Read-Me.Org
Open Access Publisher and Free Library
01-crime.jpg

CRIME

CRIME-VIOLENT & NON-VIOLENT-FINANCLIAL-CYBER

Countering Ransomware Financing

By The Financial Action Task Force (FATF)

Ransomware attacks target individuals, businesses and government agencies, across the world. The impact of these attacks can be devastating for individuals, government agencies and business activity and even disrupt essential infrastructure and services.

This FATF report analyses the methods that criminals use to carry out their ransomware attacks and how payments are made and laundered. Criminals are almost exclusively using crypto, or virtual assets and have easy access to virtual asset service providers around the world. Jurisdictions with weak or non-existent AML/CFT controls are therefore of concern.

The report proposes a number of actions that countries can take to more effectively disrupt ransomware-related money laundering. This includes building on and leveraging existing international cooperation mechanisms, given the transnational nature of ransomware attacks and related laundering. Authorities also need to develop the necessary skills and tools to quickly collect key information, trace the nearly instantaneous financial transactions and recover virtual assets before they dissipate. The multi-disciplinary nature of ransomware also means that authorities must extend their collaboration beyond their traditional counterparts to include cyber-security and data protection agencies.

The FATF also finalized a list of potential risk indicators that can help public and private sector entities identify suspicious activities related to ransomware.

Paris: The Financial Action Task Force (FATF) 2023. 54p.

Crime, Justice, Rule of LawRead-Me.Orgransomware, virtual assets, financial crime, FATF, cybersecurity, AML, international cooperation
A Randomized Controlled Trial of the Scenarios and Solutions Gang Prevention Program

By Stacy Calhoun

This randomized controlled trial to assess the effectiveness of a curriculum-based gang prevention program in addressing gang risk factors within a school setting encountered delays and challenges in implementing the program and completing the study. Despite challenges, progress was made as the clinic adapted to the evolving circumstances. Although the clinic lost its dedicated space, it successfully established Memorandums of Understanding (MOUs) with two new school districts where they implemented their universal screening program and services at one middle school and two high schools. Despite efforts by the clinic team, school staff, and SSGP facilitator to enhance student engagement during the project performance period through special events, motivating students to submit signed enrollment forms and to attend clinic and group appointments remained challenging. Participation in this study allowed the clinic to significantly expand its focus, addressing gang risk factors on a much broader scale than before. Despite facing substantial challenges, including adapting to COVID-19 disruptions, forming relationships in new school districts with differing policies, and coping with the loss of dedicated clinical space and staff, the clinic has remained committed to refining their processes to better support these students. Moreover, the clinic has taken a proactive role in educating stakeholders about the potential of integrating gang prevention services within school-based systems of care.

Los Angeles: Department of Psychiatry and Biobehavioral Sciences University of California, Los Angeles, 2024. 29p.

Violence and Oppression, CrimeKevin Picogang prevention, randomized controlled trial, crime prevention, youth violence
Murdered and Missing Indigenous Relatives (MMIR) Task Force for the Utah Legislature Policy, Best and Emerging Practices, and Current Issues in Utah

By:Jessie Austin, Nicole MartinRogers, Anna Granias, Maria Robinson, and Leticia Risco

Indigenous relatives are disproportionately likely to experience violence, be murdered, or go missing compared to other demographic groups. In Utah, although they make up just 1.5% of the population, American Indian and Alaska Native relatives account for over 5% of all murder victims (Utah Department of Health and Human Services, 2023). In 2020, the Utah Legislature created the Murdered and Missing Indigenous Women and Girls Task Force (renamed the Murdered and Missing Indigenous Relatives Task Force in 2023; MMIR; Utah H.B. 116, 2020; Utah H.B. 25, 2023). The Task Force’s responsibilities include conducting Tribal consultation on issues related to the MMIR injustice, developing model protocols and procedures, identifying best practices related to case investigation and prosecution, and conducting community education and outreach. This report addresses nine key topics of relevance to murdered and missing Indigenous relatives which emerged throughout the research process: 1. Reporting and initial investigation of missing person cases 2. Communication and alert systems 3. Review and investigation of unresolved (“cold”) cases 4. Death investigation 5. Jurisdiction issues and government-to-government collaboration 6. Data issues 7. Victim and family services 8. Prevention 9. Media reporting For each topic, the report presents major findings based on an analysis of the results from interviews with key informants, and listening sessions with family members of MMIR victims and community members in Utah; an inspection of existing federal and state legislation; and a review of relevant research literature. Based on these findings, the report:  Describes the policy context, identifying laws relevant to murdered and missing Indigenous relatives  Provides insight on best and emerging practices, including some protocols for effective investigations  Identifies issues which affect missing persons and homicide investigations related to Native Americans in Utah  Offers recommendations This summary synthesizes the findings across topics and identifies common themes in the report. The full report provides more detailed information, including extensive references. This summary presents the overarching themes that define and perpetuate MMIR injustice in Utah. These themes are based on a literature review, key informant interviews, and listening sessions with family members of Indigenous relatives who are missing or died by murder or other suspicious circumstances and other community members. Each section of the full report explores these issues in more depth.

Salt Lake City: Utah Legislature, 2023. 130p.

