There is no agreed precise definition of the term cybercrime, but in a general sense, it has been used to describe any illegal activities conducted through the use of a computer or network of computers. Some researchers have emphasized that it is crime that takes place on the Internet, which has led to a more comprehensive definition of illegal computer-mediated activities that often take place in global electronic networks. Such crime includes computer hacking, Internet fraud, identity theft, and the illegal transfer of technologies. Increasingly, psychological research in this area also makes reference to cyberstalking, cyberterrorism, and Internet child pornography as examples of cybercrime.
Much of what is referred to as cybercrime might be thought of as traditional crime that is committed through the use of new tools. If we think of cybercrime in this way, we can see that many traditional crimes can be conducted with the Internet as a source of communication—for example, the sharing of pedophile information. The Internet has also opened up new opportunities for other traditional crimes, such as fraud and deception. In both these instances, the criminal activity is not dependent on the new technologies but is certainly aided and possibly transformed by them. There are many newer crimes that can only be perpetrated within cyberspace, among which are intellectual property theft, identity theft, and spamming. As new technologies occupy an increasingly large space in our lives, criminals are increasingly using them to engage in criminal activities. It may also be the case that the nature of the technologies, in particular the Internet, is a catalyst for the emergence of some criminal behaviors that might otherwise not have been evidenced.
Although there is lack of agreement as to what precisely constitutes a cybercrime, one element common to most definitions is that it involves the use of a computer. The computer may be the focus, or target, of the crime—for example, hacking or the use of a virus to infect a computer network. It may also be the tool used to commit the crime, such as downloading or distributing child pornography, or fraud. It may also be a medium for the use of materials gained through criminal activity, such as copyright theft of DVDs, where the person using the computer did not commit the original illegal act but subsequently engages in illegal activity. In this way, the computer might also be a source of invaluable forensic evidence.
The emergence of cybercrime has mirrored the development of the new technologies. A survey conducted in 2002 by the U.S. Federal Bureau of Investigation and the Computer Security Institute suggested that in the previous 12 months, 90% of business respondents had detected security breaches, from which 80% had suffered financial loss. It is of concern that a substantial number of these breaches were from people within the organization, and this has become a focus for some of the emerging research. What is it about the new technologies that increases the likelihood of people taking risks, breaching moral or ethical codes, and committing crimes? Such is the concern about the potential for widespread criminal activity that in 2001, 30 countries, including the United States, signed the Council of Europe Cybercrime Convention, which was the first multilateral instrument drafted to address the problems posed by the spread of criminal activity on computer networks. This Convention requires parties to establish laws against cybercrime, ensure that law enforcement agencies have the necessary procedural authority to investigate and prosecute cybercrime offenses, and provide international cooperation to other parties in the fight against computer-related crime.
Major Types of Cybercrime
Cybercrime has been broadly divided into two types, which might lie at opposite ends of a spectrum. The first type of cybercrime is often experienced as a discrete event by the victim and is facilitated by the introduction of crimeware programs, such as viruses or Trojan horses, into the user’s computer. Examples of this type of cybercrime might include identity theft and bank or credit card fraud based on stolen credentials. The second type of cybercrime, which lies at the other end of the spectrum, includes activities such as cyberstalking, child solicitation, blackmail, and corporate espionage. Viewed in this way, cybercrime represents a continuum ranging from crime that is almost entirely technological in nature to crime that is largely related to people. Sarah Gordon and Richard Ford divide cybercrime into two distinct categories: Type I cybercrime, which is mostly technological in nature, and Type II cybercrime, which has a more pronounced human element. The following is a brief description of some of the major types of cybercrime.
Computer hacking refers to the unauthorized access to a computer or computer network, which may or may not result in financial gain. For example, hackers may attack a network solely to protest against political actions or policies or simply to show that they can do it, but equally, it can be used to access bank accounts or data banks. The level of disruption caused may be localized within a given organization or may, for example, in extremis, potentially disrupt the availability of power to a large geographical area. Were this to occur, it would result in widespread social disruption, which may be motivated by ideology and which traditionally may have been seen as terrorist activity.
The illegal transfer of technology, or piracy, includes industrial espionage and the piracy of software, logo, and hardware designs. The perpetrator may be an individual (a young person sharing a program with a friend) or a network (a company installing software on multiple computers for which it owns a restricted license), and it may be enabled by others (such as a government). Its intended use may be financial, recreational, or for military or terrorist activities, and it may be motivated by a complex array of factors. The theft can breach contracts, trade secrets, and national and international laws involving copyrights.
Identity theft is broadly defined as the unlawful use of another’s personal identifying information (name, address, social security number, date of birth, registration number, taxpayer identification number, passport number, driver’s license information, or biometric information such as fingerprint, voiceprint, or retinal image). Such information is obtained in a variety of ways. Low-technology routes include theft of wallets or handbags or sifting through garbage to look for bank statements, utility bills, and so on. High-technology methods include skimming, where offenders use computers to read and store information encoded on the magnetic strip of an ATM or credit card. This information can be re-encoded onto another card with a magnetic strip. Identity thieves steal identities to commit an array of crimes, such as taking out loans, cash advances, and credit card applications, which may include large-scale operations such as taking control of entire financial accounts.
