Cybercrime

Introduction It has been estimated that 3 billion people will be using the internet by 2016 for business, education, pleasure and also crime. 1 The continuing developments in digital technology both in terms of the proliferation of devices and the increased connectivity epitomised by the ‘internet of things’ is challenging in security terms 2 and so brings advantages not only to the law-abiding but also to criminals; it has been remarked that ‘Cybercrime is a growth industry. The returns are great, and the risks are low.’ 3 As discussed below there is a wide variety of types of cybercrime – perpetrators may be lone hackers or organised gangs and victims range from the ordinary consumer to large organisations. In November 2014, Sony Pictures Entertainment was the victim of a cyber attack in which a skull appeared on computer screens along with a message threatening to release data ‘secrets’ if undisclosed demands were not met and which resulted in its entire system being shut down. 4 Other branches of the organisation had previously been targeted and Sony PlayStation has proved particularly vulnerable. 5 These instances were particularly newsworthy, but it is not diffi cult to fi nd other examples of hacks into the computer systems of large commercial and government organisations with results which can include the theft of large quantities of personal identifying information and/or signifi cant damage to the computer systems involved. At the other end of the scale there can be few computer users who have never been affected by a computer virus. Although hacking and virus attacks continue to occur and cause damage, disruption, and fi nancial loss, the range of subversive activity is far wider than this. Those wishing to cause disruption to computers and computer systems are just as likely to instigate a denial-of-service (DoS) attack or distributed denial-of-service (DDoS) attack, in which the perpetrator sets up a system that will generate a high volume of traffi c to the target site, severely impeding normal communications with the site or preventing them altogether. While hacking and virus attacks are unlikely to be confused with legitimate use, the same effects as those produced by DoS attacks can occur quite innocently, making criminalisation more problematic. 6 Unfortunately, cybercrime is clearly very much part of the internet environment and this chapter and the following one will examine the extent to which the law has been able to respond to the issue.