Cybercrime: the implications of unauthorised access, modification or impairment of data ‘hacking’ and legal recourse.
Introduction -
The internet and its ongoing technological revolution create new opportunities for criminals to continuously develop new ways of committing crimes.[1] One of the developments of internet-based crimes is colloquially known as “cybercrime”.[2] Payne states that cybercrime can be defined as a crime where a computer is the object of the crime or is used as a tool to commit an offence.[3] However, according to the Attorney-General’s Department, there is no universal definition of cybercrime, but the different definitions will determine estimates about the extent of cybercrime[4], with some preferring to consider cybercrime as an everchanging set of behaviours[5].
Urbas believes the global nature and technological advancements of the internet give rise to several contributing elements making the internet ideally suited to illegal activities, a dangerous space for users and a challenging domain for law enforcement and the judiciary.[6] According to Urbas, the elements of global reach, scale, anonymity, portability and ongoing technological changes make the internet a fertile ground for the spawning of crime.[7]
This essay draws from the literature to examine the challenges, implications and legal recourse of cybercrime, focusing on unauthorised access, modification or impairment of data or ‘hacking’ for short. To offer readers context, background about the offence of hacking is provided, followed by consideration of challenges hacking presents to law enforcement. To help grasp the implications of such crime, an analysis of existing criminal law responses and possible reform will be conducted. In extending the nature of such crime, a forward-looking consideration be provided accompanied by some forethoughts.
Background on the cybercrime of hacking -
The phenomenon of cybercrime is not new. In 1834, the Blanc brothers hacked the French telegraph system and stole information from the stock market; their actions constituted the world’s first cyberattack.[8] According to Krüger, the cybercrime problem emerged and grew as computing became more accessible and less expensive.[9] Clough asserts that the introduction of the internet facilitated the parallel growth of legitimate businesses and ameliorated criminals’ abilities to function in an environment that empowers them to broaden their access to potential targets and rapidly exploit unsuspecting victims at speed and scale.[10]
The Australian Signal Directorate defines hacking as “unauthorised access of a system or network, often to exploit a system’s data or manipulate its normal behaviour” by a hacker to misuse devices like computers, smartphones, tablets, and networks, causing damage to or corrupting systems, gathering information on users, stealing data and documents, or disrupting data-related activities.[11]
There are many definitions for the term hacker; however, there is no universal definition or consensus on the term based upon a literature review.[12] Taylor et al. state that hackers are individuals who gain unauthorised access to computers and exploit the weakness in the system.[13] Chandler claims that the label hacker has acquired the negative connotation of computer criminal and electronic vandal,[14] and Halbert refers to them as a national security threat and threat to intellectual property[15]. However, not all hackers are criminals, with Taylor et al. asserting that hacking can also be done legitimately when the so-called good hackers have permission to access the system to ensure that a company’s software is protected.[16]
According to Clough, the global nature, scale, and ubiquitous characteristics of the internet-enabled hackers to reach millions of potential victims anywhere in the world, at any time and costing them virtually very little to nothing at all.[17] Finklea suggests the growing ease of access to the internet makes it easy for both the hackers and users to interact, making what was face to face frauds and schemes to be conducted virtually across the country and the world.[18] Furthermore, Finklea also asserts that the ongoing advancement of the internet makes it easier for hackers to conduct hackings as the essentially borderless cyber domain creates complexity and hinders anti-crime efforts by law enforcement as they may not have the technological capabilities to keep pace with the accelerating crime proceedings.[19]
Lusthaus highlights the anonymity capability of the internet in providing hackers with the alluring incentive to do great harm, infiltrate systems from anywhere in the world, steal money, identities and data from unsuspecting victims.[20] Furthermore, Rainie et al. found that anonymity offers an added advantage for hackers to feverously commit illegal hacks as the process of creating an online account or fake profile on the internet does not require substantial identity verification.[21] According to Lim et al., a common variant of anonymity is pseudonymity, where another name than the actual author is shown, which can be desirable for one person (criminal) and not desirable for another person (victim).[22] Juels et al. contend that when implemented, anonymity makes it near impossible or very difficult to find or locate the real author of the source of communication, thereby masking criminal identities.[23]
Clough claims that the conduct of hacking is significantly bolstered through the ability to port and transfer data easily.[24] For example, the increase in capacity and reduction in the size of portable storage devices enable those committing illegal acts to have the wherewithal to store conspicuous amounts of data on small devices conveniently.[25] Pham et al. warn that dangerous hack tools with their payloads can be compiled into a portable format. In addition, Ruggiero and Foote urge vigilance as the increasing data capacity of mobile phones and portable computers becomes the norm, making users more vulnerable and attractive to hacking attacks as their data held on such devices act as significant sources of valuable information.[26]
The challenges hacking presents to law enforcement -
Several studies in recent years showed that cybercrime policing is a growing burden on law enforcement[27][28][29] with overlapping challenges in critical areas of technical knowledge and experience, operational jurisdiction and anonymity in litigating cybercrimes affecting businesses and private citizens.
