Organised Crime Groups in Cyberspace - A Typology

Trends Organ Crim (2008) 11:270–295
DOI 10.1007/s12117-008-9038-9
Organised crime groups in cyberspace: a typology
Kim-Kwang Raymond Choo
Published online: 11 July 2008

# Springer Science + Business Media, LLC 2008
Abstract Three categories of organised groups that exploit advances in information

and communications technologies (ICT) to infringe legal and regulatory controls: (1)
traditional organised criminal groups which make use of ICT to enhance their terrestrial
criminal activities; (2) organised cybercriminal groups which operate exclusively
online; and (3) organised groups of ideologically and politically motivated individuals
who make use of ICT to facilitate their criminal conduct are described in this article. The
need for law enforcement to have in-depth knowledge of computer forensic principles,
guidelines, procedures, tools, and techniques, as well as anti-forensic tools and
techniques will become more pronounced with the increased likelihood of digital
content being a source of disputes or forming part of underlying evidence to support or
refute a dispute in judicial proceedings. There is also a need for new strategies of
response and further research on analysing organised criminal activities in cyberspace.
Keywords Organised crime groups . Cybercrime . Technology-enabled crime .

Digital evidence
Introduction
The declining importance of dial-up connections and the expansion of broadband

services have created an environment in which connections are maintained
continually. Investment in network expansion by telecommunications companies
will see a further expansion in capacity that will result in an increase in bandwidth
availability and greater adoption of wireless and mobile technologies. As businesses
continue to engage in electronic commerce, they will become increasingly globalised
and interconnected. Australia, for example, has experienced a considerable increase
The views expressed in this article are those of the author alone and not the Australian Government or the
Australian Institute of Criminology.
K.-K. R. Choo (*)
Australian Institute of Criminology, GPO Box 2944, Canberra, ACT 2601, Australia
e-mail: Raymond.choo@aic.gov.au
Trends Organ Crim (2008) 11:270–295 271
in electronic banking (APCA 2005). A correspondingly large increase in electronic

banking has also been observed overseas. For example, in the first quarter of 2008,
1.8 billion plastic card purchases were reportedly made in the UK totalling £91.1
billion (APACS 2008) and in the calendar year 2007, more than 18 billion automated
clearing house (ACH) payments were reportedly made in the USA (NACHA 2008).
This is perhaps due to the cost of an internet-based transaction being a small fraction
of a ‘bricks-and-mortar’ based transaction. The propensity for consumers to buy
online is indicated in a recent report that online spending on retail websites in United
States has exceeded US$100 billion (Ames 2007).
These, and other developments, create not only benefits for the community but also
risks of organised crime1 and terrorism. Although there have been questions raised
about the existence of organised criminal activities in cyberspace, several studies
have pointed out the synergy between organised crime and cyberspace in recent
years. McCusker (2006: 257), for example, suggested that ‘cybercrime has become
an integral part of the transnational threat landscape and conjures up pressing images
of nefarious and increasingly complex online activity.’ The cyberspace provides
organised crime groups a safe haven for the enhancement of their organisational and
operational capabilities. A recent inquiry in Australia also suggested that “high-tech
crime is an area of opportunity for organised crime groups to pursue new types of
crime” (Parliamentary Joint Committee on the Australian Crime Commission 2007:
ix). Undeniably, such (organised criminal) activities in cyberspace could have
serious implications on national security (e.g. political, economic and social).
Three types of organised crime groups2 are described: (1) traditional organised
crime groups3 which make use of ICT to enhance their terrestrial criminal activities;
(2) organised cybercrime groups4 which operate exclusively online; and (3)
organised groups of ideologically and politically motivated individuals who make
use of ICT to facilitate their criminal conduct.
Traditional organised criminal groups
Pursuit of financial gain has always been one of the main driving forces behind
traditional organised criminal groups.5 A recent report by the Organised Crime Task
1
Interested reader is referred to a recent article of Galeotti (2008) for an excellent overview of the history
of organised crime.
2
The definition of “organised criminal group” from Article 2 of the UN Convention on Transnational
Organized Crime is adopted in this article: a group having at least three members, taking some action in
concert (i.e., together or in some co-ordinated manner) for the purpose of committing a ‘serious crime’ and
for the purpose of obtaining a financial or other benefit. The group must have some internal organization or
structure, and exist for some period of time before or after the actual commission of the offence(s) involved.
3
In this article, traditional organised crime groups refer to crime groups known to be involved in
traditional criminal activities that took place in the physical world (e.g. murder, extortion, money
laundering and drug trafficking).
4
Organised cyber crime groups refer to online crime groups that may exist only in cyberspace such as
hackers groups.
5
Although many organised crime groups now aim at making money, several traditional ones (e.g. Italian
and Italian American mafia), as pointed out by one of the reviewers, may still aim at exercising political
power as well.
272 Trends Organ Crim (2008) 11:270–295
Force (OCTF) also suggested that ‘[o]rganised criminals are motivated by profit and
seek to increase their wealth by reinvesting in other criminal activities’ (UK OCTF
2007:19). For example, traditional organised criminal groups, often associated with
established smuggling networks, are known to be involved in profit-generating
criminal activities such as narcotics trafficking, human trafficking6 and nuclear
smuggling (e.g. ACC 2007, 2008). The Organized Crime and Triad Bureau (2007:7),
for example, reported that traditional organised criminal groups in Hong Kong (also
known as triads—黑社会) are mainly involved in extortion targeting businesses,
monopolising (e.g. transportation routes, movie production and entertainment
industries), bouncership in licensed premises (e.g. nightclubs), prostitution, drug
trafficking and illegal bookmaking. In Singapore, members of traditional organised
criminal groups (also known as secret societies—私会党) have also been known to
be involved in profit-generating criminal activities such as unlicensed moneylending
and collection of protection money from operators of KTV lounges and
entertainment outlets. In April 2007, seventeen members of an unlicensed money-
lending (UML) syndicate in Singapore were arrested under the Moneylender’s Act
(Cap 188) (SPF 2007).
Globalisation and migration trends have blurred national borders and accelerated
the transformation of crime, moving it away from its domestic base.
[L]arge-scale migration from the less developed countries to the western world
has resulted in ethno-nationality based criminal gangs with links to the home
country and preying on their own migrants especially illegals. So the Korean,
Vietnamese, Chinese, Russian (meaning former Soviet Union), Caribbean and
South American groups are well organized in the USA, UK and Europe. With a
large work force from their countries Indian, Pakistani, Sri Lankan and now
increasingly Bangladeshi gangs are well organized in the gulf countries. (Singh
2007: 80).
One such recent case involving ethno-nationality based criminal gangs preying on
their own migrant community includes the arrest of ‘four Chinese nationals who
own and operate a group of Asian massage parlors in the Johnson County (US DoJ
2007a). The indictment alleged that the four accused ‘aided and abetted each other
and others to transport at least one individual in interstate or foreign commerce to
Kansas City, MO, with the intent that such individual engage in prostitution at
purported massage parlors in Kansas’ (US DoJ 2007a).
In the Second Reading Speech for the Criminal Law (Temporary Provisions)
(Amendment) Bill, Associate Professor Ho Peng Kee, Senior Minister of State for
Law and Home Affairs in Singapore also pointed out that
Singapore is [also] vulnerable to infiltration by triads and organized criminal

gangs from countries such as Hong Kong, China, Japan and Malaysia. These
East Asian Gangs or “EAGs” are driven by profit and have no qualms about
6
Interested reader is referred to a recent article of Sein (2008) for an excellent overview of one major
human smuggling case in the USA—the case involving “Sister Ping”.
committing cross-border crimes if the opportunity arises. We must therefore be

constantly on guard (MHA 2004)
Despite governmental efforts in cracking down on organised criminal activities,

these criminal groups have recognised the value of leveraging information and
communication technologies (ICT) to facilitate or enhance the commission of
crimes and dynamic in identifying new opportunities and ways to overcome
counter-measures.7 They have adapted to the technological change and leveraged
ICT to facilitate their profit-generating criminal activities such as drug trafficking;
human trafficking; trafficking corporate secrets and identity information; committing
extortion, frauds and scams online; money laundering using online payment
systems; distributing illegal materials over the internet; and using the internet as a
marketplace to sell illegal counterfeit pharmaceutical products and drugs.
The Internet has provided a new and much larger marketplace for those involved
in the sale of counterfeit and pirated goods. Counterfeit drugs is one area which has
seen particular growth through the Internet, either due to the high cost of prescription
drugs, difficulty in obtaining them, or due to the embarrassment of a patient in
requesting a particular drug. The Internet offers counterfeiters a cheap and easy way
to publicise, market and distribute their product, making it a lucrative business for
organised criminal enterprises (UK OCTF 2007: 34).
A recent report also suggested that
serious organised criminals have increasingly exploited advances in technology,

particularly the growth of the Internet, to develop new crimes and transform
traditional ones. They have demonstrated the intent, imagination and ability to
exploit IT security weaknesses, and to identify new criminal opportunities
(SOCA 2006:10)
The involvement of traditional organised criminal groups in technology-enabled

crime now emphasises the importance of large-scale profit-driven incentives (Choo
and Smith 2008). Examples of traditional organised criminal groups involved in
technology-enabled crime include the highly structured and global criminal
syndicates such as the Asian triads and Japanese Yakuza whose criminal activities
have been known to include computer software piracy and credit card forgery and
fraud (Canadian Security Intelligence Service 2000, MSN—Mainichi Daily News
2006). A more recent incident involves the arrest of 12 members of a piracy
syndicate in People’s Republic of China (PRC) for copyright infringement offences
(Enforcement Bulletin 2007). The report released by the Officer of the United States
Trade Representative also noted that:
Harco Glodok (Jakarta, Indonesia) [is] one of the largest markets for counterfeit
and pirated goods, particularly well-known for pirated optical discs. Enforce-
7
It is not the intention of this article to discuss whether the use of technology by traditional organised
criminal groups (e.g. the triads in Hong Kong, the secret societies in Singapore and the Japanese Yakuza)
is a generalised phenomenon although recent incidents suggest that traditional organised criminal groups
are increasingly involved in technology-enabled crimes such as intellectual property offences.
ment officials are reportedly reluctant to conduct regular enforcement actions

