CRIME

By Jacopo Bellasio, Erik Silfversten, Eireann Leverett, Anna Knack, Fiona Quimbre, Emma Louise Blondes, Marina Favaro, Giacomo Persi Paoli

The government of Estonia requested support from the European Commission under Regulation (EU) 2017/825 to analyse new and emerging technological developments and identify their potential application in cybercrime. In May 2019, RAND Europe was commissioned by the European Commission Structural Reform Support Service to conduct a study (ref: SRSS/C2018/092) aimed at:Conducting an analysis of future technologies and how these could be used to commit or prevent cybercrimes.Proposing possible ways to prevent future technologies from being exploited for criminal purposes.

To meet the objectives of the study, RAND Europe (i) took stock of current knowledge of and policy on cybercrime as well as of completed and ongoing research on future trends in cybercrime; (ii) conducted horizon scanning activities to identify new and emerging technologies that may have an impact on cybercrime; (iii) engaged with stakeholders and experts to elicit their views on current and future cybercrime and technology trends; and (iv) designed and delivered a table-top exercise to help identify possible policy and legislative measures and initiatives to be adopted in order to prevent new and emerging technologies from being exploited for cybercrime purposes. This document presents an overview of results emerging from activities conducted under the study.

Key Findings

The next decade will likely see an increase in the speed and coverage of connectivity which will contribute to an overall increase in the volume and speed at which different types of cybercrime are conducted.The proliferation of Information Technology-enabled devices, systems, and services will result in an increase in the attack surface and vulnerabilities that could be leveraged by malicious actors.Developments in the fields of computing and data storage technologies, paired with a proliferation of devices, are expected to result in an increased ability to record, generate, store, access and manipulate data.Advances in computing power, accompanied by developments in the fields of artificial intelligence and machine learning, are expected to contribute to a growing ability to process and analyse data, allowing to infer from these new insights and results which are beyond the reach of current analytical capabilities.Technological advances are expected to result in increasing complexity as regards the tracking and attribution of criminal and malicious activities.The consolidation of the internet economy around a limited number of key players, and an increasing societal reliance on their products and services, may raise challenges such as contributing to the widespread emembedding of vulnerabilities with the potential to yield large-scale systemic effects when leveraged.While this study focuses on the impact that technology may have on cybercrime, a wide variety of other non-technical drivers and factors are also expected to influence this phenomenon over the coming decade.

Recommendations

Pursue broad cybercrime capacity building in light of technological development.

Strengthen the overall cybersecurity resilience of Estonia through awareness, education and capacity building.

Seek legal, regulatory and organisational agility.

Prepare the Estonian legal, regulatory and organisational environment to adequately respond to cybercrime challenges resulting from technological change.

Invest in technologies relevant to the Estonian context.

Ensure that Estonia has sufficient technological expertise, skills and research in relation to high-priority emerging technologies.

Santa Monica, CA: RAND, 2020. 13p.

By April Miin Miin Chai, Kylie S. Reale

This study explores the offender, victim, and environmental characteristics that significantly influence the number of days a sexual homicide victim remains undiscovered. Utilizing a sample of 269 cases from the Homicide Investigation Tracking System database an in-depth analysis was conducted to unveil the factors contributing to the delay in the discovery of victims' bodies. The methodological approach involves applying a negative binomial regression analysis, which allows for the examination of count data, specifically addressing the over-dispersion and excess zeros in the dependent variable - the number of days until the victim is found. The findings reveal that certain offender characteristics, victim traits, and spatio-temporal factors play a pivotal role in the time lag experienced in locating the bodies of homicide victims. These findings have crucial implications for investigative efforts in homicide cases, offering valuable insights that can inform and enhance the efficacy and efficiency of future investigative procedures and strategies.

