What is Cybercrime?
At this point of time there is no commonly agreed definition of ‘Cybercrime’. The area of Cybercrime is very broad and the technical nature of the subject has made extremely difficult for authorities to come up with a precise definition of Cybercrime. The British police have defined Cybercrime as ‘use of any computer network for crime’ and council of Europe has defined Cybercrime as ‘any criminal offence against or with help of computer network.
The two definitions offered by the British police and council of Europe are both very broad and they offer very little insight into the nature of conduct which falls under the defined term. Most of us do a vague idea what Cybercrime means but it seems that it is very to difficult to pinpoint the exact conduct which can be regarded as Cybercrime.
For the purposes of the dissertation, I shall attempt to come up with my own definition of Cybercrime; the available definitions do not adequately explain the concept of Cybercrime.
In order to understand and provide better insight into nature of Cybercrime, it will be a good idea to divide Cybercrime into two categories because computers can be used in two ways to commit Cybercrime.
The first category will include crimes in which the computer was used as tool to commit the offence. The computer has enabled criminals to use the technology to commit crimes such as fraud and copyright privacy. The computer can be exploited just as another technical device which can be exploited, for e.g. a phone can be used to verbally abuse someone or stalk someone, someway the internet can be used to stalk someone or verbally abuse someone.
The second category will include offences which are committed with intention of damaging or modifying computers. In this category the target of the crime is the computer itself, offences such as hacking.
Whichever categories the offence committed falls in, ultimately it are us the humans who have to suffer the consequences of Cybercrime.
Now we know that there are two ways in which the computer can be used to commit offences, my definition of Cybercrime would be:
“Illegal acts using the computer as instrument to commit an offence, or targeting a computer network to damage or modifying computers for malicious purposes”
Even my definition cannot be regarded as precise, as pointed earlier that due to the broad and technical nature of Cybercrime, it almost impossible to come up with a precise definition. The term Cybercrime is a social term to describe criminal activities which take place in world of computers; it is not an established term within the criminal law.
The fact that there is no legal definition of Cybercrime within criminal law makes the whole area of Cybercrime very complicated for concerned authorities and the general public, it creates confusion such as what constitutes as Cybercrime and if Cybercrime cannot be defined properly how will the victims report the crime? The lack of proper definition means that majority of the Cybercrime which takes place is unreported as the victims and the authorities are not sure whether the conduct is a Cybercrime. It is estimated that 90% of the Cybercrime which occurs is unreported.
Types of Cybercrime
Computer can be used to commit various crimes, in order to have a better understanding of Cybercrime; we shall look at individually the types of crimes which are committed in the world of computers. It will not possible to describe every type of Cybercrime which exists due to the word limit, we will only concentrate on crimes which are considered to be major threats to our security.
Fraud can be defined as use of deception for direct or indirect financial or monetary gain. The internet can be used as means targeting the victim by replicating “real world” frauds such as get rich quick schemes which don’t exist, emails which demand an additional fee to be paid via credit card to stop loss of service such as internet or banking. The increasing availability of the internet means that fraudsters can carry out fraudulent activities on a grand scale.
Fraud is a traditional crime which has existed for centuries and internet is merely a tool by which the fraudsters actions are carried out. Fraud has become a serious threat to e-commerce and other online transactions. Statistics suggest that internet only accounts for 3% of credit card fraud, credit card fraud is one of the more difficult frauds to commit on the internet, however other forms of fraud such as phising are more easier to carry out using the internet and equally lucrative.
Phising is a form of fraud which is rapidly increasing. Phising is when you get emails from commercial organizations such your bank and other financial institutions, they would ask you to update your details, emails look genuine and it is a scam to trick people on giving their details. There are no official figures available on ‘phishing scams’ but on average I receive about three emails everyday asking me to update my bank account details.
Recently there was email going around asking the staff members and students of LSBU to update their personal details, the email looked genuine but the ICT staff informed students/staff to ignore as it was a trick to gain personal information. Since the advancement of technology, it is has become easier and cheaper to communicate and fraudsters are also taking advantage of technology because it is easier to exploit the internet and it is cheaper than other alternatives such as phone and postal mail.