because of the presence of organized criminal gangs (Office of the United
States Trade Representative 2007:8)
Traditional organised criminal groups are also ‘increasingly using false and stolen
identities to commit non-fiscal frauds’ (SOCA 2008:9). Other categories of
technology-enabled crimes that organised crime groups (including organised
cybercrime groups) are known to be involved in include:
& Computer or network intrusions such as hacking and unauthorised access to

obtain sensitive information. For example in May 2007, members of a six-
member group were indicted on conspiracy, wire fraud, bank fraud and money
laundering charges. The indictment alleged that the defendants acquired free
network scanning software ‘for the purpose of finding unsuspecting individuals’
and/or entities’ computers which did not have proper security features in place in
order to search for personal financial information such as financial account
numbers and passwords’ and accessed internet banking accounts using these
fraudulently obtained information (US DoJ 2007h). Money would then be
transferred from those accounts to a bank account controlled by the defendants
before transferring elsewhere.
& Phishing: online or internet scams that frequently use unsolicited messages
purporting to originate from legitimate organisation in order to deceive
individuals or organisations into disclosing their financial and/or personal
identity information for the purpose of using it to commit or facilitate crimes
such as fraud, identity theft and stealing of sensitive information (e.g. banking
credentials). Several researchers and security practitioners have also suggested
the involvement of organised crime groups in phishing scams (see Bequai
2001; CipherTrust 2005; McCombie 2007). In recent years, phishing messages
are increasingly targeting top executives at an organization or members of a
group—also known as spear phishing or whaling (Garretson 2007; McMillan
2008).
& Spam: unsolicited commercial e-mail that persuades email recipients to buy
products (e.g. stocks of companies whose stock prices had been inflated8) they
do not really want through oppressive or deceptive marketing techniques.
& Malware9 creation and dissemination: The recent UK Threat Assessment report
noted that ‘most new malware is designed to steal financial data (such as credit
card details, bank account details, passwords, PIN numbers) as a precursor to
various frauds and other deceptions’ (SOCA 2008:9).
8
Refer to the United States Securities and Exchange Commission on “Pump and Dump Schemes” for
more information—http://www.sec.gov/answers/pumpdump.htm
9
Malware, also known as malicious software, is designed to install itself on a computer without the
computer owner’s informed consent, particularly if it does so in a way that may compromise the security
of the computer. Malware includes Trojans, viruses and worms.
& Internet frauds and scams include Nigerian advance fee scam (also known as 419
scam),10 online auction frauds,11 identity and credit card frauds.12
& Identity fraud: As noted by SOCA (2008), organised criminal groups use identity
fraud to either conceal their identities in order to evade detection and protect their
assets from confiscation or as an enabler to commit various frauds and other
crimes.
Traditional organised crime groups have also been known to carry out extortion
from online gambling and pornography websites by threatening to carry out denial-
of-service attacks using botnets13 (e.g. Choo 2007; Evron 2008, Schrank 2007). In
recent years, traditional organised crime groups have been reported to recruit ‘a new
generation of high-flying cybercriminals using tactics which echo those employed
by the KGB to recruit operatives at the height of the cold war’ (McAfee 2006:2).
This should come as no surprise to long-time political observers. In countries such as
Russia where the lack of economic and employment opportunities have forced many
highly educated individuals with advanced computer and programming skills to
work in the cyber underground. Hacking organisations, cybergangs, and professional
hackers are resources that can be employed by traditional organised crime groups to
carry out technology-enabled crimes.
10
In such scams, the perpetrators often pretend to sell something that they do not have while requesting
for the payment in advance. Recent cases include the arrest of a group of 419 scammers by Dutch police in
February 2007 (Libbenga 2007) and the February 2008 arrest of a Nigerian citizen in Perth, Australia who
was alleged to be a an international A$1 million internet scam syndicate (AAP 2008).
11
Recent statistics (NW3C/FBI 2007) indicate that online auction fraud is the most prevalent offence type
reported to the Internet Crime Complaint Center. Out of 207,492 complaints between 1 January and 31
December 2006, online auction fraud accounted for 45% of the 86,279 cases referred to US law
enforcement agencies and 33% of the total reported dollar loss. It is important to recognise, however, that
in comparison with the total volume of online transactions the number of complaints remains relatively
small.
12
In a recent case, a defendant who is one of 17 individuals indicted on charges including Conspiracy to
Commit Offenses Against the United States, Fraud in Connection with Access Devices; Fraud in
Connection with Identification Documents, Authentication Features, and Information; Aggravated Identity
Theft; Conspiracy to Commit Money Laundering, and aiding and abetting these offenses, allegedly
obtained stolen credit and debit card account information by visiting Internet Relay Chat rooms and
forums run by cybercriminals. The defendant then allegedly encoded these fraudulently obtained credit
card information onto plastic cards with magnetic strips and used the plastic cards to withdraw money
from automated teller machines and automated cashier machines. Several other individuals were
reportedly recruited by the defendant to repatriate the proceeds of crime overseas—money mules. On
10 August 2007, the defendant was sentenced to 84 months in prison and was ordered to make
restitution to the victim banks, forfeit property which represented both the means used to commit
these offenses as well as the proceeds of the offenses, and serve a 3 year term of supervised release
(US DoJ 2007g).
13
A botnet is a network of individual computers infected with bot malware. These compromised
computers are also known as zombies or zombie computers. The zombies, part of a botnet under the
control of the botnet controller, can then be used as remote attack tools to facilitate the sending of spam,
hosting of phishing websites, distribution of malware, and mounting denial of service attacks. Among the
three botnet communication typologies identified by Cooke et al. (2005)—centralised, distributed P2P and
random—the most commonly used are the centralised and distributed P2P. Building botnets requires
minimal levels of expertise (Ianelli and Hackworth 2005). A brief two-step overview on how to build a
botnet is outlined by Choo (2007).
Traditional organised crime groups (and organised cybercrime groups) are also
known to hire money mules14 in the money laundering process. As Choo, Smith and
McCusker (2006:xxi) pointed out, ‘[o]rganised operations that make use of
conventional technology-enabled crime methodologies, such as financial scams or
piracy, will also increase as the use of networked computers for criminal purposes
develops.’
Organised cybercrime groups
Despite the synergy between traditional organised crime groups and cyberspace,
traditional organised crime groups should not be confused with organised
cybercrime groups that operate exclusively online. As Eugene Kaspersky, the
founder and head of research and development of the Russian anti-virus Kaspersky
Lab, observed:
IT criminals are just IT people who change their mind, or have a broken mind. It
seems that traditional criminals are quite far away from that. IT criminals don’t see
their victims, so it’s easier for them to do it, because they don’t feel their hand in
someone else’s pocket (Infosecurity 2007).
Different criminal activities call for different organisational structures and the
structure of organised cybercrime group is likely to incorporate an organisational
structure in which individual members coalesce for a limited period of time to
conduct a specifically defined task or set of tasks and, having succeeded, go their
separate ways. Organised cybercrime groups are also more loosely structured and
flexible, transnational and tend to have smaller membership sizes. Brenner explains
this as follow:
physical strength is insignificant [in the cyberworld]; a hacker surmounts a
victim’s defenses, not by summoning combined efforts of ten or twenty
hackers, but by using technology, automated techniques that enable one to
bypass electronic defenses. In the cyberworld, strength is in software, not in
numbers of individuals (Brenner 2002:27)
Technically sophisticated members
Technology-enabled crimes require the perpetrator to possess a minimum level of

technical knowledge and computer skills such as knowledge of software and
hardware vulnerabilities and how these vulnerabilities can be exploited, understand-
ing of file systems and operating systems, and programming skills. Kshetri
(2005:552) further suggested that “[while] minimal skill is needed for opportunistic
attacks, targeted attacks require more sophisticated skills.” Avi Rubin, professor of
14
Money mules are individuals hired by organised criminals to perform international wire fraud (AIC
2007) or to purchase prepaid cards, and the mailing or shipping of prepaid cards out of the country without
regulators being aware (Choo 2008). A recent example of individuals being recruited by organised crime
groups to repatriate criminal proceeds includes the example case reported in the 2005–2006 Asia/Pacific
Group on money laundering yearly typologies report (APG 2006:9).
computer science at Johns Hopkins University, also suggested that hackers are now
using academic resources more frequently and are more technically inclined than
traditional criminals (McGraw 2006). Moreover, to circumvent access control
technological protection measures in today’s commercial software, one would need
advanced technical knowledge of digital right management (DRM) mechanism and
the ability to manufacture circumvention devices for such technological protection
measures.
Subscribing to security bulletins and scholarly publications, for example, allows
cybercriminals to keep abreast of the latest security vulnerabilities and theoretical
vulnerabilities (AIC 2006). It is known that organisations generally do not patch
their systems immediately when security vulnerabilities appear, so cybercriminals
can take advantage of such vulnerabilities to compromise systems or to build
viruses. Some subscription- or members-only hacking-oriented sites contain updated
news alerts on system vulnerabilities including those discovered by members that
have yet to be publicised and step-by-step instructions on how to exploit known
vulnerabilities. Organised hacker groups such as cnxhacker and milw0rm have and
will continue to publicise vulnerabilities they discovered, written exploit code, and
developed sophisticated hacking techniques.
Examples of technically sophisticated organised cybercrime group members
include the case involving the arrest of the leader of a five-member computer hacker
group in 2001. The defendant was a former computer programmer at a Moscow
institute (BBC News 2001). In a more recent case involving the arrest of a credit
card skimming syndicate in Singapore, two of the six-member syndicate were
University undergraduates (CAD 2007).
Studies by Kshetri (2006) and Jen et al. (2006) also indicated that a sizeable
percentage of cybercriminals in Russia and Taiwan belong to the educated
generation Y group (defined as people born after 1982). While both studies are
academically robust in their methodology, it is important to note the small sample
sizes involved in the studies. Although this is often appropriate for in-depth
qualitative case studies that are published in the computer science and criminology
literature, the conclusions sometimes cannot be widely generalised to other
populations. Findings from both studies, however, support the view that cybercri-
minals can be expected to have technically sophisticated skills and corresponding
higher education.
Members who may know each other only online
There have been increasing reported incidents of cybercrime groups comprising like-
minded individuals who may know each other only online but are involved in the
use of an organisational structure working collectively towards a common (criminal)
goal as the internet makes it far easier to meet and plan activities—organised
cybercriminal groups. An example includes the case involving three individuals who
had never met in person and knew each other only online. All three were convicted
at London’s Southwark Crown Court of a conspiracy to rape a girl under 16, based
on a discussion in an internet chat room (GB CPS 2006).
Other examples include the underground criminal group, ‘Shadowcrew,’ that
reportedly trafficked more than 1.7 million credit cards online (USSS 2004) and the
underground software piracy group, ‘DrinkOrDie.’ In the latter example, a British

