Concepts, Classifications,

Characterstics and Forms of Cyber

crime
Ethiopia National Training on Investigation and Prosecution of Cyber crime
5-8 April 2021
IGAD /ISSP/

Belayhun Yirga
Director General
Legal studies, Drafting and Consolidation
Directorate General
FAG
 Introduction
Technology is neutral and hence it empowers those who
build and those who could disrupt and destroy alike.
With every new invention, there will always be some
people who see only its potential to do good, while others
see new opportunities to commit crime or make money.
In addition, criminals have always been alive to the
possibilities of new technologies.
cyberspace presents us not only great promise but also
being transformed into a safe haven for criminals.
Millionsof people are victims of cybercrime every day
and caused trillions in loss.
As never before, and at insignificant cost, even ordinary
citizens can cause calamitous harm to individuals,
companies, and governments from places unheard of.
The threat of cybercrime has also reached at the level
of national security concern.
For instance US President Obama declared that the
“cyber threat is one of the most serious economic
and national security challenges we face as a
nation” and that “America's economic prosperity in the
21st century will depend on cyber security.”
The UK government also declared that cyber security had
become a ‘tier 1’ priority alongside international terrorism
and major national incidents.
 Therefore cybercrime has already become the dark side
of the information age.
 But what constitutes cyber-crime?
  Definition/ meaning of Cybercrime
 Even though it is one of the hottest contemporary global
issues and enjoys considerable political, legal, media,
public, and academic discourse, the term cybercrime has
no universally accepted definition.
 Definingcybercrime appears, therefore, to be a necessary
evil within the community of people involved in
researching, investigating, and prosecuting its occurrence.
 there are a number of expressions and terms used to
describe cybercrime in an interchangeable manner such as
computer crime, internet crime, e-crime, digital crime,
high-tech crime, online crime, electronic crime, and so on.
 Therefore,cybercrime lacks a universal and consensual
definition due to a missing definition of the term in
national and international law.
 Cybercrime is a container-concept that holds many
different crimes, performed in almost complete
concealment by anonymous and creative offenders, in
different contexts and in a continuous digitalizing era.
 Cybercrime is a borderless problem, consisting of
criminal acts that are committed online by using
electronic communication networks and information
systems, including crimes specific to the Internet, online
fraud and forgery and illegal online content.
 Narrow DFN Vs Wider DFN
 Cyber crime is ‘any activity in which computers or a
network are a tool, target or a place of criminal activity.
'This version would indirectly mean that a man would
commit cybercrime if he hits a person to the head with
a keyboard.
 the European commission defined a more
comprehensible version: ‘Cybercrimes can be defined
as any crimes which are committed via the Internet’.
 Computer Crime Vs Cyber crime
 Most reports, guides or publications on
cybercrime begin by defining the terms
“computer crime” and “cybercrime”.
 theterm “cybercrime” is narrower than
computer related crimes as it has to involve a
computer network.
 Computer-related crimes cover even those
offences that bear no relation to a network,
but only affect stand-alone computer systems.
  Classification
of cybercrime/ object or
Modusoperandi/
 While the term cybercrime is not amenable
to a single description, the question arises
whether cybercrime objectives, features or
modus operandi can be identified in general
terms, rather than by reference to a list of
individual cybercrime acts.
 Europe Cybercrime Convention
1. offences against the confidentiality,
integrity and availability of computer data
and systems,’
2. computer-related offences’,
3. content-related offences offences’
4. Offences related to infringements of
copyright and related rights
 The first category, ‘offences against the
confidentiality, integrity and availability of computer
data and systems’, have as object a computer
system or computer data.
 Basic actions include unauthorized access,
interception, acquisition or interference with a
computer system or data.
 These acts may be committed using many different
modus operandi.
 Illegal access to a computer system for example,
may consist of the unauthorized use of a discovered
password, or remote access using exploit software.
 The second category, ‘computer-related acts for
personal or financial gain or harm’, focuses on acts
for which the use of a computer system is inherent
to the modus operandi.
 The object of such acts differs.
 In the case of computer-related fraud, the object
may be considered as the economic property
targeted.
 In the case of ‘computer-related acts causing’
personal harm, such as the use of a computer
system to harass, bully, threaten, stalk or to cause
fear or intimidation of an individual, or ‘grooming’ of
a child, the offence object may be regarded as the
individual targeted.