There are other forms of fraud such as auction fraud, it is when buy goods in auction and you pay for the item but your item will never turn up.
Fraud is one of the lucrative crimes on the internet; experts suggest that it is more than trafficking drugs. The reasons why fraudsters prefer internet is because:
- Internet has made mass communication easy and it is cheap, same email can be sent to millions of people very easily and cheaply with just one click of button.
- Majority of users do not have adequate knowledge on how technology works, this makes it easy for fraudsters to fool innocent people into taking an action such as giving their personal details.
- Internet users are considered naïve in the sense that they have too much faith in the information they receive via the internet, therefore, they do not take necessary steps to verify the information and often get tricked in handing out their credit card or personal details.
Offences against person(s)
Offence against a person can either be physical or mental, it is not possible to cause direct physical harm to a person using a computer but it is possible to cause mental harm such as anxiety, distress or psychological harm. It can be done by sending abusive or threatening emails or posting derogatory information online.
Stalking is a crime which is done to harass another person repeatedly. As the number of user on the internet increased, the opportunities for abuse have also increased. It is possible to use internet as a tool for sending abusive emails, leaving offensive messages on guestbooks, or posting misinformation on blogs. In some cases, cyberstalkers have morphed images of their victims onto pornographic images and then emailing the pictures to relative and work colleagues to cause embarrassment.
There are mainly three reasons for committing a crime such as stalking, Main reason is usually when relationships fail, former intimates usually target their ex-boyfriend/girlfriend to get revenge. Second reason for cyberstalking is boredom; some people usually pick random people and target them by sending them abusive and threatening emails just for fun. Cyberstalkers take advantage of anonymity of the internet to cause distress to their victim’s life.
Hate and racist speech is also a form of crime which escalated since the introduction of the internet; it can cause traumatic experience and mental distress to those who are targeted. Post 9/11, there have been many websites set up to mock the religion Islam, such as www.laughingatislam.com, this website has been cause of distress to many Muslims around the world.
This category includes offences which have sexual element, such as making undesired sexual approaches in chat-rooms and paedophiles harrasing children. Child pornography and child protection are one of the main concerns on the internet. Paedophiles are taking full advantage to exploit the technology for viewing and exchanging child pornography.
Paedophiles use the internet to their advantage, they use chat rooms and other popular social networks such as facebook to entice and lure children into meeting them. Many popular chat rooms such as MSN Chat and Yahoo chat have closed down their chat rooms to protect young children but closure of popular chat rooms have not stopped paedophiles from using less popular chat rooms and other social networks.
Hacking related offences
Hacking can be defined as gaining unauthorised access to a computer system. As soon as we hear the word ‘hacking’, we tend to think that it is a crime, it should be noted that hacking started of as show of skill to gain temporary access to computer systems. It was rather an intellectual challenge than a criminal motive. But now, many hackers misuse their skills to inflict damage and destruction. Examples of hacking include stealing confident information such credit card details.
In a recent incident of hacking, Harriet Harman whose is a politician, taking part in upcoming elections. Her website was hacked and the blog section of her website encouraged the audience to vote for Boris Johnson whose is a competitor of Harman Harriet. Boris Johnson has also complained that his email account was hacked recently. Most politicians believe that internet as a medium will be a major part of election campaigns and activities such as hacking can sabotage election campaigns by posting disinformation on candidate’s websites.
Virus and Other Malicious Programs
Virus is a malicious code or program that replicates itself and inserts copies or new versions onto other programs, affecting computer systems. Viruses are designed to modify computer systems without the consent of the owner or operator. Viruses are created to inflict senseless damage to computer system. It is a widely accepted perception that crime is committed in times economic distress. Criminals do not gain any monetary benefit; it is simply done to show off their computer skills. Some viruses are failed programs or accidental releases. The most famous virus which was released is the I LOVE YOU virus or commonly known as the ‘love bug’. The virus damaged millions of computers worldwide; it caused damage worth of $8.5bn, the author of the virus claims that it was released to impress his girlfriend.