national living in Australia who is alleged to have a leading role in the global
activities of the ‘DrinkOrDie’ group credited with well-publicised activities
involving circumventing technological anti-copying protections and distribution of
commercial computer software, was extradited from Australia to the United States in
February 2007. He pleaded guilty in April 2007 before US District Judge Claude M.
Hilton to one count of conspiracy to commit criminal copyright infringement and
one count of criminal copyright infringement to face criminal charges in connection
with operating “DrinkOrDie” (US DoJ 2007e). On 22 June 2007, he was sentenced
to 51 months imprisonment (US DoJ 2007b).
Financially motivated cybercriminals
Several cases of organised hacking groups stealing credit card information have also
been reported. In a more recent incident, a hacker group allegedly involved in
stealing credit card data from TJX15 were “selling it on the [i]nternet on password-
protected sites used by gangs who then run up charges using fake cards printed with
the numbers” (Pereira 2007). Such stolen credit card data can then be used to make
fraudulent purchases (e.g. PP VS Kelvin Leong Jia Wen and Lim Xiang Rui as cited
in CAD 2006:24). In May 2007, a Calgary man was arrested for allegedly using the
internet to sell concealed devices designed to illegally capture data from bank ATM
users (van Rassel 2007).
In another case involving the indictment of 33 individuals in USA and Romania,

for their involvement in an international bank fraud ring in which Romanians
obtained personal credit information and American-based confederates created
bogus debit and credit cards that were used to fraudulently obtain millions of
dollars in cash. The 65-count indictment returned by a grand jury on Thursday
accuses 33 defendants of engaging in “phishing” and other surreptitious
methods via the Internet to obtain personal data on thousands of victims.
According to the indictment, the Romania-based members of the enterprise
obtained thousands of credit and debit card accounts and related personal
information by phishing, with more than 1.3 million spam emails sent in one
15
In the Federal Trade Commission complaint, it was alleged that ‘TJX, with over 2,500 stores
worldwide, failed to use reasonable and appropriate security measures to prevent unauthorized access to
personal information on its computer networks. An intruder exploited these failures and obtained tens of
millions of credit and debit payment cards that consumers used at TJX’s stores, as well as the personal
information of approximately 455,000 consumers who returned merchandise to the stores. Banks have
claimed that tens of millions of dollars in fraudulent charges have been made on the cards and millions of
cards have been cancelled and reissued’ (US FTC 2008:unpaginated). Several media articles further
suggested that between 45 and 90 million payment card accounts were, in fact, compromised as a result of
the data breach incident involving The TJX Companies Inc.’s (Abelson 2007; Goodin 2007; Vijayan
2007). On 27 March 2008, the US Federal Trade Commission announced that ‘discount retailer TJX and
data brokers Reed Elsevier and Seisint have agreed to settle charges that each engaged in practices that,
taken together, failed to provide reasonable and appropriate security for sensitive consumer information.
The settlements will require that the companies implement comprehensive information security programs
and obtain audits by independent third-party security professionals every other year for 20 years’ (US FTC
2008:unpaginated).
phishing attack. Once directed to bogus websites, victims were prompted to

enter information about their credit or debit cards, as well as personal
identifying information. Romanian “suppliers” collected the victims’ informa-
tion and sent the data to U.S.-based “cashiers” via Internet “chat” messages.
The U.S.-based cashiers used hardware called encoders to record the
fraudulently obtained information onto the magnetic strips on the back of
credit and debit cards, and similar cards such as hotel keys. Cashiers then
directed “runners” to test the fraudulent cards by checking balances or
withdrawing small amounts of money at ATMs. The cards that were
successfully tested, known as “cashable” cards, were used to withdraw money
from ATMs or point of sale terminals that the cashiers had determined
permitted the highest withdrawal limits. A portion of the proceeds was then
wire transferred to the supplier who had provided the access device information
(US DoJ 2008d: unpaginated)
Examples of known financially motivated cyber criminal groups include:
& In January 2007, two Dutch members of a hacking ring were sentenced to
imprisonment for their alleged roles in extortion of a company in the United
States, stealing identities to purchase cameras and games consoles, and
distributing bot malware16 (Libbenga and Leyden 2007).
& The ‘M00P virus-writing gang’: three suspected members of the gang were
arrested by the London Metropolitan Police Computer Crime Unit, the Finnish
National Bureau of Investigation and the Finnish Pori Police Department, in
connection with a conspiracy to infect computers with malware to create a botnet
(Jaques 2006). Botnets can then be rented out to willing parties to facilitate other
criminal activities such as spam. For example, a member of the ‘botmaster
underground’ pleaded guilty to computer fraud and spam offences connected to
his dealings in botnets. The defendant created new variants of the ‘rxbot’ and
distributed these variants to establish several botnets. He then offered to hire out
the botnets to others for the purposes of sending spam and launching distributed
denial-of-service (DDoS) attacks17, thus earning thousands of dollars. It was also
alleged that the defendant used the botnets to generate income from the
surreptitious installation of adware on the zombies. In May 2006, the defendant
was sentenced to 57 months in federal prison (US DoJ 2006).
& The ‘Mpack’ gang18 that was allegedly behind the cyberattack that had
successfully compromised the homepages of hundreds of legitimate Italian
16
Bot malware, a malicious program, allows attackers to remotely control vulnerable computers and form
virtual networks of zombies—botnets. Botnets can be leveraged to orchestrate concerted attacks against
other computing resources, for example, distributed denial of service (DDoS) attacks against targeted
networks (Choo 2007).
17
Distributed denial-of-service (DDoS) attacks are targeted attacks against specific website(s) by flooding
the web server(s) with repeated messages, tying up the system and denying access to legitimate users.
18
The MPack toolkit is allegedly being sold between US$700 (PandaLabs 2007) and US$1,000 (Keizer
2007).
websites. Keyloggers19 are then downloaded and installed on computers of