According to Moon et al., criminal intents between cybercrime and traditional offending draw parallel motivations.[30] However, Byrne and Marx argue that the technical nature of cybercrime makes it fundamentally different from a law enforcement perspective than other forms of criminal behaviour.[31] In addressing the growing menace, concerns and complexity, law enforcement agencies are embracing specialised cybercrime policing units to quickly investigate and effectively respond.[32] For example, investigating and responding to the growing prevalence and severity of hacking offences require technical expertise as the cybercrime scenes are much broader, including all computers or persons affected.[33]
In hacking cases, the victims do not realise that a crime has been committed[34] because the skills set required to engage means that they are often challenging to detect, making such crimes more difficult to investigate even when reported to the police. To address this challenge, according to Marcum et al., training and development of specialised units are among the essential needs of law enforcement for investigating and prosecuting cybercrime offences.[35]
Brenner found that beyond the technically difficult challenges[36] of cybercrime investigation, the variable size and scope of cybercrime scenes are much broader and far-reaching, thereby posing jurisdictional issues for cybercrime investigators.[37] Broadhurst went further by advocating for new approaches to combating cybercrime as traditional crime-fighting methods are inadequate and ineffective in addressing the asymmetrical and cross-national nature of the novel crimes. [38]
Issues such as jurisdictional and sovereign borders, international standardisation of evidentiary requirements, mutual legal assistance on cybercrime matters, timely collection, preservation, and sharing of digital evidence between countries are presenting enormous difficulties for law enforcement - the disparities between countries’ cybercrime laws are posing substantial obstacles and impeding investigations.[39] For example, Broadhurst found through the Council for Security Cooperation Asia and Pacific that law enforcement agencies in many jurisdictions have been unable to respond effectively to cybercrime and even in the most advanced nations, ‘playing catch-up’ with cyber-savvy criminals as crimes committed via or with the aid of the internet can quickly impact victims in multiple state and national jurisdictions.[40]
Furthermore, Rohret and Kraft found that as cybercrimes continue to add new dimensions to illegality, the added challenge of hackers anonymising themselves to fearlessly engage in activities without revealing themselves and their actions to others make it difficult for law enforcement to track down sophisticated perpetrators as well as hindering timely detection and swift investigation.[41]
Taking steps to close the gap, Finklea calls for a substantial need for close coordination among law enforcement agencies; and the need to invest in technically trained and well-equipped personnel to gather evidence, investigate, and prosecute the crimes.[42]
Analysis of existing criminal law responses and possible reform -
There are international and regional treaties on cybercrime, with the Council of Europe Convention on Cybercrime “Convention”[43] being the primary international document regulating cybercrime and cyber threats. Established in 2001, the Convention has been ratified by 64 countries, and any country can join by invitation.[44] The purpose of the Convention “is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international cooperation”.[45]
Addressing the rapid growth of computer use, Australia acceded to the Convention that came into force on 1st March 2013[46] to facilitate the efficiency of information sharing with partner agencies in responding to cybercrime and addressing programming delinquency over the last couple of decades.[47]
The Convention criminalises illegal access, such as ‘hacking’, to send a clear signal that this conduct is illegal in itself and will be prosecuted. However, the broad nature of the Convention makes every electronic evidence central to nearly every crime[48] — effectively turning almost all crimes into cybercrime, creating substantial challenges for law enforcement.[49]
Written before the exponential growth in Internet usage and 20 years later, the world’s first cybercrime treaty is undergoing a much-needed update to encompass the development of cloud computing and the digitalisation of interactions.[50] As a reform to the Convention, considerations are being given to five major provisions being[51]:
Of the five proposed provisions, Article 4 is considered the most substantial and far-reaching. The proposed Article 4 provides a mechanism by which law enforcement in one country can directly demand subscriber information from another country without going through official channels. If adopted, it may create a precedent for the expedient acquisition of content data such as traffic and location residing across borders where it currently needs mutual legal assistance or diplomatic channels to obtain.
In Australia, hacking is criminalised under the Criminal Code Act 1995 (Cth), “the Code” based on the Convention. The Code was amended by the Cybercrime Act 2001 (Cth) “Act” (Part 10.7) to criminalise computer hacking activities along with other cybercrimes such as denial of service attacks, the spreading of computer viruses, interfering with websites – as well as regulating these offences and providing remedies to victims.[52]
For Federal jurisdiction, computer-related offences relating to unauthorised access, modification, or impairment of data and restricted data are criminalised under sections 477.1, 477.2 and 478.1 of the Code with heavy penalties. Persons suspected of hacking computer systems are charged pursuant to s478.1 of the Code. An offence under the Code requires three elements of proof, and the offence is considered committed where (i) a person causes any unauthorised access to or modification of restricted data[53] (ii) the person intends to cause the access or modification and (iii) the person knows that the access or modification is unauthorised.
Due to the scope and borderless nature of cybercrime, Australia’s cybercrime law also extends the geographic reach of the provisions to criminal activity which occurs wholly or partly in Australia, on board an Australian aircraft or ship, and in certain circumstances to the conduct of Australian nationals abroad. Therefore, exposure to penalties outside the jurisdiction where an individual or business is physically located is a real possibility.