Legislation on Cybercrime
It is often believed that the internet is just like the ‘wild west’ where there no rules and regulations and people are free to carry out illegal activities. Fortunately, this is not true at all; there is legislation which exists to protect us from cybercrimes.
Type of crime
Fraud Act 2006(Covers all types of possible frauds)
Offences against person(s)
The Public Order Act 1986(Hate speech)
The Protection of children Act 1978
The Criminal Justice Act 1988
The Criminal Justice an Public Order Act 1988
Sexual Offences Act 2003
After carefully reviewing all pieces of legislations mentioned above, I can conclude by saying that legislation we have at the moment is adequate enough to protect us from any sort of traditional crime carried out using computers. There were few anomalies which have been removed now.
The Theft Act 1968 which previously covered fraud has been replaced by Fraud Act 2006 to cover anomaly under the previous legislation. In the case of Clayman, it was held that it is not unlawful to defraud a computer; the courts do not regard computers as deceivable as the process is fully automated. In theory if we apply the principle deriving from the Clayman case then it will not be unlawful to false credit card number when signing up for an online service such as subscription to a newsgroup or online gaming. There is only exception to this rule that it will not apply if deception involves licensed telecommunications services, such as dial-up chat lines pay-per-view TV.
Second anomaly before us was that information was not regarded property. In the case of Oxford v Moss, in this case a student took a copy of forthcoming exam from a lecturer’s desk and made a photocopy of that exam paper, it was held that the student cannot be charged under the theft act as he did not deprive the owner of the asset, a copy had simply been taken. Computers only contain information, by applying the principle deriving from this case, it means that it is acceptable to print other people’s files as long they do not deprive the owner of the file by deleting it, one would only be prosecuted if he/she steals trade secret or confidential information.
Decisions in both cases mentioned above are absurd, both of them were decided in 1970s, the only possible reason for reaching absurd decision could only be lack of knowledge on technology. Previous legislation took into account the consequences of the fraudster’s activities when deciding whether the conduct in question is an offence. The Fraud Act 2006 aims to prosecute the fraudsters on the basis of their actual conduct rather than the consequences of their activities.
How serious is the threat?
In order to determine the seriousness of the threat, it is important to look at the statistics available on cybercrime.
Type of crime
Number of cases reported
Offences against the person
Virus related incidents
Total number of cases reported
Source of statistics: Garlik
According to the figures, they were approximately 9.23 million incidents of cybercrime reported in the year 2006. Statistics show that 15% of the population of the UK was affected by cybercrime in someway, after looking at these figures; one can easily conclude that we are having an epidemic of cybercrime. These statistics could only the tip of the iceberg of the totality of cybercrime; experts believe that real figure could be 10 times higher as cybercrime is massively under-reported.
Reasons for under-reporting
Reporting any crime involves a three stage process:
- The conduct needs to be observed.
- The conduct needs to categorised as criminal.
- The relevant authorities need to be informed of the criminal conduct.
A particular crime will not be reported if there is failure in any of the stages, therefore the relevant authorities will not take action against the criminal. There are certain factors which affect reporting of cybercrime, factors include:
Sometimes the criminal conduct is not noticed, internet fraud usually comprises of low-value transactions across a bulk body of victims, and victims are not always able to spot discrepancy in their bank accounts.
Lack of awareness means that the victims may not know whether the conduct in question is a crime. Victims of viruses don’t see them as victims of crime, people tend to see viruses as technical issue, and therefore, the victim would believe that no one has broken the law.
Most victims don’t know which authorities they should contact to report cybercrime. Police officers have inadequate amount of resources and don’t have the expertise to deal with cybercrime at the moment, therefore, pursuing a formal complaint can be a difficult process. Once I tried reporting a cybercrime, a laptop was purchased on EBay but the seller took my money and never sent the laptop, this is a common case of auction fraud.
I did try to make a complain, the whole process was extremely slow, the officer dealing with me had no clue what EBay is, I was able to register a complaint but it has been two years and my complain is still unresolved.
Under-reporting is factor which contributes towards increase in cybercrime, under-reporting mean that criminals will have less fear of getting caught and therefore, they are more likely to commit illegal acts online.