Violence and Oppression, CrimeRead-Me.Orgmurdered and missing indigenous relatives, indigenous rights, indigenous justice, native american rights
MISSING OR MURDERED INDIGENOUS WOMEN: New Efforts Are Underway but Opportunities Exist to Improve the Federal Response

By The United States Government Accountability Office

According to researchers, AI/AN women in the U.S. experience higher rates of violence than most other women, and tribal and federal officials have stated that this incidence of violence constitutes a crisis. Various federal officials and tribal stakeholders have raised concerns about challenges with cross-jurisdictional cooperation and a lack of comprehensive national data on cases. GAO was asked to review the federal response to the missing or murdered AI/AN women crisis. This report examines the extent to which (1) the number of missing or murdered AI/AN women in the U.S. is known and (2) DOJ and DOI have taken steps to address the crisis. GAO reviewed available data on missing persons and violent deaths, relevant reports, and agency documentation, including agency policies and procedures. Using agency data—which were determined to be reliable for location selection— and qualitative factors, GAO selected seven locations to interview federal, state, local, and tribal law enforcement officials; tribal officials; and nongovernmental victim service providers on the federal response to the crisis. What GAO Recommends GAO is making four recommendations, including that DOJ develop a plan for how it will accomplish ongoing analyses of missing or murdered AI/AN women data and that DOJ and DOI both develop plans to implement the requirements in Savanna’s Act and the Not Invisible Act of 2019 that remain unfulfilled past their statutory deadlines. Both agencies concurred with our recommendations.

GAO-22-104045

Washington, DC: U.S. Government Accountability Office, 2021. 68p.

Crime, Violence and Oppression, JusticeRead-Me.Orgfederal response to mmiw, indigenous women, indigenous rights, missing persons, indigenous justice
Redefining Missing in the Third Space of Sovereignty: Collaborative Governance

By Melanie Fillmore

This three-article dissertation addresses how Indigenous and non-Indigenous state and non-state policy actors collaborating on Idaho missing and murdered Indigenous persons (MMIP) policy shift the Integrative Framework for Collaborative Governance (IFCG) policy context to the ‘third space of sovereignty’ (Bruyneel, 2007). In a space of competing narratives of authority across time, and space, paper one addresses how Indigenous and non-Indigenous policy actors are shaped by the “drivers” of collaboration. The second paper addresses three key configurations of collaborative governance regimes. The third paper reassesses the scope of Idaho MMIP through a comparison of MMIP cases in 2021 and 2023 as a policy impact. Findings suggest Indigenous policy actors develop consequential incentives, collaborative governance regimes, and assess the scope of MMIP to redefine missing within the‘third space of sovereignty’.

Boise, ID: Boise State University 2024. 179p.

Criminal Justice, Violence and OppressionRead-Me.Orgcollaborative governance, sovereignty, indigenous rights, indigenous governance
HCR33 Report: Idaho’s Missing & Murdered Indigenous Persons

By Melanie L. Fillmore and Lane K. Gillespie, et al.

House Concurrent Resolution No. 33 (HCR33) was introduced in the Health and Welfare Committee, and passed by both houses of the Legislature in March 2020. HCR33 recognizes Missing and Murdered Indigenous Persons (MMIP) as a crisis in Idaho, designates May 5th as a day of awareness for MMIP, and supports efforts to further investigate incidence rates, underlying causes, and possible solutions through collaborative efforts. Public testimony in support of the resolution came from a diverse group of stakeholders, including legislative sponsors, the U.S. Attorney for the District of Idaho, tribal legal and justice practitioners, and Indigenous advocates. The following passages serve as a reminder of the central role of Idaho’s tribes, and the opportunities and challenges in addressing MMIP.

Missing Persons • Missing persons cases are dynamic and missing persons data may represent individuals or incidents of missing persons. There are more incidents than individuals, as some individuals go missing more than once. Understanding this distinction is important to understanding the impact of MMIP in terms of people and resources. • Idaho’s average missing persons rate is approximately 10.59 per 100,000 persons. The average rate for Indigenous persons in Idaho is 18.99 per 100,000 persons. • A disproportionate percentage of Idaho’s missing persons are identified as Indigenous, as much as 2.1 times their proportion of the population. • Approximately 63% of Idaho’s Indigenous missing persons have been missing for more than 1 year. • Most of Idaho’s Indigenous missing persons are female (75%), in contrast with Idaho’s non-indigenous missing persons of which 28.8% are female. • Fifty percent of Idaho’s Indigenous missing persons went missing as adults and 50% went missing as juveniles. Among non-indigenous missing persons, 61.5% went missing as adults and 33.5% as juveniles. • On average in Idaho, there are 81.6 Indigneous missing persons entries in NCIC each year; and entries for Indigneous missing persons average 3.39% of annual missing persons entries in the state. • In 2020, NCIC entries for Indigenous persons were 3.38% of total entries in Idaho, compared to 1.76% of total entries nationwide. Homicide • Indigenous persons are disproportionately represented in deaths attributable to assault (3.05 times their proportion of the population). • There is variation across homicide data sources in counting potential Indigenous murder victims. • Homicide cases involving Indigenous persons occur in tribal jurisdictions and non-tribal jurisdictions

Submitted to the Idaho Legislature, September 30, 2021.2021. 59p.

Crime, violence and oppressionRead-Me.OrgIdaho, indigenous women, indigenous rights, criminal justice
Between the aisles: A closer look at shoplifting trends.