At the State level, the introduction of the Act helped to achieve uniformity where Victoria[54], South Australia[55], New South Wales[56], the Australian Capital Territory[57] implemented laws similar to the Code with the Northern Territory[58] law loosely based on the same model.[59] The State jurisdiction of Queensland[60] introduced legislation in 1997 to deal with computer hacking and misuse, Western Australia follows s440A of the Criminal Code, and Tasmania[61] adopts the recommendations of Gibbs 1998[62], having different laws regulating hacking offences.[63]
As the law on cybercrime for Victoria, South Australia, New South Wales, the Northern Territory and the Australian Capital Territory follows the Model Criminal Code and by establishing computer offences materially similar to the federal provisions, Queensland, Tasmania, and Western Australia were less aligned as they focus on computer hacking and misuse offences.[64] Given the differing approach by the States, there are opportunities for the harmonisation of law between them by establishing a national working group on cybercrime that will maintain an ongoing dedicated mechanism for the review and development of legislative responses in line with the Federal law.[65]
Furthermore, with the introduction of the Cybercrime Legislation Amendment Act 2012 (Cth) “CLAA” in August 2012, the CLAA paved the way for Australia to meet all of the Cybercrime Convention requirements.[66] Before the introduction of the CLAA, it was only an offence to cause unauthorised impairment of the reliability, security or operation of data on a computer disk, credit card, or other storage devices if the Commonwealth owned that device.[67] The introduction of the CLAA resulted in the removal of all previous restrictions making it an offence to conduct such acts on any device.[68]
While the Act ensconces the various types of cybercrime and its provisions are consistent with the Convention to protect against cybercrime and prosecute cybercriminals, it was not given sufficient consideration before presentation to Parliament. As a result, the Act created significant ambiguities and unexplained omissions, leaving a tremendous number of the Act’s details to be interpreted by the courts.[69]. For example:
The scope of the proposed offences - The offences were too broad and need to be sufficiently precise to ensure application only to genuine criminal behaviour. McCullagh and McEniery argue that activities such as penetration testing and ethical attacks without authority will technically offend the provisions despite the intention behind them, putting the IT community at risk of prosecution for doing legitimate work.[70]
Broad investigative powers and the potential abuse of power - John Corker raises concerns about the scope of the proposed new investigative powers[71] and, in particular, concerns expressed by James on how section 3LA removes the constraint of the location of police search and seize power.[72]
Definitions - Chan et al. highlight the overly broad definitions in the legislation citing the definitions of “restricted data” and “authorisation”, along with the mental elements of the offences (being intent, knowledge and recklessness), and the actions that constitute an offence (being unauthorised access, modification and impairment) as the major pitfalls of Schedule 1 of the legislation.[73]
Privacy issues - Australian Privacy Foundation suggests that the Bill extended beyond what is necessary for mere accession to the Convention and that the extensions are ‘highly privacy-abusive’,[74] meaning that law enforcement provisions may result in the privacy of individuals being infringed.
Predictions for the future and evaluation -
Standing State and Federal law practices are adequate in prosecuting offenders with Australia having a varied collection of provisions that address situations related to cybercrime.[75] However, Australia has a mixed record of success concerning cybercrime, as the international nature of the internet and the adaptability of networks and software tools continues to challenge the effectiveness of traditional law enforcement approaches.[76] Looking forward, the malicious use of artificial intelligence (AI) in hacking[77] and state-sponsored hacking[78] are two emerging threats requiring close observations and proactive response.
The use of AI in hacking - Cybercrime laws and legislation need to evolve to keep pace with the everchanging face of cybercrime as it will continue to be a major problem with new risks constantly emerging. Comiter asserts that due to the complicated, sophisticated nature and ever-evolving process of cybercrime, the severity of the crime can be understated and under-evaluated with the advancements in technology such as AI.[79]
Wolff informs that through the use of scalable AI systems, the impact of hacking attacks can be severe as AI systems can complete tasks 24 hours a day, seven days a week for as long as desired without the need for human labour, intelligence and expertise.[80] This would result in the exponential expansion of the set of hacking actors who can expeditiously carry out particular attacks, at a ferocious rate[81], on a large set of potential targets.[82] Furthermore, new attacks may arise through the use of AI systems to complete tasks that would be otherwise impractical for humans.[83]
Considering the first principle of state sovereignty,[84] the complexity and challenges of pursuing and prosecuting hackings by AI based on the doctrines of ubiquity[85] and effects[86] are creating immense difficulties for law enforcement relating to jurisdictional conflict when dealing with the principles of “aut locus delicti”[87] and “aut dedere aut judicare”.[88] Another challenge is dealing with loopholes like non-harmonisation of domestic laws with international laws or leeway given to State activities and their non-prosecution. [89]