People’s attitude towards cybercrime
Traditional crimes such as murder, rape and robbery can have serious effects on the victim’s life; in some cases the victim may not be able to lead a normal life after being a victim of crime. In contrast to cybercrime, the impact is not that serious, majority of users have insurance against financial frauds, and frauds are usually of low-value.
Viruses can easily be filtered using antivirus software. Other offences such as cyberstalking usually cause some anxiety and distress. Only crimes such as child pornography have a greater impact, it is the only the crime which can have a serious consequences on the victims life. A recent survey suggest that only 37% are afraid to use the internet after being a victim of crime, majority of the users do continue to use the internet after being a victim.
Cybercrime and e-commerce
Cybercrime is a growing concern for all of us, however, the effects of cybercrime are not hindering the growth of the internet, and the effects of cybercrime on the e-commerce have not been drastic. Financial transactions over the internet are on the rise, number of people using internet for shopping is increase day by day and over one third of population is using internet banking.
One of the reasons why cybercrime spiraling out of control is the fact that it is very easy to commit if have the technical knowledge, all you need is a computer connected to the internet, the crimes on the internet are hard to detect. It can be committed from anywhere in the world, the criminal could sitting in Africa and targeting his victim in Australia. In the next chapter, we shall examine the problems faced by authorities when investigating cybercrime.
Jurisdictional issues and the cyberspace
Cyberspace is a world without defined boundaries; anyone can access any website using his computer. It can very difficult to locate the source of crime in cyberspace because relative anonymity and as easy way to shield identity. Even if the relevant authorities are able to identify the source of crime, it is not always easy to prosecute the criminal.
When dealing cross border crime, it is imperative that both countries should recognise the conduct as illegal in both jurisdictions. The principle of double criminality prohibits the extradition of a person, if the conduct in question is not recognized as a criminal offence by the country receiving the request for jurisdiction.
Imagine a situation where a computer programmer from Zimbabwe sends Barclays bank a virus which causes the computers in Barclays bank to malfunction, the bank cannot carry out their business for 1 hour and as a result they lose about $1 million worth of revenue. English authorities would want to extradite the offender to England so they could prosecute the offender. In an action for extradition, the applicant is required to show that actions of the accused constitute a criminal offence exceeding a minimum level of seriousness in both jurisdictions.
Imagine now that they are no laws on spreading viruses in Zimbabwe, therefore it will not possible to show offender’s action constitute as criminal behavior. If they are no laws regarding on cybercrime in Zimbabwe then he cannot be extradited and he will walk free after deliberately causing damage to Barclays bank. Cybercrime has an international dimension, it is imperative that legal protection is harmonised internationally. There are still about 33 countries such as Albania, Yugoslavia and Malta; they have no laws on cybercrimes.
If there are no laws then those countries are considered as computer crime havens. The perpetrator of ‘I LOVE YOU’ virus which caused $8.5 billion worth damage was caught in Philippines but he could not be prosecuted as Philippines had no laws on cybercrime. Cybercrime is global issue and the world will need to work together in order to tackle cybercrime.
How real world crime dealt across borders?
In relation to real world crime which transcended national borders, an idiosyncratic network of Mutual Legal Assistance Treaties(MLATs) bound various countries to assist each other in investigating real world crime, such as drug trafficking. If there was no treaty agreement between two countries then they would contact the relevant authorities to ask for assistance and obtain evidence, this mechanism was sufficient in dealing with real world crime. This mechanism can only work if both countries have similar cybercrime laws; if any country lacks cybercrime laws then the process would fail.
How should Jurisdiction be approached in Cybercrime?
In a case of cyberstalking, An Australian man was stalking a Canadian Actress. The man harassed the actress by sending unsolicited emails. Australian Supreme Court of Victoria held that crimes ‘committed over the internet knows no borders’ and ‘State and national boundaries do not concern them’, therefore, jurisdiction should not be the issue. He was convicted. This case was straightforward as both nations recognise stalking as a criminal offence, however, there can be conflicts if both nations do not recognize the act as criminal.