By E. Lopez

With the holiday season upon us, shopping at store locations throughout the nation will increase. Bigger crowds are a welcome sight for retailers, but they also amplify concerns about shoplifting and the safety of the shopping experience for consumers and employees alike.

This report builds on a previous Council on Criminal Justice (CCJ) shoplifting report and CCJ’s ongoing crime trends reports by exploring recent trends in shoplifting for the nation’s three largest cities—Chicago, Los Angeles, and New York. It also examines seasonal trends for a sample of 23 cities and takes a closer look at shoplifting data available from the FBI.

Key Takeaways

Data collected through the fall of 2024 for Chicago, Los Angeles, and New York suggest that shoplifting levels remain higher than pre-2020 rates. Chicago, in particular, experienced notably elevated rates of reported shoplifting through the first 10 months of this year. In 2023, rates were 10% lower in Chicago, 87% higher in Los Angeles, and 55% higher in New York than in 2019.

Over the past several years, shoplifting rates were higher in November and December than they were during earlier months of the year, coinciding with increased in-person retail activity. Because shoplifting rates in a 23-city sample for the first half of 2024 are higher than in 2023, it is likely that the reported shoplifting rate for the full year will rise from 2023 to 2024.

Two national sources of law enforcement data on reported shoplifting—both available from the FBI—show different trends. Statistics from the Summary Reporting System (SRS) suggest that reported shoplifting in 2023 was the same level as in 2019. However, rates from the National Incident-Based Reporting System (NIBRS), show that shoplifting was 93% higher in 2023 than it was in 2019.

It is unclear why there is a sizable difference between these two sources. One possibility is that law enforcement agencies recently added to the group providing data through NIBRS reported disproportionally higher levels of shoplifting, even after adjusting for an increase in population coverage. Clear guidance from the FBI on the limitations of the data and the implications of using certain sources of FBI crime data is needed

Washington, DC: Council on Criminal Justice. 2024. 9p.

Crime, Criminal JusticeRead-Me.Orgshoplifting, retail theft, store crime, theft trends, shoplifting patterns
Shoplifting Trends in Time and Space: A Study of Two Major American Cities.

By B. Boxerman and K. Cundiff

This report focuses on reported shoplifting in Chicago, IL, and Los Angeles, CA, from 2018 through 2023. It uses incident location data to examine reported shoplifting prevalence and concentration in both cities and how these have been affected by the COVID-19 pandemic. It also examines how patterns in reported shoplifting may be related to the concentration of retail establishments. The pandemic is central to this analysis because property crime patterns, especially for larceny and shoplifting, are sensitive to changes in patterns of activity, such as the major shifts in public life that occurred under stay-at-home orders in response to the emergence of the COVID-19 pandemic. This report is focused on the periods directly before, during, and after the pandemic to lend context to the increased interest and attention related to shoplifting at the national level.

Key Takeaways

In Chicago, the year-end rate of reported shoplifting was 11.6% lower for 2023 than it was for 2018. In Los Angeles, the rate for 2023 was 77% higher than it was for 2018.

Prior to the pandemic, the shoplifting rate in Los Angeles was less than half that of Chicago. By the end of 2023, the difference between the two cities had narrowed and the Los Angeles rate was 17.7% lower than that of Chicago.

In Chicago, the top 5% of all reported shoplifting locations by address had 68.5% of all reported shoplifting from 2018 to 2023. In Los Angeles, the top 5% of addresses had 62.8% of all reported shoplifting during this period.

Shoplifting patterns between the cities differed greatly. Chicago shoplifting clustered in two geographically close areas, while shoplifting in Los Angeles was distributed across multiple smaller areas that were less concentrated than in Chicago.

In Chicago, areas with substantial concentrations of retail outlets did not consistently experience concentrated amounts of shoplifting. In Los Angeles, however, there was considerable overlap between retail and shoplifting clusters.

Both cities saw large drops in reported shoplifting in 2020, likely due to store closures at the start of the COVID-19 pandemic. For both cities, in 2020 and 2021, shoplifting was less prevalent and concentrated in fewer areas.

Portions of both cities that were not high-shoplifting areas before and during the pandemic began to experience increases in shoplifting after the pandemic (2022 and 2023).

Shoplifting in both cities was often highly concentrated in places with high concentrations of other crimes, such as other types of theft and violent offense

Washington DC: Council on Criminal Justice, 2024.

CrimeRead-Me.Orgshoplifting trends, retail theft, crime patterns, urban crime, city crime study
Crime and the Labor Market

By Randi Hjalmarsson, Stephen Machin, Paolo Pinotti

The economics of crime has emerged as a critical field over the past 30 years, with economists increasingly exploring the causes and consequences of criminal behavior. This paper surveys key contributions and developments from labor economists, who investigate the (often two-way) intersection of crime with labor market factors, such as education, wages, and unemployment. The paper underscores the importance of understanding criminal decision-making in economic analysis through the lens of opportunity costs and labor market conditions. Methodological advancements, particularly those addressing causation, have propelled the field forward, enabling more accurate conclusions to be drawn for policy recommendations. The paper also explores the role of social policies and international contexts, emphasizing the need for evidence-based reforms to effectively reduce crime. This comprehensive review underscores the transformative impact of economics on crime research and its potential to influence real-world policies.

IZA DP No. 17423 Bonn: IZA – Institute of Labor Economics , 2024. 66p.