 It is clear from these approaches that a number of
general features could be used to describe cybercrime
acts.
 One approach is to focus on the material offence object –
that is, on the person, thing or value against which the
offence is directed.
 Another approach is to consider whether computer
systems or information system form an integral part of
the modus operandi of the offence.
 Identifying possible cybercrime offence objects and
modus operandi does not describe cybercrime acts in
their entirety, but it can provide a number of useful
general categories into which acts may be broadly
classified.
 The third The distinction of ‘computer-assisted
crimes’ - those crimes that pre-date the Internet
but take on a new life in cyberspace, e.g. fraud,
theft, money laundering, sexual harassment,
hate speech, pornography - and ‘computer-
focused crimes’ - those crimes that have
emerged in tandem with the establishment of the
Internet and could not exist apart from it, e.g.
hacking, viral attacks, website defacement.
 Fourth Offences related to infringements
of copyright and related rights
 In the case of computer related copyright or
trademark offences, the offence object may
be considered as the protected intellectual
property right.
 Africa Union Convention on
cybersecurity and private data
protection
Attack on Cumputer system
Computerized data breach
Content related offences
Offences relating to electronic message
 Ethiopian Cyber crime Law 958
“Computer crime” means
 A crime committed against a computer, computer system,
computer data or computer network;
 A conventional crime committed by means of a computer,
computer system, computer data or computer network; or
 Illegal computer content data disseminated through a
computer, computer system, or computer network;
 Cybercrime: a new form of crime? Or
Conventional crime
 Some people suggest that the advent of ‘virtual crimes’ marks
the establishment of a new and distinctive social environment
with its own ontological and epistemological structures,
interactional forms, roles and rules, limits and possibilities.
 Other people see ‘cybercrime’ as a case of familiar criminal
activities pursued with some new tools and techniques.
 Some suggested that cybercrime was simply a case of ‘old
wine in new bottles’. If this was the case, cybercrime could be
fruitfully explained, analysed and understood in terms of
established criminological classifications.
 Liketraditional crime, cybercrime has different facets
and occurs in a wide variety of scenarios and
environments.
 on a deep introspection we may say that there exists a
fine line of demarcation between the conventional and
cybercrime, which is appreciable.
 The demarcation lies in the involvement of the medium
in cases of cybercrime.
 Thesine qua non for cybercrime is that there should be
an involvement, at any stage, of the virtual cyber
medium.
 On the other hand, combating cybercrime requires
a different approach from the one traditionally
taken in respect of most crimes, because of severity
of cybercrime and the extent to which it has a
greater potential for harm than traditional crime.
 In contrast to the off-line world where criminals
need to be physically present at the crime scene
and can commit one offence at a time, criminals in
cyberspace do not need to be close to the crime
scene, they do not have to travel to the target
country, and can attack a large number of victims
globally with a minimum of effort and risk through
hiding their identity.
 The information capabilities of the Internet change the nature of
crime, as they provide cyber criminals with simple, cost effective
and repeatable means of conducting rapid global-scale attacks,
while remaining anonymous and/or unreachable for law
enforcement.
 Cybercrime opens new doors to criminals where they have the
power to defraud entire institutions in ways that would not have
been possible traditionally.
 Housing billions of gigabytes of sensitive information and valuable
date, the Internet is very appealing to criminal organizations, who
can act anonymously (and so remain more unpunished).
 Finally, one of the differences between cybercrime and traditional
crime is the evidence of the offenses: traditional criminals usually
leave traces of a сrime, through fingerprints, physical evidences,...
On the other hand, cybercriminals rely on the Internet via which
they commit their crimes, and leaves little evidence.
 Can we consider Cybercrime as an
organized crime?
 In a number of cases, the answer is clearly no.
 First, many cybercriminal groups are small, loosely
structured and without a clear agenda.
 Such groups have limited organisation in a broad
sense, let alone meeting the strict requirements of
academic definitions.
 violence is at the heart of traditional organised
crime groups’ regulation and control of various
markets, but in the context of the Internet, there
appears to be no directly analogous tool.
 Second, issues of territory, and control over that
territory, are also central to conceptions of
traditional organised crime, but appear much more
complex in the context of cybercrime.
 In the case of other cybercriminal groups, a lack of
defined territory is clearly a major obstacle for
attempted control over a criminal market.
 suppliers can emerge from across the
world and countless forums, channels,
websites, personal communications
and other places online can be used to
sell them.