In Licra v Yahoo, French courts tried to exercise jurisdiction over an American company. Yahoo was accused of Nazi memorabilia contrary to Article R645-1 of the French Criminal Code. Yahoo argued that there are not in breach of Article R645-1 as they were conducting the auction under the jurisdiction of USA and it is not illegal to sell Nazi memorabilia under the American law. In order to prove that Yahoo is subject American jurisdiction, they argued the following points:
- Yahoo servers are located in US territory.
- Services of Yahoo are primarily aimed at US citizens.
- According to the First Amendment to the United States Constitution, freedom of speech and expression is guaranteed and any attempt to enforce judgement which restricts freedom of speech and expression would fail for unconstitutionality.
The court ruled that they have full jurisdiction over Yahoo because:
- The auction was open to worldwide bidders, including France.
- It is possible to view the auction in France, viewing and displaying Nazi memorabilia causes public nuisance and it is offence to public nuisance under the French law.
- Yahoo had a customer base in France, the advertisements were in French. Yahoo did have knowledge that French citizens use their site; therefore they should not do anything to offend French citizens.
Yahoo ignored the French court ruling and kept saying that they French court does not have the right to exercise jurisdiction over an American company. Yahoo was warned that they would have to pay heavy fines if they don’t comply. In the end Yahoo owners did comply with the judgement they had substantial assets in France which were at risk of being confiscated if they don’t claim. The sole reason why French courts were able to exercise jurisdiction over Yahoo because it is a multinational company with large presence in France.
Imagine instead of France, if the action would have been taken by courts of Saudi Arabia on auctioning playboy magazines, under the Saudi Arabian Sharia law, it is illegal to view or buy pornography. Saudi Arabia court would have failed to exercise jurisdiction over Yahoo as they don’t have any presence in Saudi Arabia but it was possible to view Yahoo auctions from Saudi Arabia.
The case of Yahoo is a rare example where a court was able to exercise jurisdiction over a foreign company. In majority of the cases concerning individuals, courts trying to exercise jurisdiction over foreign elements are usually ignored. In the case of Nottinghamshire County Council v. Gwatkin (UK), injunctions were issued against many journalists to prevent them from publishing disseminating a leaked report that "strongly criticises [the Council's] handling of allegations of satanic abuse of children in the 1980s. Despite the injunctions, a report appeared on an American website. The website refused to respect the English jurisdiction as they argued that the report was a public document. The Nottinghamshire had no option then to drop the case.
Cybercrime has an international dimension. International law is complicated area, it can be very difficult to co-operate with authorities if there is no or weak diplomatic ties, for e.g. Pakistan and Israel have no diplomatic ties, if a situation arises where Israeli citizen hacks into State bank of Pakistan steals millions of dollars from the bank, in a situation like this, one easily assume that both countries would not co-operate with each other even though both countries recognise hacking as a offence but they do not have diplomatic ties with each other, most probably the hacker would get away with the crime.
A case involving Russian hackers, they hacked into Paypal and stole 53,000 credit card details. Paypal is an American company. The Russian hackers blackmailed Paypal and asked for a substantial amount of money, they threatened they would publish the details of 53,000 credit cards if they do not receive the money.
Russia and American both have signed extradition treaty but still Russian authorities failed to take action, it is still not clear why they did not take appropriate action against the Russian hackers. Both nations struggled to gain jurisdiction over each other. FBI decided to take things into their own hands by setting up a secret operation, undercover agents posed as reprenstatives of a bogus security firm Invita. The bogus security firm invited the Russian hackers to US
with prospects of employment. When the interview for employment by the bogus firm Invita was being carried out, the Russian hackers were asked to display there hacking skills, one of the hackers accessed his own system in Russia to show off his skills, the FBI recorded every keystroke and later arrested the Russian hackers for multiple offences such as hacking, fraud and extortion. The keystrokes recorded were later used to hack into one of the hacker’s computer in Russia to access incriminating evidence. All this took place without the knowledge of Russian authorities.
When Russian authorities came to know about whole incident, they were furious and argued that US misused their authority and infringing on another sovereign nation’s jurisdiction. Lack of co-operation in relation to jurisdiction can lead to serious problems between nations, in order to avoid such conflicts, there is need to address the jurisdiction issue and come up with a mechanism which ensures that countries co-operate with each other.