unwitting users visiting these compromised websites.
& The ‘Russian Business Network’ (RBN), an allegedly Russian-based group,
identified by VeriSign to be a criminal internet service provider of child
pornography, phishing sites designed to fool visitors into handing over their
banking details, and repositories of Trojan code and other malware (Miller 2007).
RBN also allegedly ‘runs a protection racket that extorts as much as US$2,000 a
month in fees for “protective Web services” from borderline sites’ (Keizer 2008).
& The botnet-for-rent Loads.cc group, which is reportedly ‘responsible for the
distribution and installation of massive amounts of malware: Spambots,
keyloggers, DDoS bots, adware and rootkits’ (Goodin 2008).
To evade the scrutiny of law enforcement agencies, organised cybercrime groups
have been reportedly building their own encrypted instant-message (IM) programs
such as CarderIM designed to establish a ‘secure’ channel to sell stolen financial and
personal information including credit card numbers and e-mail addresses (Kirk
2007a)—an underground economy. Although there are no known published statistics
involving monthly subscription-based services for malware updates being offered at
such underground economy sites, it is likely that such services will become
increasingly popular.
Symantec (2007) and the study by researchers from Carnegie Mellon University,
University of California Berkeley and University of California San Diego (Franklin
et al. 2007), for example, highlighted the emerging trend of underground economy
for the buying and selling of security vulnerabilities, stolen credit card and other
online credential information; and the sale of compromised hosts established on
public IRC servers. In another recent study, Zhuge et al. (2008) identified six actors
in the Chinese underground economy for the compromise, trade and exploitation of
virtual assets.
1. Virus writers are individuals who write malicious software (malware) for profit.
2. Website masters/crackers: website masters are individuals who attract potential
victims with freebies and redirect them to malware-infected sites and website
crackers are individuals who compromise websites by exploiting vulnerabilities
in these websites. The study suggested that the current market price is
approximately 40 to 60 RMB per ten thousand visits.
3. Envelope stealers, individuals with limited technical knowledge, typically buy
ready-to-use malware and other malware kits from virus writers and/or website
traffic from Website Masters/Crackers in order to steal login credentials and
other account information. The harvested login credentials and other account
information are then resold to Virtual Asset Stealers for profits.
4. Virtual asset stealers, individuals with limited or no technical knowledge but
possess a good understanding of the underground market, purchase login
19
Keyloggers (also known as keylogging programs) are designed to monitor user activity including
keystrokes. They can be used by cybercriminals to steal passwords or credit card details, which can then
be used for malicious purposes such as identity/online fraud.
credentials and other account information in order to steal valuable virtual assets
such as online gaming accessories and online gaming currency (e.g. QQ coins).
The stolen virtual assets are then resold for profit.
5. Virtual asset sellers are individuals who buy virtual assets from the underground
market at a very low price before selling to other legitimate players on the public
marketplaces at a profit.
6. Players are individual participants of online games.
Online paedophile rings
The enabling structure of the internet has resulted in new avenues for commercial
child exploitation including online child grooming for sexual contacts. The internet
has greatly facilitated the sharing of information and strategies for grooming children
for sexual purposes, and in so doing, reinforcing adult–child sex philosophies of
offenders.
One of the perpetrators, David Hines, who received a criminal sentence,
described how easy it was to obtain images of child pornography on the
Internet—within twenty-four hours of first going on-line he had found material.
He met other paedophiles. As with cyberstalking cases, this group of people
thought they were protected by the anonymity of the Internet, so they traded
sexually explicit images of children and talked about them. As a shy,
introverted person, again similar to those who perpetrate cyberstalking crimes,
he had found an instant set of friends. The problem was not just the trading of
images, but also the way that paedophiles had an easy way to contact each other
and to reinforce their beliefs that sex with children was not wrong, to promote
the ghastly idea that somehow these children were ‘in relationships’ with adults.
Paedophiles also shared information about how to ‘groom’ children for abuse
(Adam 2002: 13–140).
The availability of a market in which to trade child exploitation materials for
financial gain will provide criminals with financial incentives to commit online child
exploitation crimes. For example, an individual was recently charged in a United
States District Judge who allegedly ‘admitted ordering images depicting the sexual
exploitation of minors online during the summer of 2007.’ The defendant is scheduled
to be sentenced on 29 April 2008 (US DoJ 2007f). In a more recent incident, 90
individuals will reportedly be facing court in Australia for allegedly downloading
child abuse images on a worldwide child pornography network following a 6-month
nationwide investigation led by the Australian Federal Police (AFP 2008).
Organised cybercrime groups can also operate subscription-based private (by
invitation only) IRC rooms that involve the highly disturbing practice of live child
sexual abuse videos being streamed to these rooms, with the actual perpetrator
responding in real time to commands from other paying participants who can see the
images; and offer commercial sexual activities such as producing and selling child
pornography materials over the internet (e.g. internet chat room).
New information and communication technologies allow multiple images to be
produced from one digital recording of abuse and the transfer of images from
other media; the number of images involved gives little indication of the
number of children who are abused or the timescale over which the abuse has
occurred ... and there has been an increase in sexual exploitation of children
(Harrison 2006: 368).
Other online communications technologies such as Darknet (loosely related to
peer-to-peer networks) could potentially be abused by cybercriminals to distribute
propaganda, images of child abuse, or copyrighted digital files in a secure manner
to avoid the scrutiny of law enforcement agencies. Peer-to-peer networks could
also be abused by organised cybercrime groups to act as a consolidated
marketplace for child sexual abuse images. For example, in “Operation Peer
Pressure” conducted by the FBI in 2003, child sexual abuse images were
downloaded from offender’s computers via P2P networks. In a more recent case,
more than 700 suspects associated with the online paedophile ring20 operating the
UK-based Internet chatroom, “Kids, the Light of Our Lives,” were arrested
worldwide (UK CEOP 2007). As of March 2008, at least 22 individuals have been
arrested (14 in America,21 four in Germany and two each in Australia and the UK;
FBI 2008a).
With advances in communications technologies, there will be an increase in
avenues for child sexual offenders and cybercriminals to engage in online child
exploitation with little risk of being traced. Anonymity of communication can be
provided through the use of the Onion Router, an ‘anonymising protocol’ that allows
data to be routed through a network of servers. The latter uses cryptography to
obscure the data path and hence make it untraceable for law enforcement. The Onion
Router is used in the Wikileaks.org website designed for whistleblowers in
authoritarian countries to post sensitive documents on the internet without being
traced (Marks 2007).
Cybercriminals can also hide their online communications, digital images (e.g.
pictures chat room users placed in their profiles) and video files by using password
authentication, encryption and stenographic techniques. These can create serious
impediments to law enforcement and investigators in their efforts to combat online
grooming of children and other acts of child exploitation.
Ideologically and politically motivated cybercrime groups
Prior to September 11 2001, terrorism and organised crime were usually considered
separate entities because they did not share the same motivating factor (e.g. making a
political statement vs. profit). In recent years, there has been a noted convergence
between terrorism and organised crime where “two sides of the ‘organised’ debate
may in fact find greater solace, reward and operational fluidity through a
combination of their efforts” (McCusker 2006:266). A recent press release by the
20
According to a recent media release by the FBI, ‘[t]he ring, in fact, was run very much like a business,
with various players handling different roles, direction coming from the top down, and the sadistic images
serving as currency. Again, a sophisticated operation’ (FBI 2008a:unpaginated).
21
For example, see US DoJ (2008a, 2008b, 2008c).
FBI also noted that ‘[i]nternational organized criminals provide logistical and other
support to terrorists, foreign intelligence services, and foreign governments, all
with interests acutely adverse to those of U.S. national security’ (FBI 2008b:
unpaginated).
Warren (as cited in Charlton 2005) also noted that ‘Al Qaeda has turned to organi
[s]ed crime groups for their money laundering expertise.’ Crimes commonly
associated with organised criminal groups (e.g. scam and fraud schemes, identity
and immigration crimes, the counterfeit of goods, and illegal weapons procure-
ment) are also precursor crimes used by terrorist groups to raise funds (e.g.
Todayonline 2007). A recent indictment involving a foreign narcotics kingpin
(designated under the US Foreign Narcotics Kingpin Designation Act) alleged that
the accused led an international heroin-trafficking organisation that channelled
heroin proceeds in the U.S. to financially support the Taliban between 1994 and
2000 (US DoJ 2007d).
Criminal organizations can become ideological over time. In South Asia, they
seem to have acquired ideological or religious predispositions that motivate, not
merely cover, their actions. And they have increasingly become involved in
supporting terrorist activities. Terrorist groups rely upon organized crime for the
weaponry and munitions they require for terrorist attacks and insurgencies. To
transport these goods, they use routes that have been carefully constructed by
the criminal gangs, who in return seek from the terrorist groups training in the
use of guns and explosives and safe passage (for a price) through militant
territory. The two groups are further connected by the drug trade: both are
financially dependent on narcotrafficking (Lal 2005: 294)
A distinction should, however, be drawn between crimes in which ICT is the

object or the target of offending; and crimes in which technologies are the tool in
the commission of the offence. The latter category incorporates two levels of
reliance on technologies: offences which are enabled by technologies (i.e. in which
a computer is required for the commission of the offence); and offences which are
enhanced by technologies (i.e. in which computers make it easier to commit an
offence).
ICT, an enabling tool
Terrorist groups can also obtain information on and acquire chemical, biological,
radiological materials via the internet, which increases the risk of terrorist groups
possessing sufficient fissile material to develop their own nuclear weapon. The use
of global telecommunications technologies can also be used to mount attacks against
key critical infrastructures. The diffusion of information on the internet regarding
dual-use research of concern has compounded this challenge. For example, in July
2006, Faheem Khalid Lodhi was convicted of offences including plotting in October
2003 to bomb Australia’s national electricity grid in the cause of violent jihad. It was
alleged that Lodhi had downloaded information, including electricity grid maps,
from the internet. Lodhi was sentenced to 20 years in prison on 23 August 2006
(Regina v Lodhi [2006] NSWSC 691 23 August 2006). In 2007 it was reported that
terrorists might have used information obtained from Google Earth™ to facilitate
their planning of (physical) attacks against British troops in Iraq.
Documents seized during raids on the homes of insurgents last week uncovered
printouts from photographs taken from Google™. The satellite photographs
show in detail the buildings inside the bases and vulnerable areas such as tented
accommodation, lavatory blocks and where lightly armoured Land Rovers are
parked (Harding 2007).
Members of terrorist groups include engineers and computer scientists and they
have been known to use the internet as a medium for propaganda (e.g. publishing
doctrines such as “The Global Islamic Resistance Call” on the internet and the
website of the ‘Reformation and Jihad Front’ insurgent group), recruitment and
training of potential terrorists, and transferring information. In a study by
Gerstenfeld et al. (2003), it was revealed that extremists’ and supremacists’
networking sites often contain external links to other sites of similar nature and
materials or publications inciting extremists’ activities. Such sites are, often,
effective means of reaching an international audience, soliciting funding, and also
in recruiting new members; allowing cybercriminals to coordinate their activities and
to distribute propaganda. The recent report by NSTC (2006: 7) raises similar
concerns. In a recent article, Bakier also pointed out that
to gather more recruits to the cause, jihadi websites are constantly posting
enticing messages about the merits of the holy war against Crusaders and
Zionists. A posting that appeared in a pro-jihadi forum entitled “How to
become a member of al-Qaeda” lays out the requirements needed to join the
terrorist group while encouraging Islamists to join the jihad. Another posting
warned about the misconceptions that paralyze jihad efforts. A forum
participant nicknamed Wali al-Haq posted the requirements for joining al-
Qaeda. Al-Haq argues that the accusations of terrorism commonly applied to
any Muslim—whether affiliated with a jihadi group or not—who prays for the
victory of Islam and the mujahideen is proof of the jihadis’ success in terrifying
the Jews and Crusaders: “Al-Qaeda today is not only an organization seeking to
fight the Jews and Crusaders; rather it’s an ideology and a mission calling on all
Muslims to uphold God’s religion and rescue the weak monotheists.” Al-Haq,
who has over 3,600 contributions to jihadi forums, mostly in the field of jihadi
propaganda, then proceeds to explain what a Muslim should do to join al-Qaeda
(al-ekhlaas.net, March–April) (Bakier 2008:3).
A recent report (IDSS 2006) highlighted the proliferation of jihad-oriented sites in
Southeast Asia, which facilitate radicalisation among the Muslim community in the
region. Such sites target the digital generation—the young and the internet-aware—
particularly among the Muslim community. The latter, with a shallow understanding
of Islam, could be easily misled by the propaganda posted on such sites and forums.
For example, Jason Walters, a member of the Dutch-based ‘Hofstad group,’
allegedly visited radical websites, posted messages glorifying jihad and talked about
killing those he deemed enemies of Islam. Walters and several other members of the
group were arrested in November 2004 for their alleged involvement in terrorist
activities and murder of film director Theo Van Gogh (Vidino 2007). Examples of
propaganda material include religious rulings (fatwa) declaring suicide terrorism to

