Chapter 1
Digital Crime
Robin Bryant
Introduction
In this chapter we discuss the theoretical background, nature and extent of digital crime; how it might differ from traditional forms of criminality, and conclude with an example of the novel way that some digital crimes are enacted.
Digital technology and digital forms of communication are increasingly important to individuals, to communities and to most sectors of society, including business, health and education. Our electricity supplies, transport logistics and infrastructures and even the defence of our national states depend on the effectiveness and security of our digital networks. It is no longer hyperbole to claim that the digital world touches all of our lives, and for much of our time, in profound ways. The digital economy grows in size and in importance year by year. For example, practically the only growth recorded by retail and supermarket businesses in the UK in the run up to Christmas 2012 was through their online sales divisions, in marked contrast to more traditional forms of retailing. Digital devices are now found in unexpected locations, such as cars, cookers and washing machines. We send fewer letters and more emails, we receive our news courtesy of Twitter and we maintain our relationships with family and friends through Facebook.
However, with the advent any form of new technology, âdigitalâ or âanalogueâ, there will be unexpected and unwanted consequences in terms of criminal exploitation and endeavour. For example, 800 years ago in the 1300s, the metal working techniques used for making genuine currency were rapidly adopted by criminals for making imitation coins for criminal use and financial gain. In the 19th Century the invention of typewriters provided increased anonymity for those writing blackmail letters (and by the 1920s the FBI had developed the forensic examination of typewriters and text). When motor cars became available for public use, bank robbers soon began to use them, as later portrayed in Hollywood movies such as Bonnie and Clyde. More recently, criminals employ digital technology and fast digital networks in their attempts to access internet-based banking systems in order to launder the proceeds of criminal enterprises. But it is argued by many that we are not simply witnessing a familiar story of criminal exploitation of new opportunity, but instead distinctively new forms of criminality. It might even be the case that traditional forms of volume crime (such as shoplifting) will soon be overtaken by cybercrime as the new âtypicalâ crime (Anderson et al., 2012, p. 26). When crime rates unexpectedly fell in England and Wales in 2012 one academic commentator even suggested that this might be as the result of conventional property crime developing into new digital forms that are less likely to be reported (Fitzgerald, cited by the Guardian, 2013), such as the use of eBay to sell stolen goods (Treadwell, 2012). More organised forms of criminality would also appear to be exploiting the opportunities provided by increasing digitalisation. The conclusion of a recent report (Detica with the John Grieve Centre for Policing and Security, 2012) claimed that âwe are entering a âfourth great eraâ of organized crime â the âage of digital crimeâ â as online and offline worlds convergeâ and that â80% of digital crime may now originate in some form of organised activityâ (although it has to be said that details of the methodology used to establish this estimate were unclear). Digital crime is also considered a threat to the further deployment of e-government and e-business services (ITU, 2012, p. 1).
There is a strong case therefore, for the need to âPolice Digital Crimeâ. This book is an exploration of the preventing, detecting and investigating of digital crime together with the attendant recovery and analysing of digital intelligence and evidence. All these aspects are covered in detail in the remaining chapters.
Digital Crime and the âNetwork Societyâ
The concept of the âNetwork Societyâ (sometimes âNetworked Societyâ) became widespread in the mid-1990s, and is most closely associated with the work of the sociologist Manuel Castells (Castells, 1996) and his three volume opus (The Rise of the Network Society, The Power of Identity and The End of Millennium). Castells argues that âtechnology is a necessary, albeit not sufficient condition for the emergence of a new form of social organization based on networking, that is on the diffusion of networking in all realms of activity on the basis of digital communication networksâ (Castells and Cardoso, 2005, p. 3). This technology is now largely in place in the developed world and is rapidly spreading, albeit in a patchy manner, across the globe. According to Castells, society is âmorphingâ from the industrial age to the information age as a consequence of the new technologies. However, by âNetwork Societyâ Castells doesnât mean the âinformationâ or âknowledge societyâ (he argues that knowledge and information have always been central to society). His is more a reference to the social and economic âconnectednessâ of society, which has profound impacts on the way we communicate and do business, our politics and the way that culture, power and knowledge are appropriated and shared. Power for example, is no longer centralised within tangible institutions and organisations, but is instead diffused through global networks in virtual spaces. The Network Society is a consequence not only of technological change but also the economic changes brought about by the demise of modern capitalism and state communism, and by the rise of phenomena such as the âgreen movementâ. Nor is Castells simply referring to the âinternetâ when he writes of this connectedness: he notes for example that the beginnings of the Network Society predate the internet (Castells, 2000). As we shall see in the remainder of this book, the Network Society is also having a profound effect on the way that the âbusinessâ of crime is conducted. In this sense âdigital crimeâ is less about technology and more about the way in which we relate to each other.
