159.Available at: www.gwu.edu/~ieresgwu/assets/docs/ponars/pepm_159.pdf.Stewart, C. S., and Maremont, M. (2016). Twitter and Islamic State deadlock on socialmedia battlefield. Wall Street Journal, April 13, 2016. Available at:www.wsj.com/articles/twitter-and-islamic-state-deadlock-on-social-media-436
battlefield-1460557045.Tawfeeq, M., Formanek, I., and Narayan, C. (2016). Civilians shot, bodies hung frompoles in Mosul, Iraq sources say. CNN, November 11, 2016. Available at:www.cnn.com/2016/11/10/middleeast/iraq-mosul-offensive/.Taylor, P. A. (1999). Hackers: Crime in the Digital Sublime. New York: Routledge.Timberg, C. (2016). Russian propaganda effort helped spread “fake news” during election,experts say. Washington Post, November 24, 2016. Available at:www.washingtonpost.com/business/economy/russian-propaganda-effort-helped-spread-fake-news-during-election-experts-say/2016/11/24/793903b6–8a40–4ca9-b712–716af66098fe_story.html?utm_term=.3ac09b591bb5.Trans European Policy Studies Association (TEPSA). (2017). EEAS’s East StratCom TaskForce publishes two weekly newsletters. Available at: www.tepsa.eu/eeass-east-stratcom-task-force-publishes-two-weeklynewsletter/.Ulph, S. (2006). Internet mujahideen refine electronic warfare tactics. Terrorism Focus,3(5). Jamestown Foundation, February 7.Van Laer, J. (2010). Activists online and offline: The Internet as an information channelfor protest demonstrations. Mobilization: An International Journal, 15, 347–366.Verton, D. (2003). Black Ice: The Invisible Threat of Cyber Terrorism. New York: McGrawHill.Wall, D. S. (2001). Cybercrimes and the Internet. In D. S. Wall (ed.), Crime and theInternet (pp. 1–17). New York: Routledge.Waqas. (2016). Turkish hackers deface Russian bank website, claim to steal data.HackRead, January 19, 2016. Available at: www.hackread.com/turkish-hackers-deface-russian-bank-website/.Watson, L. (2013). Al Qaeda releases guide on how to torch cars and make bombs as itnames 11 public figures it wants “dead or alive” in latest edition of its glossymagazine. Daily Mail, March 4, 2013. Available at:www.dailymail.co.uk/news/article-2287003/Al-Qaedareleases-guide-torch-cars-make-bombs-naming-11-public-figures-wants-dead-alivelatest-edition-glossy-magazine.html.Weimann, G. (2005). How modern terrorism uses the Internet. The Journal ofInternational Security Affairs, 8.White House. (2011a). The Comprehensive National Cybersecurity Initiative.Washington, DC. Available at: www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative.White House. (2011b). Empowering Local Partners to Prevent Violent Extremism in theUnited States. Washington, DC. Available at:www.whitehouse.gov/sites/default/files/empowering_local_partners.pdf.Woo, H., Kim, Y., and Dominick, J. (2004). Hackers: militants or merry pranksters? Acontent analysis of defaced web pages. Media Psychology, 6, 63–82.Yar, M. (2013). Cybercrime and Society (2nd edn). London: Sage Publications.Zetter, K. (2010). “Google” hackers had ability to alter source code. Wired. Available at:437
www.wired.com/threatlevel/2010/03/source-code-hacks/.Zetter, K. (2011). DHS fears a modified Stuxnet could attack US infrastructure. WiredThreat Level, 20. A vailable at: www.wired.com/threatlevel/2011/07/dhs-fears-stuxnet-attacks/.Zetter, K. (2016). Evidence suggests the Sony hackers are alive and well and still hacking.Wired, February 12, 2016. Available at: www.wired.com/2016/02/evidence-suggests-the-sony-hackers-are-alive-and-well-and-still-hacking/.438
Chapter 11Cybercrime and Criminological TheoriesChapter goals• Understand how traditional criminological theories may be applied tocybercrime offending and victimization.• Assess the usefulness of specific criminological theories, such as sociallearning theory and the general theory of crime, in explaining a variety ofcybercrimes.• Compare a situational theory of victimization with an individual-levelexplanation to understand cybercrime victimization.• Explore whether new cybercrime theories are necessary.439
IntroductionOver the past several decades, scholars have debated how cybercrime offending differsfrom traditional crime. The first ten chapters of this text discuss how the reasons ormotivations for cybercrime offending are typically the same as those for traditionaloffending. Financial incentive is a substantial motive for some hackers, malware writers,and virtually all fraudsters. Individuals who download legal and illegal pornographyenjoy the easy access to material that satisfies their sexual desires. Online harassment,similar to traditional bullying, allows someone to hurt others and therefore have powerover them from a distance. There is also the thrill and rush associated with harassing andswindling others, downloading pornography, and breaking into a computer system.Thus, Grabosky’s (2001: 243–244) comment seems apt:Computer crimes are driven by time-honoured motivations, the most obvious of which are greed, lust, power,revenge, adventure, and the desire to take “forbidden fruit.” None of the above motivations is new. The elementof novelty resides in the unprecedented capacity of technology to facilitate acting on these motivations.As a result, cybercrime may be viewed as “old wine in a new bottle” (Grabosky, 2001;Wall, 1998). If this is the case, traditional criminological theories should have