Crime, JusticeRead-Me.Orglabor market, unemployment, job access, employment, crime trends
Exported Crime Guns and Domestic Gun Deaths

By David Blake Johnson and Jason Szkola

Existing research examining gun violence often faces criticism because of complications related to gun laws and gun culture. In this manuscript, we argue that these elements change the overall quality of gun owners and this quality has a significant effect on homicide. To demonstrate this, we introduce a measure of gun owner quality independent of local law enforcement and possibly indicative of illegal or dubious transfer of firearms: the time to crime of "exported" crime guns. We find that decreases in the time to crime of exported crime guns increase homicides and gun homicides while also having no effect on non-gun homicides and only a small effect on suicide. We then show how the time to crime of exported crime gun changes as a function of gun culture and gun laws.

Unpublished paper, 2024, 25p.

Justice, WeaponsRead-Me.Orggun trafficking, crime guns, gun laws, gun lawsgun culture, firearm policy, homicide
Inequities in Community Exposure to Deadly Gun Violence by Race/Ethnicity, Poverty, and Neighborhood Disadvantage Among Youth in Large US Cities

By Nicole Kravitz-Wirtz,  Angela Bruns , Amanda J Aubel , Xiaoya Zhang , Shani A Buggs

Understanding the burden of gun violence among youth is a public health imperative. While most estimates are based on direct and witnessed victimization, living nearby gun violence incidents may be consequential too. Yet detailed information about these broader experiences of violence is lacking. We use data on a population-based cohort of youth merged with incident-level data on deadly gun violence to assess the prevalence and intensity of community exposure to gun homicides across cross-classified categories of exposure distance and recency, overall and by race/ethnicity, household poverty, and neighborhood disadvantage. In total, 2–18% of youth resided within 600 m of a gun homicide occurring in the past 14–365 days. These percentages were 3–25% for incidents within 800 m and 5–37% for those within a 1300-m radius. Black and Latinx youth were 3–7 times more likely, depending on the exposure radius, to experience a past-year gun homicide than white youth and on average experienced incidents more recently and closer to home. Household poverty contributed to exposure inequities, but disproportionate residence in disadvantaged neighborhoods was especially consequential: for all racial/ethnic groups, the difference in the probability of exposure between youth in low vs high poverty households was approximately 5–10 percentage points, while the difference between youth residing in low vs high disadvantage neighborhoods was approximately 50 percentage points. Given well-documented consequences of gun violence exposure on health, these more comprehensive estimates underscore the importance of supportive strategies not only for individual victims but entire communities in the aftermath of gun violence.

J Urban Health, 2022 Jun 7, 16p.

Crime, Violence and Oppression, Social ScienceRead-Me.Orggun violence, youth, racial disparities, neighborhood disadvantage, public health, community exposure
Overdoses in Federal Drug Trafficking Crimes

 By The United States Sentencing Commission

  More than 780,000 Americans died from a drug overdose in the last ten years. Overdose deaths have increased more than 300 percent from the level two decades ago. The number of such deaths has continued to increase in recent years, with the Centers for Disease Control reporting that 91,799 people died of drug overdoses in 2020, 106,699 in 2021, 107,941 in 2022, and 105,007 in 2023. Provisional data shows a recent decline in overdose deaths beginning in late 2023 and continuing into 2024. Overdoses remain one of the leading causes of deaths in adults in the United States. While fentanyl and fentanyl analogues, methamphetamine, cocaine, and heroin are the drugs most often involved in these deaths, synthetic opioids like fentanyl— which is up to 50 times more potent than heroin—contribute to nearly 70 percent of overdose deaths. In this report, the Commission examines all overdoses identified in drug trafficking cases reported to the Commission for fiscal years 2019 to 2023. One or more deaths occurred in more than three-quarters of these cases, while no deaths occurred in the remaining cases. The Commission is able to collect information about the overdoses reported in these cases through the sentencing documents the courts provide to the Commission in every case.8 Using that information, this report provides an analysis of the 1,340 individuals sentenced for a federal drug trafficking offense involving an overdose in fiscal years 2019 to 2023. In it, the Commission analyzes the demographic characteristics of these individuals, the offense conduct that occurred in the case, and how the courts sentenced these individuals—including the application of sentencing guideline provisions that provide for heightened base offense levels when the offense of conviction established that death or serious bodily injury resulting from an overdose occurred, or departures from the guideline range for death or physical injury, or how often courts varied from the guideline range for a similar reason. Additionally, in this report, the Commission provides the results of a special data collection project to explore the outcome of each overdose, the type of drug involved in the overdose, the victim’s knowledge of the drug they were taking, and the sentenced individual’s conduct during the offense.  

Washington, DC, USSC, 2025.   52p.

