Kristin
M. Finklea
Specialist in Domestic Security
Catherine A. Theohary
Analyst in National Security Policy and Information Operations
Twenty-first
century criminals increasingly rely on the Internet and advanced technologies
to further their criminal operations. These criminals can easily leverage
the Internet to carry out traditional crimes such as distributing illicit
drugs and sex trafficking. In addition, they exploit the digital world to
facilitate crimes that are often technology driven, including identity theft, payment
card fraud, and intellectual property theft. Cybercrimes have economic, public
health, and national security implications, among others. For over three
decades, Congress has been concerned about cybercrime and its related
threats. Today, these concerns often arise among a larger discussion
surrounding the federal government’s role in ensuring U.S. cyber security.
Conceptualizing cybercrime involves a number of key elements and questions that
include
where do the criminal acts exist in the real and digital
worlds (and what technologies are involved in carrying out the crimes),
why
are malicious activities initiated, and
who is involved in carrying out
the malicious acts?
• One way of viewing cybercrimes is that they may be digital versions of traditional,
real world offenses. They could be considered traditional, or “real world,”
crimes if not for the incorporated element of virtual or cyberspace. In some
instances, however, it may seem that law enforcement struggles to keep up with
developments in the virtual world, which transform routine activities once driven
by paper records in the real world. As a result, criminals are often prosecuted
using laws intended to combat crimes in the real world.
• The distinction between cybercrime and other malicious acts in the virtual
realm is the actor’s motivation. Cyber criminals can exhibit a wide range
of self interests, deriving profit, notoriety, and/or gratification from
activities such as hacking, cyber stalking, and online child pornography.
Without knowing the criminal intent or motivation, however, some
activities of cyber criminals and other malicious actors may appear on the
surface to be similar, causing confusion as to whether a particular action
should be categorized as cyber
crime or not. When referring to
cybercrime incidents, terms such as cyber attack, cyber espionage, and
cyber war are often loosely applied, and they may obscure the motives of
the actors involved.
• Criminal attribution is a key delineating factor between cybercrime and other cyber
threats. When investigating a given threat, law enforcement is challenged with
tracing the action to its source and determining whether the actor is a criminal
or whether the actor may be a terrorist or state actor posing a potentially greater
national security threat. This is highlighted by examining the online collective
known as
Anonymous. Some refer to Anonymous as a group of online activists,
others see the collective as a group of criminal actors, and still others have
likened it to online insurgents.
The U.S. government does not appear to have an official definition of
cybercrime that distinguishes it from crimes committed in what is
considered the real world. Similarly, there is not a definition of
cybercrime that distinguishes it from other forms of cyber threats, and the
term is often used interchangeably with other Internet- or
technology-linked malicious acts. Federal law enforcement agencies often
define cybercrime based on their jurisdiction and the crimes they are
charged with investigating. And, just as there is no overarching definition for
cybercrime, there is no single agency that has been designated as the lead
investigative agency for combating cybercrime.
Congress may question whether it is necessary to have a clear definition of
what constitutes cybercrime (e.g., S. 2105, S. 3414) and what delineates
it from other real world and cyber threats. On one hand, if the purpose of
defining cybercrime is for investigating and prosecuting any of the various
crimes under the broader cybercrime umbrella, it may be less critical to create
a definition of the umbrella term and more imperative to clearly define
which specific activities constitute crimes—regardless of whether they are
considered real world crimes or cybercrimes. On the other hand, a
distinction between cybercrime and other malicious activities may be beneficial
for creating specific policies on combating the ever-expanding range of
cyber threats. If government agencies and private sector businesses design
strategies and missions around combating cybercrime, it may be useful to
communicate a clear definition of cybercrime to those individuals who may
be involved in carrying out the strategies.
The United States does not have a national strategy exclusively focused on
combating cybercrime. Rather, there are other, broader strategies that
have cybercrime components (a selection of which are presented in the
Appendix).
Policymakers may question whether there should be a distinct strategy for
combating cybercrime or whether efforts to control these crimes are best
addressed through more wide-ranging strategies such as those targeting cyber
security or transnational organized crime. Congress may also question
whether these broader strategies provide specific cybercrime-related
objectives and clear means to achieve these goals.
Comprehensive data on cybercrime incidents and their impact are not available,
and without exact numbers on the current scope and prevalence of
cybercrime, it is difficult to evaluate the magnitude of the threats posed
by cyber criminals. There are a number of issues that have prevented the
accurate measurement and tracking of cybercrime. For one, the lack of a clear
sense of what constitutes cybercrime presents a barrier to tracking
inclusive cybercrime data. Additionally, much of the available data on
cybercrime is self-reported, and individuals or organizations may not
realize a cybercrime has taken place or may elect—for a host of reasons— not
to report it. Policymakers may debate whether to direct a thorough evaluation
of the threats posed by cyber criminals.
Date of Report: July 20, 2012
Number of Pages: 30
Order Number: R42547
Price: $29.95
Document available via
e-mail as a pdf file or in paper form.
To Order:
R42547.pdf
to use the SECURE SHOPPING CART
e-mail congress@pennyhill.com
Phone
301-253-0881
For email and phone orders, provide a Visa, MasterCard, American Express, or Discover card
number, expiration date, and name on the card. Indicate whether you want e-mail
or postal delivery. Phone orders are preferred and receive priority processing.
Follow us on TWITTER at http://www.twitter.com/alertsPHP
or #CRSreports
Posts