nodifficulty in explaining cybercrime if it is simply “old wine.”The previous chapters, however, illustrated that there is something unique aboutcybercrime that separates it from traditional criminal activity. Although it may be thesame “old wine,” there are instances of “new wine,” such as malware creation, that havelittle connection to the physical world. The second part of this analogy, the new bottle, isalso pertinent in that virtual space is different than physical space. The Internet allowseasy access to most people around the world, and provides an avenue for individuals toengage in cybercrime while feeling largely anonymous. The Internet also allows theoffender, whether an individual, group, or nation-state, to avoid making physical contactwith the victim or his or her property. Thus, cybercrime may not be viewed as “old winein new bottles” or even “new wine in new bottles,” but “rather many of its characteristicsare so novel that the expression ‘new wine, but no bottles!’ becomes a more fittingdescription” (Wall, 1998: 202).In addition, examining the uniqueness of cybercrime may allow us to betterunderstand more about these phenomena as well as provide brand new insights intotraditional forms of crime (Holt and Bossler, 2016). Discussions of new cyber-specificcriminological theories may be a catalyst for additional theoretical creation andelaboration. Taken as a whole, this chapter will show that the future of cybercrimeresearch is bright. Studies which elaborate complex associations that have been held inthe traditional literature for decades will also provide new insights into the commissionof crime – both traditional and cyber related.Unlike traditional criminological textbooks that place theories into categories (e.g.,440
classical, positivist, etc.), and then cover each theory in chronological order, our focus ison how criminological theories have been applied to cybercrime. Thus, we focus on thetheories that have been examined the most and have therefore provided the most insightinto why individuals commit or do not commit these offenses. Considering that asubcultural framework has been used extensively through this text, we begin first with adiscussion of subcultural research on cybercrime; readers should consider theinformation they read in the first ten chapters for more details. The two strongestcompeting theories for explaining cybercrime based on empirical support – Ron Akers’(1998) social learning theory and Gottfredson and Hirschi’s (1990) general theory ofcrime – will be discussed. The chapter then progresses to cover theories that haverecently been receiving more attention in the cybercrime literature, but still have notreceived the same level of focus as social learning theory and the general theory of crime– Agnew’s general strain theory, techniques of neutralization, and deterrence theory.Two victimization theories that have been used to better understand cybercrimevictimization – routine activity theory, a situational theory of victimization, and thegeneral theory of crime, an individual-level theory – are then described and assessed. Wefinally conclude with a discussion of how a traditional criminological theory has beenmodified to better understand cybercrime: digital drift theory.441
Subcultural theoriesOverviewMost criminological theories focus on offending as a consequence of individual-levelfactors that may be affected through properly targeted intervention strategies. Thesetheories, however, do not explore the meaning offending has for some individuals andthe depth of their participation in peer networks that may facilitate criminal activity.Researchers who explore criminality through a subcultural lens can provide substantivedepth on the how and why of criminal behavior (Miller, 1958; Short, 1968).Defined from a broad perspective, a subculture is any group having certain values,norms, traditions, and rituals that set them apart from the dominant culture (Kornblum,1997; Brake, 1980). Subcultures form as a response to either a rejection of the dominantculture (Miller, 1958) or around a distinct phenomenon that may not be valued by thelarger society (Quinn and Forsyth, 2005; Wolfgang and Ferracuti, 1967). This includes anemphasis on performing certain behaviors or developing skill sets (Maurer, 1981) andlearning the rules or codes of conduct that structure how individuals view and interactwith different groups (Foster, 1990). Subcultures also use special terms and slang, calledan argot. They may also have some outward symbols of membership like tattoos orinformal uniforms (Maurer, 1981). Thus, demonstrating such knowledge illustrates anindividual’s reputation, status, and adherence to a particular subculture.In many ways, subcultural frameworks share common elements of social learningtheory (Akers, 1998), since involvement in a subculture influences behavior by providingindividuals with beliefs, goals, and values that approve of and justify particular types ofactivities, including crime (Herbert, 1998). In fact, the transmission of subculturalknowledge increases the likelihood of involvement in criminal behavior despite potentiallegal consequences for these actions (Miller, 1958; Short, 1968). As such, subculturalframeworks provide an important perspective to explain how the values and ideasespoused by members of a group affect the behavior of its members.Subcultures and cybercrimeThe development of the Internet and computer technology has had a dramatic impact onthe formation of and participation in deviant or criminal subcultures (DiMarco andDiMarco, 2003; Quinn and Forsyth, 2005; Holt and Bossler, 2016). The anonymity anddistributed nature of the Internet enables individuals to connect to groups that sharesimilar likes, dislikes, behaviors, opinions, and values, regardless of the participants’locations in the real world (DiMarco and DiMarco, 2003). Some individuals may not be442