Crime, Violence and OppressionRead-Me.Orgdrug trafficking, fentanyl, overdose deaths, sentencing, synthetic opioids, federal cases, criminal justice
Cyber Insurance and the Ransomware Challenge 

By Jamie MacColl, James Sullivan, Jason R C Nurse, Sarah Turner, Gareth Mott, Edward Cartwright and Anna Cartwright  

The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. Over a 12-month research project, researchers from RUSI, the University of Kent, De Montfort University and Oxford Brookes University conducted a series of expert interviews and workshops to explore the relationship between cyber insurance and ransomware in depth. This paper argues that there is, in fact, no compelling evidence that victims with cyber insurance are much more likely to pay ransoms than those without. Ransomware remains one of the most persistent cyber threats facing the UK. Despite a range of government, law enforcement and even military cyber unit initiatives, ransomware remains lucrative for criminals. During this research, we identified three main drivers that ensure its continued success: 1. A profitable business model that continues to find innovative ways to extort victims. 2. Challenges around securing organisations of all sizes. 3. The low costs and risks for cybercriminals involved in the ransomware ecosystem, both in terms of the barriers to entry and the prospect of punishment. Despite this perfect storm of factors, the cyber insurance industry has been singled out for criticism with the claim that it is funding organised cybercrime by covering ransom payments. In reality, cyber insurance’s influence on victim decision-making is considerably more nuanced than the public debate has captured so far. While there is evidence that cyber insurance policies exfiltrated during attacks are used as leverage in negotiations and to set higher ransom demands, the conclusion that ransomware operators are deliberately targeting organisations with insurance has been overstated. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cybercriminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort. But the lack of clearly defined negotiation protocols and the challenges around learning from incidents make it difficult to develop a sense of collective responsibility and shared best  practices around ransomware response. This has not been helped by the UK government’s black-and-white position on ransom payments, which has created a vacuum of assurance and advice on best practices for ransom negotiations and payments. This paper does not advocate for an outright ban on ransom payments or for stopping insurers from providing coverage for them. Instead, it makes the case for interventions that would improve market-wide ransom discipline so that fewer victims pay ransoms, or pay lower demands. Ultimately, this involves creating more pathways for victims that do not result in ransom payments. Beyond ransom payments, cyber insurance has a growing role in raising cyber security standards, which could make it more difficult to successfully compromise victims and increase costs for ransomware operators. Successive years of losses from ransomware have led to more stringent security requirements and risk selection by underwriters. Although the overall effect of this on the frequency and severity of ransomware attacks remains to be seen, by linking improvements in security practices to coverage, cyber insurance is currently one of the few market-based levers for incentivising organisations to implement security controls and resilience measures. However, continued challenges around collecting and assessing reliable cyber risk and forensic claims data continue to place limits on the market’s effectiveness as a mechanism for reducing ransomware risk. This, along with cyber insurance’s low market penetration, makes clear that cyber insurance should not be treated as a substitute for the legislation and regulation required to improve minimum cyber security standards and resilience. Insurers are also commercial entities that primarily exist to help organisations transfer risk, rather than to improve national security and societal cyber resilience. The cyber insurance industry could be a valuable partner for the UK government through increased ransomware attack and payment reporting, sharing aggregated claims data, and distributing National Cyber Security Centre (NCSC) guidance and intelligence to organisations. However, the government has not made a compelling enough case to insurers and insureds about the benefits of doing so. Instead, it has relied on appealing to their general sense of altruism. While insurers will benefit if governments are able to generate more accurate and actionable data on ransomware, albeit indirectly, this needs to be sold to the industry in a more convincing way. Some principles and recommendations for both the insurance industry and the UK government are listed below. These are not designed to solve all the challenges of the cyber insurance market, nor do they present wide-ranging solutions to the ransomware challenge. Instead, they focus on where the cyber insurance industry can have the most impact on key ransomware drivers. This reflects the fact that disrupting the ransomware economy involves applying pressure from different angles in a whole-of-society approach. The recommendations also start from the position that the UK government’s light-touch approach is unsustainable and requires more intervention in private markets that are involved in ransomware prevention and response. While they are specifically aimed at UK policymakers, regulators and insurers, they may be applicable to other national contexts     

London: Royal United Services Institute for Defence and Security Studies, 2023.  84p.

Rule of Law, Justice, CrimeRead-Me.Orgransomware, insurance coverage, negotiation protocols, cyber resilience, policy recommendations
Cyber Insurance and the Cyber Security Challenge 

By Jamie MacColl, Jason R C Nurse and James Sullivan 

  GOVERNMENTS AND BUSINESSES are struggling to cope with the scale and complexity of managing cyber risk. Over the last year, remote working, rapid digitalisation and the need for increased connectivity have emphasised the cyber security challenge. As the pursuit of approaches to prevent, mitigate and recover from malicious cyber activity has progressed, one tool that has gained traction is cyber insurance. If it can follow the path of other insurance classes, it could play a significant role in managing digital risk. This paper explores whether cyber insurance can incentivise better cyber security practices among policyholders. It finds that the shortcomings of cyber insurance mean that its contribution to improving cyber security practices is more limited than policymakers and businesses might hope. Although several means by which cyber insurance can incentivise better cyber security practices are identified, they have significant limitations. Interviewees from across government, industry and business consistently stated that the positive effects of cyber insurance on cyber security have yet to fully materialise. While some mature insurers are moving in the right direction, cyber insurance as a whole is still struggling to move from theory into practice when it comes to incentivising cyber security. If this is to change, the insurance industry must overcome significant challenges. One is the competitiveness of the nascent cyber insurance market over the last two decades. Most of the market has used neither carrots (financial incentives) nor sticks (security obligations) to improve the cyber security practices of policyholders. The industry is also struggling to collect and share reliable cyber risk data that can inform underwriting and risk modelling. The difficulties inherent in understanding cyber risk, which is anthropogenic and systemic, mean insurers and reinsurers are unable to accurately quantify its causes and effects. This limits insurers’ ability to accurately assess an organisation’s risk profile or security practices and price policy premiums accordingly. The spectre of systemic incidents such as NotPetya1 and SolarWinds2 has also limited the availability of capital for cyber insurance markets. However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals. These add fuel to the fire by incentivising cybercriminals’ engagement in ransomware operations and enabling existing operators to invest in and expand their capabilities. Growing losses from ransomware attacks have also emphasised that the current reality is not sustainable for insurers either.

