Chapter 8

Cybercrimes: an overview of contemporary challenges and impending threats

Kimberly A. DeTardo-Bora
Dhruba J. Bora    Marshall University, WV, USA

Abstract

The increase in technology-based devices and Internet capabilities presents an inevitable demand to police computer-perpetrated crimes more than ever. However, an understanding of the prevalence of cybercrimes and the research about the motivation behind these crimes is limited. Law enforcement agencies and digital forensic analysts face extraordinary challenges that hopefully can be met with specialized training, improved and increased resources, along with interagency cooperation, in an effort to combat these crimes. In brief, this chapter focuses on some of the most current cybercrimes such as hacking, identity theft and fraud, child sexual exploitation and online pornography, as well as cyberstalking and digital harassment. Future threats are addressed, and the chapter ends with a discussion about future issues for law enforcement and digital forensic professionals.

Keywords

digital forensics
law enforcement
training
hacking
identity theft
fraud
child sexual exploitation
online pornography
cyberstalking
digital harassment
Presently, over 3 billion people in the world use the Internet (Real Time Statistics Project, 2015), which translates into 40% of the world population. In the United States alone, nearly 86% of the population is connected to the Internet. Not surprisingly, our global landscape has changed in such a way that now mobile devices such as cell phones, tablets, and laptop computers have surpassed the number of people in the world (GSMA, 2015; Mack, 2014). This increase in technology-based devices and Internet capabilities coincides with an increase in computer-perpetrated crimes and the need to police these crimes more than ever.
Estimates from the Symantec Group (2012) claim that computer crimes cost 110 billion dollars annually, while McAfee estimates the costs ranging from $300 billion to one trillion dollars per year (McAfee, 2013). While it is difficult to identify the true costs of computer crimes, it is even more difficult to predict the number of computer crimes that plague our justice system as there is no single entity to track or compile data regarding all computer crimes currently. However, to some extent, we have an understanding of some victims who have been targets of fraudulent activities via the Internet, which is described later in this chapter.
Aside from knowing little about the true amount of computer crimes and the true costs, another challenge is how computer crime is defined, when the term itself is so broad in scope. Furthermore, the computer can be used in the commission of a crime (as a tool or weapon to disseminate a virus or hack into a secure network) and the computer can be the target or subject of a crime (the computer hardware or software is victimized or a person’s computer property is the victim). This distinction also has prompted numerous debates among scholars about whether computer crimes are simply “new wine in old bottles” (Grabosky, Smith, & Dempsey, 2001) or “new wine in no bottles” (Wall, 2007). Regardless of where one stands on this debate, it is reasonable to assume that the Internet and new-age technologies provide an increased opportunity for criminal activity to occur. Harmful information can easily be circulated and distributed, explicit material can be traded, and individuals can be preyed upon using fraudulent schemes.
This chapter focuses on combating cybercrimes, contemporary cybercrimes, and threats, and ends with a discussion about future issues for law enforcement and digital forensic professionals. The term cybercrime is used at this point forward; however, this term is more a creation of the media with no real reference point in the law. Linguistically, it has been adopted so widely that it has now become embedded in mainstream culture, mass media, and our current professional discourse.

