Chapter 2 : 2. The phenomena of cybercrime
2.1 Definitions
Most reports, guides or publications on cybercrime begin by defining the terms “computer crime” and
“cybercrime”.In this context, various approaches have been adopted in recent decades to develop a precise
definition for both terms. Before providing an overview of the debate and evaluating the approaches, it is useful to
determine the relationship between “cybercrime” and “computer-related crimes”.Without going into detail at this
stage, the term “cybercrime” is narrower than computer- related crimes as it has to involve a computer network.
Computer-related crimes cover even those offences that bear no relation to a network, but only affect stand-alone
computer systems.
During the 10th United Nations Congress on the Prevention of Crime and the Treatment of Offenders, two
definitions were developed within a related workshop:Cybercrime in a narrow sense (computer crime) covers any
illegal behaviour directed by means of electronic operations that target the security of computer systems and the
data processed by them. Cybercrime in a broader sense (computer- related crimes) covers any illegal behaviour
committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession
and offering or distributing information by means of a computer system or network.
One common definition describes cybercrime as any activity in which computers or networks are a tool, a target or a
place of criminal activity. There are several difficulties with this broad definition. It would, for example, cover
traditional crimes such as murder, if perchance the offender used a keyboard to hit and kill the victim. Another
broader definition is provided in Article 1.1 of the Stanford Draft International Convention to Enhance Protection
from Cyber Crime and Terrorism (the “Stanford Draft”), which points out that cybercrime refers to acts in respect to
cybersystems.
2.2 Typology of cybercrime
The term “cybercrime” is used to cover a wide variety of criminal conduct. As recognized crimes include a broad
range of different offences, it is difficult to develop a typology or classification system for cybercrime. One approach
can be found in the Convention on Cybercrime, which distinguishes between four different types of offences:
1. offences against the confidentiality ,integrityandavailabilityofcomputerdataand systems;
2. computer-related offences; 3. content-related offences; and 4. copyright-related offences.
This typology is not wholly consistent, as it is not based on a sole criterion to differentiate between categories.
Three categories focus on the object of legal protection: “offences against the confidentiality, integrity and
availability of computer data and systems”; content-related offences; and copyright- related offences. The fourth
category of “computer-related offences”does not focus on the object of legal protection, but on the method used to
commit the crime. This inconsistency leads to some overlap between categories.
In addition, some terms that are used to describe criminal acts (such as “cyberterrorism” or “phishing”) cover acts
that fall within several categories. Nonetheless, the four categories can serve as a useful basis for discussing the
phenomena of cybercrime.
2.3 Development of computer crime and cybercrime
The criminal abuse of information technology and the necessary legal response are issues that have been discussed
ever since the technology was introduced. Over the last 50 years, various solutions have been implemented at the
national and regional levels. One of the reasons why the topic remains challenging is the constant technical
development, as well as the changing methods and ways in which the offences are committed.
- 2.3.1 The 1960s
In the 1960s, the introduction of transistor-based computer systems, which were smaller and less expensive than
vacuum-tube based machines, led to an increase in the use of computer technology. At this early stage, offences
focused on physical damage to computer systems and stored data. Such incidents were reported, for example, in
Canada, where in 1969 a student riot caused a fire that destroyed computer data hosted at the university. In the mid
1960s, the United States started a debate on the creation of a central data-storage authority for all ministries.
Within this context, possible criminal abuse of databases and the related risks to privacy were discussed.
Cyber Crime
7
- 2.3.2 The 1970s
In the 1970s, the use of computer systems and computer data increased further.At the end of the decade, an
estimated number of 100 000 mainframe computers were operating in the United States.With falling prices,
computer technology was more widely used within administration and business, and by the public. The 1970s were
characterized by a shift from the traditional property crimes against computer systems that had dominated the
1960s, to new forms of crime. While physical damage continued to be a relevant form of criminal abuse against
computer systems, new forms of computer crime were recognized. They included the illegal use of computer
systems and the manipulation of electronic data. The shift from manual to computer- operated transactions led to
another new form of crime – computer-related fraud.Already at this time, multimillion dollar losses were caused by
computer-related fraud.Computer-related fraud, in particular, was a real challenge, and law- enforcement agencies
were investigating more and more cases. As the application of existing legislation in computer-crime cases led to
difficulties, a debate about legal solutions started in different parts of the world. The United States discussed a draft
bill designed specifically to address cybercrime.Interpol discussed the phenomena and possibilities for legal
response.
- 2.3.3 The 1980s
In the 1980s, personal computers became more and more popular. With this development, the number of computer
systems and hence the number of potential targets for criminals again increased. For the first time, the targets
included a broad range of critical infrastructure. One of the side effects of the spread of computer systems was an
increasing interest in software, resulting in the emergence of the first forms of software piracy and crimes related to
patents.The interconnection of computer systems brought about new types of offence. Networks enabled offenders
to enter a computer system without being present at the crime scene. In addition, the possibility of distributing
software through networks enabled offenders to spread malicious software, and more and more computer viruses
were discovered. Countries started the process of updating their legislation so as to meet the requirements of a
changing criminal environment. International organizations also got involved in the process. OECD and the Council
of Europe set up study groups to analyse the phenomena and evaluate possibilities for legal response.
- 2.3.4 The 1990s
The introduction of the graphical interface (“WWW”) in the 1990s that was followed by a rapid growth in the
number of Internet users led to new challenges. Information legally made available in one country was available
globally – even in countries where the publication of such information was criminalized. Another concern associated
with online services that turned out to be especially challenging in the investigation of transna
tional crime was the
speed of information exchange. Finally, the distribution of child pornography moved from physical exchange of
books and tapes to online distribution through websites and Internet services. While computer crimes were in
general local crimes, the Internet turned electronic crimes into transnational crime.
As a result, the international community tackled the issue more intensively. UN General Assembly Resolution 45/121
adopted in 1990 and the manual for the prevention and control of computer-related crimes issued in 1994 are just
two examples.
- 2.3.5 The 21st Century
As in each preceding decade, new trends in computer crime and cybercrime continued to be discovered in the 21st
century. The first decade of the new millennium was dominated by new, highly sophisticated methods of committing
crimes, such as “phishing”, and “botnet attacks”, and the emerging use of technology that is more difficult for law
enforcement to handle and investigate, such as “voice-over-IP (VoIP) communication” and “cloud computing”. It is
not only the methods that changed, but also the impact. As offenders became able to automate attacks, the number
of offences increased. Countries and regional and international organizations have responded to the growing
challenges and given response to cybercrime high priority.
Cyber Crime
8
Cyber Crime
9