To overcome these challenges and champion the positive effects of cyber insurance, this paper calls for a series of interventions from government and industry. Some in the industry favour allowing the market to mature on its own, but it will not be possible to rely on changing market forces alone. To date, the UK government has taken a light-touch approach to the cyber insurance industry. With the market undergoing changes amid growing losses, more coordinated action by government and regulators is necessary to help the industry reach its full potential. The interventions recommended here are still relatively light, and reflect the fact that cyber insurance is only a potential incentive for managing societal cyber risk. They include: developing guidance for minimum security standards for underwriting; expanding data collection and data sharing; mandating cyber insurance for government suppliers; and creating a new collaborative approach between insurers and intelligence and law enforcement agencies around ransomware. Finally, although a well-functioning cyber insurance industry could improve cyber security practices on a societal scale, it is not a silver bullet for the cyber security challenge. It is important to remember that the primary purpose of cyber insurance is not to improve cyber security, but to transfer residual risk. As such, it should be one of many tools that governments and businesses can draw on to manage cyber risk more effectively.   

RUSI Occasional Paper, June 2021, London: Royal United Services Institute for Defence and Security Studies , 2021. 68p.

Social Science, Rule of Law, CrimeRead-Me.Orgcyber insurance, cyber risk, digital security, ransomware, insurance market, cybersecurity policy
Common Challenges in Cybercrime: 2024 Review

By Eurojust and Europol

This report is a collaborative effort between Eurojust and Europol that addresses persistent and emerging challenges in cybercrime and investigations involving digital evidence. Key challenges include management of massive volumes of data, legal uncertainties following the invalidation of the Data Retention Directive, and technologies that create barriers to accessing data.

Just like in the previous edition, this 2024 review identifies and categorises challenges from both the law enforcement and judicial perspectives. However, this report includes a second part focusing on legislative tools that could alleviate those challenges and their practical application.

Europol, 2025. 18p

Crime, CybercrimeRead-Me.Orgcybersecurity, digital crime, cyber threats, online fraud
This Job Post Will Get You Kidnapped: A Deadly Cycle of Crime, Cyberscams, and Civil War in Myanmar

By Emily Ferrguson and Emma Schroeder

Following decades of cyclical insecurity in Myanmar, conflict reached a new level following a coup d’etat in 2021 during which Myanmar’s military, the Tatmadaw, deposed the democratically elected National League for Democracy government. Meanwhile, criminal syndicates, entrenched primarily in Special Economic Zones (SEZs) like Shwe Kokko within Myanmar’s Karen state, have expanded and evolved their criminal operations throughout this evolving conflict. The Tatmadaw forces have intertwined themselves in complicated and carefully balanced alliances to support the ongoing conflict, including with the Karen State Border Guard Force (BGF) . As the Tatmadaw and BGF look to sustain themselves and outlast each other, they have found allies of convenience and alternative funding sources in the criminal groups operating in Karen state. In the last two years, organized criminal groups in Myanmar have expanded their activities to include forms of profitable cybercrime and increased their partnership with the BGF , which enables their operations in return for a cut of the illicit profits. Since roughly 2020, criminal syndicates across Cambodia, Myanmar, Laos, and Thailand have largely lured individuals with fake offers of employment at resorts or casinos operating as criminal fronts where they are detained, beaten, and forced to scam, steal from, and defraud people over the  internet The tactics—kidnap-to-scam operations—evolved in response to the pandemic and to the Myanmar civil war, allowing criminal groups to build on existing networks and capabilities. These operations do not require significant upfront investment or technical expertise, but what they do need is time—time that can be stolen from victims trapped in the region’s already developed human trafficking network. The profits that these syndicates reap from victims around the globe add fuel to the ongoing civil war in Myanmar and threaten the stability of Southeast Asia. These groups entrench themselves and their illicit activities into the local environment by bribing, partnering with, or otherwise paying off a key local faction within the Myanmar civil war, creating an interconnectedness between regional instability and profit-generating cybercrime. What is unfolding in Myanmar challenges conventional interpretations of cybercrime and the tacit separation of criminal activities in cyberspace from armed conflict. The criminal syndicates, and their BGF partners, adapted to the instability in Myanmar so effectively that each is financially and even existentially motivated to perpetuate this instability. This paper explores the connectivity between cybercriminal activities and violence, instability, and armed conflict in a vulnerable region, exploring how cybercrime has become an effective vehicle through which nonstate actors can fund and perpetuate conflict. The following section examines the key precipitating conditions of this case, traces the use of cyber scams to create significant financial losses for victims across the world, sow instability across Southeast Asia, exacerbate the violence in Myanmar, and, finally, considers the risks that this model could be adopted and evolved elsewhere. This paper concludes with implications for the policy and research communities, highlighting the ways in which conflict can move, unbounded, between the cyber and physical domains as combatants and opportunists alike follow clear incentives to marry strategic and financial gain.

Washington, DC: Digital Forensic Research Lab (DFRLab) at the Atlantic Council, 2023. 16p.