 Ascybercriminals are not constrained
to a specific forum or online space,
there is no territory to defend in the
same way that, for instance, drug-
dealing operations do in the physical
world.
The unique characteristics of cybercrime
  Internationality
 The virtual world does not feature any frontiers and the different
legal systems apply according to the territorial competences of law
enforcement agencies.
 The borderless nature of cybercrime makes it possible to commit
crimes against governments, business and citizens in any Country
from almost anywhere around the world.
 Compared to other, more traditional crime types, criminals who use
the Internet for hacking computers, stealing data and emptying bank
accounts are not hindered by logical constraints, such as travelling
and transporting the looted goods.
 There is hardly any identifiable link between the
criminals and the crime scenes.
 These crimes transcend jurisdictional boundaries,
often involving multiple victims from different
communities, states and countries.
 The geographic location of a victim is not a primary
concern for perpetrators who target victims over the
Internet.
 Therefore it is important to note that access to the
Internet is expected to increase significantly in the
coming years.
 The scalability
 The scalability results from the ease to
replicate crimes on a massive scale due to
the standardization of software and the
possibility to reach millions of computers
without any logistical constraints.
 Anonymity
 Perpetrators feel very safe and can easily hide their real identity
on the Internet.
 Physical contact between victim and perpetrator is not
necessary to become a victim or for a crime to be committed.
 The Internet also provides a source for repeated, long term
victimization of a victim that can last for years, often without the
victim’s knowledge.
 For example, once a victim’s picture is displayed on the Internet,
it can remain there forever.
 Images can stay on the Internet indefinitely without damage to
the quality of the image.
 There are different technologies and forums that criminal actors
can take advantage of in order to anonymise themselves and
facilitate criminal activity.
 The ease to hide comes from the use of hacked computers,
stolen identities and from techniques to re-route traffic through
numerous nodes while obfuscating the origin.
 Darknets offering a high degree of anonymity are increasingly
hosting hidden services devoted to traditional types of crimes,
like for example drug trade, selling stolen goods, weapons,
compromised credit card details, forged documents, fake ID’s
and trafficking of human beings.
 Asymmetry
 Authors of internet crimes are mostly ahead of police and justice
authorities by developing new modi operandi.
 Criminal entrepreneurs can operate relatively efficiently due to
the innovation enabled by the Internet.
 This results in a strife between criminal developers and those
who try to foil them. It is really hard protecting yourself against
unknown vulnerabilities, which makes it hard to stay ahead of
criminal actors.
 The law enforcement already had some limited success in
penetrating technologies to identify and capture criminals,
and/or has taken advantage of sloppy use of these technologies
to find those who hide behind them
 However, the speed and capacity of
cybercriminals to develop and guard what, how
and where they do it in cyberspace should not
be underestimated.
 Law enforcement experiences have already
shown that cybercriminals are efficient in
learning from police operations and responding
to these with improved software security and
encryption, and mechanisms for conducting
criminal activity
 Low marginal cost of online activity
 The effort and resources required to commit a
cybercrime are substantially less than for traditional
crimes.
 In general, effort refers to the combination of mental
energy and time necessary to implement the attack.
 If the demand for attack resources as greater, the
target becomes less attractive.
 In contrast, like with cybercrimes, computers provide
most of the effort and resources, by virtue of their
tremendous speed of processing, rendering cyber
targets attractive.
 Nature of criminal cooperation
 The nature of criminal cooperation via the internet has
resulted in networks of criminals that amplify each other’s
criminal services.
 This applies in the area of cybercrime, but also other types of
crime.
 A complete underground economy has developed, where all
kinds of criminal products and services are traded such as
drugs, weapons, stolen payment credentials, child abuse etc.
 As mentioned earlier, this is facilitated by anonymous
payment systems, such as virtual currencies and hidden
market places where the criminal services are offered.
  Common forms of Cybercrime
 Hacking
 Hacking is unauthorized intrusion into a computer system.
 Malicious intent is usually involved, with this intrusion.
 But also inadvertently connected to preserve voluntarily,
and that connection is considered as hacking.
 Even the hacking of a computer system that is hardly
protected, is punishable.
 In the assessment of hacking, a distinction can be made
between insiders and outsiders.

 Insiders are people that do have a certain access
power, but exceed this power.
 They are only punishable if they hack to inflict
harm, or deceptive intent to commit.