Behavioral Sciences & the Law; May 2024

By Alistair Henry and Shane Horgan

This project sought to begin a process of scoping out and developing criminological perspectives on videogames and the social worlds of videogames and gamers through two interactive workshops. Its starting orientation was social interactionism and the understanding of video games as meaningful and affective places and spaces of interaction, presence, and ‘being’. This orientation sees videogames as potential spaces of cultural expression, symbolic representation, meaning-making, and identification; as interactive spaces of (real and imagined) participation and collaboration; and as ‘social worlds’ which participants inhabit and in which they exercise (some) agency in negotiating their deviance and compliance.

These digital social worlds are part of the fabric of everyday experience for many people who already
drift continuously between presence across different facets of the digital technoscape (including internet, social media and gaming) and the analogue world, potentially finding meaning, connection and identification across them all. This project was thus, from the outset, situated in the study of video games and video gaming within traditions of social interactionism and the sociology of deviance, but it also sought to contribute directly to more recent developments in the field exploring the importance and effects (and affects) of representational forms, symbols, and cultural narratives, such as within visual, cultural and narrative criminologies.

In relation to videogames themselves, the project aimed to be open minded and not restrictive about what could be included. For example, although ‘crime’ features within many video games as a dimension of the narrative, action, or game world, many games do not feature ‘crime’ but feature, or can be played in ways, that signify deviance or compliance. Therefore, the project did not restrict itself to the study of ‘crime games’, or any particular category of games, but remained open to the diverse forms that videogames take (in terms of subject matter, genre, platform etc.).

Glasgow: 

Scottish Centre for Crime and Justice Research, University of Glasgow

2024. 17p.

By The Global Initiative Against Transnational Organized Crime

   The illegal wildlife trade (henceforth IWT) is one of the world’s most lucrative criminal activitiesand much of the trade takes place online. The phenomenon has tremendously harmful effects on biodiversity and animal welfare, while it also exacerbates the risk of spreading zoonic diseases.2 Most online IWT occurs in the open online space – on e-commerce platforms, social media and messenger services such as WhatsApp – where sellers freely showcase wildlife or wildlife products to potential buyers. The ease with which illegal advertisements can be found online reflects the high level of impunity (and the low level of risk) enjoyed by those engaged in the trade.3 The online illegal wildlife trade is characterized by several key trends. First, traffickers exploit a diverse array of online platforms, spanning social media, marketplaces, messaging apps and encrypted channels to market and distribute illegal wildlife products. Second, online IWT is characterized by global reach, transcending geographical boundaries and regulatory jurisdictions, thereby making enforcement of wildlife protection laws a complex undertaking. Finally, the phenomenon has led to the fragmentation of traditional supply chains, with small-scale traders and individual sellers operating alongside larger criminal syndicates. Having a larger number of potential targets makes it difficult for law enforcement to efficiently prioritize and dismantle trafficking networks.5 Defining online illegal wildlife trade Recent publications have shed light on the alarming surge in IWT occurring on the internet.6 A significant hindrance in combating this crime is the dearth of data regarding the scale of the market, its dynamics, modus operandi and resultant consequences, especially on a global scale. To address this issue, ECO-SOLVE is developing a Global Monitoring System to monitor online IWT systematically and to gather global data to feed into law enforcement action and to inform policymaking. By identifying areas of high pressure on endangered species and ecosystems, surveillance activities can enable targeted interventions to prosecute traffickers and wider criminal networks

involved in this trade. Consistent monitoring may help to detect emerging trends and shifts in IWT, allowing for timely responses to new threats and challenges. This is the first in a series of Global Trend Reports, which will be published during the three year ECO-SOLVE project. Two or three of these reports will be published every year, to highlight important trends in online IWT and to contextualize these trends. Drawing on findings generated by the Global Monitoring System – a network of AI enabled ‘data hubs’ in key countries, which monitor online IWT – each Global Trend Report will showcase the latest trends in statistical data, specifically the number of adverts found, the numbers and types of species advertised and the number of platforms that host these adverts. Diving deeper into individual topics, these reports will offer regional breakdowns and include sections that contextualize and analyze findings, while also investigating changes in regulations and their effects on online IWT as well as trends in law enforcement. The reports will also discuss case studies of online IWT. This first report will set the stage for reports to come. It will review past trends in efforts to monitor the online IWT, trends in regulation and other government policies towards IWT, and the evolving role of civil society and law enforcement in responding to the phenomenon.   

