early 90’s When Internet first surfaced and the common citizen were accessing
the Internet, The Internet was considered as a technological innovation which
could change the World. At that point vulnerabilities and security to the ones
affected were given less importance to innovation and technological
advancement. It was for most part unregulated, and legislators didn’t foresee
the current situation where Internet would become criminogenic and users will
be vulnerable to several fraudulent activities online such as Phishing, Online
Romance and dating scams to name a few.
The legal and regulatory structure
for dealing with cybercrime in Australia
A study in
2012–13 states just over 80 per cent of adults in Australia had accessed the
internet, with more than half accessing from mobile phones or other handheld
devices. In Australia in 2012, for example, 92 per cent of the adult population
used a mobile phone, 49 per cent of which were estimated to be Smartphone’s.
For those criminal activities that may be beyond the skills of the individual,
the internet provides easy access to those who will do it for you, or tell you
how. We saw in the Youtube video example shown in class where a professional
service can be hired for a minimal amount to destroy a company’s competitor
marketplaces provide everything from hacking techniques and botnets to
financial and identity information. Offenders, who might otherwise be isolated
in their felonious crime, can now find similar minds, anywhere in the world,
forming virtual group to further boost their crimes.
classification also addresses the question of whether cybercrime is an entirely
new form of a crime, or whether it is simply old crimes committed in new ways.
The Answer to this one is it’s a combination of both of them. A substantial
majority of cybercrimes which we discussed in our course are existing offences
committed in new ways. The true ‘cybercrimes’, in the sense of offences that
would not exist at all without computing, are those against computers and
computer networks themselves. These can also be specified as computer enabled
and computer enhanced crimes.
Challenges for the Criminal Justice
In our Class
on the 31st of October we saw the video from abc.net.au with a
headline “Cybercrime boom leaving victims with no police support” where a
family didn’t receive any support not even a reply from the local police after
being fleeced of AUD half a million dollars from a legitimately seeming company
based in London. The head of Australia and New Zealand’s cybercrime helpline
has accused police of failing to contact victims of online scammers.
point of view this could be primarily be due to either the lack of technical
tools or resources possessed by the police to uncover the case and potentially
get the fraudsters behind bars or due to the reason of dealing with laws in
different jurisdiction or another country.
Though we do
see that Part 7.3 of the Criminal Code Act (Cth): states that
Obtaining property by deception (Imprisonment for 10 years);
Obtaining a financial advantage by deception (Imprisonment for 10 years);
and s135.4 –
Conspiracy to defraud (Imprisonment for 10 years).
480.1(1) contains ‘Financial Information Offences,’ including:
Obtaining or Dealing in Personal Financial Information’ s.480.4
In the above
example of the family getting fleeced we see that the crime does fall under the
categories mentioned above however the police could still not help or even
respond to the victims.
Lack of Reporting of Cyber crimes
to report a cyber crime to police is a major concern. In an Australian survey
which was conducted, 57 per cent of respondents did not report cyber attacks to
any external party. The most frequent reasons for not reporting were ‘no
benefits of reporting’ (44 per cent), ‘the attackers probably wouldn’t get
caught &/or prosecuted’ (20 per cent) and negative publicity (12 per cent).
have a few cyber security or cyber crime reporting agencies such as The
Commonwealth Attorney-General’s Department (AGD) which is responsible for
commonwealth criminal law policy including cyber crime and is also responsible
for making and receiving formal mutual assistance requests to and from foreign
countries to seek or provide evidence to support cybercrime investigations or
AGD also has
responsibility for CERT (computer emergency response team) Australia, which
provides the initial point of contact for industry for cyber security incidents
impacting upon Australian networks. CERT Australia also works with government
and industry partners to ensure that all Australians and Australian businesses
have access to information on how to better protect their information
technology environment from cyber-based threats and vulnerabilities.
Australian Cybercrime Online Reporting Network (ACORN) is a national policing
initiative of the Commonwealth, state and territory governments. It is a
national online system that allows the public to securely report instances of
cybercrime. It also provides advice and educates people to recognise and avoid
common types of cybercrime.
another not for profit organisation which looks at Australia and New Zealand’s
national identity and cyber support service helping out individuals with
identity and cyber security concerns. This Organisation received 28,000 cases
in the year of 2016.
Citizens are advised to approach these institutions when they have been a
victim of online crime and also even otherwise read through and educate
themselves from these websites on what they are supposed to do during a cyber
law enforcement and regulatory challenges with cybercrime
Given the global nature of cybercrimes, it is evident that some degree
of harmonisation between countries is vital if effective regulation is to be
achieved. Greater harmonisation facilitates the exchange of information and
knowledge between governments and industry, and is crucial for co-operation
between law enforcement agencies. Dual criminality, for example, is often a
precondition of both mutual assistance and extradition laws. In simple words
Dual criminality means both in the country where the cyber crime happened and
in the country where the victim is based have the same law on their books and
they recognize the crime with the same punishment.