Combating cybercrimes

A wave of organized crime plagued our country during the Prohibition era, and for several decades thereafter, leaving law enforcement to struggle to find new ways to combat a new breed of criminal and criminal enterprise. The twenty-first century has ushered in another set of challenges for federal, state, and local law enforcement to combat cybercriminals. And in this changing landscape, the challenges are indeed numerous. First, there are jurisdictional issues. Who polices the Internet on the global platform? Who has jurisdiction over cybercrimes when the offender is abroad and attacks a person or business from another country? What about the crimes that take place across state borders? (Clifford, 2011). Second, the speed and sheer volume of transactions and activity is overwhelming. Crimes can be committed instantaneously. How can law enforcement and digital forensic investigators continue to track such high-speed criminal activity? Third, law enforcement was established to provide safety and security within certain physical boundaries, and yet, cybercrimes defy these boundaries as virtual space is essentially limitless (Wall, 2007). Fourth, police departments are underfunded, understaffed, and many lack the technological know-how to combat digital crimes. Even for digital forensic investigators, there is a continuous race to stay abreast of the latest cybercrime methods and to design software and combing devices to collect tangible evidence that will assist prosecutors. Last, for many law enforcement agencies, specialized training is lacking, and sorely needed, so that they can collect and preserve digital evidence in such a way that digital forensic analysts can legally search them.
Despite the fact that there are numerous challenges ahead facing the law enforcement and digital forensics community, there are mechanisms in place to police domestic cybercrimes at the federal level in the United States. These agencies include: the Federal Bureau of Investigation (FBI), the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF), the United States Secret Service, and United States Immigration and Customs Enforcement (ICE).1
The FBI’s Cyber Crime Division consists of highly specialized teams and squads assigned to investigate computer intrusions (i.e., hacking), child pornography and exploitation, online fraud, identify theft, and theft of intellectual property. The FBI also coordinates their efforts with the Department of Defense and the Department of Homeland Security. The ATF handles activities that involve the trafficking of explosives, firearms, or flammable devices and bomb threats that may occur over the Internet. For fraudulent activities such as mail scams and the trade of explicit materials involving children, the United States Postal Inspection Service serves in this investigative capacity.
Under the administration of the Department of Homeland Security, the U.S. Secret Service has a Cyber Intelligence Section that is devoted to apprehending international cybercriminals who commit crimes such as cyber intrusion, bank fraud, data breaches, as well as other computer crimes. One of the most highly publicized cases took place in 1990, where the U.S. Secret Service carried out one of the largest crackdowns of computer hackers (Halbert, 1997).2 In addition, the Secret Service operates the National Computer Forensic Institute. Here, training courses are offered to law enforcement, prosecutors, and judges. For example, basic and advanced mobile device investigation courses are available for members of law enforcement, whereas prosecutors and judges can complete training courses in mobile devices for the courts.
After 9/11, 22 of our country’s federal agencies were combined in an effort to strengthen national security. The United States Customs Service was merged with Immigration and Naturalization Services (INS) to create a new agency, Immigration and Customs Enforcement (ICE). Within ICE, Homeland Security Investigations (HSI) was established in 2010. HSI operates a Cyber Crimes Center or C3. The C3 is essentially a hub for the Cyber Crimes Unit, the Child Exploitation Investigations Unit, and a third unit devoted to Computer Forensics. The Cyber Crimes Unit oversees the investigations of crimes that involve national and transnational criminal organizations. These investigations may revolve around identify fraud, financial and commercial fraud, money laundering, and narcotics trafficking, for example. The Child Exploitation Investigations Unit consists of a number of initiatives to apprehend criminals who are involved in the production and trade of child pornography and child sex tourism on a national and international scale. Although there are many initiatives within the unit, one of them involves using a national identification system to locate children who have been sexually exploited (e.g., National Child Victim Identification System (NCVIS)), and another initiative involves highly sophisticated technologies (e.g., Victim Identification Program). For law enforcement agencies, it is difficult to identify victims who are depicted in pornographic images and even more so to identify those who are involved in distributing the material (McCarthy, 2010). What has proven to be a successful approach is to use visual enhancing techniques to search the background of images for clues. Last, the Computer Forensics Unit examines an extensive amount of seized and encrypted data each year that may be found on computers, cell phones, DVDs, flash drives, etc. In addition, specialized software is used to scan images and videos that also allow agents to track the predator’s IP address and eventually a physical address.

Current cybercrimes and evolving threats

Cybercrimes are unlikely to fade any time soon. Instead, many speculate that cybercrimes will outnumber traditional crimes soon. With that said, cybercriminals continue to prey upon multiple targets. These primary targets fall into four main categories: federal agencies (i.e., the White House, Congress, Department of Homeland Security, and other government agencies), the military, businesses/corporations, and civilians. An understanding of the targets of cybercrime is just as important as an understanding of the motivations of the cybercriminal. Motivations may be based on power reassurance (i.e., the crime provides self-confidence), asserting power, anger or retaliation, instilling fear and intimidation or sadistic behaviors, and lastly, profit (Turvey, 2004). The next part of this chapter focuses on some of the current cybercrimes and impending threats regarding hacking, identity theft and fraud, child sexual exploitation and online pornography, and cyberstalking and digital harassment. Included is a description of the extent to which these crimes exist, the primary targets as well as some of the cybercriminal’s methods and motivations.