able to discuss their interests or activities with others in the real world due to fear oflegal reprisal or concerns that others around them may reject them because they do notshare their interests.Technology allows individuals to connect to others without these fears, and evenprovide information about a behavior or activity to improve their knowledge andminimize fear of detection (Blevins and Holt, 2009; Holt, 2007; Quinn and Forsyth, 2005).Individuals can readily communicate subcultural knowledge through email and otherforms of CMC (Holt, Soles, and Leslie, 2008; Holt and Copes, 2010). In turn, thisinformation can increase the likelihood of success when engaging in illicit behaviordespite potential legal consequences. Thus, the value of the Internet and CMCs forindividuals across the globe is pivotal in the pursuit of crime and deviance online andoffline.Throughout this textbook, we have used the subcultural framework extensively todescribe those individuals who participate in a certain activity, as well as the beliefs,structures, and interactions that provide support to them in opposition to communitynorms and standards that have defined them and their behavior in many cases as deviantor criminal. In Chapter 3, we explored the hacker subculture, devoid of Hollywoodportrayals, and its primary norms of technology, knowledge, learning, and secrecy,regardless of the individual’s involvement in malicious hacking. Chapter 4 describedhow the interests and beliefs of malware writers are generally congruent with those ofthe larger hacker subculture. In Chapters 7 and 8, we discussed how the Internet hasallowed individuals with deviant sexual orientations to interact with one another, gainvalidation for their sexual desires, exchange both materials and beliefs, and be part of acommunity. Finally, Chapter 10 examined the ways in which the Internet provides ameans for extremist groups to indoctrinate individuals in favor of their movement.Technology enables individuals to be introduced to core principles and norms of thegroup while allowing them to interact with members from a safe physical distance.Future cybercrime scholars will continue to find this framework fruitful in explaininghow group dynamics affect individuals’ belief systems and participation in cyber-deviantacts.For more discussion on different types of both offline and online subcultures,including the hacker subculture, go online to: http://subcultureslist.com/hacker-culture/.443
444
Social learning theory and cybercrimeOverviewOver the past century of research, scholars have found that the most consistent predictorof future offending is whether an individual has committed an offense in the past.Arguably the second most important predictor is whether that person has friends orassociates who engage in crime and delinquency (Pratt et al., 2009). This link betweenpeer behavior and offending has been the source of a substantial amount of bothresearch and theory aimed at explaining this relationship.In 1947, Edwin Sutherland presented in his book, Principles of Criminology, one of thefirst theories to explain the peer-offending relationship: differential association theory(Sutherland, 1947). Sutherland argued that criminal behavior was learned in a processinvolving interactions and communication with others, with the most importantinteractions stemming from intimate personal groups. During this process, an individualnot only learned techniques on how to commit crimes, but also motives, rationalizations,and attitudes that supported the violation of the law. A person became more likely tocommit delinquent or criminal acts when his or her “definitions,” referring torationalizations and attitudes, which supported the violation of the law exceeded thosethat were unfavorable to breaking the law. Criticisms over the years, however, havecentered heavily on the theory’s: (1) testability, and (2) lack of specificity on the learningprocess mechanisms responsible for the commission of deviant and criminal behavior(Kornhauser, 1978; Matsueda, 1988).Since the 1960s, Ron Akers has reformulated differential association theory to specifythe learning mechanisms through which criminal behavior is learned. In what hasbecome known as social learning theory, Akers (1998) expanded upon Sutherland’soriginal differential association theory by introducing principal components of operantconditioning, namely that behavior followed by rewards or reinforcements will be morelikely to continue, while acts followed by punishment will be less likely (Akers, 1998).Thus, Akers’ (1998) social learning theory argued that the learning process of anybehavior, including crime, includes four principal components: (1) differentialassociation, (2) definitions, (3) differential reinforcement, and (4) imitation.This dynamic learning process begins by associating with others, both deviants andnon-deviants. Differential associations to deviants provide both models for deviantbehavior and definitions, such as attitudes and norms, which may favor breaking the lawor providing justifications that neutralize possible negative consequences of deviance.Following Sutherland’s differential association theory, social learning theory holds thatindividuals who have a greater proportion of beliefs supportive of deviant behavior willbe more likely to engage in those activities.445