Geneva, SWIT: The Global Initiative Against Transnational Organized Crime, 2024. 26p.

By  Council for Court Excellence and Office of the D.C. Auditor

While much attention is being paid to youth crime rates in D.C., little is known about the circumstances of justice-involved young people. This report finds that one characteristic many share is involvement in the child welfare system due to parental abuse and neglect. This report examines how effectively the District – and in particular the Child and Family Services Agency (CFSA) and the Department of Youth Rehabilitation Services (DYRS) -- serve young people who have had involvement in both child welfare and youth justice systems, that is, crossover youth. 

The fundamental finding of the audit is that the District lacks a unified approach to addressing the needs of these vulnerable young people. D.C. leaders are unable to accurately identify the number and traits of crossover youth in our community, to coordinate the services being offered or supervision being provided, to target specialized programming for these youth, or provide appropriate resources for their families and caregivers.

The new report includes the following key findings:  

• There is no single unified source of public data related to crossover youth in the District, making it difficult to understand the number and needs of this vulnerable population. 

• CFSA and DYRS undercount the number of crossover youth in their care because they only count dual-jacketed youth, rather than youth involved in both agencies at any point in their lives. CFSA and DYRS identified only 8 crossover youth in FY 2023, while CCE analysis of court records indicated 93 youth at the end of FY2022 were involved with the delinquency system and had current or past child welfare involvement. 

• Crossover youth are essentially invisible to CFSA and DYRS; neither clearly recognizes this population in their current operating documents, systems, policies, or practices, and their rights as justice-involved youth are not clearly identified in the Bill of Rights for Children in Foster Care. This impedes the agencies’ ability to address the special needs and manage cases of these young people, and can leave youth in New Beginnings and other facilities unaware of their rights.

• CFSA and DYRS do not sufficiently collaborate or communicate regarding crossover youth.   

Some of the report’s recommendations include:  

• D.C. Council should ensure the Office of the Ombudsperson for Children (OFC) has sufficient authority and funding to analyze and report on crossover youth annually. 

• CFSA and DYRS should reestablish the “Crossover Youth Steering Committee” to identify, manage and serve crossover youth in their care.

• CFSA and DYRS should identify and track crossover youth in their case management systems.

• CFSA and DRYS staff should be trained on the unique needs of crossover youth. Additionally, parents and foster parents should receive training and resources to help identify and meet the needs of youth who are, or are at risk of becoming, crossover youth. 

Washington, DC: Council for Court Excellence and Office of the D.C. Auditor, 2024. 125p.

By  United Nations Office on Drugs and Crime (UNODC).

  The United Nations Office on Drugs and Crime (UNODC) is proud to present this introductory analysis of darknet-enabled threats against Southeast Asian countries, which has been made possible through strong partnerships with global and regional law enforcement and justice authorities, together with private industry and academia. The report was produced thanks to kind voluntary funding from the Government of Japan. This report assesses the Darkweb from user, criminal and law enforcement perspectives with a particular focus on cybercriminality targeted at Southeast Asian countries. Darknets (i.e. networks on the Darkweb) provide the ideal environment for a wide range of criminal activities. Just as new threats appear on the Clearnet (i.e. the regular Internet), darknets can facilitate similar attacks that provide perpetrators with a greater degree of anonymity. This anonymity makes investigation and prevention more challenging, but still possible. There has been a consistent increase in darknet and Darkweb usage, both for legitimate and illegitimate reasons, whilst the COVID-19 pandemic also appears to have given rise to darknet cybercrime, including by criminals with no previous cyber experience. Despite this, there is an overall paucity of darknet criminality data specific to Southeast Asia. There is little prioritisation of darknet criminality in the region, either in policy or practice. This creates risk from the criminality itself, which is compounded by the limited political, policy and law enforcement response. There is an absolute need for a ministerial lead on cyber affairs, in each country, to ensure that law enforcers receive necessary political support to undertake the most challenging operations. Many criminal activities conducted over darknets are predictable and preventable. UNODC and its partners work hard to address these challenges by supporting and encouraging policy development, research, training and capacity building support in Southeast Asia. Awareness is fundamental for addressing cybercrime. Given, however, the challenges posed by darknets, stakeholders must increase their commitment and cooperation to developing policy, sharing intelligence and enhancing international cooperation to counter darknet crime nationally, regionally and internationally. This UNODC analysis will inform policymakers in Southeast Asia, including through the annual Senior Officials Meeting on Transnational Crime (SOMTC), as well as supporting law enforcement and judicial cooperation, and providing opportunities for darknet-focused crime prevention. 