Hacking

The idea that the typical hacker is an introverted, prepubescent boy, who lives in his mother’s basement is a falsehood and one that has been perpetuated by the media (Rogers, 2006). Such a stereotype serves no purpose in understanding the level of expertise and motivations of a criminal hacker. Another falsehood is that all hackers are criminals, yet when peering into hacker and digital culture, the words “hack” and “hacker” are not derogatory terms at all. This discrepancy can be found in the literature where Dalal and Sharma (2007) refer to the act of hacking as the “successful or unsuccessful attempt to gain unauthorized use or unauthorized access to a computer system” (p. 35). On the other hand, Coleman’s (2011) definition portrays hackers as “skilled programmers, security researchers, hardware builders, and system administrators, and they often self-identify as such” (p. 512). It is the latter definition that has taken hold in our society where hackers are viewed as sinister and malicious.
Still, it is beneficial to make the distinction that there are different types of hackers. However, as disparate definitions of hacking exist, a myriad of typologies of hackers also abound. One of the most well-known taxonomies was created by Rogers (2006).3 Among the different types of hackers, the “professional criminals” are obviously the most threatening as they will contract their skills and techno-savvy for hire with other criminal groups. “Cyber punks” are also another disquieting group, who can write malicious code and spam, while they steal credit card information to support themselves. “Internals,” who are former and disgruntled employees are also a major concern. The same issue was echoed recently in a report by McAfee citing that a number of corporations are worried about internal threats from employees who have been laid off, and who possess a wealth of knowledge and access.
Others divide hackers into three categories: white hats, black hats, and gray hats (Gold, 2014). White hat hackers are hired as penetration testers to seek out issues in computer systems and report them back to the company. They are among the spectrum of ethical hacking professionals. Black hat hackers, who look for issues in computer systems as a way to exploit secure information for their personal amusement or to cause harm, are the unethical and deviant types of hackers. Last, gray hats are individuals who may be employed by a company as a security expert to identify vulnerabilities within computer systems and report them back to the owner (Dalal & Sharma, 2007). Some of them may even be reformed black hats.
Additional terms exist, such as crackers. They are considered the most technically advanced hackers. With a more advanced skill set and expertise, they can intentionally damage and destroy systems that they have accessed illegally. Holt (2010) defines crackers as “(a) a hacker who engages in malicious or damaging hacks and (b) someone who breaks the security protections on software allowing the materials to be copied freely at any time” (p. 221). Hollinger (1998) adds that there are also “pirates,” who have the most limited amount of technological-prowess, often steal software or violate copyright laws.
Aside from hackers, there are also those who consider themselves, or who have been labeled, as “hacktivists.” As the term clearly fuses the concepts hacking and activist, hacktivism itself “represents ideological motives that are manifest in cyberspace as a means to a political end” (Workman, Phelps, & Hare, 2013, p. 187). Hackivitist groups such as Anonymous may come to mind given the recent media coverage of its various “operations” or targets. Anonymous grew out of the message board 4chan.org, which was created before Facebook, and was intended to be a place for sharing Japanese anime and manga. In turn, additional boards were created here such as “random” or /b/. As it implies, a range of posts are made to the most macabre and titillating images. With the opportunity to post as “Anonymous” this platform also provides a forum for individuals to network and rally behind certain political issues. In the past decade, targets have included the Church of Scientology, PayPal, Fox, Sony, HB Gary, and the Tunisian government, just to name a few. Most of these attacks involved Distributed Denial of Service (DDoS) attacks and defacing websites. An important distinction is that hacktivists climb aboard an online social movement in an effort to engage in a virtual political protest, whereas the leading motivation of criminal hackers is financial gain (Gardner, 2014).
What is troubling is that the extent to which criminal hacking takes place is largely unknown and the ability to project how likely it will be a problem in the future is equally unknown. In part, this is due to the fact that there are no entities to warehouse data or statistics about criminal hacking, coupled with the notion that even if we were to keep these data, hacking can be involved in a variety of criminal offenses. Nonetheless, attacks on large-scale corporate enterprises, the government, and our military and defense systems are likely to continue (see Collins, 2015). And as some claim, with nearly one million new viruses created each day, criminal hackers may not necessarily create new malicious code to attack a network or system. Instead, some may hack into a system because of vulnerabilities of “old bugs” that have yet to be repaired. It is difficult to predict the damage that may be caused by the virus as it is solely in the hands of the person who creates it. The purpose of the virus may be to steal a password or other protected information, to disable a network or impair delivery of its functions, or to destroy a personal computer or corporate network. Criminal hacking is likely to continue to include concealing malware in software updates, links, downloads, and social media platforms (see Brunty & Helenek, 2012). Hackers may also continue with acts of digital extortion, where cybercriminals may blackmail victims by stealing images or text. Moreover, DDoS which “artificially create heavy traffic flow to a website rendering its services temporarily inaccessible” (Karanasiou, 2014, p. 99) are also likely to continue. The goal or purpose of the DDoS attack is typically not for financial gain, theft of information, or loss of security, but is often malicious and intentional. And while these attacks were originally seen as politically motivated, it is understood that the motive may be blackmail, revenge, or simply vigilantism (Karanasiou, 2014).