Spamming has also been identified as a cybercrime, although most of us would not generally consider it to be so. Spamming is the distribution of unsolicited bulk e-mails that contain an array of messages, including invitations to win money; obtain free products or services; win lottery prizes; and obtain drugs to improve health, well-being, or sexual prowess. David Wall has argued that spamming embodies all the characteristics of cybercrime in its global reach: networking capabilities; empowerment of the single agent through the (re)organization of criminal labor; and use of surveillant technologies, which creates small-impact bulk victimizations. Currently, over half of all e-mails are spam, and this constitutes a major obstacle to effective use of the Internet and its further development.
Cyberstalking generally refers to using the new technologies to harass or menace another person by engaging in behavior that persists in spite of another’s distress or requests that it should stop. It can take many forms, such as unsolicited hate mail, e-mail whose content is obscene or threatening, malicious messages posted in newsgroups, e-mail viruses, and electronic junk mail or spam. It is analogous to other forms of stalking but uses technology to achieve its aims and is motivated by a desire to gain control over the victim.
Online pornography is considered a cybercrime only when its content is illegal (such as abusive images of children). Criminal activity may relate to downloading, trading, and producing such images, although the criminality of the act will depend on the geographical location of both the material and the person accessing or distributing it. Some countries do not have laws that criminalize child pornography, and therefore an individual producing such images within that jurisdiction would not be seen to engage in cybercrime, but another individual in a country where such laws exist may access the images and thereby commit a criminal act. This highlights one of the difficulties in relation to cybercrime, in that while the Internet has no boundaries, legislation does. This has probably been the main impetus for the European Convention on Cybercrime.
It has been suggested that cyberspace opens up infinitely new possibilities and that with the right equipment, technical know-how, and inclination, you can go on a global shopping spree with someone else’s credit card, break into a bank’s security system, plan a demonstration in another country, and hack into the Pentagon—all on the same day. As Yvonne Jewkes and Keith Sharp note, going online undermines the traditional relationship between physical context and social situations, and this is coupled with perceived anonymity, access, and affordability. As a consequence, this increases disinhibition and risk taking, in part because through the new technologies we can constantly re-create ourselves. The Internet has also changed the boundaries of what constitutes acceptable, problematic, or deviant behavior.
Cybercriminals are not a homogeneous group, and while some criminal activities (such as stalking and engagement with child pornography) are more likely to be carried out by males, psychologists have noted that students, terrorists, amateurs, and members of organized crime have also been identified as being involved in cybercrime. The motivations for such criminal activities include revenge, a desire for notoriety, the technical challenge, monetary gain, or the promotion of ideology. As previously noted, the largest proportion of cybercrime is perpetrated by a company’s own employees and includes people with highly sophisticated technical skills and those who are relative novices.
Attempts to generate profiles or taxonomies of computer criminals have been limited in their scope. There is little empirical research in this area, but analyses of cybercrime subjects suggest that the majority are male, have at least a high school education, commit their crimes alone, and are students within the 18- to 23-year age range.
Responses to Cybercrime
The emergence of cybercrime has resulted in changes in legislation within and between jurisdictions, mirroring the fact that the new technologies are not limited by geographical boundaries. Indeed, the location of the offender in relation to the scene of the crime is an important characteristic. In traditional crime, such as burglary, the criminal is physically present at the scene of the crime. This is very different from cybercrimes, in which offenders not only are often not present but also may be located in another country. Cybercrime has also opened up many gray areas in terms of what constitutes a crime. For example, many people may engage in activities that they do not even realize are criminal, such as pirating software from a friend.
There are many challenges for the future in relation to cybercrime. Criminal activities on the Internet are not analogous to similar behavior in the physical world. The Internet enhances the potential for criminal and deviant behavior in several ways. The first of these relates to the dramatic increase in access to the Internet worldwide, providing limitless opportunities for criminal behavior and a vast marketplace for such activities. The Internet also provides a sense of anonymity or disconnectedness for the offender, lowering the risk of detention and reducing the level of physical risk normally associated with criminal activity. It also challenges traditional concepts of time and space.
- Gordon, S., & Ford, R. (2006). On the definition and classification of cybercrime. Journal in Computer Virology, 2(1), 13-20.
- Jewkes, Y., & Sharp, K. (2002). Crime, deviance and the disembodied self: Transcending the dangers of corporeality. In Jewkes (Ed.), Dot.cons: Criminal and deviant identities on the Internet (pp. 1-14). Cullompton, UK: Willan.
- Speer, D. L. (2000). Redefining borders: The challenges of cybercrime. Crime, Law & Social Change, 34, 259-273.
- Taylor, M., & Quayle, E. (2003). Child pornography: An Internet crime. Brighton, UK: Routledge.
- Wall, D. S. (2004). Digital realism and the governance of spam as cybercrime. European Journal on Criminal Policy and Research, 10, 309-335.