  2020. 64p.

By Priyanka Goonetilleke, Alex Knorre, Artem Kuriksha

We present a comprehensive description of Hydra, the largest darknet marketplace in the world until its shutdown in April 2022. We document the main features of Hydra such as dead-drop delivery, feedback and reputation system, escrow, and dispute resolution. Using data scraped from the platform, we quantitatively examine the scale and the structure of the marketplace. We find that it has been highly competitive, geographically covering at least 69% of the Russian population and trading a wide variety of drugs, while also allowing the wholesale trade of drugs and precursors. The dead-drop delivery system used on Hydra was expensive, as the courier costs comprised a substantial proportion of the sale price of drugs on Hydra. We contribute to the research on drug cryptomarkets by studying an unprecedentedly large non-Western marketplace that existed substantially longer than any other known darknet market.

Policy Implications

The phenomenon of Hydra shows that shut-down policies applied to darknet marketplaces have a large effect and implicitly shape the whole drug market. Without these policies, a pervasive digitalization of the drug trade can occur. The major cost of allowing marketplaces to grow is the probable increase in the consumption of illegal drugs due to convenience for consumers and facilitated cooperation between suppliers. This cost must be weighed against the potential benefits, including a higher quality of drugs, a decrease in potential violence, and the incentives for a large marketplace to self-regulate. The case of Hydra also suggests the relevance of financial regulation to limit the growth of darknet marketplaces.

Criminology and Public Policy, Volume22, Issue4

Special Issue: Cybercrime and Cybersecurity

November 2023

Pages 735-777

By Adam Clark

Cybersecurity is the practice of protecting IT systems, devices, and the data they hold from unauthorised access and interference (known as cyber attacks). This briefing focuses on policy and legislative efforts to improve the UK’s cybersecurity. It does not discuss cyber in the context of military operations. Cybersecurity policy is a reserved matter, as are many related policy areas such as national security, product safety and consumer protection. In devolved matters, such as education, the devolved administrations have their own strategies for implementing the UK Government’s overarching cyber policy. Who carries out cyber attacks? The cyber threat to the UK comes from a range of actors, including state and state-sponsored groups, financially motivated criminal organisations, and ‘hacktivists’ with political aims. The boundaries between these groups can be unclear. For examples, cyber criminal groups can operate with the implicit backing of states, choose targets for political reasons, or sell their cyber attack services to others (known as ‘as-a-service’ business models). How are cyber attacks carried out? Cyber attacks typically involve malicious software (known as ‘malware’) being executed on the target’s system. Malware is an umbrella term for various types of software designed to damage, disable, and extract data from computer systems. Cyber attackers deliver malware to the target’s IT system by exploiting technical vulnerabilities and human error, then run the malware to achieve their aim (such as stealing or encrypting data). An estimated 95% of cyber attacks succeed because of human error. This includes ‘active’ errors such as opening malicious email attachments and ‘passive’ errors such as using weak passwords. 

Research Briefing.

London: House of Commons Library, 2024. 68p.