Identity theft and fraud

Advances in technology have made life much simpler. Banking transactions, shopping, and online registrations can be carried out with relative ease. We can connect with people around the globe using social media as well as video chats almost instantaneously. But, there is a cost. Our personal information, including names, addresses, phone numbers, credit card numbers, and other personal identifying information, is also stored in the virtual world. Our personal information is more vulnerable as the opportunity for identity theft and fraud has increased.
As the definition of cybercrime is quite elusive, so too is the definition of identity theft. For instance, in the Federal Trade Commission’s Sentinel report, identify theft is referred to as “When someone appropriates your personal identifying information (like your Social Security number or credit card account number) to commit fraud or theft” (2015, p. 78). In this case, identifying information may include a person’s social security number, account number, password, or other information that is personally owned by an individual. Copes and Vieraitis (2012) claim that the term identify theft may be too broad, and instead, propose that a dichotomy of terms are necessary. For example, there are those who may steal a person’s social security number, birthdate, and name, which would clearly constitute identify theft. On the other hand, there are others who steal credit card numbers, which is a financial account identifier. On many occasions, the latter is lumped into the category of identity theft, when the better term would be identity fraud or credit card fraud. To complicate matters even more, other sources, such as the Identify Theft Resource Center, examine identity theft along the lines of data breaches instead.
At the federal level, the first law to criminalize the act of identity theft was the Identity Theft Assumption and Deterrence Act (ITADA) in 1998. It was defined as “fraud committed or attempted using the identifying information of another person without authority” (18 U.S.C §1028). The act involves

knowingly transferring or using, without lawful authority, a means of identification of another person with the intent to commit or to aid or abet any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable state or local law. (18 U.S.C §1028)

In addition, the act administered power to the Federal Trade Commission (FTC) to log and warehouse individual complaints among those whose personal information was stolen or unlawfully acquired.
In 1997, the FTC created the Consumer Sentinel Network (CSN) as a vehicle for storing and collecting consumer complaints related to fraud and identity theft. Numerous agencies feed complaint data into this database (FTC, 2015). For example, data are obtained from the IC3, the Consumer Financial Protections Bureau, the Department of Defense, Veteran Affairs, the Better Business Bureau, as well as other organizations such as Western Union and the National Fraud Information Center. State-level cases are also included when a complaint is filed with a state law enforcement agency. Overall, the purpose of collecting this information is to provide law enforcement agencies with information to improve and supplement investigations.
The latest CSN report showed that since 1997, there are now more than 10 million complaints on file (FTC, 2015). In 2014, the largest complaint category was identity theft (13%). Debt collection complaints (11%) and impostor scams (11%) also were among some of the top complaints. Fewer complaints were made about telephone and mobile services (7%), banks and lenders (5%), and prizes, sweepstakes, and lotteries (4%). Three to two percent of complaints were auto-related (3%), involved shop-at-home and catalog sales (3%), television and electronic media (2%), and Internet services (2%).
As for identify theft, victims were government documents/benefits fraud (39%). Also, a large number of identity theft victims were by credit card (17%), phone and utilities fraud (13%), and bank fraud (5%). Fewer reported that their identify theft was the result of employment-related activities or loan fraud (4%). In terms of fraud alone, there were over 1.5 million complaints, costing consumers over $1.7 billion total, which translates into costing each consumer a median amount of nearly $500 (FTC, 2015). For those who reported how the fraud occurred, over half said the activity took place by telephone (54%) or by email (23%). The state of Florida had the largest number of reported fraud complaints, Georgia and Nevada followed.
Aside from the FTC, the Identity Theft Resource Center (2015) also collects information. Some of these findings depart from the FTC’s Sentinel report. There were 783 data breaches in 2014, which was a 27.5% increase from the previous year. The ITRC defines a data breach as “an incident in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure” (para. 3). Most of these breaches occurred in the medical/healthcare sector (42.5%) and the business sector (33%). Fewer breaches, although still a cause for concern, happened in the government/military sector (11.7%), education (7.3%), and surprisingly even fewer among banks and credit/financial agencies (5.5%). Since 2005, there have been over 5000 data breaches in the United States, resulting in over 675 million stolen Social Security numbers, credit/debit card numbers, email/password/user names, and protected health records.
Since 2000, the Internet Crime Complaint Center (IC3), formerly known as the Internet Crime Fraud Complaint center, collects data from victims of various fraudulent scams (e.g., real-estate, romance, government impersonation, and social media), and then compiles this information so that law enforcement at the federal, state, and local level can investigate the crime, should it warrant such investigation. In 2014, 296,422 complaints were filed, totaling an estimated net loss of $800,492,0731 among victims as a whole (IC3, 2014). These numbers are at best, some indication of fraudulent activity that occurs on the Internet, but it is extremely limited in that not all victims report the crime and not all types of computer crimes are accounted for, such as hacking, online stalking and harassment, etc.
Committing identity theft or fraud can be categorized as either a low-technology or a high-technology crime (Allison, Shuck, & Lersch, 2005). Offenders who obtain another persons’ identification from stealing purses or wallets or from dumpster diving are considered low-technology methods. High-technology methods involve a greater level of sophistication and skill. For example, the offender may use the Internet, skimming devices, or pretext calling, where a person may call posing as someone else to obtain personal information. Skimmers, which are counterfeit devices, can be easily affixed to the actual device, such as an ATM, gas pump, or credit card reader. Once a customer swipes their card, the data is stored in the device. In turn, the offender can sell this information to a second or third party for profit or take this information to manufacture a new card with the stolen identification. But aside from these methods, other online fraudulent activities such as phishing techniques, and the use of malware or Trojans have proven to be the most common. In some cases, the victim may receive a fraudulent email that directs them to another website where they are asked to enter personal information.
The primary motivation for committing identity theft and fraud is money. In one study, involving 59 identify thieves and fraudsters, Copes and Vieraitis (2012) not only found that quick and easy financial gain was the main motivator, but that several thieves turned away from other crimes such as burglary, drugs, and shoplifting once they learned how much easier it was to profit from stolen personal information. With a small sample size it is difficult to generalize to the population of all identity thieves, but if these results bear some truth, a possible threat is that more traditional criminals will resort to identity theft as profit margins escalate.
Regardless of how or why identity theft and fraud occurs, these are clearly victim-centric crimes (McNally, 2012), and the impact on the victim is quite devastating. For a large corporation that experiences a significant data breach, as in the case of Target and Home Depot, the loss of customers and customer trust is extremely injurious. For the customer, the damage goes well beyond the monetary value, as the victim may suffer from feelings of violation, inconvenience, and helplessness (McNally, 2012).

