Written and recorded by Robert Edwards, Law Hound
Welcome to this cybercrime training module from Data Law. My name is Robert Edwards. Andi. I'm a consultant with Law Hound. Previously, I waas a counterintelligence and I t security specialist with Her Majesty's government. Before I moved on to lecturing on providing legal training, cyber enabled economic crimes, legal guidance, the developments in technology, expansion of the Internet and the advent and adoption of services such as online shopping and social media have had a great impact on our lives. As you'd expect, some of that impact is adverse. However, this session is a brief overview of some economic cyber enabled crimes, including fraud, intellectual property, crime on the online marketplace for illegal items. As we know, cyber crime in general is not limited to economic crimes involving financial gain, but also includes those which involve harm to others by cyber enabled crimes. We mean traditional economic crimes which do not depend on the use of technology, but which are increased either in reach or scale when using technology. They also have the potential for secondary cyber enabled attacks such as fraud or theft. Estimates show that approximately five million cyber crimes were committed in the UK in 2016 70% of all reported frauds with cyber enabled frauds. One of the largest and most recent frauds included a £113 million cyber fraud, which involved cold calling customers off a bank to obtain their personal information on data. These statistics are often viewed with concern because many are simply not reported. For example, a victim of banking fraud may be reimbursed by their bank, and the crime remains unreported. There are five main types off cyber enabled crime. Economic, such as fraud, intellectual property crime, such US piracy, counterfeiting and forgery. Online marketplaces for illegal items. Malicious on defensive communications, including communications sent via social media. Cyber bullying. Trolling on virtual moving offenses that specifically target individuals, including cyber enabled violence against women and girls. Disclosing private sexual images without consent. Cyber stalking and harassment. Coercion under control on child sexual offenses. And indecent images of Children, including child sexual abuse, online grooming, prohibited and indecent images of Children. Extreme pornography, Obscene publications on prohibited images, including extreme pornography. Andi Obscene publications in this session will be looking at cyber enabled economic crimes and online marketplaces for illegal items. Fraud technology has created an opportunity for economic related cyber crime, which is generally unauthorized access to or sabotage or technology for financial loss to the victim on financial gain for the perpetrator. This can include fraud, forgery, hacking to obtain data or distributing viruses. The latest retail crime survey from the British Retail Consortium, which was published in February 2017 estimates that 53% of reported fraud in the retail industry this cyber enabled. This equates to around £100 million. Fraud is the most common type of cybercrime on can be committed in a number of ways, particularly Elektronik financial frauds such as online banking frauds, e commerce, retail fraud on transactions which are conducted remotely when neither the cardholder nor the card is present. This is known as Internet enabled card not present or CNP fraud. Fraudulent sales through online retail auctions or sites, whether fake or otherwise, when either goods or services purchased are not delivered or counterfeit products are supplied when the buyer believes that they are buying on original item. Consumer mass marketing frauds on consumer scams include phishing scams, a type of marketing fraud because they're usually sent to a number of addresses or targets on. This is where the user receives what they believe is a legitimate email asking or fishing for personal or business information, but which is actually a fraudulent email. Farming with a pH occurs when either after in putting data or within a phishing email, the user is directed to a fake website, social networking or dating websites where individuals provide personal information on door money as part of the romantic relationship. The legislation offenses may be committed under the following legislation. The Fraud Act 2006 based on the underlying Dishonesty on Deception. The Theft Act 1968 Theft Act 1978 Computer Misuse Act 1990. The Forgery and Counterfeiting Act 1981 on the Proceeds of Crime Act 2002 there are some potential issues. The theft off data accessing reading and using confidential data is unlikely to amount to an offence. Contrary to the Theft Act. As per the case off Oxford be moss. However, it's likely to amount to an offence under the Computer Misuse Act 1990 Section 11 or Section 21 if there is an intent to commit or facilitate the commission of further offenses online fraud often includes a number of suspects, and prosecutors will generally follow the trail with regard to payment toe. Identify the owner of the account, which receives payment. However, it may also, and as such is likely to be conspiracy under Section one of the Criminal Law Act 1977 or a Common Law Conspiracy to Defraud, which may be more appropriate. You may wish to look at the attorney general's guidance to the legal profession. The use all the common law, offence of conspiracy to defraud, which is available online and the link is on screen and it's included in your notes. False social media accounts. Now using an alias or setting up false social networking accounts can also amount to offenses under the Fraud Act. If they result in financial gain. For example, any data held in Elektronik form could be considered an offence under Section eight. Intellectual property crime, piracy, counterfeiting on forgery. So let's talk about cyber enabled I p crimes. Although I P crime can involve a wide range. The bulk of intellectual property crime relates to for Cherie counterfeit products piracy, the unauthorized copying of an original recording for profit. Now, the forgery occurs where forged or falsified instruments or documents are made with the intention of inducing someone to accept them as genuine to the prejudice of that person or someone else. Counterfeit goods. When counterfeit products are produced, copyright is breached and trademarks are infringed. The Internet provides a host of opportunity for selling counterfeit goods, including through legitimate online shops and auction sites. Fake online shops, which are made to closely resemble a legitimate site on social networking on piracy. The unauthorized copying of an original recording for profit. Recently, there has been a surge in the use of the Internet to