be legitimate within Islam:
He who commits suicide kills himself for his own benefit, while he who
commits martyrdom sacrifices himself for the sake of his religion and his
nation. While someone who commits suicide has lost hope with himself and
with the spirit of Allah, the Mujahid struggler is full of hope with regard to
Allah’s spirit and mercy. He fights his enemy and the enemy of Allah with this
new weapon, which destiny has put in the hands of the weak, so that they
would fight against the evil of the strong and arrogant (Weimann 2006:634)
The report by Simon Wiesenthal Center pointed out that
[t]he aura of religious authority that sanctions such acts often finds its most
receptive audience online. The attraction of this religiously-validated culture of
death has been especially powerful amongst some young Western Muslims, often
alienated both from the majority culture in which they live and the traditional
culture of their parents’ native lands. This leads to a process of radicalization in
which “the Internet provides access to a radical form of Islam that gives seekers
the virtual environment that they are searching for. This is seen as a purer and
uncompromised version of the religion, and thus strengthens its appeal by
creating a strong demarcation between the moderate version and its more extreme
manifestation.” (Simon Wiesenthal Center 2008:10)
In March 2007, Singapore’s Deputy Prime Minister and Minister of Home Affairs
told Parliament that the Internal Security Department of Singapore investigated
internet-driven radicalisation cases involving ‘Singaporeans who had become
attracted to terrorist and radical ideas purveyed in the mass media, particularly the
[i]nternet’ (Ahmad 2007). Internet-driven radicalisation includes cases of radical
youths and other individuals linking up with like-minded people and making contact
with extremists from overseas involved in terrorist recruitment and financing over
the internet in chat rooms, blogs and social networking sites. 8,000 websites
espousing radical ideologies such as hosting hate and terrorism contents are
reportedly identified in the recent report by the Wiesenthal Center’s Digital Terror
and Hate 2.0 (Simon Wiesenthal Center 2008).
A recent example of how the internet has been used in terrorist planning activities
includes the following case that has been brought before the district court of
Connecticut in the United States. The indictment alleged that:
from approximately 1997 through at least August 2004, British nationals Babar
Ahmad, Syed Talha Ahsan, and others, through an organization based in London
called Azzam Publications, are alleged to have conspired to provide material
support and resources to persons engaged in acts of terrorism through the creation
and use of various internet Web sites, e-mail communications, and other means.
One of the means Ahmad and his co-conspirators are alleged to have used in this
effort was the management of various Azzam Publications websites, principally
www.azzam.com <file:///\\ www.azzam.com>, which, along with associated
administrative email accounts, were hosted for a period of time on the servers
of a Web hosting company located in the state of Connecticut (US DoJ 2007c).
ICT, the object of offending
Politically motivated hacker groups (hacktivists)22 have also carried out hacktivism
activities such as bringing down government agencies’ websites and engaging in
information warfare.
A well-known cyberwar between Chinese and American hackers erupted in
April 2001 following the collision of a U.S. military spy plane and Chinese
fighter. U.S. government Web sites were hacked and defaced with slogans such
as “Beat down imperialism of American,” courtesy of a group calling itself the
Honker Union of China (Kirk 2007b).
A recent series of cyberattacks directed against targets in Taiwan and the United
States may confirm that “those fears now appear justified,” says a Taiwanese
intelligence officer. Taiwan and China regularly engage in low-level informa-
tion-warfare attacks. But the past few months have seen a noticeable spike in
activity. “‘Blitz’ is an accurate description” of the recent attacks, says the
Taiwanese security source. “It’s almost like... a major cyberwar exercise.”
(Curry and McGrane 2006: 93). More recently in 2007, MI5 reportedly wrote to
several UK businesses warning them of the risk of electronic espionage posed
by foreign state-sponsored hackers (Leyden 2007; Sophos 2007).
Other well publicised hacktivism activities include the following incidents:
& In 2006, approximately 1,000 Danish websites were allegedly defaced by Islamic
hackers protesting controversial cartoons mocking the Prophet Muhammad
(Ward 2006). Pro-Islam messages and messages condemning the publication of
the images were reportedly posted on the defaced websites. A cyber-crime
observatory that tracks website defacements was also reported to have observed
‘[h]undreds more websites of European, Israeli and American companies and
private citizens have also been defaced during that period, with the vast majority
occurring after the re-publication last week of the cartoons in European
newspapers’ (Warner 2006).
& Coordinated DDoS attacks by at least a million computers on several Estonian
government websites were reportedly carried out in April 2007 (Kirk 2007c;
Rodriguez 2007) in protest of the removal of ‘a memorial statue honouring
Soviet World War II war dead ... from the central square of its capital city,
Tallinn, to a cemetery on the city’s outskirts’ (Lesk 2007:76).
Challenges ahead
Digital evidence: possible evidentiary issues
With increased digitisation of information, the future will see the increased
likelihood of digital content being a source of disputes or forming part of underlying
22
Known politically motivated hacker groups include ‘Hacker Union for China’ and ‘ChinaHonker.com.’
evidence to support or refute a dispute in judicial proceedings. Digital evidence

differs from traditional evidence. The former is intangible and often transient in
nature, and can easily be duplicated, copied, shared, disseminated, modified and
damaged. A recent case in Australia illustrated how easily electronic data can be
destroyed to prevent police from acquiring digital evidence where the defendant
reportedly ‘took a laboratory computer home, deleted data and changed dates before
returning the computer early the next morning” (AAP 2007). In order to ensure all
elements of a proper (digital) evidentiary foundation are correctly established, an
understanding of fundamental characteristics underlying digital evidence is crucial in
addition to traditional evidential procedures (e.g. thorough documentation to ensure
chain of custody).
The ‘Presumption of Reliability’ (presuming that computer forensic23 software
such as EnCase© reliably yields accurate digital evidence) might also be challenged
by educated defendants and their counsel, particularly if open source forensic tools
that have not been cross-validated (cross-checking the results of one software tool
against the results of another based on industrial baselines) were used to extract the
digital evidence.
... The reliability of a particular computer system or process can be difficult to
assess. Programmers are fallible and can unintentionally or purposefully embed
errors in their applications. Also, complex systems can have unforeseen
operating errors, occasionally resulting in data corruption or catastrophic
crashes. Possibly because of these complexities, courts are not closely
examining the reliability of computer systems or processes and are evaluating
the reliability of digital evidence without considering error rates or uncertainty
(Casey 2002)
Given the likelihood of judicial scrutiny in a court of law, it is imperative that any
examination of the electronically stored data be carried out in the least intrusive
manner. Data examination involves assessing and extracting the relevant pieces of
information from the collected data. The latter is by no means easy due to increased
data storage capacities. For example, the amount of information gathered during the
investigation in Operation Firewall is approximately 2 TB—the equivalent of an
average university’s academic library (USSS 2004). An acquired storage medium is
also likely to contain hundreds of thousands of data files. Identification of data files
containing information of interest is both time consuming and daunting. Moreover,
identified data files (of interest) may contain extraneous information that needs to be
filtered.
With the advent of more complex data storage and dissemination technologies,
forensic investigators face an increasingly difficult task. These developments (in data
storage and dissemination technologies) can impede forensic investigators and
23
Computer forensics can be defined as the science of identification, collection, examination, and analysis
of data while preserving the integrity of the information and maintaining a strict chain of custody for the
data (NIST 2006).
prevent police from acquiring digital evidence and analysing digital content
forensically in terms of time and resources. Examples include:
& Different formats and platforms used to store digital content: Constantly evolving
formats are independently being developed by different vendors according to
different standards. The proprietary storage media (e.g. iPod, flash memory and
USB memory sticks) and proprietary cryptographic algorithms used (e.g.
encryption) could be incompatible (with one another) and compromise the
integrity of the data during extraction or converting from incompatible
proprietary formats. Therefore, an in-depth understanding of how different
technologies and applications operate is crucial in collecting digital evidence.
Moreover in response to changing contexts, various computer forensic tools and
techniques have to be re-designed and re-engineered.
& Increased data storage capacities: The best form of immediate backup to make is a
binary disk image (also referred to as bit stream backup or mirror image backup).
Enhanced data storage capacities (e.g. large volume data sets) and more
complicated data accessibility (e.g. networks of interconnected computers located
in different locations) will impede bit stream backup in terms of time and resources.
In a recent National Institute of Justice-sponsored survey, 667 US state and local
law enforcement agencies selected from the National Public Safety Information
Bureau’s database were contacted by mail and asked to answer a series of questions
about digital evidence (Rogers et al. 2007). A total of 279 agencies responded to the
survey. The survey found that:
& 80% of the respondents reported that no more than 25% of their cases involved
digital evidence
& Respondents from municipal departments reported that most of their cases did
not involve digital evidence.
The findings, as suggested by the authors, contradicted the estimates reported by
federal law enforcement agencies (e.g. approximately 80% of cases handled by the
FBI involved some form of digital evidence). This could, perhaps, be due to state
and local law enforcement agents mainly focusing on traditional physical and/or
document-based evidence because they have limited knowledge and resources to
deal with digital evidence (Rogers et al. 2007). Armagh and Battaglia (2006: 7) also
noted that ‘[i]nvestigating cases of child sexual exploitation in which computers
were used is complex. The demands of these investigations may exceed the
resources available to a jurisdiction.’
Other organisations, such as internet service providers (ISPs) and IRC operators,
may also record information, such as logs of network activity on computers and
email servers located in other countries. In online child exploitation cases, for
example, evidence is likely to be stored on hundreds or thousands of computers and
various ISPs and IRC servers located in various jurisdictions.
The modern criminal, using the same devices as today’s teenagers, communi-
cates with Voice over Internet Protocol, video instant messaging, cellular
camera phone, and text messaging in a computer slang that is foreign to most
police officers and parents. The trail to uncover this valuable investigative
resource often starts with a forensic examination, but this trail quickly grows
cold as Internet Service Providers overwrite logs and data retention periods
expire. All police agencies are facing the same challenge when dealing with
computer forensics. Police managers must find a way to examine an increasing
number of digital devices, each containing an immense volume of data, in a
timely manner and with limited resources (Cohen 2007:unpaginated)
This would require computer forensic investigators and incident handlers to have
in-depth knowledge of computer forensic principles, guidelines, procedures, tools,
and techniques, as well as anti-forensic tools and techniques.
File system journals contain valuable evidence pertaining to cases ranging from
child pornography and software piracy to financial fraud and network
intrusions. Digital forensic investigators should be aware of the data cached
in file system journals and its use in digital investigations. Meanwhile, the
digital forensics research community should focus its efforts on file system
journal forensics and develop novel journal data extraction and analysis
techniques that could be implemented in the next generation of computer
forensic tools (Swenson and Shenoi 2007:243)
Increasingly, forensic analysis of computers for law enforcement purposes is
being undertaken by well-organised groups of computer forensic examiners working
in government facilities or private-sector workplaces, such as leading consulting
practices. Only specially trained and authorised computer forensic examiners should
process and examine electronic evidence, as evidence not retrieved by a computer
forensic expert may result in the reliability of the evidence itself being called into
question and potentially be ruled inadmissible in court.
The need for harmonisation of legislation
Many of the wide-ranging activities and consequences resulting from (organised)