Cyberstalking and digital harassment

Another cybercrime that warrants considerable attention is online stalking and harassment. It is estimated that about 5.3 million people in the United States who are 18 years of age or older have experienced some form of stalking or harassment (Catalano, 2012). The difficulty lies with the fact that estimating those who are cyberstalked or harassed online (or using some other form of social media) is still in its infancy. Of the estimates that do exist, they range so greatly that it is difficult to tell. Not only do we lack the appropriate tracking methods but even with such mechanisms, the problem remains that many victims are not likely to report the crime to law enforcement (NW3C, 2015).
It goes without saying that a detailed analysis and discussion of cyberstalking and digital harassment are beyond the scope of this chapter. However, there are a few important issues to take into consideration before going further. For one, it is unclear whether cyberstalking and digital harassment are essentially the same behavior or two distinct types of behavior. For example, cyberstalking can be defined as “the repeated use of the Internet, email, or related digital electronic communication devices to annoy, alarm, or threaten a specific individual or group of individuals” (D’Ovidio & Doyle, 2003, p. 10). Cyber or digital harassment has been defined in similar ways. Another confounding issue is that some argue that harassment is an element of cyberstalking, while some claim otherwise. Regardless, it is important to note that the behavior is troubling and often distressing to the victim. Cyberstalking and digital harassment is unwanted and repetitive behavior that can evoke a level of fear within the victim. From a legal point of view, most states, however, will only prosecute cases that demonstrate whether the alleged cyberstalker made a credible threat to the victim or to the victim’s family (NW3C, 2015).
There are numerous ways that the Internet and social media facilitates digital harassment and/or cyberstalking. Most obviously, the anonymous nature of the Internet may come into play, but that is not always the case. Some overt methods of cyberstalking and/or digital harassment include sending unwelcomed friend requests and messages, “poking,” spamming, and sending viruses. The acts can also be more severe, such as sending abusive, threatening, or obscene emails to the victim or the victim’s family. In some cases, cyberstalkers may even seek out and obtain personal information like the victim’s home address or phone number (NW3C, 2015). It can go even further as the cyberstalker may even use GPS or digital tracking devices to locate the victim’s physical whereabouts.
Research on cyberstalking and digital harassment is limited, as few empirical studies have been able to document these behaviors. And, among the studies that exist, the findings are often conflicting. Some have found that cyberstalkers are primarily male, whereas others claim that cyberstalkers are primarily female. In a recent study by Cavezza and McEwan (2014), cyberstalkers were more likely to be former intimate partners with the victim, but there were few differences between them and their off-line counterparts. What seems to be certain is the motivation for perpetrating this crime. For instance, it is known that identity thieves have the goal of financial gain, with cyberstalkers the primary “intent is to do damage, harass, intimidate, or otherwise harm” the victim (NW3C, 2015, para. 3). The key message here is that the act is far more personal.
Methods of cyberstalking and harassment will continue to pose a challenge for law enforcement as the avenues for engaging in this behavior are already abundant and will keep expanding. Email, instant messenger, and chat rooms are commonly used, but now, the list continues to grow with new social media sites, apps, and online multiplayer games. Emerging technologies as they unfold may not only provide more sophisticated ways for individuals to cyberstalk and harass victims, but may also provide offenders with ways to avoid detection, apprehension, and prosecution.

