Freedom from Fear - Volume 2010, Issue 7, 2010

There is no argument that since the Internet’s widespread commercialization roughly twenty years ago, it has exponentially improved, automated and streamlined much of our lifestyle with every passing year. The advantages of living in a wired (or, wireless) world are apparent, but not without risks: the media is rife with speculation on hackers and every week a new phishing ring is busted or a massive data breach is reported. But who are these much-maligned hackers, and where do they come from?

Who is attacking you? “We don’t know...” When talking about attackers and hacking it often happens that I ask people working at customer’s sites “who is scaring you?” Most of the time the answer I hear is not “Well, you know… I’m scared by script kids, playing with those couple of unpatched machines I have,” nor is it “I’m really scared about industrial spies.” Rather, 98% of the time the answer is “I don’t know.”

Your computer may be “pwned.”1 While you’re reading this article a miscreant might be virtually peering over your shoulder, or worse. Then again, perhaps you follow best practices for securing your computer: you patch your operating system, you maintain a current anti-virus software subscription, and your Web surfing habits are fastidiously cautious. Unfortunately your computer may still be pwned.

The current era of cybercrime is no longer dominated by hackers accessing computer systems just for fun or notoriety. The development and growth of the digital economy has changed the criminal landscape dramatically. High rewards combined with low risks have made digital networks an attractive environment for various types of criminal groups. In the non-digital era, organised crime sought after the safe havens offered by countries with weak governments and unstable political regimes. Today’s organised criminal groups can benefit from national jurisdictions that do not have proper legal frameworks and technical capabilities to fight cybercrime. The easiness of communication, anonymity, and the accessibility of tools for illegal operations have transformed cybercrime into a global, fast-expanding and profit-driven industry with organised criminal groups thriving behind it.

Without doubt terrorist organisations today are using the Internet for various purposes. Unlike the early debate when the focus was on potential terrorist-related network-based attacks against critical infrastructure and the use of information technology in armed conflicts (cyberwarfare), it is widely recognised that the range of activities is more complex.1 Terrorist use of the Internet includes research, training, propaganda and communication.2 But despite more intensive research many aspects are still uncertain as reports about concrete incidents often remain classified. The following article provides an overview of the different areas of terrorist use of the Internet and the concept of legal response.

The emergence of the Internet as a mass consumer product has not necessarily created any entirely new genres of crime, but it has certainly given a new twist to some very old and familiar ones. Above all it has changed the scale on which a number of offences are carried out. Crimes against children are a classic example. Crimes involving the production and distribution of child abuse images are a very specific case in point.

The news is full of reports detailing the stories of victims who have lost thousands, even millions, of dollars at the hands of cyber criminals. Many of us know someone who has already been the victim of one of these crimes. As widespread as cybercrime appears to be, it would be easy to conclude there is little anyone can do to avoid becoming a victim. However, the prevalence of cybercrime does not mean that victimization is inevitable or that people should avoid using the Internet. Users can make themselves aware of the vulnerabilities its use creates and can take steps to reduce their risks.

The shift from industrial societies to information societies, 1 and the related dependence of the society as well as the economy on the availability of Internet services have moved the attention of politics towards the cybercrime topic. While in other emerging areas of crime it is possible to use traditional crime prevention and investigation strategies, the fight against cybercrime faces unique challenges that require a special attention from both investigators and lawmakers. This article provides an overview of some of those challenges.

ITU (International Telecommunication Union) recognizes that information and technology security are critical priorities for the international community. Cybersecurity is in everyone’s best interest and this can only be achieved through collaborative efforts. Cyber threat issues are global and therefore their solutions must be global too. It is vital that all countries arrive at a common understanding regarding cybersecurity, namely by providing protection against unauthorized access, manipulation and destruction of critical resources. ITU believes that in developing a solution one must identify all existing national and regional initiatives, in order to foster collaboration with its multiple stakeholders and avoid duplication of efforts. With its 191 Member States and more than 700 Sector Members, ITU is uniquely placed to propose a framework for international cooperation in cybersecurity and assist in tackling cybercrime.

Universal identification is portrayed by some as the holy grail of Internet security. Anonymity is bad, the argument goes; and if we abolish it, we can ensure only the proper people have access to their own information. We will know who is sending us spam and who is trying to hack into corporate networks. And when there are massive denial-of-service attacks, such as those against Estonia or Georgia or South Korea, we will know who was responsible and take action accordingly.

Over the coming years a crucial issue in dealing with cybercrime will be the delicate balance that must necessarily be struck between personal data protection, public order, and security. If the stellar growth in e-commerce in the last decade, was accompanied by increasing alarm about the attendant potential for fraud (from e-bay scams to creditcard cloning), the next ten years seem bound to be beset by the headaches of cloud computing: who knows what dormant dangers may be inadvertently aroused merely by surfing the web, even without posting personal data online, or using social networks (all of which are exposed to data mining)?

The rapidly changing nature of information and communications technologies suggests that as soon as new hardware, software or other applications are introduced, they will be exploited in some form or fashion by international criminal organisations. The speed at which criminals can exploit these technologies is truly remarkable. Unfortunately, law enforcement and the criminal justice system, bound by limited budgets, finite training, and traditional legal regimes are much slower in their abilities to respond.

Once upon a time there was journalism. Many have recited the de profundis for the reporting profession over the last few years. Because of the economic crisis, which has been stifling newspapers for the last two years. And before that, in an even more substantial way, because of how conflicts in the post 9/11 world have changed the way of telling History and the stories of those who are called upon to cover them.

I decided to write a book in the summer of 2009 when the Italian government started intercepting and turning back migrants at sea. I thought it would have helped me analyse what has been going on these years and what is not happening nowadays. Despite the apparent calm that was looming over the waters of the Mediterranean in the absence of disembarkments, apprehension still arose from the many stories of the men and women who had reached, one after the other and throughout the years, the Favarolo dock of Lampedusa and the southern coasts of Italy.