Castells also introduced the concept of a âculture of real virtualityâ (an apparent oxymoron as ârealityâ and âvirtualityâ are often seen as opposites) by which he meant the new culture arising as a consequence of the Network Society, and which employs electronic communication. This culture is diverse and reactive, with individuals continually defining themselves in different ways in different contexts: as consumer, as gender, as part of a collective. Facebook, Twitter and similar online social networks for example, mean that many people live for at least part of their day in a âreal virtualityâ because the interactions we engage in when online, and the identities that we present and explore are very much part of our reality. We discuss how notions of identity influence behaviour later in this chapter and in Chapter 2.
Castells also comments on the relationship between organised crime and the Network Society. In the second and third volumes of his opus he described the âGlobal Criminal Economyâ as one part of the Network Society, noting that although âCrime is as old as humankind [âŠ] global crime, the networking of powerful criminal organizations, and their associates, in shared activities throughout the planet, is a new phenomenon that profoundly affects international and national economies, politics, security and ultimately societies at largeâ (Castells 1998, p. 166). Although Castellsâ emphasis here is on the way networks have affected âconventionalâ crime (particularly illegal drug cartels), we shall see that digital technology has also impacted on the very nature of crime itself.
Digital Crime and the âInformation Societyâ
Allied to the concept of the âNetwork Societyâ (see above) is the âInformation Societyâ (or âInformation Ageâ), first espoused as such by Daniel Bell in the 1970s (Bell, 1974 and 1979), but with earlier origins in the 1930s. It is often couched in terms of a paradigm shift from the âIndustrial Societyâ. The âInformation Societyâ (or âSocietiesâ) is a reference to the various developments and changes arising from the increased production, collection, dissemination and processing of information, and the creation of knowledge, and the impact these have had on society. That there has been a major increase in stored in information is irrefutable, most notably as a result of digital forms of storage and distribution (particularly through the internet). It is also clear that an increasing number of people and organisations are able to share in both the consumption and generation of this information (see below). In many national economies there has been a shift from producing tangible material objects to providing information-based services and products, and information is now a major commodity not only in the economically advanced nations, and is often more highly valued than labour itself. Just as the industrial revolution was much more than simply applying steam power to the means of production, so will our new ways of generating knowledge and sharing information profoundly change the way that we earn our living, spend our leisure time and relate to each other. A visible manifestation of the âInformation Societyâ is the phenomenon of the âwisdom of the crowdâ on the internet where the best answer to a question or problem is found by aggregating the collected responses of the many (by âcrowd sourcingâ), and in effect filtering out the ânoiseâ of any one individual.
If the âInformation Societyâ is, or is becoming, a reality then security is likely to be a fundamental issue, and the âpolicingâ of this society a necessary requirement for confidence to be maintained.
Digital Crime and the âRisk Societyâ
Deibert and Rohozinski (2010, pp. 15â16) argue that cyberspace presents a special category of risk, and for a number of reasons: it is a transnational communication network, outside the control of states, organisations and individuals; its governance is distributed between the public and the private; it is unlike traditional physical domains (such as the sea, land, air or space) in that it is human-made and based on the ingenuity of the users and hence in a state of constant change and flux; it is both material and virtual (a space of both âthingsâ and âideasâ).