Child sexual exploitation and pornography

Since its inception, the Internet has proven to be a valuable tool permitting universal and free exchange and dissemination of information. Nearly anything can be “Googled” or searched on the Internet. Such an exchange and access to resources has established it to be an extraordinary machine for the general populace. At the same time, while information can be shared for the common good and to satisfy our intellectual curiosity, the Internet also serves as a vehicle for the trade and distribution of pornographic and explicit materials. Film, photograph, or video were once the only methods by which pornographers could obtain these images, and now, the Internet permits a quick, efficient, and anonymous way to consume and produce them (Cohen-Almagor, 2013). Even though erotic images of children have existed before the Internet, it can be argued that the Internet has revolutionized both the adult and child pornography industries (McCarthy 2010).
Because victims are unlikely to report the crime, the prevalence of child sexual exploitation is largely unknown.4 Yet, “at any one time there are estimated to be more than one million pornographic images of children on the Internet, with 200 new images posted daily” (Wortley & Smallbone, 2010, p. 12). Another aspect that coincides with the consumption and production of child pornography is that the Internet provides a predatory space that is conducive to seducing, tempting, luring, and grooming child victims (Cohen-Almagor, 2013). As presented earlier in this chapter, there is global connectivity for not just the adult population but for children too. According to Lenhart, Purchell, Smith, and Zickur (2010), as of 2009, all but 7% of teens in the United States, ages 12–17, used the Internet, with those youth ages 12–13 (88%) being a little less likely to go online than those youth ages 14–17 (95%). Teens are also increasingly likely to go online at least once a day and 73% of 12 to 17 year olds in the United States used a social networking site. Again, when it comes to luring victims, offenders may utilize the Internet or other social media platforms.
What is also known is that the Internet is used for creating virtual communities, namely where child pornographers can collect and share images. It is not uncommon for child pornographers to use websites, email attachments, e-forums, bulletin board systems, chat rooms, and peer-to-peer networks (Wortley & Smallbone, 2010). For investigators, shared images may consist of virtual child pornography, which are morphed images that do not depict a real child directly, but rather a computer-altered image. However, the children behind these images are indeed real, but the images have been changed to show them engaging in sexually explicit activity (Brenner, 2011). Besides the sharing of images, there a number of organizations that support the behavior of child sexual abuse and exploitation, such as the Rene Guyon Society, the North American Man/Boy Love Association, and the Childhood Sensuality Circle, just to name of few.
It is incredibly difficult to create a profile of a sex offender, because the spectrum of sex offenders is complicated and vast (McCarthy, 2010). However, like the typologies discussed earlier regarding hackers, Wortley and Smallbone (2012) identified nine types of child pornography offenders.5 Those who browse images (“trawlers”) and purposefully save images or seek images on the web (“browsers”), collect images from chat rooms or closed or hidden networks that catalog these images are involved in indirect abuse of the child victim. These individuals can be characterized as online child offenders or “people who watch, download, store and transmit images of children in a sexual context” (Cohen-Almagor, 2013, p. 192). Those who pose more of a direct threat or harm to children are “groomers,” as they will prey more specifically on a child in an attempt to develop a sexual relationship, and “physical abusers,” who directly abuse a child but who may or may not record the abuse and distribute it to others. “Producers” are involved in recording the abuse and distribute it to others, while “distributers” may be in the child pornography business for financial gain. These typologies provide law enforcement and digital forensic analysts with an idea of the offending population. In regard to other characteristics of offenders, Babchishin, Hanson, and Hermann (2010) found that most online perpetrators were white, unemployed and younger than their off-line counterparts. The off-line offenders were also more likely to be involved in a romantic relationship and to have higher self-reported levels of sexual deviancy.
Because the Internet is essentially a network of networks, there is no telling what additional future threats lie ahead when it comes to child pornography and sexual exploitation (Wortley & Smallbone, 2010). The most impending threats are related to the fact that the Internet is fundamentally ungovernable, it possesses a transnational domain, and it does not lend itself to easily detecting the origin of explicit material. Moreover, many have worked to create a veil of anonymity by using the Dark Net and Tor. Although, recently, the FBI has been gaining steam infiltrating these sites. Akin to weeding out a drug dealer in a local community, once a child pornography website is shut down, another will sadly take its place.