 This restriction does not apply to outsiders: they are
always punishable, even if they crack a system 'with
good intentions’.
 Hacking can take place in different situations. Not
infrequently, hackers use a vulnerability in a ICT
system through which an automated workspace can
be invaded.
 By hacking we understand also the intrusion of a
system under a false capacity, for example with a
stolen log-in name and password on a webmail
service like Hotmail or Gmail.
 Hacking can also take place via a "brute force
attack". This technique uses a large number of
password variations tried out in succession until
access to the automated workplace is gained.
 Another important method is infecting computers
with a malicious software program (malware), which
accesses through a 'back door' to the automated
workplace. In this case, the malicious software called
‘a Trojan horse’; quite appropriately, because the
program stays unnoticed on the victim's computer. 
 Spamming
 Spamming is the mass sending of e-mails to people who
have asked not to.
 Anindividual can be able to close down computer systems
of companies or government organizations by
automatically sending thousands of emails per day.
 Spammers send messages to thousands and even millions
of recipients at the same time.
 Usuallyit concerns commercial messages with an erotic
character.
 The mail servers of most Internet Service Providers (ISPs)
refuse all mails that come from incorrect addresses.
 Many spammers use different shipping addresses, to
stay anonymous and hide their address.
 Spam messages are always sent through an electronic
channel.
 You can receive them by e-mail, via a mobile phone (sms
or mms), using the fax, by phone – when you receive a
call from an automated call system, via social network
websites, via another electronic channel.
 So spammers use that to put their advertisements on
websites, in combination with links to advertising
websites.
 A more dangerous form of spam is ‘phishing’ (see later).
  Cyber pornography
 Pornographic material is increasingly being spread via the internet.
 This also applies to texts and images relating to minors, the so-called
'child pornography'. Pedophiles use also the Internet.
 For a pedophile, the Internet is inexpensively and simple, because he
does no longer have to invest in all kinds of material, such as photos
and videos.
 Otherwise, the internet makes it easier for the police to detect and
discover pedophiles. Pedophiles have two ways to make use of the
internet: they pick up pedophile material of websites and they try to
make contact with minors, through chat boxes under a false identity.
 Those chat boxes are very interesting for pedophiles, because they can
ask undisturbed spicy questions without standing out, especially if they
use a language which suits their target audience.
 Payment Fraud
 Payment card transactions are the most widespread
non-cash payment method used in deferent parts of
the world.
 Payment card fraud has developed into a true
hybrid crime that can occur in both online and
offline environments.
 Regardless of where it occurs, the fraud inevitably
includes two phases: obtain the credit card details
and monetize.
 This is facilitated by online forums who bring
together buyers and sellers of compromised cards.
  Phishing
 Phishing is a ruse designed to obtain information of the victim
by using e-mails, webpages or letters that seem authentic
documents from institutions/agencies.
 These messages carry the victim to provide information to shut
down an account to respond quickly to a golden opportunity or
to respond quickly to a gift.
 The majority of phishing incidents start with potential victims
receiving spam, luring them to websites attempting to elicit
login credentials and other sensitive data from them, or hosting
exploits designed to compromise the visitor’s computer system.
 Phishing is one of the most common types of cybercrime (in
internet fraud and hacking).
 Despite the publicity generated by certain scams and
prevention campaigns, the number of victims falling for
phishing has increased across Europe.
 Particularly affected are elderly people who lack internet
skills and who are generally more trusting and respectful
of official-looking material than younger generations.
 we talk of deceptive phishing when the phisher sends out
messages containing a list in order to persuade the victim
to visit a certain site to change or to fill in data.
 In this category malware has not been used to forward
information to the phisher (see Malware-based phishing). 
Spoofing – Spam Based Phishing: Phishing with email and
spam is a common form of phishing.
 Often emailspoofing is used, which has falsified
information of the sender. Most of the posts contain an
urgent note that the user asks to enter information.
 This information is, according to the message,
necessary to modify account information, in order to
update account information and to check the accounts.
 Sometimes you will be asked to fill in a form to receive
access to a new service via a link which you can find in
the phishingmail.
  Instant Messaging Based phishing: This method uses
a message via an instant messaging channel (MSN,
Facebook chat, ...) containing a link to a phishing site
that has the same look as a legitimate website
 it can be difficult to see the difference between the
fake and the legitimate website. Then the user will
be asked to enter personal information on the
webpage.