Crime, CybercrimeRead-Me.Orgcivil war, Myanmar, human trafficking
Lipstick on a Slaughtered Piggybank: Civil RICO Against “Pig Butchering” Cryptocurrency Investment Schemes

By Samantha B. Larkin

Niki Hutchinson, at twenty-four years of age, decided it was time to start dating. She thought she connected with a guy named Hao on Hinge, a dating website. The two started messaging and formed a bond after Hao told Niki he was born in the same town in China from which she was adopted. After learning she recently lost her mom, Hao offered to help Niki make money with her inheritance and told her he knew how to invest in cryptocurrency. While Niki was initially skeptical, Hao eventually instructed Niki on how to make wire transfers from her bank account to Crypto.com, an exchange platform. Through illustrated screenshots and text messaging, Hao described to Niki exactly how to use the platform. From there, Hao convinced Niki to transfer her crypto assets to another website. On the second platform, Niki saw profits in her account and decided to keep investing. She even convinced her father to invest in cryptocurrency too. But when Niki went to withdraw her virtual funds, she was informed that she needed to pay the tax bill with a new transfer of capital to release her earnings. The realization then set in that Niki and her dad lost over $390,000 to scammers. The scam Niki encountered is called “pig butchering.” Pig butchering is a billion-dollar industry of loss, draining American bank accounts, according to official government publications. Scammers abroad invented the term, referring to the concept of “fattening a pig before the slaughter,” where the goal is to nourish trust and confidence in a virtual relationship before conning the victim out of their money and slaughtering their savings. Cryptocurrency is the signature of the scheme. According to complaints received by the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3), the typical targets in crypto-investment scams are individuals between the ages of thirty and forty-nine. Aiming at young professionals with disposable income, these scammers vet their targets to ensure a level of sophistication with technology and susceptibility to emotional manipulation. Scammers then coach their targets into virtual exchanges on false websites, where the victims are manipulated into believing they are making a profit. Their investments increase over time, typically until the victim attempts to cash out their illusory gains, and then the scam reaches its final stage: the victim is informed they need to pay exorbitant taxes or fees with fresh crypto transfers in order to release their funds. In reality, their assets were already gone. (continued)

Roger Williams University Law Review, Volume 30, Issue 1 (2025) Winter 2025, 47p.

Crime, CybercrimeRead-Me.Orgcivil RICO, cryptocurrency, investment schemes, financial crime
Casinos, cyber fraud, and trafficking in persons for forced criminality in Southeast Asia

By Deanna Davy

The transnational organized crime (TOC) landscape in Southeast Asia has evolved dramatically in recent years. Trafficking in persons for the purpose of forced criminality to commit online scams and financial fraud, particularly occurring in Special Economic Zones (SEZs) and other areas of Cambodia, Lao People’s Democratic Republic (PDR), and Myanmar, as well as other destination countries (including Malaysia, and the Philippines), has emerged as a new and growing trend. Trafficking in persons for forced criminality has been driven by organized crime groups in the region, which operate in a remarkably open way. Their illicit activities are linked to various legal and illegal entertainment establishments, such as casinos, hotels, and registered companies (businesses), which operate from compound-like buildings where victims are harbored and forced to commit, or be complicit in, cyber-enabled crimes. This phenomenon of trafficking for forced criminality has recently become prominent in Southeast Asia, though it had already been identified in many parts of the world. The United Nations Office on Drugs and Crime (UNODC) 2022 Global Report on Trafficking in Persons1 has indicated a considerable increase in the identification of trafficking in persons for the purpose of committing criminal offences, currently reaching 10.2% of all reported trafficking cases globally. Trafficking for forced criminality (or for exploitation in criminal activities) can be understood as trafficking in persons for the purpose of exploitation of victims through forcing or otherwise compelling them to commit criminal acts for economic or other gains of traffickers or exploiters. While not included in the definition of the UN Protocol to Prevent, Suppress and Punish Trafficking in Persons (Trafficking in Persons Protocol) explicitly, exploitation in criminal activities has been incorporated into the trafficking definition of many countries around the world. In the Southeast Asia region, currently only Malaysia has incorporated this form of exploitation into domestic legislation. Nevertheless, the intent of traffickers, the methods.

United Nations Office on Drugs and Crime (UNODC), 2023. 50p.

Crime, CybercrimeRead-Me.Orgcasinos, cyber fraud, human trafficking, forced criminality, Southeast Asia
The virtual asset ecosystem in El Salvador: risks and challenges to counter financial crime

By Global Financial Integrity and the Cyrus R. Vance Center for International Justice

On September 7, 2021, El Salvador became the first country in the world to adopt Bitcoin as legal tender. Two years later, the country has undergone technological change and growth, faced operational and regulatory challenges, and learned a tremendous amount in the process. This joint publication by the Vance Center and Global Financial Integrity (GFI) analyzes virtual assets (VAs) in El Salvador, first from a legal and regulatory perspective, as well as from an anti-money laundering (AML) and counter-terrorism financing (CFT) perspective The first half of the report analyzes the current regulatory landscape in El Salvador regarding Bitcoin and VAs. El Salvador has taken a major leap in embracing technological innovation, specifically in the digitalization of the financial system, through adopting bitcoin, cryptocurrencies, and digital assets. The country has established a regulatory framework encompassing the Bitcoin Law, the Digital Assets Issuance Law, and the Innovation and Manufacture of Technologies Promotion Law. These laws aim to provide a supportive environment for individuals and businesses engaging in transactions involving digital currencies while fostering innovation and technology manufacturing within the nation.