Future issues for law enforcement and digital forensic analysts

Looking ahead, one of the first issues to tackle is resource acquisition. Most law enforcement agencies in the country are small and unequipped with the latest software or technology to furnish even the basic needs of the department, let alone those to aid in the investigation of cybercrimes. Departments may now possess military equipment and tactical gear, but these will be of little use in targeting cybercriminals. Second, law enforcement and digital forensic analysts must be privy to the latest cybercrime methods and the techniques to combat them. Specialized training that is available at the federal level or among larger state agencies needs to be accessible to smaller departments too. On a related note, traditional detectives are simply not suited to do the kind of investigative work that cybercrime investigations require, signaling the importance of advanced training. Third, since cybercrimes deviate from the traditional police beat with a marked, physical territory, agencies are encouraged to establish a more elite police unit to investigate cybercrimes. Fourth, among police departments that are understaffed and underfunded, interagency cooperation is recommended. Also, in cases and investigations of child pornography, it is a necessity that these partnerships are formed, as cybercrimes cross jurisdictional boundaries (Wortley & Smallbone, 2010). Last, and one of the most important directions is to establish improved mechanisms for reporting victimization and for compiling arrest data. Some federal agencies already have in place procedures to report fraudulent activity, for example, but not all cybercrimes are accounted for.
In sum, law enforcement and digital forensic agencies will need to embrace advanced and sophisticated techniques to target future cybercriminals. This largely involves a paradigm shift in policing from a traditional or reactionary approach to one that is more proactive (i.e., problem-oriented policing). In this digital climate, law enforcement and digital forensic analysts are seemingly faced with a greater challenge than their predecessors. In the long run, law enforcement officers and digital forensic analysts must stay ahead of the curve. The threatscape is not just virtual, it is real.

References

Allison SFH, Schuck AM, Lersch KM. Exploring the crime of identity theft: prevalence, clearance rates, and victim/offender characteristics. Journal of Criminal Justice. 2005;33:1929.

Babchisin KM, Hanson RK, Hermann CA. The characteristics of online sex offenders: a meta-analysis. Sexual Abuse: Journal of Research and Treatment. 2011;23:92123.

Brenner S. Defining cybercrime: A review of federal and state law. In: Clifford RC, ed. Cybercrime: The investigation, prosecution and defense of a computer-related crime. Durham, NC: Carolina Academic Press; 2011:15104.

Brunty JL, Helenek K. Social media for law enforcement investigation. Anderson: Cincinnati, OH; 2012.

Catalano, S. (2012). Stalking victims in the United States-Revised. Washington, DC: Bureau of Justice Statistics. Retrieved from: http://www.bjs.gov/content/pub/pdf/svus_rev.pdf

Cavezza C, McEwan TE. Cyberstalking versus off-line stalking in a forensic sample. Psychology, Crime & Law. 2014;20(1):955970.

Clifford RD. Cybercrime: The investigation, prosecution and defense of a computer-related crime. Durham, NC: Carolina Academic Press; 2011: (pp. 3–14).

Cohen-Almagor R. Online child sex offenders: Challenges and counter-measures. Howard Journal of Criminal Justice. 2013;52(2):190215.

Coleman G. Hacker politics and publics. Public Culture. 2011;23(3):511516.

Collins, K. (2015, March). A quick guide to the worst corporate hack attacks. Bloomberg. Retrieved from http://www.bloomberg.com/graphics/2014-data-breaches/.

Copes H, Vieraitis LM. Identity thieves: Motives and methods. Lebanon, NH: Northeastern University Press; 2012.

Dalal AS, Sharma R. Peeping into a hacker’s mind: Can criminological theories explain hacking? The ICFAI Journal of Cyber Law. 2007;11(4):3447.

D’Ovidio R, Doyle J. A study on cyberstalking: understanding investigative hurdles. FBI Law Enforcement Bulletin. 2003;72(3):1017.

Federal Trade Commission (FTC). (2015). Consumer Sentinel Network data book: January-December 2014. Retrieved from https://www.ftc.gov/system/files/documents/reports/consumer-sentinel-network-data-book-january-december-2014/sentinel-cy2014-1.pdf

Gardner B. Threat. In: Gardner B, Thomas V, eds. Building an information Security awareness program: Defending against social engineering and technical threats. Waltham, MA: Syngress; 2014:913.

Gold S. Get your head around hacker psychology. Engineering & Technology. 2014;9(1):7680.