State-sponsored hacking - According to most scholars, the nature of the cyber-world seems to favour the offensive.[90] With cyber-attacks costing very little compared to traditional military operations, States can directly employ hackers through their militaries and government authorities.[91] Moynihan argues that hackers are digitally conscripted by military and government officials to bolster their nation’s cyber security capabilities and potentially carry out cyber offensives against foreign enemy States.[92] ?According to Finlay and Payne, a significant challenge for legal recourse is the problem of attribution.[93]
For a nation State to be held responsible under international law for hacking, the act must be attributable to that State.[94] However, in the case of cyberattacks, States do not operate through formal State bodies; instead, they use non-state actors who are less visible, more removed and offer plausible deniability.[95] Moynihan argues that such practice creates problems of both factual and legal attribution as international law does not generally hold States responsible for the actions of non-state actors.[96] According to Finlay and Payne, given these problems, it is implausible that a State will ever be held publicly accountable for hacking under the existing legal framework.[97]
Conclusion -
Cybercrimes such as hacking will continue to be an increasing and evolving threat leading many to speculate that cybercrime will outnumber traditional crimes not too far in the distant future.[98] Given the lack of jurisdiction, hacking crimes are not a national problem but an international one requiring coordinated attention and focus toward long-term solutions.[99]
The Council of Europe Convention on Cybercrime points the way towards transnational cooperation for criminalising certain behaviours and pursuing those responsible. However, there is an opportunity to resolve the issues of international jurisdiction and adopting a common approach to attribution as promising ways to increase the risks associated with performing cybercrime, quantifying the damage caused by cybercrime and therefore providing a way to reduce the prevalence of cybercrime in the long term.[100]
Australian criminal law, substantive and procedural, is well developed, but that legal policy in this field must ensure an appropriate focus on the transnational nature of cyber-crime and the challenges of digital evidence.[101] Furthermore, any national legal response will have only limited utility in combating the international menace of cybercrimes when factoring in the application of law to State-sponsored cyberattacks.[102]
Without a doubt, the ability to better detect, deter, and respond to hacking threats is crucial to the economic future of Australia and the fabric of our humanity on the international level. As we continue to develop and embrace the internet, law enforcement agencies need to keep pace with new technologies to understand the possibilities they create for criminals and how they can be used as tools for fighting cybercrime.
?
REFERENCES
1.??????Australian Privacy Foundation, Cybercrime Legislation Amendment Bill 2011, Submission to the Joint Standing Committee on Cyber-Safety, (Aug 2011) <https://bit.ly/3trTJ3z>
2.??????Australian Signal Directorate, ‘Hacking’ (21st May 2020), Australian Cyber Security Centre <https://bit.ly/3DGziEN>
3.??????Bossler, Adam, and Holt, Thomas, ‘Patrol officers’ perceived role in responding to cybercrime’ (2nd Mar 2012) Policing: An International Journal of Police Strategies and Management 35(1): 165-181 <https://bit.ly/38NXR4t>
4.??????Brenner, Susan, ‘Cybercrime jurisdiction’ (Dec 2006), Crime, Law and Social Change, 46(4-5), 189-206 <https://bit.ly/3zVjXOc>
5.??????Brenner, Susan, ‘Cybercrime Investigation and Prosecution: The Role of Penal and Procedural Law’ (Jun 2001), AUSTLII, Murdoch University Electronic Journal of Law, Volume 8, Number 2 <https://bit.ly/2Xd25zL>
6.??????Broadhurst, Roderic, ‘Developments in the global law enforcement of cyber-crime’ (Jul 2006), Policing An International Journal of Police Strategies and Management 29(3) <https://bit.ly/3yVzz2Q>
7.??????Byrne, James and Marx, Gary, ‘Technological Innovations in Crime Prevention and Policing. A Review of the Research on Implementation and Impact’ (Mar 2011), Cahiers Politiestudies Jaargang nr. 20 p. 17-40 <https://bit.ly/3BVqU2k>
8.??????Chan, Nelson et al, ‘The threat of the Cybercrime Act 2001 to Australian IT professionals’ (2003), The University of Melbourne, 25-33 <https://bit.ly/3BWlaW1>
9.??????Chandler, Amanda, ‘The Changing Definition and Image of Hackers in Popular Discourse’ (Jun 1996), International Journal of the Sociology of Law, Science Direct <https://bit.ly/3kUQVrD>
10.???Clough, Jonathan, Principles of Cybercrime (Cambridge University Press, 2015) <https://bit.ly/2UNcUYI>
11.???Clough, Jonathan, “A world of difference: The Budapest convention on Cybercrime and the challenges of harmonisation” (2014), Monash Law Review, pp 698 to 736 <https://bit.ly/3zYUjIq>
12.???Comiter, Marcus, ‘Attacking Artificial Intelligence: AI’s Security Vulnerability and What Policymakers Can Do About It’ (Aug 2019), Belfer Center for Science and International Affairs, Harvard Kennedy School <https://bit.ly/3z1VYf7>
13.???Daskal, Jennifer, ‘Law Enforcement Access to Data Across Borders: The Evolving Rights & Security Issues’ (2016), Articles in Law Reviews and Other Academic Journals <https://bit.ly/3DYRGsC>
