Printed with permission from Syngress, a division of Elsevier. Copyright 2008. Scene of the Cybercrime, 2e by Debra Littlejohn Shinder and Michael Cross. For more information about this title and other similar books, please visit www.elsevierdirect.com.
Today we live and work in a world of global connectivity. We can exchange casual conversation or conduct multimillion-dollar monetary transactions with people on the other side of the planet quickly and inexpensively. The proliferation of personal computers, easy access to the Internet, and a booming market for related new communications devices have changed the way we spend our leisure time and the way we do business.
The ways in which criminals commit crimes is also changing. Universal digital accessibility opens up new opportunities for the unscrupulous. Millions of dollars are lost by both businesses and consumers to computer-savvy criminals. Worse, computers and networks can be used to harass victims or set them up for violent attackseven to coordinate and carry out terrorist activities that threaten us all. Unfortunately, in many cases law enforcement agencies have lagged behind these criminals, lacking the technology and the trained personnel to address this new and growing threat, which has been aptly termed cybercrime.
Even though interest and awareness of the cybercrime phenomenon has grown in recent years, many Information Technology (IT) professionals and law enforcement officers have lacked the tools and expertise needed to tackle the problem. To make matters worse, old laws didnt quite fit the crimes being committed, new laws hadnt quite caught up to the reality of what was happening, and there were few court precedents to look to for guidance. Furthermore, debates over privacy issues hampered the ability of enforcement agents to gather the evidence needed to prosecute these new cases. Finally, there was a certain amount of antipathyor at the least, distrustbetween the two most important players in any effective fight against cybercrime: law enforcement agents and computer professionals. Yet close cooperation between the two is crucial if we are to control the cybercrime problem and make the Internet a safe place for its users.
Law enforcement personnel understand the criminal mindset and know the basics of gathering evidence and bringing offenders to justice. IT personnel understand computers and networks, how they work, and how to track down information on them. Each has half of the key to defeating the cybercriminal. This books goal is to bring the two elements together, to show how they both can and must work together in defending against, detecting, and prosecuting people who use modern technology to harm individuals, organizations, businesses, and society.
The computer or network can be the tool of the crime (used to commit the crime)
The computer or network can be the target of the crime (the victim)
The computer or network can be used for incidental purposes related to the crime (for example, to keep records of illegal drug sales)
While it is useful to provide a general definition to be used in discussion, criminal offenses consist of specific acts or omissions, together with a specified culpable mental state. To be enforceable, laws must also be specific. In many instances, pieces of legislation contain definitions of terms. This is necessary to avoid confusion, argument, and litigation over the applicability of a law or regulation. These definitions should be as narrow as possible, but legislators dont always do a good job of defining terms (and sometimes dont define them at all, leaving it up to law enforcement agencies to guess, until the courts ultimately make a decision).
To illustrate this, we can look at the Council of Europes Convention on Cybercrime treaty, which can be viewed at http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm. The treaty attempts to standardize European laws concerning crime on the Internet, but one of the biggest criticisms of the treaty is its use of overly broad definitions. For example, the definition of the term service provider is so vague that it could be applied to someone who sets up a two-computer home network, and the definition of computer data, because it refers to any representation of facts, information, or concepts in any form suitable for processing in a computer system, would include almost every possible form of communication, including handwritten documents and the spoken word (which can be processed by handwriting and speech recognition software). Likewise, the U.S. Department of Justice (DoJ) has been criticized for a definition of computer crime that specifies any violation of criminal law that involved the knowledge of computer technology for its perpetration, investigation, or prosecution (reported in the August 2002 FBI Law Enforcement Bulletin). Under such a definition, virtually any crime could be classified as a computer crime, simply because a detective might have searched a computer database as part of conducting an investigation.