Grabosky P, Smith RG, Dempsey G. Electronic theft: Unlawful acquisition in cyberspace. Cambridge: Cambridge University Press; 2001.

GSMA Intelligence. (2015). Global data. Retrieved from https://gsmaintelligence.com/.

Halbert D. Discourses of danger and the computer hacker. The Information Society. 1997;13:361374.

Hollinger R. Computer hackers follow a Guttman-like progression. Social Sciences Review. 1988;72(3):199200.

Holt TJ. Cybercrime and criminological theory: Fundamental readings on hacking, piracy, theft, and harassment. San Diego, CA: Cognella; 2010.

Identity Theft Resource Center. (2015). Data breaches. Retrieved from http://www.idtheftcenter.org/id-theft/data-breaches.html.

Internet Crime Complaint Center (IC3). (2014). 2012 Internet crime report. Washington, DC: National White Collar Crime Center, Federal Bureau of Investigation, and Bureau of Justice Assistance. Retrieved from http://www.ic3.gov/media/annualreport/2014_IC3Report.pdf

Karanasiou AP. The changing face of protests in the digital age: On occupying cyberspace and Distributed-Denial-of-Service (DDoS) attacks. International Review of Law, Computers, & Technology. 2014;28(1):98113.

Lenhart, A., Purcell, K., Smith, A., & Zickuhr, K. (2010). Social media & mobile internet use among teens and young adults. Washington, DC: Pew Internet and American Life Project. Retrieved from http://www.pewinternet.org/files/old-media/Files/Reports/2010/PIP_Social_Media_and_Young_Adults_Report_Final_with_toplines.pdf

Mack, E. (2014, October). There are now more gadgets on earth than people. Retrieved from http://www.cnet.com/news/there-are-now-more-gadgets-on-earth-than-people/.

McAfee. (2013). The economic impact of cybercrime and cyber espionage. Retrieved from http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf

McCarthy JA. Internet sexual activity: a comparison between contact and non-contract child pornography offenders. Journal of Sexual Aggression. 2010;16(2):181195.

McNally M. Identity theft in today’s world. Santa Barbara, CA: Praeger/ABC-CLIO; 2012.

National White Collar Crime Center. (2015). Cyberstalking. Retrieved from: http://www.nw3c.org/docs/research/cyberstalking

Real Time Statistics Project. (2015). Internet live statistics. Retrieved from http://www.internetlivestats.com/internet-users/

Rogers MK. The development of a meaningful hacker taxonomy: a two dimensional approach. Digital Investigations. 2006;3:97102.

Symantec. (2012). 2012 Norton cybercrime report. Retrieved from http://now-static.norton.com/now/en/pu/images/Promotions/2012/cybercrimeReport/2012_Norton_Cybercrime_Report_Master_FINAL_050912.pdf

Turvey BE. Modus operandi, motive, and technology. In: Casey E, ed. Digital evidence and computer crime: Forensic science, computers, and the internet. London: Academic Press/Elsevier; 2004.

Wall DS. Policing cybercrimes: situating the public police in networks of security within cyberspace. Police Practice and Research. 2007;8(2):183205.

Workman M, Phelps DC, Hare RC. A study of performative hacktivist subcultures and threats to businesses. Information Security Journal: A Global Perspective. 2013;22(4):187200.

Wortley R, Smallbone S. Child pornography on the Internet. Problem-specific guides series: Problem-oriented guides for police. Washington, DC: Center for Problem-Oriented Policing, U.S. Department of Justice; 2010.

1 Another agency that works with the government and private businesses to investigate and prosecute computer criminals is the Computer Crime and Intellectual Property Section, which is housed within the Criminal Division of the United States Department of Justice. This section also enforces intellectual property crimes (i.e., copyright, trademark, and trade secrets).

2 The sting, called Operation Sundevil, involved a large group of hackers, known as the Legion of Doom, who had stolen credit card numbers as well as telephone access codes. This case, which many claim was a publicity stunt, solidified a new war on hackers.

3 Rogers’ (2006) complete taxonomy of hackers consists of eight categories: novices, cyber-punks, internals, petty thieves, virus writers, old guard hackers, professional criminals, and information warriors.

4 Some data collected by the National Center for Exploited and Missing Children’s (NMEC) have shown an exponential growth in the number of Cybertipline reports, and the center’s Child Victim Identification Program has received a surge in the number of pornographic files and videos to aid in the identification of child victims.

5 Wortley and Smallbone’s (2010) typology of child pornographers includes: browsers, private fantasizers, trawlers, nonsecure collectors, secure collectors, groomers, physical abusers, producers, and distributors. A psychological profile is also provided.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.14.141.115