14.???Daskal, Jennifer et al, ‘The Globalization of Criminal Evidence’ (16th Oct 2018), IAPP <https://bit.ly/3jUqUcQ>
15.???Eilstrup-Sangiovanni, Mette, ‘Why the World Needs an International Cyberwar Convention’ (21st Jul 2017), Philosophy and Technology <https://bit.ly/394LAZe>
16.???Finklea, Kristin, ‘The Interplay of Borders, Turf, Cyberspace, and Jurisdiction: Issues Confronting US Law Enforcement’ (17th Jan 2013), Congressional Research Service <https://bit.ly/3n2nxSY>
17.???Finlay, Lorraine and Payne, Christian, “Why international law is failing to keep pace with technology in preventing cyber attacks’ (20th Feb 2019), The Conversation <https://bit.ly/3EaO9r0>
18.???Goucher, Wendy, ‘Being a cybercrime victim’ (Oct 2010), Computer Fraud & Security, 16–18 <https://bit.ly/38TTq81>
19.???Harkin, Diarmaid et al, ‘The challenges facing specialist police cyber-crime units: an empirical analysis’ (Nov 2018), Police Practice and Research, 19(6), pp. 519-536 <https://bit.ly/3nfnWSj>
20.???James, Nikolas, ‘Handing over the keys: Contingency, power and resistance in the context of Section 3LA of the Australian Crimes Act 1914’ (2004), The University of Queensland Law Journal <https://bit.ly/38ZIjuc>
21.???John, Andrew, ‘Hacking AI: A primer for policy makers on machine learning cybersecurity’ (Dec 2020), Center for Security and Emerging Technology < https://bit.ly/2YMJM5v>
22.???Krüger, Hans Christian, Scene of Cybercrime (Computer Forensics Handbook, Elsevier, 2002) <https://bit.ly/3BEPtk3>
23.???Layton, Robert, ‘Relative Cyberattack Attribution’ (5th Feb 2016), Automating Open-Source Intelligence, Syngress, Pages 37-60 <https://bit.ly/3hr2bLv>
24.???Lim, Dongwon et al, ‘The Value of Anonymity on the Internet’ (May 2011), In: Jain H., Sinha A.P., Vitharana P. (eds) Service-Oriented Perspectives in Design Science Research. DESRIST 2011. Lecture Notes in Computer Science, vol 6629. Springer <https://bit.ly/2WT96WS>
25.???Loveday, Bill, ‘Still plodding along? The police response to the changing profile of crime in England and wales’ (12th Apr 2017), International Journal of Police Science and Management 19(2), 101-09 <https://bit.ly/3BSZ4DT>
26.???Lusthaus, Jonathan, Industry of Anonymity: Inside the Business of Cybercrime (Harvard University Press, 2018)
27.???Marcum, Catherine et al, ‘Policing possession of child pornography online: Investigating the training and resources dedicated to the investigation of cybercrime’ (1st Dec 2010), International Journal of Police Science and Management, 12, 516–525 <https://bit.ly/3jVgo4Z>
28.???Moon, Byongook et al, ‘A general theory of crime and computer crime: An empirical test’ (Jul-Aug 2010), Journal of Criminal Justice, 38, 767–772 <https://bit.ly/38S9Huk>
29.???Moynihan, Harriet, ‘The application of international law to State cyberattacks: Sovereignty and Non-intervention’ (Dec 2019), Chatham House, the Royal Institute of International Affairs <https://bit.ly/3AgQezi>
30.???Parliament of the Commonwealth of Australia, ‘Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime the Report of the Inquiry into Cyber Crime’ (June 2010), House of Representatives Standing Committee on Communications, chapter 6 <https://bit.ly/3laQiui>
31.???Payne, Brian, ‘Defining Cybercrime’ (6th Jun 2020), SpringerLink <https://bit.ly/38fMdyI>
32.???Peters, Allison and Jordan, Amy, ‘Countering the Cyber Enforcement Gap: Strengthening Global Capacity on Cybercrime’ (27th May 2020), Thirdway Cyber Enforcement Initiative <https://bit.ly/3E8HrC3>
33.???Rainie, Lee et al, ‘The Future of Free Speech, Trolls, Anonymity and Fake News Online’ (29th Mar 2017), Pew Research Center <https://pewrsr.ch/38FVnoE>
34.???Rickli, Jean-Marc, ‘The impact of autonomy and artificial intelligence on strategic stability’ (Jul-Aug 2018) UN Special pp. 32-33 <https://bit.ly/3tuhyYw>
35.???Rohret, David, and Kraft, Michael, ‘Catch Me If You Can: Cyber Anonymity’ (2011), Journal of Information Warfare Vol. 10, No. 2 (2011), pp. 11-21 <https://bit.ly/3hcuc9K>
36.???Ruggiero, Paul and Foote, Jon, ‘Cyber Threats to Mobile Phones’ (2011), Carnegie Mellon University. Produced for US-CERT <https://bit.ly/3kZmkcO>
37.???Suiter, Tad, ‘Why “Hacking”?’ (2013), Hacking the Academy: New Approaches to Scholarship and Teaching from Digital Humanities, edited by Daniel J. Cohen and Tom Scheinfeldt, University of Michigan Press, pp. 6–10. JSTOR <https://bit.ly/2VfzsBv>
38.???Swinson, John et al, ‘Australia’s cybercrime legislation’ (8th May 2014), Association of Corporate Counsel <https://bit.ly/3BToCkj>
39.???Taylor, Robert et al, Digital Crime and Digital Terrorism 3rd Edition (Upper Saddle River, Pearson, 2015)
40.???Urbas, George, Cybercrime Legislation: Cases and Commentary (LexisNexis Butterworths, ProQuest Ebook Central, 2020), <https://bit.ly/3jK3kj6>
41.???Willits, Dale, and Nowacki, Jeffrey, ‘The use of specialized cybercrime policing units: an organizational analysis’ (15th Apr 2016) Criminal Justice Studies 29(2): 105-124 <https://bit.ly/3zVEOBb>
42.???Wolff, Josephine, ‘How to improve cybersecurity for artificial intelligence’ (9th Jun 2020), Brookings Center for Technology Innovation <https://brook.gs/38VrtwI>
[1] James Byrne and Gary Marx, ‘Technological Innovations in Crime Prevention and Policing. A Review of the Research on Implementation and Impact’ (2011) Cahiers Politiestudies Jaargang, nr. 20 p. 17-40 <https://bit.ly/3zJgTEF>
[2] Jonathan Clough, Principles of Cybercrime (Cambridge University Press, 2015) <https://bit.ly/2UNcUYI>
[3] Brian Payne, ‘Defining Cybercrime’ (6th Jun 2020), SpringerLink <https://bit.ly/38fMdyI>
领英推荐
[4] Ibid.