distribute, share or otherwise make available Pirated items, including films, games, music and software without permission from the holder of the I P writes streaming live concerts or sports directly toward it. Audiences over the Internet without permission of the rights holder. This may also include streaming a televised pay per view event using something like live Facebook life or periscope, using legitimate file sharing technologies to share copies of music, film and games, putting protected content into online storage and then providing others a specific group, or even generally with information as to how to access it Onda posting protected content onto a website. The legislation here is entirely dependent on the nature of the events. False i d Under the Identity Documents Act 2010 Fake items which falsely represent genuine the Counterfeiting and Forgery Act 1981 Cyber Piracy Copyright Designs and Patents Act 1988 Counterfeiting Trademark Infringement Counterfeiting Trademarks Act um 1994 Money Laundering Offenses Proceeds of Crime Act 2002 Video recordings at 2010 Registered Designs Act 1949 on the Fraud Act 2006 Online Marketplaces There are an increasing quantity off online sites which enables cybercriminals to see or trade cyber skills and illegal items, including data such as credit card details or items such as firearms and illegal substances. These websites are hidden in that in theory, they cannot be easily located. Now. The Internet Corporation for Assigned Names and Numbers, or ICANN, refers to the dark Web, which it says allows for the publication of websites on the dissemination of information without revealing the published publishers identity or location. The dark web is only accessible through services such as tour tour networks can be used, for example by journalists to provide freedom of expression and access to information as well as for criminal purposes. I can also refers to the deep Web, which it says is the collection of all websites that are not indexed by search engines. Some of those websites are unconventional marketplaces where cyber skills and illegal items can be purchased. Encryption such a Z virtual private networks, or VP ends, which means that Internet activities are kept private and not subject to traffic analysis, which could reveal the origins of traffic legislation if more than one individual is running a website conspiracy under Section 11 of the Criminal Law Act 1977. An individual selling or facilitating the trading of illegal goods. Encouraging or assisting an offence under Section 46 of the Serious Crime Act 2007 on individual buying illegal goods dependent on the goods in question on whether the trade has progressed beyond the initial preparatory stages. Misuse of Drugs Act 1971 Firearms Act 1968 or an offence under the Fraud Act 2006 or even conspiracy to defraud. Evidence of cyber enabled crime is usually obtained from the actual computer or other device as well as anything on board or removable flash storage, such as is available on games consoles connected to the Internet. However, digital evidence can also be obtained directly from communications service providers, although since many are based outside the UK this will involve a specific request procedure. Some devices, for example, the Apple iPhone may need specialist equipment to extract information on you may recall the U. S case regarding the San Bernadino shooting in 2016 when Apple refused to assist the FBI to unlock data the normal rules about disclosures applied to digital evidence. However, digital evidence can cause concern because of the constant evolution of the nature and source difficulties verifying the origin. Some will require expert input, particularly with regard to interpretation. Digital evidence can easily be altered or destroyed by normal use. Saving a document alters its properties. Complex cases involved large amounts of data which will need to be presented to the court in a way which can easily be managed. Andi, in the case of a jury easily understood, dealing with cyber crimes for prosecution is Mawr complex than the process for traditional crimes. There are issues in relation to multiple jurisdictions, numerous communications service providers and the ability of a cyber criminal to generate communications remotely from anywhere. In the National Cybersecurity Strategy, which was published in November 2016. The aim is to defend against threats, deter taking offensive action in cyberspace on develop the skills which we have to overcome future threats. Part of this involves the intention to deepen existing links with our closest international partners, recognizing that this enhances our collective security on DTI to develop relationships with new partners. At the end of 2016 the CPS published its new Cyber strategy, or Cybercrime Strategy, which aims to support the national cybersecurity strategy by allocating cases in line with internal expertise, building capability within the CPS and across law enforcement partners. Providing regular up to date on relevant training for prosecutors. Using our international network to prosecute cybercrime criminals overseas. Andi. Improving our service to victims offside the crime. In July 2017 the Law Society published information about a firm of solicitors who had bean the victims off cybercrime in brief, the finance manager of a medium size law firm. Such is the description I received an email from one of the senior partners who was on a business trip in Barcelona, instructing him to make a £40,000 payment to a particular firm. The finance manager received several emails from the senior partner, which included details about the firm, such as they were installing a new case management system, which would involve the finance manager in delivering training, the airline by which she had flown to Barcelona on details of the hotel at which she was staying. Taking into consideration these specific details, the finance manager had no reason to believe the emails weren't genuine and the £40,000 transfer was made. In fact, there wasan additional letter in the emails originating domain name so that at a glance, the email address look genuine. The criminals had registered the domain name and set up associate ID email accounts, making it look similar enough to the rial email address to avoid being noticed. They've done this after obtaining the specific details about the senior partners trip on the new management system. Earlier that day, both the firm and Miss A had posted several messages on social media about the business trip on the case management system, providing the fraudsters with all the information they needed to perpetrate this £40,000 fraud. And that concludes this session for Data Law. Thank you for joining me, Robert Edwards, on this session.
00:18:46