As a result, El Salvador is poised to become a leading proponent of emerging technologies across various sectors of its economy. Due to the dynamic nature of the subject matter and the ongoing efforts to standardize these frameworks internationally, the report identifies additional areas that may still require regulation.

The second half of the report analyzes VAs in El Salvador from an AML/CFT perspective. The report approaches these issues from the perspective of the Financial Action Task Force (FATF), which states that “the cornerstone (…) is the risk-based approach which emphasizes the need for countries to identify and understand the money laundering (ML) and terrorism financing (TF) risks they are exposed to.”

Understanding risks enables countries such as El Salvador to take mitigating measures and to deploy limited resources effectively. In this regard, the report analyzes financial crime risks for the most common predicate offenses for ML in El Salvador, considering drug trafficking, extortion, migrant smuggling, and misappropriation of public funds (peculado). The report also assesses financial crime risks related to specific operational features or developments within El Salvador’s VA ecosystem.

The report concludes with policy recommendations that can help El Salvador to maximize the benefits and minimize the risks associated with financial innovation. Key recommendations include:

Policymakers in El Salvador should urgently adopt reforms strengthening AML/CFT as well as ensuring robust oversight over VAs. These reforms are particularly important in light of El Salvador’s upcoming Mutual Evaluation.

The Government of El Salvador, and specifically the Central Reserve Bank (BCR) and the National Commission of Digital Assets (NCDA), should engage with the legal and business community in developing regulations and technical standards according to need and practice for the Bitcoin Law and Digital Assets Issuance Law, following international best practices.

Lawyers and law firms advising companies wanting to operate in El Salvador should enhance compliance mechanisms to verify client backgrounds to prevent criminal actors from entering the national financial system.

All relevant government agencies should ensure transparency and access to public information, including contractual and operational processes, fraud and mismanagement investigations, and the use of public funds, per domestic laws and international standards.

The BCR should incorporate information on government Bitcoin purchases into the Balance of Payments and other similar documents.

The Superintendence of the Financial System (SSF) should require that Chivo Wallet collect information on legal persons opening Chivo Wallet accounts in line with the requirements for legal persons to open other types of financial accounts. In addition, Chivo Wallet should maintain beneficial ownership information for legal persons using Chivo Wallet, in line with FATF Recommendation 15’s interpretive guidance and similar to the requirements for financial institutions.

Considering that financial institutions and other obligated entities submit suspicious transaction reports (STRs) for crypto transactions, the Financial Intelligence Unit (FIU) of El Salvador and other government authorities should provide education and training opportunities to the financial sector and other obligated entities regarding identification of red flag indicators in crypto transactions. This will help to ensure that STRs contain relevant information and reflect an informed understanding of the risks.

Washington, DC: Global Financial Integrity 2023. 63p,

CrimeRead-Me.Orgvirtual assets, El Salvador, financial crime, cryptocurrency, financial regulation
Colorado Crime and Aurora’s Experience with Auto Theft

By Paul Pazen, Thomas Young, DJ Summers and Cooper Pollard

Colorado’s crime rate is not back to its pre-pandemic level. Both local and state authorities are currently attempting to find policy solutions.

Some localities have created policies and procedures that go beyond state guidelines in an effort to control crime. The City of Aurora implemented mandatory minimum sentencing guidelines for auto theft in 2022, for example, the year that Colorado’s and Aurora’s auto theft rates were highest. This policy led to a decrease in the auto theft rate in the city beyond what was seen statewide. In 2023, state lawmakers tried to address auto theft with passage of SB23-097. This bill did not implement mandatory minimum sentences, but instead made it a felony to commit auto theft regardless of the value of the vehicle. The law went into effect on July 1, 2023.

Using Aurora’s experience as a guide, CSI attempted to assess what the economic savings would be if the state were to experience the same decrease in auto theft, shoplifting, and overall crime that Aurora did after implementing its ordinance.

Key Findings

The share of auto theft in Aurora was 19% in July 2022. Since the passage of Aurora’s ordinance, known as “Mandatory Minimum Sentences for Motor Vehicle Theft,” the share averaged 16% from August 2022 through December 2024, representing a three percentage point decrease from the pre-August 2022 period.

A market model predicting auto theft in Aurora suggests there were 723 fewer auto thefts in Aurora from August 2022 to December 2024, a 6% decline relative to other large cities in the state.

For automobile crime, a 6% decline equates to $16.3 million in economic savings for Aurora from August 2022 through December 2024. For the largest city in the state, Denver, the economic savings would be $37.3 million over the same 29 months.

In contrast to Aurora’s experience, initial model results on the state impact from its 2023 effort was less pronounced at a 3% reduction in auto theft.

If Aurora’s experience is indicative of the potential savings of a similar statewide approach to crime, a 6% decline in crime statewide for all reported criminal offenses would have equated to $1.8 billion in economic savings in 2024, or roughly $774 per Colorado household.

Changes in local crime are not uniform across the state, however. The change in crime over the past five years varies widely by city and county.

Greenwood Village, CO : Common Sense Institute, 2025, 18p

CrimeRead-Me.Orgcolorado crime, auto theft, law enforcement, public safety, crime trends