[5] Attorney-General’s Department, ‘National Plan to Combat Cybercrime’, (2013) at [4].This definition was taken from the Protocol for Law Enforcement Agencies on Cybercrime Investigations developed by the National Cybercrime Working Group
[6] Gregor Urbas, Cybercrime Legislation: Cases and Commentary (LexisNexis Butterworths, ProQuest Ebook Central, 2020), <https://bit.ly/3jK3kj6>
[7] Ibid.
[8] Gerard Holzmann, ‘Taking Stock’ (15th Sep 1999), Inc.<https://bit.ly/2VfjHKR>
[9] Hans Christian Krüger, Scene of Cybercrime (Computer Forensics Handbook, Elsevier, 2002) <https://bit.ly/3BEPtk3>
[10] Ibid. (n2)
[11] Australian Signal Directorate, ‘Hacking’ (21st May 2020), Australian Cyber Security Centre <https://bit.ly/3DGziEN>
[12] Tad Suiter, ‘Why “Hacking”?’ (2013), Hacking the Academy: New Approaches to Scholarship and Teaching from Digital Humanities, edited by Daniel J. Cohen and Tom Scheinfeldt, University of Michigan Press, pp. 6–10. JSTOR <https://bit.ly/2VfzsBv>
[13] Robert Taylor, Eric Fristsch and John Liderbach, Digital Crime and Digital Terrorism 3rd Edition (Upper Saddle River, Pearson, 2015)
[14] Amanda Chandler, ‘The Changing Definition and Image of Hackers in Popular Discourse’ (Jun 1996), International Journal of the Sociology of Law, Science Direct <https://bit.ly/3kUQVrD>
[15] Debora Halbert, ‘Discourses of Danger and Computer Hacker’ (29th Jul 2006), The Information Society, 13:4, 361 374 <https://bit.ly/2WNKvlS>
[16] Ibid. (n13)
[17] Ibid. (n2)
[18] Kristin Finklea, ‘The Interplay of Borders, Turf, Cyberspace, and Jurisdiction: Issues Confronting US Law Enforcement’ (17th Jan 2013), Congressional Research Service <https://bit.ly/3n2nxSY>
[19] Ibid.
[20] Jonathan Lusthaus, Industry of Anonymity: Inside the Business of Cybercrime (Harvard University Press, 2018)
[21] Lee Rainie, Janna Anderson and Jonathan Albright, ‘The Future of Free Speech, Trolls, Anonymity and Fake News Online’ (29th Mar 2017), Pew Research Center <https://pewrsr.ch/38FVnoE>
[22] Dongwon Lim, Hangjung Zo and Dukhee Lee, ‘The Value of Anonymity on the Internet’ (May 2011), In: Jain H., Sinha A.P., Vitharana P. (eds) Service-Oriented Perspectives in Design Science Research. DESRIST 2011. Lecture Notes in Computer Science, vol 6629. Springer <https://bit.ly/2WT96WS>
[23] Ari Juels, Iddo Bentov and Ittay Eyal, ‘By Concealing Identities, Cryptocurrencies Fuel Cybercrime’ (26th Sep 2017), The Conversation <https://bit.ly/3tbSSE2>
[24] Ibid. (n2)
[25] Dung Pham, Ali Syed and Azeem Mohammad, ‘Threat Analysis of Portable Hack Tools from USB Storage Devices and Protection Solutions’ (Jul 2010), International Conference on Information and Emerging Technologies <https://bit.ly/3gX0fu7>
[26] Paul Ruggiero and Jon Foote, ‘Cyber Threats to Mobile Phones’ (2011), Carnegie Mellon University. Produced for US-CERT <https://bit.ly/3kZmkcO>
[27] Diarmaid Harkin, Chad Whelan and Lennon Chang, ‘The challenges facing specialist police cyber-crime units: an empirical analysis’ (Nov 2018), Police Practice and Research, 19(6), pp. 519-536 <https://bit.ly/3nfnWSj>
[28] Barry Loveday, ‘Still plodding along? The police response to the changing profile of crime in England and wales’ (12th Apr 2017), International Journal of Police Science and Management 19(2), 101-09 <https://bit.ly/3BSZ4DT>
[29] Adam Bossler and Thomas Holt, ‘Patrol officers’ perceived role in responding to cybercrime’ (2nd Mar 2012) Policing: An International Journal of Police Strategies and Management 35(1): 165-181 <https://bit.ly/38NXR4t>
[30] Byongook Moon, John McCluskey and Cynthia McCluskey, ‘A general theory of crime and computer crime: An empirical test’ (Jul-Aug 2010), Journal of Criminal Justice, 38, 767–772 <https://bit.ly/38S9Huk>