Although definitions supporting criminal activity are critical to the offender to justifytheir behavior, criminality will occur if it is reinforced through some means, whethersocial or financial. For example, an individual who perceives that he will receive praisefrom his friends for throwing a rock through a window will be more likely to throw therock. If that praise comes, he will be more likely to continue this behavior in the future.Perceived or actual punishments, however, will decrease the likelihood of that behavior.The punishments may take the form of adding negative stimuli, such as spanking orarresting, or in the removal of positive stimuli, such as taking away television privileges.Finally, imitation plays a major role in the social learning process, as individuals mayengage in deviant behavior after watching someone else engage in the same behavior.Imitation plays a larger role in the earlier stages of the learning process. As the processcontinues, however, definitions and differential reinforcements become more important.Social learning theory has been one of the most commonly tested criminological theoriesand has arguably received the strongest empirical support to date in its favor forexplaining a wide variety of behaviors (Akers and Jensen, 2006; Lee, Akers, and Borg,2004; Pratt et al., 2009).Social learning theory and cybercrimeGiven the support which Akers’ (1998) theory has in the larger research community, it isno surprise that scholars have seen its potential importance in explaining whyindividuals commit cybercrime. The complexities of computer programming make theconnection between learning and cybercrime quite apparent. Depending on the specificcybercrime, individuals must “learn not only how to operate a highly technical piece ofequipment but also specific procedures, programming, and techniques for using thecomputer illegally” (Skinner and Fream, 1997: 498). Even though computer technologyhas become more user friendly due to convenient interfaces, there is a need for alearning process in which the basic dynamics of computer use and abuse are learnedfrom others.Digital piracy (see Chapter 5) does not seem overly complex at first. Someone simplydownloads a music or movie file without authorization. Social learning theory wouldhold that in order for individuals to commit digital piracy, they must participate in asocial learning process. The individual must interact with fellow digital pirates, learnhow and where to perform downloads, imitate what they have observed, learndefinitions supportive of the violation of intellectual property laws, and be rewardedeither financially or socially for their efforts in order for the piracy to continue.Virtually every study examining digital piracy finds that associating with piratingpeers, regardless of whether the interaction is face-to-face (Higgins and Marcum, 2011;Hinduja and Ingram, 2008, Holt, Bossler, and May, 2012) or virtual (Miller and Morris,2016), is the most significant correlate in predicting pirating behaviors. Friends andintimate relationships can provide information on the methods required to engage in446
piracy and the location of materials on the Internet. Piracy requires some technologicalskill which may be garnered through direct associations with others. The continuoustechnological developments noted in this community also require peer associations inorder to readily identify new mechanisms to download files. Individuals are then able toengage in simple forms of piracy through imitation (Hinduja, 2003; Holt and Copes, 2010;Holt, Burruss, and Bossler, 2010; Ingram and Hinduja, 2008; Skinner and Fream, 1997). Aspirating becomes easier for an individual, the need for these delinquent associationscould decrease. Furthermore, positive reinforcement for participation in software piracyis evident through both financial (i.e., free movies and music) and social (i.e., praise forshowing someone how to use torrent sharing software) rewards (Hinduja, 2003; Holt andCopes, 2010).Studies have also shown that pirates have both definitions that favor the violation ofintellectual property laws and techniques of neutralization that diminish their personalresponsibility for their actions (Brown, 2016; Higgins and Marcum, 2011; Ingram andHinduja, 2008; Skinner and Fream, 1997). Members of the piracy subculture espouseattitudes that minimize the impact of copyright law and the harms caused by piratingmedia. For instance, individuals who pirate materials commonly justify their actions bysuggesting that downloading a few songs or media does not actually harm the propertyowners or artists (Brown, 2016; Higgins and Marcum, 2011; Ingram and Hinduja, 2008).Pirates also believe that their actions