By Miranda Bruce, Jonathan Lusthaus, Ridhi Kashyap, Nigel Phair, Federico Varese

Cybercrime is a major challenge facing the world, with estimated costs ranging from the hundreds of millions to the trillions. Despite the threat it poses, cybercrime is somewhat an invisible phenomenon. In carrying out their virtual attacks, offenders often mask their physical locations by hiding behind online nicknames and technical protections. This means technical data are not well suited to establishing the true location of offenders and scholarly knowledge of cybercrime geography is limited. This paper proposes a solution: an expert survey. From March to October 2021 we invited leading experts in cybercrime intelligence/investigations from across the world to participate in an anonymized online survey on the geographical location of cybercrime offenders. The survey asked participants to consider five major categories of cybercrime, nominate the countries that they consider to be the most significant sources of each of these types of cybercrimes, and then rank each nominated country according to the impact, professionalism, and technical skill of its offenders. The outcome of the survey is the World Cybercrime Index, a global metric of cyber-criminality organised around five types of cybercrime. The results indicate that a relatively small number of countries house the greatest cybercriminal threats. These findings partially remove the veil of anonymity around cybercriminal offenders, may aid law enforcement and policymakers in fighting this threat, and contribute to the study of cybercrime as a local phenomenon.

PLOS ONE,  April 10, 2024

https://doi.org/10.1371/journal.pone.0297312

By The Australian National Audit Office

Australian Government entities are attractive, high-value targets for a range of malicious cybercriminals because they hold the personal and financial information of Australians. In 2022–23, approximately 31 per cent of cyber security incidents reported to the Australian Signals Directorate (ASD) were from non-corporate Commonwealth entities. Over 40 per cent of these cyber security incidents were coordinated, low-level malicious cyberattacks directed specifically at the Australian government, government shared services, or regulated critical infrastructure. Ransomware was the most destructive cybercrime threat in 2022–23, and continues to pose considerable risk to Australian government entities, businesses and individuals.

Previous audits conducted by the ANAO identified low levels of cyber resilience in entities. Low levels of cyber resilience continue to make entities susceptible to cyberattack and reduce business continuity and recovery prospects following a cyber security incident. An entity’s preparedness to respond to and recover from a cyberattack is a key part of cyber resilience. This audit was conducted to provide assurance to Parliament about the effectiveness of the selected entities’ implementation of arrangements for managing cyber security incidents.

In preparing audit reports to the Parliament on cyber security in Australian Government entities, the interests of accountability and transparency must be balanced with the need to manage cyber security risks. The ASD has advised the ANAO that adversaries use publicly available information about cyber vulnerabilities to more effectively target their malicious activities.

The extent to which this report details the cyber security vulnerabilities of individual entities was a matter of careful consideration during the course of this audit. To assist in appropriately balancing the interests of accountability and potential risk exposure through transparent audit reporting, the ANAO engaged with ASD to better understand the evolving nature and extent of risk exposure that may arise through the disclosure of technical information in the audit report. This report therefore focusses on matters material to the audit findings against the objective and criteria and contains less detailed technical information than previous audits.

Key findings:

• The implementation of arrangements by AUSTRAC and Services Australia to manage cyber security incidents has been partly effective. Neither entity is well placed to ensure business continuity or disaster recovery in the event of a significant or reportable cyber security incident.

• AUSTRAC has partly effective cyber security incident management procedures for investigating, monitoring and responding to cyber security incidents. It has established management structures and a framework of procedures to support these processes. It has not detailed the responsibilities for its Chief Information Security Officer (CISO), its approach to continuous monitoring and improvement reporting, or defined timeframes for reporting to stakeholders.

• Services Australia is partly effective in its design of cyber security incident management procedures. It has established a framework of procedures and an incident response plan. It has not documented an approach to threat and vulnerability assessments. Services Australia does

•  not have a policy covering the management of cyber security incidents.

  Auditor-General Report No. 38 2023–24

Canberra: Australian National Audit Office, 2024. 103p.