However this is not always the case as there are several safe haven
countries such as Belarus, Uzbekistan for cyber criminals to reside from and
attack innocent people. As stated in the example in Class we heard that people
in Russia dressed as professionals come in and attack victims worldwide. These
attacks are possible as the nation is also supporting such a possibility.
On top of these challenges we also have the tricky situation of
countries with different types of jurisdictions such as-:
1. Does the state have legislative power to regulate the relevant conduct
2. Do the courts have power to hear the particular dispute
3. Does the state have jurisdiction to enforce the law (‘enforcement
In a legislative or a prescriptive jurisdiction there are a number of
ways in which the
Territorial principle operates to encompass extraterritorial conduct. First,
a country may assert territorial jurisdiction over conduct which occurs on a
flagged ship or registered aircraft of that country. Second, the principle of ‘objective
territoriality’ allows a claim of criminal jurisdiction for conduct occurring
outside the jurisdiction but which has a substantial effect in the
jurisdiction. This is specifically envisaged in the Cybercrime Convention and is
intended to apply where the victim is within the jurisdiction.
Once prescriptive jurisdiction has been established, the question
remains whether the particular court has adjudicative or ‘subject matter
jurisdiction over the specific case.
Even if there is both prescriptive and adjudicative jurisdiction, the
ability to enforce presents the most significant limitation on criminal
jurisdiction. In general terms, a country can only exercise enforcement jurisdiction
on those who are present in the jurisdiction.
As we see
these are possible challenges which police might encounter while dealing with
cyber criminals. However it’s not all bad and in cases where countries have
signed the “International cybercrime Convention” during the 1990’s. This
evolved from the “Council of Europe” pact signed in the 1940’s after the
aftermath of the Second World War. This pact or an initiative formed a panel to
study about cybercrime and with a group of 43 to 44 member states (as of today)
signed a convention stating to change the countries laws to ratify the
convention. This sets a standard in the convention and ensures uniformity in
approaching a problem. Australia became a part of this convention in August
Current cybercrime issues and threats
A few common
cyber crime issues and threats are as follows (cyber crimes are not restricted
to the below, there are several more).
1) Phishing Attacks
2) Denial of Service attacks
3) Copyright Infringement
4) Cyber stalking
1) Phishing attacks
a popular scheme that involves tricking businesses or individuals into
providing passwords, account numbers, or other sensitive data by claiming to be
from an actual company the victim does business with. Several types of Phishing
include Spear-Phishing, Rock Phishing, and Pharming etc.
technical recommendations are as follows.
John is 42
years old and lives in Melbourne. He receives an email from his bank which says
his internet banking password needs to be changed. He clicks the link in the
email and resets his password. The next day, he realises that the email was not
actually from his bank. He checks his account and finds $1000 is missing. In
this case, John should immediately notify his bank. He should also report this
to the ACORN one of the Australian institutes working on these types of cyber
My in-depth technical
recommendations were included in detail in Assessment 2 on the same topic.
2) Denial of Service attacks
An attack on
a computer network which would cause a loss of service to the end users, the
controlled machines are called bots, slaves, or zombies. It also involves
flooding a computer with more requests than it can handle. This causes the
computer (e.g. a web server) to crash and results in authorized users being
unable to access the service offered by the computer. Examples are Bots, Denial
of Service Attack, and Crypto locker.
crime offences are defined in Commonwealth legislation within Part 10.7 –
Computer Offences of the Criminal Code Act 1995 and include:
intrusions (for example, malicious hacking) unauthorised modification of data,
including destruction of data distributed denial of service (DDoS) attacks
using botnets the creation and distribution of malicious software (for example,
viruses, worms, trojans). Each State and Territory in Australia has its own
legislated computer-related offences which are similar to the Commonwealth
Australia (the CERT) is the national computer emergency response team. It is
the single point of contact in Government for cyber security issues affecting
major Australian businesses. The CERT is part of the Australian
Attorney-General’s Department. It also works in the Cyber Security Operations
Centre, sharing information with the Australian Federal Police (AFP), the
Australian Security Intelligence Organisation (ASIO), and the Australian
Signals Directorate (ASD).
infringed if a person exercises one of the exclusive rights of the copyright
holder without authorization – the most significant of these are reproduction
132AI of the Copyright Act 1968 (Cth) makes it an indictable offence to
“distribute” a copyrighted work, with the intention of ‘trading’ or ‘obtaining
a commercial advantage or profit.’
stalking is analogous to traditional forms of stalking in that it incorporates
persistent behaviours that instil apprehension and fear. However, with the
advent of new technologies, traditional stalking has taken on entirely new
forms through mediums such as email and the Internet. Thus, it becomes cyber
mentioned legislative responses are the sections which cyber stalking incidents
see s.21A of the Crimes Act 1958 (Vic)
Criminal Code (Cth)