are not inherently wrong, since there are no clearguidelines for ethical behavior in online environments (Higgins and Marcum, 2011;Ingram and Hinduja, 2008). These attitudes are often communicated among pirates andencourage further participation in piracy over time.In much the same way, social learning theorists argue that individuals who engage incomputer hacking would need to associate with individuals who hack. Theserelationships should increase their likelihood to imitate hacking activity early in theirdevelopment as a hacker as well as be exposed to definitions favorable to usingtechnology in this fashion. As they participate further in the hacker subculture, hackingwould be socially reinforced, possibly even financially, and the behavior would continue.Studies have shown that all four social learning components are empirically related tohacking behaviors (Bossler and Burruss, 2011; Skinner and Fream, 1997). The importanceof peer associations in influencing hacking behavior is not only found in qualitativestudies and anecdotal stories, but has also been consistently found to be one of the mostimportant predictors of hacking behavior in quantitative studies (Bossler and Burruss,2011; Holt et al ., 2012; Skinner and Fream, 1997). Morris and Blackburn (2009) found thatcollege students associating with delinquent youth had a larger impact upon moreserious forms of computer crime, such as attempted hacking, malicious file damage, ormanipulation, than their attitudes. Delinquent peer associations have been empiricallyshown to be important in providing models to imitate (e.g. Morris and Blackburn, 2009)as well as in the introduction and acquisition of beliefs and excuses to justify computerattacks (Bossler and Burruss, 2011; Skinner and Fream, 1997). Similar to the argumentsthat the hacker subculture provides positive social encouragement and praise for447
successful and innovative hacks, scholars testing social learning hypotheses have foundsimilar results (Bossler and Burruss, 2011; Skinner and Fream, 1997). Skinner and Fream(1997) found that teacher encouragement, as well as participation in electronic bulletinboards, increased the likelihood of students guessing passwords.As discussed in Chapter 3, websites and chatrooms can play a large role in the sociallearning process of hackers. Box 11.1 displays an article that summarizes differentwebsites where individuals can learn basic ethical hacking skills.Box 11.1 Examples of websites that provide informationon hacking techniqueswww.compsmag.com/top-best-websites-learn-ethical-hacking/.Top 10 best websites to learn ethical hacking, 2017Hacking isn’t an individual subject that anyone can pick up overnight. This can’t be accomplished afterreading one article and visiting a few of these websites – the phrase is used to indicate that in time andwith a lot of practice, you’ll be able to [.] hack like a pro.This article provides an overview of ten key websites that can help individuals learnto hack ethically. There is inherent value in this article because it demonstrates thatinformation on hacking may be acquired through virtual venues with a great deal ofease and engender the learning process in meaningful ways.Although scholars have examined how the Internet has been used by terrorist groups,few have used criminological theory to understand why individuals join these groups orhow they are influenced by them. A rare exception is Freiburger and Crane’s (2011)study applying social learning theory to online extremism in which they argue that “byapplying these four constructs [differential association, definitions, differentialreinforcement, and imitation] to terrorists’ uses of the Internet, researchers can betterunderstand how the Internet is being used to enhance terrorist operations” (p. 128).Terrorist groups have clearly been able to use the Internet to increase membership bygaining access to youth around the world (differential association) and communicatingbeliefs (definitions) that support terrorist activities. Freiburger and Crane (2011) argue448
that second-generation youth living in new countries are especially vulnerable, sincethey are dealing with their lack of identity, unemployment, and feelings of isolation anddiscrimination. Within online support systems, however, they find and communicatewith others who are in similar situations. The Internet has become more important forterrorist groups to find and indoctrinate members, making contact in physical spaceunnecessary.The Internet is valuable in that it is accessible at any time and in most places.Depending on the severity of the individual’s sense of isolation and lack of attachment toconforming groups, online associations with extremists and potential terror groups mayprovide a vital sense of meaning and connection for a disenfranchised youth. As theirfeelings intensify and they participate more often in online discussions, they will bemore prone to accept the definitions favoring the particular ideological messagepromulgated on these websites. In addition, the Internet provides strong positivereinforcement in that it can make terrorists into instant celebrities, martyrs for the cause,and can glorify them long after they have died. These reinforcements provide theperception to youth that the glory, not to mention increases in self-esteem an