technology-enabled crime attacks constitute offences under existing criminal laws in
many countries including Australia. Legislation particularly laws with extra-
territorial effect provides a valuable tool in the fight against cybercriminal activities.
Australia, for example, may request the extradition from other countries of persons
who have committed acts online that adversely affect Australian citizens or interests
for them to be returned to Australia to face prosecution (as governed by the
Extradition Act 1988 (Cth)).
Grabosky (2007) noted the relevancy of the nullum crimen sine lege principle in
most legal systems.
Under this principle, behaviour, no matter how harmful, cannot be prosecuted
unless it is formally prohibited by law. The person who released the I LOVE
YOU virus in May 2000, for example, could not be prosecuted in the
Philippines because there was no law in that country at the time that prohibited
the release of malicious code (Grabosky 2007: 208)
Satisfying the criterion of dual criminality—the alleged misconduct must
constitute an offence under both the laws of the extradition country and Australia—
is invariably necessary in both extradition and mutual assistance requests. Achieving

some measure of uniformity will also help to minimise the risk of so-called
‘jurisdiction shopping’ by organised crime groups in which offenders seek out
countries from which to base their activities that have the least severe punishments or
which have no extradition treaties current.
Although the process of harmonisation of cybercrime legislation throughout
Australia has been consistent, the need for uniformity will become more
pronounced as the number of technology-enabled crimes continues to increase.
Existing legislation may not be suitable or adequate within the context of
developments in using new and emerging technologies to commit technology-
enabled crimes. In addition, existing offences, although technically adequate,
may be practically impossible to use, such as occurs in the case of botnet
prosecutions where evidence would need to be obtained concerning the
thousands of computers that have been compromised. New offences of creating
a network for illegal purposes and selling established botnets might need to be
developed to deal with such emerging threats (Choo et al. 2007:76–77)
Conclusion
As the internet and other forms of information and communications technologies

(ICT) continue to advance, the opportunities for criminal exploitation of online
systems will increase. Serious concerns have been expressed about the ways in
which new technologies might be exploited for crimes such as money laundering,
online child exploitation and internet-driven radicalisation. This article provided
some indications of the ways in which emerging technological changes have been
exploited by organised crime groups.
It is unlikely that traditional organised crime groups will shy away from using
cyberspace to facilitate and/or to disguise illicit proceeds of real world based crimes as
organised crime groups are very market driven and reflect many of the features of
contemporary commerce. The UK threat assessment report, for example, explains that
global migration and ever more widespread information and communications
technology (particularly the Internet) means that more and more criminals will
have the contacts and capabilities to operate without boundaries, and those
directing criminal activity find it easier to maintain their anonymity and reduce
their risks (SOCA 2008:25)
Key observations that can be drawn from the preceding discussion include cyber
groups need not be circumscribed by national borders and there is no indication of cyber
groups attaining the same level of sophistication in terms of hierarchical organisational
structure as traditional organised crime groups (and law enforcement agencies).
One may even argue that cyber groups are, in fact, organised in a very different
sense. In fact, the various cybercrime groups may themselves represent a diverse
number of types. This is well illustrated by the financially motivated groups and the
criminally motivated groups (e.g. online paedophile rings). Indeed, there is little
incentive for financially motivated cybercrime groups to have a hierarchical
organisational structure (or to be affiliated with traditional organised crime groups)