Published before the web existed, Ulrick Beckâs Risk Society (1992, the original German published in 1986) is often described as one of the most influential works of social analysis in the twentieth century. The influence of Beckâs ideas continues to this day, particularly with respect to the ways we view the risk presented by digital crime. As Guinchard notes âTwenty-odd years later, the risks and patterns of reactions he described in a world without the Internet are surprisingly apt for analyzing security issues in cyberspaceâ (Guinchard, 2011, p. 76).
Beck describes three chronological phases in the development of society: the age of traditional societies, early modernity and the current late modernity (the latter consisting of simple and reflexive modernity consecutively). In the past we might have feared the dangers around us; starvation, wild animals, other people, but these dangers had a recognisable place and role within our lives. Now the dangers that confront us are less immediate and tangible, but we remain uneasily aware of the risks that surround us. Beck suggests that these late modern risks are both often invisible and also open to interpretation (for example, of a âscientificâ nature, or requiring specialist knowledge, and hence contestable by the media and others). Beckâs early examples of risk were often drawn from controversies about the environment (including the effects of pollution such as depletion of the ozone layer), nuclear technology and genetic engineering. More recently he has argued that the global financial crisis and our fears about international terrorism provide further telling examples of his concept of risk. In terms of the policing of digital crime, distinct echoes of Risk Society concerns can be heard in current discourses, for example in relation to the uncertainties posed by the âfreedomâ offered to the users of cyberspace. Interestingly, an analogy with the âWild Westâ was often drawn in the early days of the public internet (and continues to be used, for example see Mattice, 2012) in terms of its lawlessness and pioneering (risk-laden) nature. As Hudson (2003) noted, Beckâs concept of the Risk Society helps explain how our supposed expectation of security can never be realised in practice â and this is perhaps particularly true of cyberspace. The unpredictable nature of risk in cyberspace is also partly due to some of the unintended consequences of technological innovation: the extent to which the inadequacies of online security could facilitate cybercrime is often the subject of disagreement and controversy. The media play an important role in this, with regular âmoral panicsâ over paedophile use of the internet, the dangers inherent in social network sites, the phenomenon of âsextingâ and so on.
Alongside risk in late modern society we have the notions of responsibilisation, prudentialism, and actuarialism (concepts arising from the work of Michel Foucault and others). For example, we have witnessed a move away from relying on governments and the state towards the individual being more responsible for the management of risk (responsibilisation). Therefore individuals need to exercise a more âcalculatingâ approach (actuarialism) to the management of that risk (prudentialism).
Digital Crime, the Principles of Economics and Game Theory
There are a number of economic principles of potential relevance to understanding the policing of digital crime (Walker, 2012). For example, in the 1960s Garett Hardin (in the context of ecology), drew on an historical example âThe Tragedy of the Commonsâ (Hardin, 1968) to explain and illustrate one such principle. The Commons were (and in some parts of the world, still are) agricultural land with no private owner, which any grazer can use for their animals. As no additional direct financial cost was involved, the herders all had an interest in increasing the number of cows they each grazed there - an apparently rational decision they were likely to make. However, if most herders adopted the same decision then the land would become over-grazed and suffer long-term damage, reducing its yield. (By âtragedyâ Hardin is referring to the apparent inevitability of this process as much as to the actual outcome). In general terms Hardin had identified an economic principle that refers to the tendency for any resource which appears to have no financial cost to become overused until its marginal utility (the benefit that accrues from its use) decreases to almost zero. In the case of online digital crime the âcommon landâ is the âinternetâ and the âherdersâ are âcyber-criminalsâ. Further, the online digital crime âmarketâ (attempts at phishing, extortion through DDoS attacks, theft using credit card details) is completely âunregulatedâ: anybody can enter the market, there is little in the way of preliminary training, specialist knowledge or equipment required (and this would in any case be supplied by the market itself, for example hardware skimmers and software rootkits), and no significant initial financial investment is required. In economic terms common-access unregulated markets soon become exhausted, with lower and lower average returns for the individual, but as we shall see later in this chapter, many claim that the cybercrime market is in fact highly profitable and expanding. However, there is not necessarily a contradiction here; the âTragedy of ...