Where is the Jurisdiction?
In the real world crime, the conduct and the effect of the conduct are easy to pin down because we can visibly see the human carrying out the conduct and the effect of the conduct is also visible. The location of the offence and the location of the perpetrator can easily be identified. Imagine a situation in which a shooter in Canada shots an American across Niagara Falls, it is clear from the example that the conduct took place in Canada and the effect of the conduct took place in Canada.
Cyberspace is not real, people say that events on cyberspace occur everywhere and nowhere, a man disseminating a virus could release a virus which travel through servers of many different country before reaching the victim, for e.g. a person makes a racist website targeting Jews in Malta, uploads the website on American servers and the website is available for everyone to see, a Jewish living in Israel comes across the website and gets offended.
In a situation like this where would you bring an action, should you bring an action in Malta because the perpetrator is based over there, would bring an action in America where the server is hosted or would bring the action in Israel where the victim is? There are specific laws regarding jurisdiction issues on the internet, the world is still struggling to come up with a solution which would solve the problem of jurisdiction.
Positive or Negative Jurisdiction?
The principle of negative jurisdiction occurs when no country is willing to exercise jurisdiction for a cybercrime. Cybercrime can have multiple victims in different countries; the ‘love bug’ caused damage in many different countries including USA, UK, France and Germany. If the damage is caused to multiple countries then who should claim jurisdiction over the cybercrime, should it by prioritised by the amount of damage suffered by each country. If the effected countries decide not to take action against the perpetrator because it is not in their best interest, the country may be occupied by other internal problems. If no country is willing to exercise jurisdiction over a cybercrime then the perpetrator would walk free.
Positive jurisdiction is opposite of negative jurisdiction, how will the issue of jurisdiction be decided if more than two countries want to exercise their jurisdiction over the perpetrator, it is a established principle that one cannot be tried in two different courts for the same offence, in a situation like this, the country which have suffered the most damage might be given priority. The area of positive and negative jurisdiction still remains unclear as there no cases or agreements to solve such a problem.
Jurisdiction issues such as double criminality, determining jurisdiction and conflicts of positive and negative issues are the most complex issues of cybercrime, unless the issues are resolved, we cannot make any progress in curbing cybercrime. Council of Europe has been working on global governance model to deal with trans-border cybercrime.
Council of Europe
The Council of Europe began studying the cybercrime twenty years, when computers were first introduced; it was obvious that in the future they will be used to commit crime. After years of research, Council of Europe proposed a convention.
The convention on cybercrime
The convention on cybercrime is first international treaty on crimes committed using computers. The convention on cybercrime recognises that cybercrime is an international threat and proposes a traditional approach to the problem that the nation whose citizens suffer harm should exercise jurisdiction on the perpetrator.
According to section 3 of the convention, it states that in the event of positive jurisdiction, nations should consult with each other to reach the best decision. Section 3 is unclear on positive jurisdiction which can lead to conflicts and slow or no co-operation between nations. I propose that section 3 should be amended and independent committee should be appointed by Council of Europe to decide the best course of action.
The convention starts by stating that every member should define certain activities as criminal, and thus achieving international harmonisation and eradicating possible problems of double criminality. The aim of convention is to set up a fast and effective regime of international co-operation; this will be achieved by setting up a 24/7 point of contact for immediate assistance in every country.
The convention requires nations to adopt a standard procedure when investigating and prosecuting cybercrime. It requires parties to adopt legislation that is designed to facilitate investigation by:
- Expediting the preservation and production of electronic evidence.
- Applying search and seizure law to computer systems.
- Authorizing law enforcement to collect traffic data and content data.
Parties must also co-operate in:
- Extraditing offenders
- Sharing information
- Preserving, accessing, intercepting and disclosing traffic and content data.
In simple language, we can interpret the convention on cybercrime is creating massive surveillance network and our civil liberties are under threat. Information can be exchanged between all national governments, is it a good idea to share information of British citizens with the French government?, is it necessary to monitor every internet user to control a very miniroty of cybercriminals.