since they are able to generate profits quite successfully on their own or in smaller
task-specific or situation-specific groups.
Financially motivated cyber attacks will also continue to be more targeted,
focusing their attention particularly on financial institutions and top executives of an
organisation (e.g. in spear phishing and whaling cases). For example, the AusCERT
(2006) survey and the DTI Information Security Breaches survey (PwC 2006) found
an increase in the views held by the businesses surveyed that electronic attacks are
more often motivated by illicit financial gain than in the past, both in Australia and
around the world. The DTI Information Security Breaches survey (PwC 2006)
further suggested that information security breaches cost British companies across
several industry sectors £10 billion per annum.
The increasing use of technology and transnational connections particularly
threats from organised ideologically/politically motivated cyber groups that aim to
incite hatred, violence, and intimidation through the internet, present a real danger to
the economic and social stability of society. These threats will be exacerbated by the
increasing reliance which businesses and individuals place upon online systems for
the functioning of their daily lives. Extraterritoriality, the notion that the internet has
no geographic boundaries, has driven the e-commerce revolution. Unfortunately,
organised crime groups operate online under the same free market principles, while
legislative and law enforcement endeavours launched against them suffer from
geographical and cultural restrictions.
The ability of organised crime groups, particularly cybercriminal groups, to
leverage advances in ICT to operate in cyberspace, alters the nature of the criminals
encountered by law enforcement and continues to be a major challenge for law
enforcement. To counter these threats, new strategies of response such as the need to
amend and to strengthen the law to address new challenges that new technologies pose
with the rapid advancement and convergence of ICT in the years to come will become
more pronounced. There is also a need for further research on analysing organised
criminal activities in cyberspace in order to complement and inform the priorities,
strategies and outcomes of law enforcement efforts—which is by no means easy.
Acknowledgments The author is most grateful to the two anonymous referees and the editor-in-chief for
their constructive feedback. Despite their invaluable assistance, any errors remaining are solely attributed
to the author.
References
Abelson J (2007) Breach of data at TJX is called the biggest ever. The Boston Globe, 29 March. Avialable
at: http://www.boston.com/business/globe/articles/2007/03/29/breach_of_data_at_tjx_is_called_the_
biggest_ever/
Adam A (2002) Cyberstalking and Internet pornography: gender and the gaze. Ethics Inf Technol 4
(2):133–42
Ahmad R (2007) Slashing through the Web of terror. Todayonline, 3 March
Ames B (2007) Online spending tops US$100 billion. Computerworld.com.au, 05 January
APACS (2008). Quarterly statistical release (15.05.08). Available at: http://www.apacs.org.uk/media_
centre/documents/080515APACSquarterlystatisticalreleaseMar08final.pdf
Armagh DS, Battaglia NL (2006) Use of computers in the sexual exploitation of children, 2nd edn. US
Department of Justice, Office of Justice Programs, Office of Juvenile Justice and Delinquency
Prevention, Washington, DC
Asia-Pacific Group on Money Laundering (APG) (2006) The Asia/Pacific Group on Money Laundering
(APG) yearly typologies report 2005–2006. Available at: http://www.apgml.org/documents/docs/6/
APG%20Yearly%20Typologies%20Report%2005-06_PUBLIC.pdf
AusCERT (2006) Computer crime and security survey. Available at: http://www.auscert.org.au/images/
ACCSS2006.pdf
Australia Associated Press (AAP) (2007) Selim cleared over destruction of data. 19 April. Available at: http://
www.smh.com.au/news/national/selim-cleared-over-destruction-of-data/2007/04/18/1176696916796.
html
Australia Associated Press (AAP) (2008) Police unveil $1 million internet scam. 23 February. Available at:
http://www.smh.com.au/news/security/police-unveil-1-million-internet-scam/2008/02/23/
1203467457719.html
Australian Crime Commission (ACC) (2007) Illicit drug data report 2005–06. Available at: http://www.
crimecommission.gov.au/content/publications/iddr_2005_06/IDDR_2005-06.pdf
Australian Crime Commission (ACC) (2008) Organised crime in Australia. Available at: http://www.
crimecommission.gov.au/content/publications/Other_Publications/080117_Organised_Crime_In_
Australia.pdf
Australian Federal Police (AFP) (2008) National child porn operation nets 90 people. Media release 5
June. Available at: http://www.afp.gov.au/media_releases/national/2008/national_child_porn_operation_
nets_90_people
Australian Institute of Criminology (AIC) (2006) Acquiring high tech crime tools. High tech crime brief
no 13. Available at: http://www.aic.gov.au/publications/htcb/htcb013.html
Australian Institute of Criminology (AIC) (2007) Money mules. High tech crime brief no. 16. Available at:
http://www.aic.gov.au/publications/htcb/htcb016.html
Australian Payments Clearing Association (APCA) (2005) Annual report 2005. Available at: http://www.
apca.com.au/Public/apca01_live.nsf/WebPageDisplay/PUB_AnnualReport
Bakier AH (2008) Jihadi website advises recruits on how to join al-Qaeda. Terrorism Focus V(18):3–4
BBC News (2001) Russia arrests ‘grandfather of cybercrime’. BBC News, 26 May. Available at: http://
news.bbc.co.uk/1/hi/world/europe/1353092.stm
Bequai A (2001) Organized crime goes cyber. Comput Secur 20(6):475–478
Brenner SW (2002) Organized cybercrime? How cyberspace may affect the structure of criminal
relationships. North Carolina Journal of Law & Technology 4(1):1–50
Canadian Security Intelligence Service (2000) Transnational criminal activity: a global context. Available
at: http://www.csis-scrs.gc.ca/en/publications/perspectives/200007.asp?print_view=1
Casey E (2002) Error, uncertainty, and loss in digital evidence. Int J Digit Evidence 1(2)
Charlton J (2005) Al Qaeda buys cyber criminal expertise. Comput Fraud Secur 2005(3):9
Choo KKR (2007) Zombies and botnets. Trends & Issue, 333. Australian Institute of Criminology.
Available at: http://www.aic.gov.au/publications/tandi2/tandi333.html
Choo KKR (2008) Money laundering and terrorism financing risks of prepaid cards instruments? Asian J
Criminol (in press). doi:10.1007/s11417-008-9051-6
Choo KKR, Smith RG (2008) Criminal exploitation of online systems by organised crime groups. Asian J
Criminol 3(1):37–59
Choo KKR, Smith RG, McCusker R (2007) Future directions in technology-enabled crime. Research and
public policy series no 78. Australian Institute of Criminology. Available at: http://www.aic.gov.au/
publications/rpp/78/
CipherTrust (2005) Phishing: organized crime for the 21st century. Available at: http://www.
securecomputing.com/webform.cfm?id=102
Cohen CL (2007) Growing challenge of computer forensics. Police Chief 74(3). Available at: http://www.
policechiefmagazine.org/magazine/index.cfm?fuseaction=display_arch&article_id=1136&
issue_id=32007
Cooke E, Jahanian F, McPherson D (2005) The zombie roundup: understanding, detecting, and disrupting
botnets. In: SRUTI’05 Workshop Proceedings. USENIX Association, Berkeley CA, pp 35–44
Curry A, McGrane S (2006) China’s cyberwarriors. Foreign Policy, September/October issue no. 93
Enforcement Bulletin (2007) Raid of a major pirate packaging facility in Guangzhou. Enforcement
Bulletin Issue 33, p 5
Evron G (2008) Battling botnets and online mobs. Georget J Int Affairs Winter/Spring 2008:121–126
FBI (2008a) Major child porn ring busted and 20 children rescued worldwide. Press release, 6 March.
Available at: http://www.fbi.gov/page2/march08/innocentimages_030608.html
FBI (2008b) Department of Justice launches new law enforcement strategy to combat increasing threat of
international organized crime. Press release, 23 April. Available at: http://www.fbi.gov/pressrel/
pressrel08/ioc042308.htm
Franklin J, Paxson V, Perrig A, Savage S (2007) An inquiry into the nature and causes of the wealth of
internet miscreants. In: Ning P, di Vimercati SDC, Syverson PF (eds) Proceedings of the 14th ACM
conference on Computer and communications security, ACM CCS 2007, Alexandria, Virginia, USA,
October 28–31, 2007. ACM, New York, pp 375–388
Galeotti M (2008) Criminal histories: an introduction. Global Crime 9(1–2):1–7
Garretson C (2007) Whaling: Latest e-mail scam targets executives. Computerworld, 16 November.
Available at: http://www.computerworld.com.au/index.php?id=1342062697&eid=-255
Gerstenfeld PB, Grant DR, Chiang C (2003) Hate online: a content analysis of extremist internet sites.
Analyses of Social Issues and Public Policy 3(1):29–44
Goodin D (2007) TJX agrees to pay banks $41m to cover Visa losses. Channel register, 3 December.
Available at: http://www.channelregister.co.uk/2007/12/03/tjx_settlement_agreement/
Goodin D (2008) Rent-a-bot gang rises from the DDoS ashes. Channel register, 13 March. Available at:
http://www.channelregister.co.uk/2008/03/13/loadscc_rises_again/
Grabosky P (2007) Requirements of prosecution services to deal with cyber crime. Crime Law Soc Chang
47(4–5):201–223
Great Britain Crown Prosecution Service (GB CPS) (2006). Convictions for internet rape plan. Media
release, 1 December
Harding T (2007) Terrorists ‘use Google maps to hit UK troops’. Telegraph.co.uk, 13 January
Harrison C (2006) Cyberspace and child abuse images: a feminist perspective. Affilia 21(4):365–379
Ianelli N, Hackworth A (2005) Botnets as a vehicle for online crime. CERT Coordination Center,
Pittsburgh PA
Infosecurity (2007) Interview: Eugene Kaspersky 2007. Infosecurity, May/June issue
Institute of Defence and Strategic Studies (IDSS) (2006) Proceedings of the International conference on
Terrorism in Southeast Asia: the threat and response. Available at: http://www.rsis.edu.sg/
Jaques R (2006) European police nab zombie hackers. Vnunet.com, 27 Jun
Jen WY, Chang W, Chou S (2006) Cybercrime in Taiwan: an analysis of suspect records. Paper to
Workshop on Intelligence and Security
Keizer G (2007) Porn sites serve up Mpack attacks. Computerworld, 25 June. Available at: http://www.
computerworld.com.au/index.php?id=610295694&eid=-255
Keizer G (2008) Researcher: Russian hosting network runs a protection racket. Computerworld, 20
February. Available at: http://www.computerworld.com.au/index.php?id=1496227928&eid=-6787
Kirk J (2007a) Hackers build private IM to keep out the law. Computerworld.com, 28 March
Kirk J (2007b) Symantec: Chinese hackers grow in number, skills. Infoworld.com, 18 May
Kirk J (2007c) Estonia recovers from massive denial-of-service attack. InfoWorld, 17 May
Kshetri N (2005) Pattern of global cyber war and crime: a conceptual framework. J Internat Manag 11
(4):541–562
Kshetri N (2006) The simple economics of cybercrimes. IEEE Security Privacy 4(1):33–39
Lal R (2005) South Asian organized crime and terrorist networks. Orbis 49(2):293–304
Lesk M (2007) The new front line: Estonia under cyberassault. IEEE Security Privacy 5(4):76–79
Leyden J (2007) MI5 warns over China hacking menace. The register, 3 December. Available at: http://
www.theregister.co.uk/2007/12/03/mi5_warns_over_chinese_hack_attacks/
Libbenga J (2007) Another 419 scam ring nicked. The register, 25 April. Available at: http://www.
theregister.co.uk/2007/04/25/another_419_scamring_nicked/
Libbenga J, Leyden J (2007) Dutch botnet duo sentenced. The register, 1 February. Available at: http://
www.theregister.co.uk/2007/02/01/dutch_botnet_gang_sentenced/
Marks P (2007) How to leak a secret and not get caught. New Sci 2586:13
McAfee (2006) Virtual criminology report: organised crime and the internet. McAfee, Santa Clara, CA
McCombie S (2007) Organised cybercrime & phishing: the godfathers of the internet. Presentation at the
Technology Trends 2007 seminars, CSIRO ICT centre, Australia, 12 February. Available at: http://
www.ict.csiro.au/MU/Trends/
McCusker R (2006) Transnational organised cyber crime—distinguishing threat from reality. Crime Law
Soc Chang 46:257–273
McGraw G (2006) Interview: silver bullet speaks to Avi Rubin. IEEE Security Privacy 4(3):11–13
McMillan R (2008) Criminals hack ceos with fake subpoenas. PC world, 14 April. Available at: http://
www.pcworld.com/businesscenter/article/144548/criminals_hack_ceos_with_fake_subpoenas.html
Miller N (2007) From Russia with malice: criminals trawl the world. The age, 24 July
MSN—Mainichi Daily News (2006) Inside the Yamaguchi-gumi: Ex-gangster’s life a history of Japan’s
postwar underworld. MSN—Mainichi Daily News, 24 May
NACHA (2008) NACHA reports more than 18 billion ach payments in 2007. Media release, 19 May.
Available at: http://www.nacha.org/News/news/pressreleases/2008/Volume_Final.pdf
National Institute of Standards and Technology (NIST) (2006) Guide to integrating forensic techniques
into incident response. NIST computer security special publications SP800-86. NIST, Rockville, MD
Available at: http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf
National Science and Technology Council (NSTC) (2006) Federal plan for cyber security and information
assurance research and development. NIST, Arlington, VA
National White Collar Crime Center and Federal Bureau of Investigation (NW3C/FBI) (2007) 2006 IC3
annual internet fraud report. Available at: http://www.ic3.gov/media/annualreport/2005_IC3Report.pdf
Office of the United States Trade Representative (2007) 2007 Special 301 report. Available at: http://www.
ustr.gov/assets/Document_Library/Reports_Publications/2007/2007_Special_301_Review/asset_
upload_file980_11122.pdf
Organized Crime and Triad Bureau (2007) Triad activities in Hong Kong. Hong Kong Police, 30 May
PandaLabs (2007) Cybercrime.. for sale (II). Available at: http://blogs.pandasoftware.com/blogs/
pandalabs/archive/2007/05/03/Cybercrime_2E002E002E00_-for-sale-_2800_II_2900_.aspx
Parliamentary Joint Committee on the Australian Crime Commission (2007) Inquiry into the future impact
of serious and organised crime on Australian society. Parliament House, Canberra September
Pereira J (2007) How credit-card data went out wireless door. The Wall Street Journal, 4 May
PricewaterhouseCoopers (PwC) (2006) DTI information security breaches survey 2006. Available at:
http://www.pwc.com/extweb/pwcpublications.nsf/docid/7FA80D2B30A116D7802570B9005C3D16
Rodriguez A (2007) Attacks on Estonia move to new front. Chicago Tribune, 29 May
Rogers M, Scarborough K, Frakes K, San Martin C (2007) Survey of law enforcement perceptions
regarding digital evidence. IFIP Int Fed Inform Process 242:41–52
Schrank P (2007) Newly nasty. The Economist, 24 May
Sein AJ (2008) The prosecution of Chinese organized crime groups: the Sister Ping case and its lessons.
Trends Organ Crim 11(2):157–182
Serious Organised Crime Agency (SOCA) (2006) The United Kingdom threat assessment of serious
organised crime. Available at: http://www.soca.gov.uk/assessPublications/downloads/threat_assess_
unclass_250706.pdf
Serious Organised Crime Agency (SOCA) (2008) The United Kingdom threat assessment of serious organised
crime. Available at: http://www.soca.gov.uk/assessPublications/downloads/UKTA2008-9NPM.pdf
Simon Wiesenthal Center (2008) iReport: online terror + hate the first decade. Available at: http://www.
wiesenthal.com/atf/cf/%7BDFD2AAC1-2ADE-428A-9263-35234229D8D8%7D/IREPORT.PDF
Singapore Commercial Affairs Department (CAD) (2006) Money mules. Available at: http://www.cad.gov.
sg/crimeprev/cpa_moneymules.htm
Singapore Commercial Affairs Department (CAD) (2007) Case of 6-members credit card skimming
syndicate. Media release, 21 May
Singapore Ministry of Home Affairs (MHA) (2004) Second reading speech for the Criminal Law
(Temporary Provisions) (Amendment) Bill, Ministry Of Home Affairs—Speech by Associate
Professor Ho Peng Kee, Senior Minister of State for Law and Home Affairs on 1 September 2004.
Available at: http://app3.mha.gov.sg/news_details.aspx?nid=743
Singapore Police Force (SPF) (2007) Unlicensed moneylending syndicate busted—$130,000 seized.
Media release, 13 April
Singh S (2007) The risks to business presented by organised and economically motivated criminal
enterprises. J Financ Crime 14(1):79–83
Sophos (2007) Businesses warned by MI5 of Chinese espionage threat, Sophos offers advice. News
release, 1 December. Available at: http://www.sophos.com/pressoffice/news/articles/2007/12/
mi5-china-internet-spy.html
Swenson P, Shenoi S (2007) File system journal forensics. IFIP Int Fed Inform Process 242:231–244
Symantec (2007) Symantec internet security threat report vol. XI. Available at: www.symantec.com/
threatreport
Todayonline (2007) Tigers have joined jihadi drug trade, says official. Todayonline, 11 June
United Kingdom Child Exploitation and Online Protection (UK CEOP) (2007) Global online child abuse net-
work smashed—CEOP lead international operation into UK based paedophile ring. Media release, 18 June
United Kingdom Organised Crime Task Force (UK OCTF) (2007) Annual report and threat assessment
2007: organised crime in Northern Ireland. Available at: http://www.octf.gov.uk/index.cfm/section/
publications/page/publicationList/viewArchives/true/category/5
United States Department of Justice (US DoJ) (2006) ‘Botherder’ dealt record prison sentence for selling
and spreading malicious computer code. Media release, 8 May
United States Department of Justice (US DoJ) (2007a) Owners/operators of Asian massage parlors
charged with transporting persons for prostitution. Media release, 11 May
United States Department of Justice (US DoJ) (2007b) Extradited software piracy ringleader sentenced to
51 months in prison. Media release, 22 June. Available at: http://washingtondc.fbi.gov/dojpressrel/
pressrel07/wfo062207.htm
United States Department of Justice (US DoJ) (2007c) Former member of the US navy indicted on
terrorism and espionage charges. Media release, 31 March. Available at: http://newhaven.fbi.gov/
dojpressrel/2007/nh032107.htm
United States Department of Justice (US DoJ) (2007d) Heroin kingpin—first defendant ever extradited from
Afghanistan—sentenced in Manhattan federal court to over 15 years in prison. Media release, 08 October
United States Department of Justice (US DoJ) (2007e) Extradited software piracy ringleader pleads guilty.
Media release, 20 April. Available at: http://washingtondc.fbi.gov/dojpressrel/pressrel07/wfo042007b.htm
United States Department of Justice (US DoJ) (2007f) Fairfield man pleads guilty to attempted receipt and
possession of child pornography. Media release 20 February. Available at: http://sacramento.fbi.gov/
dojpressrel/pressrel08/sc022008.pdf
United States Department of Justice (US DoJ) (2007g) Tucson man sentenced to seven years for identity
theft and fraudulent use of thousands of credit and debit card numbers. Media release, 10 August.
http://www.usdoj.gov/usao/az/press_releases/2007/2007-182(Green-Bressler).pdf
United States Department of Justice (US DoJ) (2007h) Six defendants indicted for stealing money from
bank customers accounts through the internet. Media release, 7 May. Available at: http://sacramento.
fbi.gov/dojpressrel/pressrel07/sc050707.htm
United States Department of Justice (US DoJ) (2008a) Third defendant pleads guilty in pensacola in
global child exploitation enterprise case. Media release, 6 May. Available at: http://jacksonville.fbi.
gov/dojpressrel/pressrel08/childexploitation_050608.htm
United States Department of Justice (US DoJ) (2008b) Second defendant pleads guilty in Pensacola in
international child exploitation enterprise case. Media release, 28 April. Available at: http://
jacksonville.fbi.gov/dojpressrel/pressrel08/childexploitation042808.htm
United States Department of Justice (US DoJ) (2008c) Idaho man pleads guilty in international child
exploitation enterprise case. Media release, 17 April. Available at: http://jacksonville.fbi.gov/
dojpressrel/pressrel08/childporn041708.htm
United States Department of Justice (US DoJ) (2008d) 33 individuals in U.S. and Romania indicted in
federal RICO case that alleges widespread computer fraud. Media release, 19 May. Available at:
http://losangeles.fbi.gov/dojpressrel/pressrel08/la051908ausa.htm
United States Federal Trade Commission (US FTC) (2008) Agency announces settlement of separate
actions against retailer TJX, and data brokers Reed Elsevier and Seisint for failing to provide adequate
security for consumers’ data. Media release, 27 March. Available at: http://www.ftc.gov/opa/2008/03/
datasec.shtm
United States Secret Service (USSS) (2004) U.S. secret service’s operation firewall nets 28 arrests. Press
release, 28 October
van Rassel J (2007) ATM skimmers seized in raid. Calgary Herald, 31 May
Vidino L (2007) The hofstad group: the new face of terrorist networks in Europe. Stud Confl Terror
30:579–592
Vijayan J (2007) Mass. credit union bills TJX $590k for breach-related costs. Computerworld, 6 June.
Available at: http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=
security&articleId=9023778&taxonomyId=17&intsrc=kc_top
Ward M (2006) Anti-cartoon protests go online. BBC.co.uk, 8 February. Available at: http://news.bbc.co.
uk/1/hi/technology/4692518.stm
Warner B (2006) Muslim hackers blast Denmark in net assault. PC Pro, 7 February. Available at: http://
www.pcpro.co.uk/news/83314/muslim-hackers-blast-denmark-in-net-assault.html
Weimann G (2006) Virtual disputes: the use of the internet for terrorist debates. Stud Confl Terror 29
(7):623–639
Zhuge J, Holz T, Song C, Guo J, Han X, Zou W (2008) Studying malicious websites and the underground
economy on the Chinese web. In: Proceedings of the 7th Workshop on the Economics of Information
Security, WEIS 2008, Hanover, New Hampshire, June 25–28, 2008