[31] James Byrne and Gary Marx, ‘Technological Innovations in Crime Prevention and Policing. A Review of the Research on Implementation and Impact’ (Mar 2011), Cahiers Politiestudies Jaargang nr. 20 p. 17-40 <https://bit.ly/3BVqU2k>
[32] Dale Willits and Jeffrey Nowacki, ‘The use of specialized cybercrime policing units: an organizational analysis’ (15th Apr 2016) Criminal Justice Studies 29(2): 105-124 <https://bit.ly/3zVEOBb>
[33] Harriet Moynihan, ‘The application of international law to State cyberattacks: Sovereignty and Non-intervention’ (Dec 2019), Chatham House, the Royal Institute of International Affairs <https://bit.ly/3AgQezi>
[34] Wendy Goucher, ‘Being a cybercrime victim’ (Oct 2010), Computer Fraud & Security, 16–18 <https://bit.ly/38TTq81>
[35] Catherine Marcum, George Higgins, Tina Freiburger and Melissa Ricketts, ‘Policing possession of child pornography online: Investigating the training and resources dedicated to the investigation of cybercrime’ (1st Dec 2010), International Journal of Police Science and Management, 12, 516–525 <https://bit.ly/3jVgo4Z>
[36] For example, some cybercrime scenes often appear temporarily and quickly disappear posing difficulties in the evidence collection process as part of the cybercrime investigation.
[37] Susan Brenner. ‘Cybercrime jurisdiction’ (Dec 2006), Crime, Law and Social Change, 46(4-5), 189-206 <https://bit.ly/3zVjXOc>
[38] Roderic Broadhurst, ‘Developments in the global law enforcement of cyber-crime’ (Jul 2006), Policing An International Journal of Police Strategies and Management 29(3) <https://bit.ly/3yVzz2Q>
[39] Ibid. (n18)
[40] Ibid. (n38)
[41] David Rohret and Michael Kraft, ‘Catch Me If You Can: Cyber Anonymity’ (2011), Journal of Information Warfare Vol. 10, No. 2 (2011), pp. 11-21 <https://bit.ly/3hcuc9K>
[42] Ibid. (n39)
[43] Council of Europe, Convention on Cybercrime (ETS No. 185, Budapest, 23 November 2001)
[44] “Currently, the Convention has been … ratified by 64 countries, … including several countries outside the European region.” Council of Europe, CCDCOE <https://bit.ly/3nfljzT>
[45] Council of Europe, Convention on Cybercrime, Details of Treaty No. 185 <https://bit.ly/3ngATew>
[46] Extradition (Cybercrime) Regulation 2013 (SLI NO 3 OF 2013) <https://bit.ly/2X3QFye>
[47] John Swinson, Kirsten Bowe and Anthony McKew, ‘Australia’s cybercrime legislation’ (8th May 2014), Association of Corporate Counsel <https://bit.ly/3BToCkj>
[48] Jennifer Daskal, Peter Swire and Théodore Christakis, ‘The Globalization of Criminal Evidence’ (16th Oct 2018), IAPP <https://bit.ly/3jUqUcQ>
[49] Ibid.
[50] Cybercrime Convention Committee (T-CY), ‘Preparation of a 2nd Additional Protocol to the Budapest Convention on Cybercrime’ (1st Oct 2019), Council of Europe <https://bit.ly/3E21vpN>
[51] Ibid.
[52] Cybercrime Bill 2001 <https://bit.ly/3zWRVCb>
[53] Means data to which access is restricted by way of an access control system associated with the function of the computer.
[54] s247B/ s247C/ s247G of Crimes Act 1958
[55] s86E/ S86F of Criminal Law Consolidation
[56] s308C/ s308D/ s308H of Crimes Act 1900
[57] s415/ s416/ s420 of Criminal Code 2002
[58] s276C Criminal Code Act
[59] Ibid. (n6)
[60] s408E Criminal Code Act 1899
[61] s257C/ s257E of Criminal Code Act 1924
[62] Harry Gibbs, The review of Commonwealth criminal law: interim report on computer crime (1988) Canberra: Attorney-General's Department
[63] Ibid. (n6)
[64] Parliament of the Commonwealth of Australia, ‘Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime the Report of the Inquiry into Cyber Crime’ (June 2010), House of Representatives Standing Committee on Communications, chapter 6 <https://bit.ly/3laQiui>
[65] Ibid.
[66] Mark Gregory, ‘Cybercrime bill makes it through – but what does that mean for you?’ (23rd Aug 2012) The Conversation <https://bit.ly/2VA8apO>
[67] Cybercrime Legislation Amendment Bill 2011 <https://bit.ly/2XfdlMt>
[68] Ibid.