 Telephone phishing: the phisher calls the user and
asks for a certain action, such as giving a password
or turning off the firewall on the computer.
 The goal is getting personal information or getting
control over the victim’s equipment.
 Child sexual exploitation
 online Child sex offenders commit criminal offences with an element
of sexual activity or sexual contact with a minor, thereby violating
established legal and moral codes with respect to sexual behaviour.
 Most child sex offenders are not part of any criminal network and
usually operate alone, driven solely by their sexual interest in children.
 But this does not mean that offenders act in isolation from each other:
they communicate among themselves within like-minded groups in
cyberspace, using different online tools.
 The most common method for perpetrators to exchange Child Abuse
Material is Peer-to Peer platforms, facilitated by the ease of access to
this type of platforms and by the large amounts of Child Abuse
Material available for free within this medium.
 The increase in mobile devices and apps, which enables constant
connection to the online world by potential victims and offenders, is a
facilitating factor.
  Exploitation of children online
 Child sex offenders use the Internet to meet like-
minded persons, to have access to a wider pool of
children, to share resources and their knowledge
and to disseminate Child Abuse Material.
 Girls of white ethnicity, aged between 11 and 14
years old are the main even considerably lower:
80% of the victims are under 10 years old. Data
of INHOPE, the International Association of
Internet Hotlines, show an increase in infant
victims of sexual abuse and in abuse of an
extreme and sadistic nature
  Sextortion and grooming
 Many cases of sexual extortion are a consequence of
‘sexting’. Sexting can be defined as the ‘exchange of
sexual messages or images’, typically self-generated,
sent via the Internet or a mobile phone.
 This exchange frequently occurs between young people
consciously exchanging naked or sexualised images of
themselves with one other.
 echnology can facilitate the further unwanted
dissemination of these pictures, affecting the well-
being of the originator, leading to harassment and
bullying, online and off-line, self-harming and even
suicide.
 Sextortion refers to the broad category of sexual exploitation in
which abuse of power is the means of coercion, but it refers also to
the category of sexual exploitation in which threatened release of
sexual images or information is the means of coercion.
 Sextortion is a form of corruption in which people entrusted with
power – such as government officials, judges, educators, law
enforcement personnel,… – seek to extort sexual favors in exchange
for something within their authority to grant or withhold.
 Furthermore, sextortion refers to a form of sexual blackmail in which
sexual information or images are used to extort sexual favors from
the victim.
 Social media and text messages are often the source of the sexual
material and the threatened means of sharing it with others.
 An example: people are extorted with a nude image of themselves
they shared on the Internet through sexting. Afterwards, they are
coerced into performing sexual acts with the person doing the
extorting or are coerced into performing hardcore pornography.
  racism and Holocaust denial
 Racism, holocaust denial and files not free from racist
statements or publications are punishable, also when they
are distributed over the internet. This includes the concept of
‘cyberhate’; which refers to expressions of hate on the
internet.
 That hate is reflected in racism: the use of bullying
(cyberbullying), insults or violence based on a person's skin
color, race or ancestry.
 But also discrimination based on gender, sexual orientation,
religion or philosophy of life falls under the concept of
‘cyberhate’.
 Others vent their hate by anti-Semitism and Holocaust
denial: the denial, minimize, justify or approve of genocide
committed during the Second World War.
  Cyberbullying
 Cyberbullying is defined in legal glossaries as
  actions that use information and communication
technologies to support deliberate, repeated, and
hostile behavior by an individual or group, that is
intended to harm another person or other persons.
  use of communication technologies for the
intention of harming another person or other
persons.
  use of Internet service and mobile technologies
such as web pages and discussion groups as well as
instant messaging or SMS text messaging with the
intention of harming another person or other
persons.
 Examples of what constitutes cyberbullying include communications that
seek to intimidate, control, manipulate, put down, falsely discredit, or
humiliate the recipient.
 The actions are deliberate, repeated, and hostile behavior intended to harm
another.
 A cyberbully may, but does not have to, know their target.
 A cyberbully may be anonymous and may solicit involvement of other
people online who do not know the target. This is known as a ‘digital pile-
on’.
 Cyberbullying has been defined as ‘when the Internet, cell phones or other
devices One speaks about cyber bullying when young people are
represented on both sides .
 Cyber bullying takes place when a child or young person threatens another
child or a young person is harassed, humiliated, annoyed, or embarrassed
by using digital techniques.
Thank You!!!!