Will convention on cybercrime have any impact on curbing cybercrime?
The prospects of success of convention of cybercrime are very low, so far the ratification of the treaty has extremely been a slow process, convention opened for signature and ratification on november 2001 and three year only thirty eight countries signed up, only eight ratified the treaty. The remaining thirty who have signed up are yet to ratify the treaty.
There are one and ninty five countries in this world, the convention of cybercrime is open to all countries, only a small minority have signed up yet, how can the convention be a success if only a handful of countries are willing to participate. Internet is available everywhere, even in poorest countries such as Burkino Faso, if someone from Burkino Faso commits cybercrime, he will walk free because Burkino Faso do not have any laws on cybercrime and they are not part of convention on cybercrime.
Imagine a man walks into into his local bank with the intention of robbing it. He goes in and uses the most cliché dialouge “this is a stick up, give me all the money and no one gets hurt”, he passes a large sack with a dollar sign on it to the cashier and tells him to fill out up with cash or you will be hurt, the cashier carries out his intructions.
The robber runners out of the bank with large bags of money, as soon as he outside, he drives off in BMW car. Whenever a crime is committed, the police is called to investigate and collect evidence so the robber could identified and the evidence should be strong that it should prove the case beyond reasonable doubt.
When the police arrives to investigate the robbery, their first strategy will be to collect eyewitness testimony, they would ask questions that how did the robber look like, how tall was he and which car did he getaway in?. The police will have access CCTV footage which help to identify the robber. The second stage would be to collect physical evidence such as fingerprints.
The police would also try to trace the car which he was driving, one of the customers in the bank managed to see the number plate of his car and using car registration number, the police is able to catch him, the search his house and are able to retrieve the stolen cash from the bank. The police is succesful in obtaining enough evidence to convict the robber beyond reasonable doubt.
After spending 10 years in jail, the robber is released. He is planning another bank robbery but this time he would use a computer to steal the money instead of walking in a bank. He moves to South Africa, goes into a local internet café and connects to the intenet. To disguise his tracks, he picks up networks with weak security, he hacks into server of university of South Wales, the server of universty of South Wales is operated by public library of Wales. Using the server of University of South Wales, he hacks into the server of public library of Wales and then from there he hack into the same bank which he robbed two years, he logs in, creates a dummy account and transfers the money to offshore bank account which is untraceable.
The police again arrives to the same bank to investigate a robbery, the whole crime scene is completely different, there no eye witnesses, no one saw the robber and no physical evidence. The first strategy would be speak to the systems administrator and ask to gather all the information relation to the robbery that may be stored in the computer.After going through all the information, the police is able to find one piece of information which may lead to the robber.
They manage to find the IP address, an IP address is the internet’s equivalent to phone number. The IP address tells them the hacking took place from the Public library of Wales, the police investigate the servers of public library of Wales and they find another IP address which originated from University of South Wales. They then move their investigation to University of South Wales and come to know that hacking took place from South Africa.
The investigation moves to South Africa, they manage to track down the internet café. After speaking to the staff of the internet café, no one is able to give any clues, the system adminitrator does not keep comprehensive records, therefore it is not possible to gather further evidence against the robber. The robber moves to Canada shortly after carrying out the robbery. After being exhuasted, the police is not able to collect enough evidence against the robber which would prove the crime beyond reasonable. The criminal in this scenario is almost phantom, no one knows who he is and how he looks like.
Digital evidence is fragile and not easy to collect because the computers have enchanced the ability cover up tracks. The cybercrime scene create significant forensic challenges for law enforcement agenices when obtaining evidence and subsequently presenting it before the courts. One of the biggest problems is that law enforcement agencies rely on third parties for evidence, in the scenario above, the third parties are University of South Wales and public library of Wales, if any of the third parties fail to keep comprehensive records then investigation will not be possible. There is no other source of collecting evidence, the only other source from which the evidence can come from is the computer which used to hack, most professional hackers destroy their laptops or replace the hardrive after carrying out the attack.
The area of digital evidence is very technical and complex and research is still being carried in this area to make the whole process more efficient.