Organised Crime Groups in Cyberspace - A Typology

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Organised Crime Groups in Cyberspace - A Typology

Încărcat de

Drepturi de autor:

Formate disponibile

Trends Organ Crim (2008) 11:270–295

Organised crime groups in cyberspace: a typology

Kim-Kwang Raymond Choo

Published online: 11 July 2008

Abstract Three categories of organised groups that exploit advances in information

Keywords Organised crime groups . Cybercrime . Technology-enabled crime .

The declining importance of dial-up connections and the expansion of broadband

in electronic banking (APCA 2005). A correspondingly large increase in electronic

Traditional organised criminal groups

Singapore is [also] vulnerable to infiltration by triads and organized criminal

committing cross-border crimes if the opportunity arises. We must therefore be

Despite governmental efforts in cracking down on organised criminal activities,

serious organised criminals have increasingly exploited advances in technology,

The involvement of traditional organised criminal groups in technology-enabled

ment officials are reportedly reluctant to conduct regular enforcement actions

& Computer or network intrusions such as hacking and unauthorised access to

Organised cybercrime groups

Technically sophisticated members

Technology-enabled crimes require the perpetrator to possess a minimum level of

Members who may know each other only online

underground software piracy group, ‘DrinkOrDie.’ In the latter example, a British

Financially motivated cybercriminals

In another case involving the indictment of 33 individuals in USA and Romania,

phishing attack. Once directed to bogus websites, victims were prompted to

websites. Keyloggers19 are then downloaded and installed on computers of

Online paedophile rings

Ideologically and politically motivated cybercrime groups

A distinction should, however, be drawn between crimes in which ICT is the

ICT, an enabling tool

propaganda material include religious rulings (fatwa) declaring suicide terrorism to

ICT, the object of offending

Digital evidence: possible evidentiary issues

evidence to support or refute a dispute in judicial proceedings. Digital evidence

The need for harmonisation of legislation

Many of the wide-ranging activities and consequences resulting from (organised)

is invariably necessary in both extradition and mutual assistance requests. Achieving

As the internet and other forms of information and communications technologies

organisational structure (or to be affiliated with traditional organised crime groups)

S-ar putea să vă placă și