[69] Ibid. (n66)
[70] Adrian McCullagh and Martin McEniery, ‘Cybercrime Act: some unforeseen consequences’ (xx), FindLaw Australia <https://bit.ly/3AdDSbz>
[71] John Corker, ‘Submission #3 - Submission on Cybercrime Bill 2001. Letter to the Secretary, Senate Legal and Constitutional Committee’ (18th Jul 2001), Communications Law Center <https://bit.ly/3A4NpS0>
[72] Nikolas James, ‘Handing over the keys: Contingency, power and resistance in the context of Section 3LA of the Australian Crimes Act 1914’ (2004), The University of Queensland Law Journal <https://bit.ly/38ZIjuc>
[73] Nelson Chan, Simon Coronel and Yik Chiat Ong, ‘The threat of the Cybercrime Act 2001 to Australian IT professionals’ (2003), The University of Melbourne, 25-33 <https://bit.ly/3BWlaW1>
[74] Australian Privacy Foundation, Cybercrime Legislation Amendment Bill 2011, Submission to the Joint Standing Committee on Cyber-Safety, (Aug 2011) <https://bit.ly/3trTJ3z>
[75] FindLaw, Cybercrime (2016) <https://bit.ly/3hnc64C>
[76] Ibid.
[77] Andrew Lohn, ‘Hacking AI: A primer for policy makers on machine learning cybersecurity’ (Dec 2020), Center for Security and Emerging Technology < https://bit.ly/2YMJM5v>
[78] Edvardas Mikalauskas, ‘The world’s most dangerous state-sponsored hacker groups’ (16th Feb 2021), Cybernews <https://bit.ly/2YBz7dF>
[79] Marcus Comiter, ‘Attacking Artificial Intelligence: AI’s Security Vulnerability and What Policymakers Can Do About It’ (Aug 2019), Belfer Center for Science and International Affairs, Harvard Kennedy School <https://bit.ly/3z1VYf7>
[80] Josephine Wolff, ‘How to improve cybersecurity for artificial intelligence’ (9th Jun 2020), Brookings Center for Technology Innovation <https://brook.gs/38VrtwI>
[81] At a technology expo, a human hacker and a sophisticated computer that is capable of machine learning each attempted to spear-phish as many victims as possible through Twitter. For two hours, both entities refined their message in an effort to be more effective against the target. At approximately 1.075 tweets per minute, the human was able to make 129 tweets, 49 of which were successful. The computer was able to make 810 tweets in two hours, which is about 6.75 tweets per minute. In that time, 275 victims were converted.
[82] Ibid. (n80)
[83] Bruce Schneier, ‘Hackers used to be humans. Soon Ais will hack humanity’ (19th Apr 2021), Belfer Center for Science and International Affairs, Harvard Kennedy School <https://bit.ly/3hmZ8nG>
[84] Dictating what states can do and how impacted states may respond.
[85] A country can claim jurisdiction over offences for which the preparatory or initial acts of the offence.
[86] Allows the country to claim jurisdiction over offences based on the effect that the offense has on the country; including ?aiding and abetting.
[87] Scene of the crime - Article 22 (1) of Convention on Cybercrime <https://bit.ly/2VADN2s>
[88] Either extradite or prosecute - Article 22 (3) of Convention on Cybercrime <https://bit.ly/2VADN2s>
[89] Jonathan Clough, “A world of difference: The Budapest convention on Cybercrime and the challenges of harmonisation” (2014), Monash Law Review, pp 698 to 736 <https://bit.ly/3zYUjIq>
[90] Jean-Marc Rickli, ‘The impact of autonomy and artificial intelligence on strategic stability’ (Jul-Aug 2018) UN Special pp. 32-33 <https://bit.ly/3tuhyYw>
[91] Adam Vincent, ‘State-sponsored hackers: the new normal for business’ (Sep 2017), Network Security, Issue 9, Pages 10-12 <https://bit.ly/3C6b1X9>
[92] Ibid. (n33)
[93] Lorraine Finlay and Christian Payne, “Why international law is failing to keep pace with technology in preventing cyber attacks’ (20th Feb 2019), The Conversation <https://bit.ly/3EaO9r0>
[94] Ibid.
[95] Ibid. (n93)
[96] Ibid. (n92)
[97] Ibid. (n93)
[98] Statistical Bulletin 34, ‘Estimating the cost of pure cybercrime to Australian individuals’ (Jul 2021), Australian Institute of Criminology <https://bit.ly/3A9UJfa>
[99] Allison Peters and Amy Jordan, ‘Countering the Cyber Enforcement Gap: Strengthening Global Capacity on Cybercrime’ (27th May 2020), Thirdway Cyber Enforcement Initiative <https://bit.ly/3E8HrC3>
[100] Robert Layton, ‘Relative Cyberattack Attribution’ (5th Feb 2016), Automating Open-Source Intelligence, Syngress, Pages 37-60 <https://bit.ly/3hr2bLv>
[101] Susan Brenner, ‘Cybercrime Investigation and Prosecution: The Role of Penal and Procedural Law’ (Jun 2001), AUSTLII, Murdoch University Electronic Journal of Law, Volume 8, Number 2 <https://bit.ly/2Xd25zL>
[102] Mette Eilstrup-Sangiovanni, ‘Why the World Needs an International Cyberwar Convention’ (21st Jul 2017), Philosophy and Technology <https://bit.ly/394LAZe>